Dell PowerConnect W-Clearpass 100 Software User's Guide

ClearPass Guest 3.9 Deployment Guide

10 | ClearPass Guest 3.9 | Deployment GuideDelete a Report ...

100 |Onboard ClearPass Guest 3.9 | Deployment Guide Click the Previous button to return to the Access tab. Click the Next button to continue to the

ClearPass Guest 3.9 | Deployment Guide Onboard | 101In the Trusted Certificates row, mark the check box for each server certificate that the client s

102 |Onboard ClearPass Guest 3.9 | Deployment Guide take effect. Click the Cancel button to discard your changes and return to the main Onboard confi

ClearPass Guest 3.9 | Deployment Guide Onboard | 103Select one of these options in the Proxy Type drop-down list: None – No proxy server will be con

104 |Onboard ClearPass Guest 3.9 | Deployment Guide The Instructions text field can be used to provide more information or instructions to an iOS or O

ClearPass Guest 3.9 | Deployment Guide Onboard | 105Mark the Add this VPN to the device profile check box to enable provisioning of VPN settings.The

106 |Onboard ClearPass Guest 3.9 | Deployment Guide  Shared Secret / Group Name – An optional group name may be specified. A shared secret (pre-share

ClearPass Guest 3.9 | Deployment Guide Onboard | 107Mark the Add this ActiveSync configuration to the device profile check box to enable email accoun

108 |Onboard ClearPass Guest 3.9 | Deployment Guide In the Sync Settings group, choose one of the following options from the Days of Mail drop-down li

ClearPass Guest 3.9 | Deployment Guide Onboard | 109To enable the passcode policy on all iOS devices, mark the Enable passcode policy check box and c

ClearPass Guest 3.9 | Deployment Guide | 11Network Diagnostics – Packet Capturing ...372Network Hosts

110 |Onboard ClearPass Guest 3.9 | Deployment Guide Resetting Onboard Certificates and ConfigurationTo delete certificates, re-create the Onboard Web

ClearPass Guest 3.9 | Deployment Guide Onboard | 111Note: This is a vendor-specific attribute with vendor ID 14823. If the RADIUS server responds wit

112 |Onboard ClearPass Guest 3.9 | Deployment Guide iOS Device Provisioning FailuresSymptom: Device provisioning fails on iOS with the message “The s

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 113Chapter 5RADIUS ServicesRADIUS is a network access-control protocol that verifies and auth

114 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Log entries that are displayed include both successful and unsuccessful authentication at

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 115Each row in the table groups together authentication attempts based on the username (that

116 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide The NAS Type list may be used to select a default type for network access servers. Use th

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 117Example: Removing a User-Name SuffixSome NAS equipment always appends a realm in the form

118 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide User roles can be used to apply different security policies to different classes of guest

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 1192. In the Role Name field, enter a brief descriptive name for the role—for example, if yo

12 | ClearPass Guest 3.9 | Deployment GuideChapter 10 Hotspot Manager...

120 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Enter a value for this attribute in the Value field. For integer enumerated attributes, c

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 121Example: Time of Day ConditionsIn this example, the Reply-Message attribute will be modif

122 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide 2. Click the Add Attribute tab.3. Select the Reply-Message attribute from the drop-down

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 123Example: Location-Specific VLAN AssignmentIn this example, the value of a vendor-specific

124 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide 3. Complete the Role Override, Expiration, Device Limit, account Limit, and Limit Action

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 125Creating a Network Access Server EntryA new NAS device is added by clicking on the Creat

126 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide  Motorola (RFC 3576 support) Ruckus Networks Trapeze Networks (RFC 3576 support) Tren

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 127Select the Force first row as header row check box if your data contains a header row tha

128 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide .Select the NAS entries to be created or updated with the imported data. The icon display

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 129Figure 17 Sequence diagram for guest captive portal and Web loginIn a typical configurat

ClearPass Guest 3.9 | Deployment Guide | 13Comments...

130 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide The first section requires that you enter a name for this login page, as well as an optio

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 131The second section requires you to specify the behavior of the Web login form. There may

132 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide When the Web login form is submitted, the username and password are submitted to the NAS

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 133The fifth section allows you to control the look and feel of the login page. Use the Inse

134 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide The ‘Allowed Access’ and ‘Denied Access’ fields are access control lists that determine i

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 135This will in turn result in a hidden field included in the Web login form. The field will

136 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide To access the value of a remembered field called “wlan”, use the syntax:{$extra_fields.wl

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 137Also if the user chooses to cancel the Web sheet, the Wi-Fi connection to the Open networ

138 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Figure 20 Captive Network Assistant on iPhoneThe Web sheet can be easily identified by t

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 139The following CLI and WebUI examples show a typical configuration of the Captive Portal p

14 | ClearPass Guest 3.9 | Deployment GuideForm Field Conversion Functions ...475Form Fiel

140 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Figure 22 Configuring the Web Login page For example, a Captive Portal profile login pag

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 141Database Maintenance TasksDatabase optimization and other maintenance tasks can be perfor

142 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide The dictionary can be sorted by clicking on a column heading.Import DictionaryYou are abl

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 1433. Click the Reset Dictionary button to have the dictionary reset. This action cannot be

144 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Vendor-Specific AttributesVendor-specific attributes identify configuration items specifi

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 145Once an attribute has been edited, click the Update Attribute button to save your change

146 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide You are required to enter the name of the value to be added as well as its value. Values

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 147To specify supported EAP types and the default type, and to configure OCSP options, see

148 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide 2. In the Supported EAP Types row, mark the check box for each type the RADIUS server sho

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 149RADIUS Server Certificate form is displayed. The unique set of identifying details you en

ClearPass Guest 3.9 | Deployment Guide | 15FiguresFigure 1 Visitor access using ClearPass Guest...

150 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Signing RADIUS Server CertificateFor a client to verify that the RADIUS server’s identity

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 151Complete the details for the certificate, and click the Download Request button to save

152 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide A digital certificate may be imported from either the PKCS#12 format, which is a single f

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 1532. Select the appropriate PEAP options in the EAP Configuration form, as shown below:3. C

154 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide 1. Open the .p7b file from Windows Explorer:2. Select the certificate in the list. Right-

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 1555. Click the Browse button to select the Trusted Root Certification Authorities store. 6.

156 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide 7. Click Finish. A security warning reminds you that if you install the certificate, all

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 157.Active Directory Domain ServicesTo perform certain types of user authentication, such as

158 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Joining an Active Directory DomainTo start the two-step process to join the domain, click

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 159Use the Edit Settings link at the top of this page if any of the automatically detected

16 | ClearPass Guest 3.9 | Deployment GuideFigure 45 Reporting – Bin statistics with groups...

160 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide The following options are available in the Authentication drop-down list: MS-CHAPv2 – En

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 161Provide these credentials in the Leave Active Directory Domain form and click the Leave

162 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Managing External Authentication ServersTo view the list of external RADIUS authenticatio

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 163The top part of the form contains basic properties for the external authentication server

164 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide . NetBIOS Domain – automatically detected when joining the domain. LDAP Server and Port

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 165To authorize all users in Active Directory, regardless of the individual user account set

166 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide timelimit = 3The number of seconds the LDAP server has to process the query (server-side

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 167 LDAP Server and Port Number – the hostname or IP address of the LDAP server, with the c

168 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide  Base DN – the LDAP distinguished name of the root of the search tree. This is typically

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 169To configure the authorization method for a Proxy RADIUS external authentication server,

ClearPass Guest 3.9 | Deployment Guide | 17TablesTable 1 Quick Links ...

170 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide Configuring Authorization for External Authentication Servers The level of authorized acc

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 171 Use PHP code to assign a user role (Advanced) may be used to control the mapping betwee

172 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide  Use role assigned to local user is the only authorization method available for the loca

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 173 With authorization method Assign a fixed user role:Sending Access-Request of id 122 to

174 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide For example, to implement the following configuration: Members of the Domain Admins grou

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 175Testing a Local Certificate Authority EAS For Local Certificate Authority external authen

176 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide If you selected Separate certificate and key files (.pem, .cer, .crt ) for the TLS identi

ClearPass Guest 3.9 | Deployment Guide RADIUS Services | 177The list displays the certificates that have been installed. By default, the list is empt

178 | RADIUS Services ClearPass Guest 3.9 | Deployment Guide

ClearPass Guest 3.9 | Deployment Guide Operator Logins | 179Chapter 6Operator LoginsAn operator is a company’s staff member who is able to log in to C

18 | ClearPass Guest 3.9 | Deployment GuideTable 43 Date and Time Format Strings...

180 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Figure 23 Operator profiles and visitor access control See “About Operator Logins” in

ClearPass Guest 3.9 | Deployment Guide Operator Logins | 181The fields in the first area of the form identify the operator profile and capture any op

182 | Operator Logins ClearPass Guest 3.9 | Deployment Guide For each permission, you may grant No Access, Read Only Access, Full Access, or Custom ac

ClearPass Guest 3.9 | Deployment Guide Operator Logins | 183If one or more roles are selected, then only those roles will be available for the operat

184 | Operator Logins ClearPass Guest 3.9 | Deployment Guide The user can enter a simple substring to match a portion of the username or any other fie

ClearPass Guest 3.9 | Deployment Guide Operator Logins | 185operator profile, choose a page from the drop-down list. For example, if a profile is des

186 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Operator Profile PrivilegesThe privilege selections available for an operator profile pro

ClearPass Guest 3.9 | Deployment Guide Operator Logins | 187Local Operator AuthenticationLocal operators are those defined in ClearPass Guest. Creati

188 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Any properties for the operator login that are set to (Default) are taken from the operat

ClearPass Guest 3.9 | Deployment Guide Operator Logins | 189The Operator Logins list opens. When you click an operator login entry in the Operator Lo

ClearPass Guest 3.9 | Deployment Guide ClearPass Guest | 19Chapter 1ClearPass Guest Collaboration between companies and mobility of staff has never be

190 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Changing Operator PasswordsTo change the password for an operator, edit the operator logi

ClearPass Guest 3.9 | Deployment Guide Operator Logins | 191To specify a basic LDAP server connection (hostname and optional port number), use a Serv

192 | Operator Logins ClearPass Guest 3.9 | Deployment Guide This form allows you to specify the type of LDAP server your system will use. Click the S

ClearPass Guest 3.9 | Deployment Guide Operator Logins | 193Once you have completed the form, check your settings by clicking the Test Settings butt

194 | Operator Logins ClearPass Guest 3.9 | Deployment Guide  Ping—Sends a ping message (echo request) to the LDAP server to verify connectivity betw

ClearPass Guest 3.9 | Deployment Guide Operator Logins | 195You can also verify operator authentication when you create a new LDAP server configurati

196 | Operator Logins ClearPass Guest 3.9 | Deployment Guide  Verify that the Bind DN is correct – the correct DN will depend on the structure of you

ClearPass Guest 3.9 | Deployment Guide Operator Logins | 197 greater than – numerical value is greater than the match value starts with – case-inse

198 | Operator Logins ClearPass Guest 3.9 | Deployment Guide To edit the matching rule list, select an entry in the table to display a menu that lets

ClearPass Guest 3.9 | Deployment Guide Operator Logins | 199For example, to permit non-administrator users to access the system only between the hour

www.arubanetworks.com1344 Crossman AvenueSunnyvale, California 94089Phone: 408.227.4500Fax 408.227.4550ClearPass Guest 3.9.2|Deployment Guide 0511112-

20 |ClearPass Guest ClearPass Guest 3.9 | Deployment Guide Documentation OverviewClick the context-sensitive Help link displayed at the top right of

200 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Operator Logins ConfigurationYou are able to configure a message on the login screen that

ClearPass Guest 3.9 | Deployment Guide Operator Logins | 201 <a href="http://www.arubanetworks.com/">contactando con Aruba Networks&l

202 | Operator Logins ClearPass Guest 3.9 | Deployment Guide Advanced Operator Login Options The following options are available in the Logging drop-d

ClearPass Guest 3.9 | Deployment Guide Guest Management | 203Chapter 7Guest ManagementThe ability to easily create and manage guest accounts is the pr

204 | Guest Management ClearPass Guest 3.9 | Deployment Guide Sponsored Guest AccessThe following figure shows the process of sponsored guest access.

ClearPass Guest 3.9 | Deployment Guide Guest Management | 205registration page, where the guest creates a new account. At the conclusion of the regis

206 | Guest Management ClearPass Guest 3.9 | Deployment Guide To complete the form, first enter the visitor’s details into the Sponsor’s Name, Visitor

ClearPass Guest 3.9 | Deployment Guide Guest Management | 207To print a receipt for the visitor, select an appropriate template from the Open print

208 | Guest Management ClearPass Guest 3.9 | Deployment Guide To complete the form, you must enter the number of visitor accounts you want to create.A

ClearPass Guest 3.9 | Deployment Guide Guest Management | 209 Lifetime – the account lifetime in minutes, or N/A if the account does not have a life

ClearPass Guest 3.9 | Deployment Guide ClearPass Guest | 21 Chapter 11, “High Availability Services” describes the optional high availability servi

210 | Guest Management ClearPass Guest 3.9 | Deployment Guide 2. In the Number of Accounts field, enter the number of accounts you wish to create. 3.

ClearPass Guest 3.9 | Deployment Guide Guest Management | 211Managing Guest AccountsUse the Guest Manager Accounts list view to work with individual

212 | Guest Management ClearPass Guest 3.9 | Deployment Guide You can use the Filter field to narrow the search parameters. You may enter a simple sub

ClearPass Guest 3.9 | Deployment Guide Guest Management | 213Click the Update Account button to reset the guest account’s password. A new account r

214 | Guest Management ClearPass Guest 3.9 | Deployment Guide Click the Update Account button to update the properties of the guest account. A new a

ClearPass Guest 3.9 | Deployment Guide Guest Management | 215You can use the Filter field to narrow the search parameters. You may enter a simple sub

216 | Guest Management ClearPass Guest 3.9 | Deployment Guide Use the selection row at the top of the table to work with the current set of selected a

ClearPass Guest 3.9 | Deployment Guide Guest Management | 217.To complete the form, you must either specify a file containing account information, or

218 | Guest Management ClearPass Guest 3.9 | Deployment Guide In this example, the following data was used:username,visitor_name,password,expire_timed

ClearPass Guest 3.9 | Deployment Guide Guest Management | 219Click the Next Step button to preview the final result.Step 3 of 3 displays a preview

22 |ClearPass Guest ClearPass Guest 3.9 | Deployment Guide If You Need More AssistanceIf you encounter a problem using ClearPass Guest, your first ste

220 | Guest Management ClearPass Guest 3.9 | Deployment Guide Exporting Guest Account InformationGuest account information may be exported to a file i

ClearPass Guest 3.9 | Deployment Guide Guest Management | 221 SMS and email receipts – Include a short text message with your guest’s username and p

222 | Guest Management ClearPass Guest 3.9 | Deployment Guide  Username Length –This field is displayed if the Username Type is set to “Random digits

ClearPass Guest 3.9 | Deployment Guide Guest Management | 223Figure 27 Customize Guest Manager page (part 2)—continued Expire Action – Default acti

224 | Guest Management ClearPass Guest 3.9 | Deployment Guide Figure 28 Customize Guest Manager page (part 3)—continued Lifetime Options – Default v

ClearPass Guest 3.9 | Deployment Guide Guest Management | 225 Password Display – Select the “View guest account passwords” to enable the display of

226 | Guest Management ClearPass Guest 3.9 | Deployment Guide  modify_password: This field controls password modification for the visitor account. It

ClearPass Guest 3.9 | Deployment Guide Guest Management | 227Visitor Account Expiration Properties do_expire, modify_expire_time, expire_after and e

228 | Guest Management ClearPass Guest 3.9 | Deployment Guide “Logout” indicates that a RADIUS Disconnect-Request will be used for all active sessions

ClearPass Guest 3.9 | Deployment Guide Guest Management | 229These forms are accessed directly:  create_multi form – multiple account creation crea

ClearPass Guest 3.9 | Deployment Guide Management Overview | 23Chapter 2Management OverviewThis section explains the terms, concepts, processes, and e

230 | Guest Management ClearPass Guest 3.9 | Deployment Guide A complete list of fields is displayed when you click the Fields command link on the Cus

ClearPass Guest 3.9 | Deployment Guide Guest Management | 231You can specify the default properties to use when adding the field to a form. See “Vie

232 | Guest Management ClearPass Guest 3.9 | Deployment Guide Displaying Views that Use a FieldYou are able to click the Show Views link to see a li

ClearPass Guest 3.9 | Deployment Guide Guest Management | 233Duplicating Forms and ViewsClick the Duplicate link to make a copy of a form or view.

234 | Guest Management ClearPass Guest 3.9 | Deployment Guide Form fields have a rank number, which specifies the relative ordering of the fields when

ClearPass Guest 3.9 | Deployment Guide Guest Management | 235Each field can only appear once on a form. The Field Name selects which underlying field

236 | Guest Management ClearPass Guest 3.9 | Deployment Guide  Check box – A check box is displayed for the field. The check box label can be specifi

ClearPass Guest 3.9 | Deployment Guide Guest Management | 237Because an array value may not be stored directly in a custom field, you should use the

238 | Guest Management ClearPass Guest 3.9 | Deployment Guide How this works: Suppose the first two check boxes are selected (in this example, with ke

ClearPass Guest 3.9 | Deployment Guide Guest Management | 239 File upload – Displays a file selection text field and dialog box (the exact appearanc

24 | Management Overview ClearPass Guest 3.9 | Deployment Guide Reference Network DiagramThe following figure shows the network connections and protoc

240 | Guest Management ClearPass Guest 3.9 | Deployment Guide  Password text field – The field is displayed as a text field, with input from the user

ClearPass Guest 3.9 | Deployment Guide Guest Management | 241The “Vertical” and “Horizontal” layout styles control whether the radio buttons are orga

242 | Guest Management ClearPass Guest 3.9 | Deployment Guide  Static text (Raw value) – The field’s value is displayed as a non-editable text string

ClearPass Guest 3.9 | Deployment Guide Guest Management | 243 Static group heading – The label and description of the field is used to display a gro

244 | Guest Management ClearPass Guest 3.9 | Deployment Guide  Text area – The field is displayed as a multiple-line text box. The text typed in this

ClearPass Guest 3.9 | Deployment Guide Guest Management | 245Form Validation PropertiesThe form va lidation properties control the validation of data

246 | Guest Management ClearPass Guest 3.9 | Deployment Guide Validation errors are displayed to the user by highlighting the field(s) that are in err

ClearPass Guest 3.9 | Deployment Guide Guest Management | 247With these validator settings, users that enter an invalid value will now receive a vali

248 | Guest Management ClearPass Guest 3.9 | Deployment Guide Note that the regular expression used here includes beginning and ending delimiters (in

ClearPass Guest 3.9 | Deployment Guide Guest Management | 249For pre-registered guest accounts, some fields may be completed during pre-registration

ClearPass Guest 3.9 | Deployment Guide Management Overview | 25Figure 3 Interactions involved in guest accessClearPass Guest is part of your network

250 | Guest Management ClearPass Guest 3.9 | Deployment Guide The Conversion step should be used when the type of data displayed in the user interface

ClearPass Guest 3.9 | Deployment Guide Guest Management | 251A comparison of these two approaches is shown below to illustrate the difference: When u

252 | Guest Management ClearPass Guest 3.9 | Deployment Guide Because of the scoping rules of JavaScript, all of the user interface elements that make

ClearPass Guest 3.9 | Deployment Guide Guest Management | 253column are also shown in the list view. Values displayed in italics are default values d

254 | Guest Management ClearPass Guest 3.9 | Deployment Guide The Column Format may be used to specify how the field’s value should be displayed. You

ClearPass Guest 3.9 | Deployment Guide Guest Management | 255This process is shown as follows. See Figure 30.Figure 30 Sequence diagram for guest se

256 | Guest Management ClearPass Guest 3.9 | Deployment Guide The Register Page is the name of a page that does not already exist. There are no spaces

ClearPass Guest 3.9 | Deployment Guide Guest Management | 257Figure 31 Guest self-registration process.A guest self-registration page consists of ma

258 | Guest Management ClearPass Guest 3.9 | Deployment Guide Using a Parent PageTo use the settings from a previously configured self-registration pa

ClearPass Guest 3.9 | Deployment Guide Guest Management | 259The Allowed Access and Denied Access fields are access control lists that determine if

26 | Management Overview ClearPass Guest 3.9 | Deployment Guide Figure 4 Sequence diagram for network access using AAAIn the standard AAA framework,

260 | Guest Management ClearPass Guest 3.9 | Deployment Guide Template code for the title, header, and footer may be specified. See “Smarty Template

ClearPass Guest 3.9 | Deployment Guide Guest Management | 261Editing Guest Receipt Page PropertiesClick the Receipt Page link or one of the Title, He

262 | Guest Management ClearPass Guest 3.9 | Deployment Guide Editing Receipt ActionsClick the Actions link to edit the actions that are available o

ClearPass Guest 3.9 | Deployment Guide Guest Management | 263The Receipt Actions form opens. 3. In the Sponsorship Confirmation area at the bottom of

264 | Guest Management ClearPass Guest 3.9 | Deployment Guide The Guest Registration login page is displayed as the guest would see it. When a guest c

ClearPass Guest 3.9 | Deployment Guide Guest Management | 265When email delivery is enabled, the following options are available to control email del

266 | Guest Management ClearPass Guest 3.9 | Deployment Guide These options under Enabled are available to control delivery of SMS receipts: Disable

ClearPass Guest 3.9 | Deployment Guide Guest Management | 267If automatic guest login is not enabled, the submit button on the receipt page will not

268 | Guest Management ClearPass Guest 3.9 | Deployment Guide The login page consists of two separate parts: the login form page, and a login message

ClearPass Guest 3.9 | Deployment Guide Guest Management | 269The self-service portal is accessed through a separate link that must be published to gu

ClearPass Guest 3.9 | Deployment Guide Management Overview | 27Key FeaturesRefer to the table below for a list of key features and a cross-reference

270 | Guest Management ClearPass Guest 3.9 | Deployment Guide session (that is, the guest’s HTTP client address is the same as the RADIUS Framed-IP-Ad

ClearPass Guest 3.9 | Deployment Guide Guest Management | 271Next, enable the “Required Field” option in the Self-Service Portal properties. Setting

272 | Guest Management ClearPass Guest 3.9 | Deployment Guide Plain text print templates may be used with SMS services to send guest account receipts;

ClearPass Guest 3.9 | Deployment Guide Guest Management | 273 Your guest account has been updated.</p>{elseif $action == "delete"}{/i

274 | Guest Management ClearPass Guest 3.9 | Deployment Guide Use the Remove, Move Up, Move Down, Insert Before, and Insert After links to adj

ClearPass Guest 3.9 | Deployment Guide Guest Management | 275Select one of the following entities in the Entity drop-down list: Operator Profiles –

276 | Guest Management ClearPass Guest 3.9 | Deployment Guide Customize Random Username and PasswordsIn this example we will set the random usernames

ClearPass Guest 3.9 | Deployment Guide Guest Management | 277 <th class="nwaLeft">Error</th><td class="nwaBody"&

278 | Guest Management ClearPass Guest 3.9 | Deployment Guide 4. Click Save Changes to save your settings. Once the field is enabled or inserted, yo

ClearPass Guest 3.9 | Deployment Guide Guest Management | 2794. Confirm that the accounts settings are as you expected with respect to letters and di

28 | Management Overview ClearPass Guest 3.9 | Deployment Guide Visitor Account FeaturesIndependent activation time, expiration time, and maximum usag

280 | Guest Management ClearPass Guest 3.9 | Deployment Guide Administrator > Plugin Manager > Manage Plugins and click the Configuration link f

ClearPass Guest 3.9 | Deployment Guide Guest Management | 281All devices created by one of methods described in the following section are listed. Opt

282 | Guest Management ClearPass Guest 3.9 | Deployment Guide 1. In the Account Expiration row, choose one of the options in the drop-down list to set

ClearPass Guest 3.9 | Deployment Guide Guest Management | 283Activating a Device To activate a disabled device’s account, click the device’s row in t

284 | Guest Management ClearPass Guest 3.9 | Deployment Guide 2. If you need to change the activation time, choose one of the options in the Account A

ClearPass Guest 3.9 | Deployment Guide Guest Management | 285Viewing Current Sessions for a DeviceTo view any sessions that are currently active for

286 | Guest Management ClearPass Guest 3.9 | Deployment Guide 1. In the Sponsor’s Name row, enter the name of the person sponsoring the visitor accoun

ClearPass Guest 3.9 | Deployment Guide Guest Management | 2875. To set the account’s expiration time, choose one of the options in the Account Expira

288 | Guest Management ClearPass Guest 3.9 | Deployment Guide Figure 34 Modify fieldsEdit the receipt form fields:  Edit username to be a Hidden fie

ClearPass Guest 3.9 | Deployment Guide Guest Management | 289 UI: Hidden field  Field Required: optional  Validator: IsValidMacAddress  Add or en

ClearPass Guest 3.9 | Deployment Guide Management Overview | 29Visitor Management TerminologyThe following tables describes the common terms used in

290 | Guest Management ClearPass Guest 3.9 | Deployment Guide && NwaDynamicLoad('NwaNormalizeMacAddress') // Required call &&am

ClearPass Guest 3.9 | Deployment Guide Guest Management | 291Figure 35 RADIUS Role EditorNote that modify_expire_time supports any valid syntax of s

292 | Guest Management ClearPass Guest 3.9 | Deployment Guide Automatically Registering MAC Devices in ClearPass Policy Manager If ClearPass Policy Ma

ClearPass Guest 3.9 | Deployment Guide Guest Management | 293Any of the other standard fields can be added similar to importing regular guests. Advan

294 | Guest Management ClearPass Guest 3.9 | Deployment Guide For debugging purposes, include the following to see all the fields available: {dump var

ClearPass Guest 3.9 | Deployment Guide Guest Management | 295 On the Manage Multiple Sessions form, the start time of each session is used to select

296 | Guest Management ClearPass Guest 3.9 | Deployment Guide traffic, the session is considered ‘stale’ and is not counted towards the active session

ClearPass Guest 3.9 | Deployment Guide Guest Management | 297You may enter a simple substring to match a portion of the username or any other fields

298 | Guest Management ClearPass Guest 3.9 | Deployment Guide 1. To close all stale sessions at a certain time, mark the Close Open Sessions radio but

ClearPass Guest 3.9 | Deployment Guide Guest Management | 299 To set a specific date and time, choose Specify a fixed end time from the drop-down li

ClearPass Guest 3.9 | Deployment Guide | 3ContentsChapter 1 ClearPass Guest ...

30 | Management Overview ClearPass Guest 3.9 | Deployment Guide Deployment ProcessAs part of your preparations for deploying a visitor management solu

300 | Guest Management ClearPass Guest 3.9 | Deployment Guide calendar picker. In the calendar, use the arrows to select the year and month, click the

ClearPass Guest 3.9 | Deployment Guide Guest Management | 3012. Use the Start Time row to indicate the beginning of the time range for selecting sess

302 | Guest Management ClearPass Guest 3.9 | Deployment Guide 2. Use the filter to specify the group of addresses that should receive the message. See

ClearPass Guest 3.9 | Deployment Guide Guest Management | 303In the SMS Gateway field, if you choose Custom HTTP Handler from the drop-down list, you

304 | Guest Management ClearPass Guest 3.9 | Deployment Guide If your country uses a national dialing prefix such as “0”, you may enter this on the fo

ClearPass Guest 3.9 | Deployment Guide Guest Management | 305.Complete the form by typing in the SMS message and entering the mobile phone number tha

306 | Guest Management ClearPass Guest 3.9 | Deployment Guide ClearPass Guest may be configured to automatically send SMS receipts to visitors, or to

ClearPass Guest 3.9 | Deployment Guide Guest Management | 307Figure 36 Configure SMS Services PluginSMS Receipt – Select the print template to be us

308 | Guest Management ClearPass Guest 3.9 | Deployment Guide  Auto-Send Field – Select a guest account field which, if set to a non-empty string or

ClearPass Guest 3.9 | Deployment Guide Guest Management | 309Figure 37 Customize SMS Receipt pageSMS Receipt FieldsThe behavior of SMS receipt opera

ClearPass Guest 3.9 | Deployment Guide Management Overview | 31Site Preparation Checklist The following is a checklist of the items that should be co

310 | Guest Management ClearPass Guest 3.9 | Deployment Guide values “_Disabled” and “_Enabled” may be used to never send an SMS or always send an SMS

ClearPass Guest 3.9 | Deployment Guide Guest Management | 311Email receipts may be sent manually by clicking the Send email receipt link displayed

312 | Guest Management ClearPass Guest 3.9 | Deployment Guide Email Receipt OptionsThe Customize Email Receipt form may be used to set default options

ClearPass Guest 3.9 | Deployment Guide Guest Management | 313 Always send using ‘cc:’ – The Copies To list is always sent a copy of any guest accoun

314 | Guest Management ClearPass Guest 3.9 | Deployment Guide SMTP Receipt Fields The behavior of email receipt operations can be customized with cert

ClearPass Guest 3.9 | Deployment Guide Guest Management | 315 smtp_warn_before_template_id – This field overrides the print template ID specified un

316 | Guest Management ClearPass Guest 3.9 | Deployment Guide

ClearPass Guest 3.9 | Deployment Guide Report Management | 317Chapter 8Report ManagementThe Reporting Manager provides you with a set of tools to sum

318 | Report Management ClearPass Guest 3.9 | Deployment Guide Number of sessions per NAS – This report shows the total number of sessions per NAS in

ClearPass Guest 3.9 | Deployment Guide Report Management | 319RunThe Run option allows you to change the date range of the report before it is run. C

32 | Management Overview ClearPass Guest 3.9 | Deployment Guide

320 | Report Management ClearPass Guest 3.9 | Deployment GuideThe Report Type editor allows you to change the defaults for the Date Range and the Form

ClearPass Guest 3.9 | Deployment Guide Report Management | 321 Visible-only access – the report is visible in the list. It can be viewed in HTML but

322 | Report Management ClearPass Guest 3.9 | Deployment GuideExporting Report DefinitionsReport definitions may be exported to a file and later impor

ClearPass Guest 3.9 | Deployment Guide Report Management | 323Importing report DefinitionsReport definitions may be imported from a file that has been

324 | Report Management ClearPass Guest 3.9 | Deployment GuideAbout Custom ReportsThe Report Editor is used to build a custom report. The process used

ClearPass Guest 3.9 | Deployment Guide Report Management | 325Data SourcesThe available data sources are: Local RADIUS Accounting – Accounting traffi

326 | Report Management ClearPass Guest 3.9 | Deployment GuideFigure 42 Reporting – Bin west of GMTThe next diagram is similar but for time zones tha

ClearPass Guest 3.9 | Deployment Guide Report Management | 327Group classifications may be created using the report editor. See “Groups” in this cha

328 | Report Management ClearPass Guest 3.9 | Deployment GuideFigure 46 Components of the Report EditorReport Type

ClearPass Guest 3.9 | Deployment Guide Report Management | 329The Report Type link opens a window where you type a distinct name or Title for the repo

ClearPass Guest 3.9 | Deployment Guide Setup Guide | 33Chapter 3Setup GuideThis section covers the initial deployment and configuration of ClearPass G

330 | Report Management ClearPass Guest 3.9 | Deployment Guide Properties for classification methods (bin size and offset) Properties for output ser

ClearPass Guest 3.9 | Deployment Guide Report Management | 331Parameter User Interface EditingThe Edit Parameter form is used to specify the default v

332 | Report Management ClearPass Guest 3.9 | Deployment GuideThe initial value displayed on this form for a report parameter may be specified as the

ClearPass Guest 3.9 | Deployment Guide Report Management | 333Click the Save Changes button to return to the Report Editor.Select FieldsIf you have

334 | Report Management ClearPass Guest 3.9 | Deployment GuideEach source field has a name that is unique within the report. You can also attach a des

ClearPass Guest 3.9 | Deployment Guide Report Management | 335If you select to calculate a value by summing over source fields, you are required to no

336 | Report Management ClearPass Guest 3.9 | Deployment GuideTo add additional filters, click the first source filter. An action row is displayed wit

ClearPass Guest 3.9 | Deployment Guide Report Management | 337You must then select the filter from the Filter Type drop down list. The following optio

338 | Report Management ClearPass Guest 3.9 | Deployment GuideTo create a bin or a classification group, click the Create Classifier tab in the Edit

ClearPass Guest 3.9 | Deployment Guide Report Management | 339 Time measurement: bin by days – See “Binning Example – Time Measurements” in this ch

34 | Setup Guide ClearPass Guest 3.9 | Deployment Guide Setting Up the Virtual Appliance VMware Workstation or VMware Player The virtual appliance is

340 | Report Management ClearPass Guest 3.9 | Deployment GuideLike the statistic fields, metrics share a close relationship with the report’s classifi

ClearPass Guest 3.9 | Deployment Guide Report Management | 341 Median value – the median (middle) value of the source field over the selected classif

342 | Report Management ClearPass Guest 3.9 | Deployment Guide Number of distinct values – the number of distinct values that the statistic field tak

ClearPass Guest 3.9 | Deployment Guide Report Management | 343You are required to enter a unique name for this output series. You must also select the

344 | Report Management ClearPass Guest 3.9 | Deployment GuideTo edit an output series field, click the Edit link for the field. The Edit Series fi

ClearPass Guest 3.9 | Deployment Guide Report Management | 345 Match filters check if a value matches a particular condition, which could be a regula

346 | Report Management ClearPass Guest 3.9 | Deployment Guide Unconditionally exclude item if filter matches – If the filter matches the item in the

ClearPass Guest 3.9 | Deployment Guide Report Management | 347 Scatter PolarIn general, the first field in the output series is used as the category

348 | Report Management ClearPass Guest 3.9 | Deployment GuideThis standard header includes the report title, the time at which the report was run, an

ClearPass Guest 3.9 | Deployment Guide Report Management | 349Creating the Report – Step 1 The following form will be displayed when the Create New Re

ClearPass Guest 3.9 | Deployment Guide Setup Guide | 35The configuration for the virtual machine includes one virtual Ethernet adapter. The initial n

350 | Report Management ClearPass Guest 3.9 | Deployment GuideCreating Sample Reports Report Based on Modifying an Existing ReportThis sample involves

ClearPass Guest 3.9 | Deployment Guide Report Management | 351Report Created from Report Manager using Create New ReportTo create a report that lists

352 | Report Management ClearPass Guest 3.9 | Deployment Guide6. Select the required fields in Step 2. For this report the fields are shown in the scr

ClearPass Guest 3.9 | Deployment Guide Report Management | 3539. You can continue to further enhance this report using the Report Editor. To change th

354 | Report Management ClearPass Guest 3.9 | Deployment Guide11. The Source Field will be changed to nas_ip_address, as this report is to calculate t

ClearPass Guest 3.9 | Deployment Guide Report Management | 35520. Click the Back to report editor link to return to the Report Editor.21. As there a

356 | Report Management ClearPass Guest 3.9 | Deployment Guide 0 => /* group 0 */ array ( 'a' => /* group value: &apo

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 357Chapter 9Administrator TasksThe Administrator module provides tools used by a network

358 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Configuring Integration with Other ClearPass Servers The Administrator module lets yo

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 3593. To configure integration with ClearPass Profiler, mark the Enable Profiling check b

36 | Setup Guide ClearPass Guest 3.9 | Deployment Guide Console User Interface FunctionsWhen you log in to the console user interface, the following m

360 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Automatic Network Diagnostics When you view or edit the appliance’s network configura

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 361Viewing or Setting System Hostname The system hostname is a fully-qualified domain nam

362 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide  Edit – Change the configuration of a network interface, including IP address, DNS

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 363 To specify an IP address for the network interface, select Manually configure IP add

364 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Click the Save Changes button to update the network interface with the specified se

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 365Managing Static RoutesIn the Network Interfaces list view, click the network interface

366 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Figure 47 Network diagram showing IP addressing for a GRE tunnel To create a GRE tun

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 367Use the Create a VLAN interface link to create a new network interface with a specif

368 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide VLAN interfaces are distinguished from other network interfaces with blue icons. The

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 369Secondary network interfaces have the same name as the underlying physical interface,

ClearPass Guest 3.9 | Deployment Guide Setup Guide | 37Accessing the Graphical User InterfaceAfter you start ClearPass Guest, the initial startup scr

370 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide The ‘Deny Behavior’ drop-down list may be used to specify the action to take when acc

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 371Select a diagnostic from the drop-down list. Depending on the diagnostic you have sele

372 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide form. Additional RADIUS attributes may also be included by adding Attribute-Name = V

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 373Select the network interface and, if required, enter filtering parameters to restrict

374 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Once the packet capture has completed, the status is updated, and a link to Downloa

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 375The fields on each line are separated by any number of blanks or tab characters. Any

376 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide The SNMP Setup form is used to configure the system’s SNMP server and enable SNMP acc

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 377SNMP version 2c has only one configuration option, which is the name of the community

378 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide  SNMP-VIEW-BASED-ACM-MIB TCP-MIB UCD-DISKIO-MIB UCD-DLMOD-MIB UCD-SNMP-MIB UDP-

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 379The From Address must be specified. This is the sender of the email and will be visibl

38 | Setup Guide ClearPass Guest 3.9 | Deployment Guide Accepting the ClearPass Guest License Agreement The first time you log in, you are prompted to

380 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide A completed sample certificate request is shown below.Click the Create Certificate

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 381The process for installing an SSL certificate has been simplified. In the first step,

382 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide To resolve this error, first check that you have provided the correct intermediate ce

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 383Backup and RestoreClick the Backup & Restore command link on the Administrator sta

384 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Server Configuration), you can select to back up the entire area or only a particular

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 385You are able to select either a complete or custom backup to run on the schedule. The

386 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide  proxy*: proxy related arguments quote=CMD: send custom command to FTP server requ

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 387restore, be sure to select the appropriate items by clicking the tick icon for each co

388 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide server. To access the Content Manager, click the Content Manager command link on the

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 389Downloading ContentTo download a file from the Internet for use in ClearPass Guest, cl

ClearPass Guest 3.9 | Deployment Guide Setup Guide | 39To create a new password for the administrator account: 1. (Optional) For enhanced security, y

390 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Performing a Security AuditUse the Check Security command link on the Administrator &

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 391attention. Use the Disable Check link to prevent the security audit from raising warn

392 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide 1. To configure notifications, go to Administrator > Notifications. The Configure

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 393Determining Installed Operating System PackagesUse the Advanced view of the System Inf

394 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide clusters after the plugins are updated. Please see Destroying a Cluster and Cluster S

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 395Plugins cannot be disabled or removed if other enabled plugins are dependent on them.

396 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide The default view of the Add New Plugins page lists all available updates and plugins

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 397To undo any changes to the plugin’s configuration, click the plugin’sRestore default

398 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide 1. To change the application’s title, enter the new name in the Application Title fie

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 3992. The default navigation layout is “expanded.” To change the behavior of the navigati

4 | ClearPass Guest 3.9 | Deployment GuideConfiguring the ClearPass Guest Subscription ID...45Installing Subscrip

40 | Setup Guide ClearPass Guest 3.9 | Deployment Guide 2. In the Hostname field, enter the new name. A valid hostname is a domain name that contains

400 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide To ensure that authentication, authorization, and accounting (AAA) is performed corre

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 401System ControlThe System Control commands on the Administrator > System Control pag

402 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide  5—Notice: normal but significant condition 6—Informational: informational messages

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 403Facility: Redirecting Application Log Messages To redirect log messages from the appli

404 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide For high-traffic sites that are maintaining many weeks of log files, enter a non-zero

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 405Figure 48 Data Retention Policy pageSelect Enable to enable the the data retention po

406 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Changing Database Configuration ParametersThe Database Configuration form allows you

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 407Changing Web Application ConfigurationCertain performance and security options may be

408 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Changing Web Server ConfigurationHigh-traffic deployments may need to adjust certain

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 409This report can be downloaded for support purposes.Adding Disk SpaceStorage capacity c

ClearPass Guest 3.9 | Deployment Guide Setup Guide | 41ClearPass Guest must be configured appropriately for your organization’s relevant network infr

410 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide .

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 411System LogThe system log viewer available on the Support > System Logs page displa

412 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide Use the Filter tab to control advanced filtering settings, such as which logs to se

ClearPass Guest 3.9 | Deployment Guide Administrator Tasks | 413Searching the Application LogYou are able to search for particular log records using t

414 | Administrator Tasks ClearPass Guest 3.9 | Deployment Guide

ClearPass Guest 3.9 | Deployment Guide Hotspot Manager | 415Chapter 10Hotspot ManagerThe Hotspot Manager controls self provisioned guest or visitor ac

416 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide Manage Hotspot Sign-upYou can enable visitor access self provisioning by navigating to Cu

ClearPass Guest 3.9 | Deployment Guide Hotspot Manager | 417The Require HTTPS field, when enabled, redirects guests to an HTTPS connection for greate

418 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide You can customize which plans are available for selection, and any of the details of a pl

ClearPass Guest 3.9 | Deployment Guide Hotspot Manager | 419Creating New PlansCustom hotspot plans are added by clicking the Create Hotspot plan bu

42 | Setup Guide ClearPass Guest 3.9 | Deployment Guide Configuring SMTP Mail Settings To configure SMTP settings: 1. Go to Administrator > Network

420 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide  eWAY Netregistry Paypal WorldPayClearPass Guest also includes a Demo transaction pro

ClearPass Guest 3.9 | Deployment Guide Hotspot Manager | 421You can customize the title shown on the invoice and how the invoice number is created. Y

422 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide Customize Page OnePage one of the guest self-provisioning process requires that the guest

ClearPass Guest 3.9 | Deployment Guide Hotspot Manager | 423

424 | Hotspot Manager ClearPass Guest 3.9 | Deployment Guide See “Smarty Template Syntax” in the Reference chapter for details about the template sy

ClearPass Guest 3.9 | Deployment Guide High Availability Services | 425Chapter 11High Availability ServicesThe goal of a highly available system is to

426 | High Availability Services ClearPass Guest 3.9 | Deployment Guide A cluster’s virtual IP address is a unique IP address that will always be assi

ClearPass Guest 3.9 | Deployment Guide High Availability Services | 427Deploying an SSL CertificateSpecial consideration needs to be given to deploym

428 | High Availability Services ClearPass Guest 3.9 | Deployment Guide Replicating the database contents ensures that in the event of a primary node

ClearPass Guest 3.9 | Deployment Guide High Availability Services | 429 SNMP server settings ( See “SNMP Configuration” in the Administrator Tasks

ClearPass Guest 3.9 | Deployment Guide Setup Guide | 432. For details on how to complete the SNMP configuration, see “SNMP Configuration” in the Admi

430 | High Availability Services ClearPass Guest 3.9 | Deployment Guide The cluster will continue operating without service interruption. Network serv

ClearPass Guest 3.9 | Deployment Guide High Availability Services | 431Cluster SetupBefore you begin, review this checklist to ensure you are prepare

432 | High Availability Services ClearPass Guest 3.9 | Deployment Guide Prepare Primary NodeUse the Cluster Configuration form to enter the basic netw

ClearPass Guest 3.9 | Deployment Guide High Availability Services | 433If you have not already set a unique hostname for this server, you can do so h

434 | High Availability Services ClearPass Guest 3.9 | Deployment Guide You must enter a shared secret for this cluster. The shared secret is used to

ClearPass Guest 3.9 | Deployment Guide High Availability Services | 435The Cluster Initialization form is displayed. Select the check box and click t

436 | High Availability Services ClearPass Guest 3.9 | Deployment Guide Cluster MaintenanceUse the Cluster Maintenance command link to access maintena

ClearPass Guest 3.9 | Deployment Guide High Availability Services | 4375. A progress meter is displayed while the cluster is recovered. The cluster’s

438 | High Availability Services ClearPass Guest 3.9 | Deployment Guide A similar procedure can be used to rebuild the cluster in the event of a secon

ClearPass Guest 3.9 | Deployment Guide High Availability Services | 439Immediately after the cluster is destroyed, both nodes will have the same data

44 | Setup Guide ClearPass Guest 3.9 | Deployment Guide To use a public NTP server, enter the following hostnames: 0.pool.ntp.org 1.pool.ntp.org 2.poo

440 | High Availability Services ClearPass Guest 3.9 | Deployment Guide

ClearPass Guest 3.9 | Deployment Guide Reference | 441Chapter 12ReferenceBasic HTML SyntaxClearPass Guest allows different parts of the user interface

442 | Reference ClearPass Guest 3.9 | Deployment Guide For more details about HTML syntax and detailed examples of its use, consult a HTML tutorial or

ClearPass Guest 3.9 | Deployment Guide Reference | 443Smarty Template SyntaxClearPass Guest’s user interface is built using the Smarty template engin

444 | Reference ClearPass Guest 3.9 | Deployment Guide CommentsTo remove text entirely from the template, comment it out with the Smarty syntax {* com

ClearPass Guest 3.9 | Deployment Guide Reference | 445 <!-- included if $collection is empty -->{/section}Note that the content after a {secti

446 | Reference ClearPass Guest 3.9 | Deployment Guide Predefined Template FunctionsTemplate functions are used to perform different kinds of processi

ClearPass Guest 3.9 | Deployment Guide Reference | 447 The “icon” parameter is the SRC to the image of the icon. This should normally be a relative

448 | Reference ClearPass Guest 3.9 | Deployment Guide  The “icon” parameter, if specified, is the SRC to the image of the icon. This should normally

ClearPass Guest 3.9 | Deployment Guide Reference | 449Usage example:{nwa_radius_query _method=GetCallingStationTraffic callingstationid=$dhcp_lease.

ClearPass Guest 3.9 | Deployment Guide Setup Guide | 45To define the RADIUS network access servers: 1. In the Name field, enter a descriptive name to

450 | Reference ClearPass Guest 3.9 | Deployment Guide  GetUserActiveSessions($username, $callingstationid = null) GetCurrentSession($criteria) Get

ClearPass Guest 3.9 | Deployment Guide Reference | 451nwa_makeid{nwa_makeid …}Smarty registered template function. Creates a unique identifier and as

452 | Reference ClearPass Guest 3.9 | Deployment Guide The “reset” parameter may be specified to clear any existing navigation settings.Usage example:

ClearPass Guest 3.9 | Deployment Guide Reference | 453 The ‘output’ parameter specifies the metadata field to returnIf ‘output’ is not specified, th

454 | Reference ClearPass Guest 3.9 | Deployment Guide Usage examples:{nwa_userpref name=prefName}{nwa_userpref name=prefName default=10}{nwa_userpref

ClearPass Guest 3.9 | Deployment Guide Reference | 455The full list of special formats is: The % items on the right hand side are the same as those s

456 | Reference ClearPass Guest 3.9 | Deployment Guide Date/Time Format String Reference Table 43 Date and Time Format StringsFormat Result%a Abbrevi

ClearPass Guest 3.9 | Deployment Guide Reference | 457Programmer’s ReferenceNwaAlnumPasswordNwaAlnumPassword($len)Generates an alpha-numeric password

458 | Reference ClearPass Guest 3.9 | Deployment Guide NwaDigitsPassword($len)NwaDigitsPassword($len)Generates digit-only passwords of at least $len c

ClearPass Guest 3.9 | Deployment Guide Reference | 459Formats a monetary amount for display purposes. The current page language is used to adjust fo

46 | Setup Guide ClearPass Guest 3.9 | Deployment Guide To provide your subscription information: 1. In the Subscription ID field, enter your subscrip

460 | Reference ClearPass Guest 3.9 | Deployment Guide See “NwaParseCsv” and “NwaVLookup”.NwaParseXmlNwaParseXml($xml_text)Parses a string as an XM

ClearPass Guest 3.9 | Deployment Guide Reference | 461NwaVLookupNwaVLookup($value, $table, $column_index, $range_lookup = true, $value_column = 0, $c

462 | Reference ClearPass Guest 3.9 | Deployment Guide Table 46 GuestManager Standard FieldsField Descriptionaccount_activation String. The current

ClearPass Guest 3.9 | Deployment Guide Reference | 463do_expire Integer that specifies the action to take when the expire time of the account is rea

464 | Reference ClearPass Guest 3.9 | Deployment Guide expire_time Integer. Time at which the account will expire. The expiration time should be spec

ClearPass Guest 3.9 | Deployment Guide Reference | 465modify_expire_usage String. Value indicating how to modify the expire_usage field. This field i

466 | Reference ClearPass Guest 3.9 | Deployment Guide netmask String. Network address mask to use for stations using the account. This field may be

ClearPass Guest 3.9 | Deployment Guide Reference | 467password_last_change Integer. The time that the guest’s password was last changed. The password

468 | Reference ClearPass Guest 3.9 | Deployment Guide random_username_method String. Identifier specifying how usernames are to be created. It may be

ClearPass Guest 3.9 | Deployment Guide Reference | 469Hotspot Standard FieldsThe table below describes standard fields available for the Hotspot form

ClearPass Guest 3.9 | Deployment Guide Setup Guide | 47To install the default selections:  You do not need to make any selections; the system has al

470 | Reference ClearPass Guest 3.9 | Deployment Guide SMS Services Standard FieldsThe table below describes standard fields available for the SMS Ser

ClearPass Guest 3.9 | Deployment Guide Reference | 471Table 49 SMPT Services Standard FieldsField Descriptionauto_send_smtp Boolean. Flag indicatin

472 | Reference ClearPass Guest 3.9 | Deployment Guide Format Picture String SymbolsWhen generating a username or password using the nwa_picture_passw

ClearPass Guest 3.9 | Deployment Guide Reference | 473Any other alphanumeric characters in the picture string will be used in the resulting username

474 | Reference ClearPass Guest 3.9 | Deployment Guide 'corp-domain.com', 'other-domain.com', ), 'deny' => a

ClearPass Guest 3.9 | Deployment Guide Reference | 475 username – specifies the name of the field containing the username. If empty or unset, the pa

476 | Reference ClearPass Guest 3.9 | Deployment Guide  NwaConvertOptionalInt – Converts a string representation of an integer to the equivalent inte

ClearPass Guest 3.9 | Deployment Guide Reference | 477NwaDateFormat Format a date like the PHP function strftime(), using the argument as the date f

478 | Reference ClearPass Guest 3.9 | Deployment Guide View Display Expression Technical ReferenceA page that contains a view is displayed in an opera

ClearPass Guest 3.9 | Deployment Guide Reference | 479Standard RADIUS Request FunctionsThese functions are available for use in condition expressions

48 | Setup Guide ClearPass Guest 3.9 | Deployment Guide Operator logins are the login accounts used for administration and management of ClearPass Gue

480 | Reference ClearPass Guest 3.9 | Deployment Guide If the expression evaluates to true, the AccessReject() will cause authorization to be refused.

ClearPass Guest 3.9 | Deployment Guide Reference | 481MacEqual()MacEqual($addr1, $addr2)Compares two MAC addresses for equality, using their canonica

482 | Reference ClearPass Guest 3.9 | Deployment Guide If $to_time is specified, the interval considered is between $from_time and $to_time.Returns th

ClearPass Guest 3.9 | Deployment Guide Reference | 483 Another way to limit the past 30 days downloads to 100 MB:return GetUserTraffic($now - 86400*

484 | Reference ClearPass Guest 3.9 | Deployment Guide GetCallingStationSessions()GetCallingStationSessions($from_time, $to_time = null, $mac_format =

ClearPass Guest 3.9 | Deployment Guide Reference | 485 'acctsessionid' => '4a762dbf00000002', 'acctuniqueid' =>

486 | Reference ClearPass Guest 3.9 | Deployment Guide See “GetCurrentSession()” for details of the return value.GetUserStationCount()GetUserStation

ClearPass Guest 3.9 | Deployment Guide Reference | 487Example:Use the following as a conditional expression for an attribute. If the user's traf

488 | Reference ClearPass Guest 3.9 | Deployment Guide listen.type = not set Type of packets to listen for. Allowed values are “auth” for authenticati

ClearPass Guest 3.9 | Deployment Guide Reference | 489Security Configuration Proxy Configuration Table 57 Security Configuration SettingsValue Descr

ClearPass Guest 3.9 | Deployment Guide Onboard | 49Chapter 4OnboardOnboarding is the process of preparing a device for use on an enterprise network by

490 | Reference ClearPass Guest 3.9 | Deployment Guide SNMP Query ConfigurationThe SNMP query configuration value is snmp = no. To enable SNMP queryin

ClearPass Guest 3.9 | Deployment Guide Reference | 491Authentication Module Configuration thread.max_requests_per_server = 0 Set the maximum number o

492 | Reference ClearPass Guest 3.9 | Deployment Guide Database Module Configuration EAP Module ConfigurationSet the advanced.eap = 1 option to enable

ClearPass Guest 3.9 | Deployment Guide Reference | 493The following EAP module options are usually not required, as EAP configuration can be performe

494 | Reference ClearPass Guest 3.9 | Deployment Guide module.eap_tls = no Enables EAP-TLS module.The following functions onfigure digital certificate

ClearPass Guest 3.9 | Deployment Guide Reference | 495LDAP Module ConfigurationThe following LDAP module options are usually not required, as LDAP se

496 | Reference ClearPass Guest 3.9 | Deployment Guide ldap.password_attribute = “nspmPassword” To support Novell eDirectory Universal Password, this

ClearPass Guest 3.9 | Deployment Guide Reference | 497ldap.tls_certfile = not set The PEM Encoded certificate file that should be presented to client

498 | Reference ClearPass Guest 3.9 | Deployment Guide Rewrite Module ConfigurationThe attr_rewrite module can be used to perform pattern matching and

ClearPass Guest 3.9 | Deployment Guide Reference | 499List of Standard Radius AttributesAuthentication AttributesThese are the attributes the NAS use

ClearPass Guest 3.9 | Deployment Guide | 5Configuring Provisioning Settings ...89C

50 |Onboard ClearPass Guest 3.9 | Deployment Guide Configure SSL certificate for the Onboard provisioning server.A commercial SSL certificate is requi

500 | Reference ClearPass Guest 3.9 | Deployment Guide  Service-Type: This attribute indicates the type of service the user has requested, or the typ

ClearPass Guest 3.9 | Deployment Guide Reference | 501 Acct-Terminate-Cause: This attribute indicates how the session was terminated, and can only b

502 | Reference ClearPass Guest 3.9 | Deployment Guide The regular expression syntax used is Perl-compatible. For further details on writing regular e

ClearPass Guest 3.9 | Deployment Guide Glossary | 503Chapter 13Glossary802.1X IEEE standard for port-based network access control. Access-Accept Respo

504 |Glossary ClearPass Guest 3.9 | Deployment Guide in the certificate (only the certificate authority can create valid certificates). Disconnect-Ack

ClearPass Guest 3.9 | Deployment Guide Glossary | 505operator profile Characteristics assigned to a class of operators, such as the permissions grant

506 |Glossary ClearPass Guest 3.9 | Deployment Guide sponsor See operator. TLS See EAP-TLS. trust chain Sequence of certificates, starting at a truste

ClearPass Guest 3.9 | Deployment Guide Index | 507 IndexNumerics802.1Q VLAN...367802.1X ...

508 |Index ClearPass Guest 3.9 | Deployment Guide RADIUS server, importing...151RADIUS server, installing...

ClearPass Guest 3.9 | Deployment Guide Index | 509debuggingAAA debug... 114, 116RADIUS server ...

ClearPass Guest 3.9 | Deployment Guide Onboard | 51Onboard Feature List The following features are available in ClearPass Onboard. Supported Platform

510 |Index ClearPass Guest 3.9 | Deployment Guide email... 225, 463enabled ...

ClearPass Guest 3.9 | Deployment Guide Index | 511Value conversion...250Value formatter ...

512 |Index ClearPass Guest 3.9 | Deployment Guide Primary failure ...429Rebuild cluster ...

ClearPass Guest 3.9 | Deployment Guide Index | 513Subtract ...342Sum...

514 |Index ClearPass Guest 3.9 | Deployment Guide passwordresetting ...212Password Authentica

ClearPass Guest 3.9 | Deployment Guide Index | 515Report editorChart presentations ...346Classification groups

516 |Index ClearPass Guest 3.9 | Deployment Guide sequence diagramAAA ...26guest sel

ClearPass Guest 3.9 | Deployment Guide Index | 517translation rules ...196troubleshooting ...

518 |Index ClearPass Guest 3.9 | Deployment Guide

52 |Onboard ClearPass Guest 3.9 | Deployment Guide Note 1: Uses the “Over-the-air provisioning” method.Note 2: Uses the “Onboard provisioning” metho

ClearPass Guest 3.9 | Deployment Guide Onboard | 53Figure 6 Relationship of Certificates in the Onboard Public Key Infrastructure The root certifica

54 |Onboard ClearPass Guest 3.9 | Deployment Guide To disable network access for a device, revoke the TLS client certificate provisioned to the device

ClearPass Guest 3.9 | Deployment Guide Onboard | 55Network Requirements for OnboardFor complete functionality to be achieved, ClearPass Onboard has c

56 |Onboard ClearPass Guest 3.9 | Deployment Guide For example, if the Onboard server’s hostname is onboard.example.com, the OCSP URL to use is: http:

ClearPass Guest 3.9 | Deployment Guide Onboard | 57Figure 8 Detailed View of the ClearPass Onboard Network Architecture The components shown in Figu

58 |Onboard ClearPass Guest 3.9 | Deployment Guide Figure 9 ClearPass Onboard Network Architecture when Using ClearPass Guest The user experience for

ClearPass Guest 3.9 | Deployment Guide Onboard | 59Figure 10 ClearPass Onboard Process for iOS Devices The Onboard process is divided into three sta

6 | ClearPass Guest 3.9 | Deployment GuideNAS Login Parameters...135Using

60 |Onboard ClearPass Guest 3.9 | Deployment Guide Figure 11 Sequence Diagram for the Onboard Workflow on iOS Platform 1. When a BYOD device first jo

ClearPass Guest 3.9 | Deployment Guide Onboard | 61Figure 12 Over-the-Air Provisioning Workflow for iOS Platform 1. The only user interaction requir

62 |Onboard ClearPass Guest 3.9 | Deployment Guide Figure 13 ClearPass Onboard Process for Onboard-Capable Devices The Onboard process is divided int

ClearPass Guest 3.9 | Deployment Guide Onboard | 63Figure 14 Sequence Diagram for the Onboard Workflow on Android Platform 1. When a BYOD device fir

64 |Onboard ClearPass Guest 3.9 | Deployment Guide Figure 15 Onboard Provisioning Workflow in the QuickConnect App Accessing Onboard To access ClearP

ClearPass Guest 3.9 | Deployment Guide Onboard | 65After starting the provisioning process, users of iOS and OS X are prompted to accept a configurat

66 |Onboard ClearPass Guest 3.9 | Deployment Guide <br><strong>1.</strong>&nbsp;&nbsp;&nbsp;&nbsp;{nwa_iconlink icon

ClearPass Guest 3.9 | Deployment Guide Onboard | 67The first part of the form is used to specify the connection details for the ClearPass Policy Mana

68 |Onboard ClearPass Guest 3.9 | Deployment Guide Mark the Send device information to ClearPass Profiler check box when you will use Profiler to coll

ClearPass Guest 3.9 | Deployment Guide Onboard | 69 Determine the OCSP URL for the certificate authority  View the trust chain for the certificate

ClearPass Guest 3.9 | Deployment Guide | 7Chapter 6 Operator Logins...

70 |Onboard ClearPass Guest 3.9 | Deployment Guide Select the appropriate mode for the certificate authority: Root CA – The Onboard certificate autho

ClearPass Guest 3.9 | Deployment Guide Onboard | 71In the Identity section of the form: Enter values in the Country, State, Locality, Organization,

72 |Onboard ClearPass Guest 3.9 | Deployment Guide In the Private Key section: Mark the Generate a new private key check box to create a new private

ClearPass Guest 3.9 | Deployment Guide Onboard | 73In the Identity section of the form: Enter values in the Country, State, Locality, Organization,

74 |Onboard ClearPass Guest 3.9 | Deployment Guide  The Key Type drop-down list specifies the type of private key that should be created for the cert

ClearPass Guest 3.9 | Deployment Guide Onboard | 75Click the Request a Certificate link on this page. The Request a Certificate page is displayed.Cli

76 |Onboard ClearPass Guest 3.9 | Deployment Guide Copy and paste the certificate signing request text into the Saved Request text field.Because this

ClearPass Guest 3.9 | Deployment Guide Onboard | 77Installing a Certificate Authority’s CertificateThe CA Certificate Import page may be used to: Up

78 |Onboard ClearPass Guest 3.9 | Deployment Guide Choose the file to upload in the Certificate field.To upload a single certificate, choose a certifi

ClearPass Guest 3.9 | Deployment Guide Onboard | 79 Replacement Renewal – Generates a new private key for the root certificate, and reissues the roo

8 | ClearPass Guest 3.9 | Deployment GuideVisitor Account Expiration Properties...227Other Properties

80 |Onboard ClearPass Guest 3.9 | Deployment Guide Click the Show certificate link to view the properties of a certificate in the trust chain.Creatin

ClearPass Guest 3.9 | Deployment Guide Onboard | 81Specifying the Identity of the Certificate SubjectIn the first part of the form, provide the ident

82 |Onboard ClearPass Guest 3.9 | Deployment Guide Issuing the Certificate RequestMark the Issue this certificate immediately check box to automatical

ClearPass Guest 3.9 | Deployment Guide Onboard | 83Searching for CertificatesThe Filter field can be used to quickly search for a matching certificat

84 |Onboard ClearPass Guest 3.9 | Deployment Guide Use the Format drop-down list to select the format in which the certificate should be exported. The

ClearPass Guest 3.9 | Deployment Guide Onboard | 85Once the certificate has been revoked, future checks of the certificate’s validity using OCSP or C

86 |Onboard ClearPass Guest 3.9 | Deployment Guide Use the Format drop-down list to select the format in which the certificate signing request should

ClearPass Guest 3.9 | Deployment Guide Onboard | 87Mark the Reject this request check box to confirm that the certificate signing request should be r

88 |Onboard ClearPass Guest 3.9 | Deployment Guide Paste the text into the Certificate Signing Request text field. Be sure to include the complete blo

ClearPass Guest 3.9 | Deployment Guide Onboard | 89Use the Certificate Signing Request field to select the appropriate file for upload.Note: The file

ClearPass Guest 3.9 | Deployment Guide | 9MAC Authentication in ClearPass Guest...279MAC Addre

90 |Onboard ClearPass Guest 3.9 | Deployment Guide This page is used to configure the settings for ClearPass Onboard device provisioning, including:

ClearPass Guest 3.9 | Deployment Guide Onboard | 91The Certificate Authority drop-down list can be used to select a different certificate authority.

92 |Onboard ClearPass Guest 3.9 | Deployment Guide Mark the Include device information in TLS client certificates check box to include additional fiel

ClearPass Guest 3.9 | Deployment Guide Onboard | 93Configuring Provisioning Settings for iOS and OS XThe third part of the Device Provisioning Settin

94 |Onboard ClearPass Guest 3.9 | Deployment Guide Select one of the following options in the Profile Security drop-down list to control how a device

ClearPass Guest 3.9 | Deployment Guide Onboard | 95Mark the appropriate check boxes here to enable device provisioning on the respective platforms:

96 |Onboard ClearPass Guest 3.9 | Deployment Guide The Provisioning Access warning message is displayed when HTTPS is not required for guest access. H

ClearPass Guest 3.9 | Deployment Guide Onboard | 97Enter a number in the Maximum Devices field to limit the maximum number of devices that each user

98 |Onboard ClearPass Guest 3.9 | Deployment Guide The options available in the Network Type drop-down list are: Both — Wired and Wireless – Configur

ClearPass Guest 3.9 | Deployment Guide Onboard | 99Configuring 802.1X Authentication Network SettingsClick the Protocols tab to display the Enterpri