AMIGOPOD AMIGOPODOS 3.3 Скачать руководство пользователя | Manualshive

Страница: 37 / 51

background image

Aruba Networks, Inc.

Amigopod Configuration

|

37

Amigopod and ArubaOS Integration

Application Note

Configure the RADIUS User Role

The RADIUS user role is a collection of one or many RADIUS standard or vendor-specific attributes
(VSAs). These attributes can be used to signal role-based access control context back to the Aruba
controller as shown in

Figure 30

.

Figure 30 RADIUS user role definition

The

Aruba-User-Role

is an example of an Aruba VSA that allows a RADIUS authentication session to

automatically have a user role applied. The example of auth-guest is a user role that is defined as part
of the campus VRD baseline configuration.
Amigopod automatically calculates the available time of a guest session and return this value in the
session-timeout attribute so the controller can manage the termination of the session. For example, if a
guest account was created with a 2-hour expiry, Amigopod returns a session-timeout value of 7200
seconds.

«
...
35
36
37
38
39
...
»

Содержание AMIGOPODOS 3.3

Страница 1: ...Amigopod and ArubaOS Integration Version 1 0...

Страница 2: ...MS ANY AND ALL OTHER REPRESENTATIONS AND WARRANTIES WEATHER EXPRESS IMPLIED OR STATUTORY INCLUDING WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE TITLE NONINFRINGEMENT ACCURACY AND QUE...

Страница 3: ...ify the AAA Profile 21 Define a Policy to Permit Traffic to Amigopod 23 Enable Captive Portal on Initial Role of Captive Portal Profile 25 Verify Virtual AP Configuration 26 Chapter 4 Amigopod Configu...

Страница 4: ...Aruba Networks Inc Table of Contents 4 Amigopod and ArubaOS Integration Application Note Chapter 6 Troubleshooting Tips 49 Appendix A Contacting Aruba Networks 50 Contacting Aruba Networks 50...

Страница 5: ...entity based security features Depending on whether the license is installed the captive portal functions work differently and you configure captive portal differently The detailed configuration steps...

Страница 6: ...web browser and pass an authentication check before access to the network is granted An example page is shown in Figure 1 Figure 1 Amigopod captive portal page Captive portal authentication is the si...

Страница 7: ...OS Plus Amigopod Not supported Limited support Supported Captive Portal Customization Captive portal customization Captive portal per SSID customization Anonymous logon One time tokens access codes We...

Страница 8: ...session time across multiple logins Limit guest session data total bytes Limit guest session bandwidth Mb s Limit guest session to single concurrent login Hotspot and Hospitality Features Walled garde...

Страница 9: ...the scope of the local deployment With the introduction of Amigopod all visitor accounts are created authenticated and accounted for on the Amigopod internal RADIUS server Enterprise Features and Scal...

Страница 10: ...sted web page the initial HTTP traffic is intercepted by the Aruba controller and redirected to the Amigopod web login page defined in the captive portal profile 3 The guest user enters their user cre...

Страница 11: ...duration of the guest login and the Aruba controller user role that defines the PEF policies and bandwidth contracts that could be applied to the session When the Aruba controller receives the Access...

Страница 12: ...S server definition requires that the following fields be configured Host should be configured to the Amigopod IP address Key is the shared secret that is needed to secure RADIUS communications Amigop...

Страница 13: ...ng a RADIUS Server aaa authentication server radius Amigopod host 10 169 130 50 key Figure 4 Adding a RADIUS server N O T E Ensure that the key is recorded because you will need this shared secret for...

Страница 14: ...e 10 169 145 0 24 network VLAN 145 This network is used to send the RADIUS transactions toward the Amigopod deployed on 10 169 130 50 Based on the VLAN numbering in the VRD Local Controller deployment...

Страница 15: ...rver to a Server Group A server group must be created to define which authentication server will be referenced during the authentication of visitor accounts This server group is then referenced in the...

Страница 16: ...ifies the user session to be terminated by inclusion of the session identification attributes Change of Authorization CoA messages CoA request packets contain information for dynamically changing sess...

Страница 17: ...a Networks Inc ArubaOS Configuration 17 Amigopod and ArubaOS Integration Application Note RFC3576 Server Configuration aaa rfc 3576 server 10 169 130 50 key wireless Figure 7 RFC3576 server configurat...

Страница 18: ...ve portal profile definition is described in Table 3 In this example the login and welcome page URLs are configured In a later step these URLs will be defined on the Amigopod as part of the web login...

Страница 19: ...edirect URLs for the login and welcome pages Based on this configuration the best practice is to install a trusted server certificate on the Amigopod and the controller s web server components of the...

Страница 20: ...tive Portal Profile Now that the new captive portal profile has been created you must select the server group for the Amigopod RADIUS definition as the authentication source Configure the Authenticati...

Страница 21: ...ofile defined as part of the baseline for guest access in the campus VRD resource Then modify the guestnet AAA profile as follows The initial role remains as the guest logon role but it is modified in...

Страница 22: ...Aruba Networks Inc ArubaOS Configuration 22 Amigopod and ArubaOS Integration Application Note Enable 3576 Support aaa profile guestnet rfc 3576 server 10 169 130 50 Figure 11 Enabling RFC3576 support...

Страница 23: ...he nature of the captive portal traffic HTTP and HTTPS traffic are permitted through this policy to the Amigopod IP address Depending on the routing topology in place at each customer environment Netw...

Страница 24: ...Amigopod svc https permit queue low Figure 13 Amigopod access source NAT on VLAN example Source NAT per Application If you are using application based source NAT use this configuration Example of Sou...

Страница 25: ...browser session to the Amigopod web login URL defined in your captive portal profile This attempt fails because the default captiveportal policy is matched for http traffic The session will consequen...

Страница 26: ...profile applied Virtual AP Configuration wlan virtual ap guestnet ssid profile guestnet aaa profile guestnet Figure 16 Virtual AP configuration All the configurations from the previous steps have bee...

Страница 27: ...opod Plugins Aruba publishes regular updates for the Amigopod solution via the online software distribution server which is accessible from a standard Internet connection via the HTTPS protocol Each A...

Страница 28: ...8 Amigopod and ArubaOS Integration Application Note A correctly configured subscription ID can be verified by browsing to Amigopod Administrator Plugin Manager Manage Subscriptions as shown in Figure...

Страница 29: ...tes click Finish For the updates to take effect you must follow any prompted instruction to restart services after the installation of new or updated plugins Plugins must be updated to ensure that Ami...

Страница 30: ...troller to authenticate users it must be able to communicate with the Amigopod RADIUS instance In first step of the Aruba controller configuration a RADIUS server definition was defined This step conf...

Страница 31: ...r The NAS Type should be set to Aruba Networks RFC3576 support The Shared Secret called the Key in the first Aruba controller step must be configured and confirmed Check Create a RADIUS Web Login page...

Страница 32: ...Click Create NAS Device and you are prompted to restart the RADIUS server as seen in Figure 24 You must restart the server because the RADIUS server within Amigopod rejects any request from the Aruba...

Страница 33: ...the Aruba controller configuration chapter of this document the Login Page entry of the captive portal profile was defined as the following URL https 10 169 130 50 Aruba_login php The Page Name field...

Страница 34: ...additional security measure prevents modification of the redirect URL by individuals that might attempt to extract user credentials by spoofing the form submission to a device in their control If the...

Страница 35: ...igure 27 Figure 27 Configuration of terms and conditions Amigopod Skins and Content Customization You can leverage the Amigopod skin technology to brand the captive portal that is displayed to the wir...

Страница 36: ...ocess at the point where the contents of the Login Message HTML is displayed This delay is useful for many reasons If you need to troubleshoot any captive portal issues this delay is a good time to ob...

Страница 37: ...user role definition The Aruba User Role is an example of an Aruba VSA that allows a RADIUS authentication session to automatically have a user role applied The example of auth guest is a user role th...

Страница 38: ...ers prefer to leverage the ability of Amigopod to host a welcome page locally and enable additional user experience options such as Integrated graphical Wi Fi Logout button Present an option for the g...

Страница 39: ...me page To restore the customized welcome page check Restore settings from backup and click Restore Configuration When the restore is complete browse to Customize Web Logins and verify that the web lo...

Страница 40: ...gure 34 shows the sample welcome page developed for this guide This welcome page highlights the following integration points between the Amigopod and ArubaOS controllers Detection of guest user name l...

Страница 41: ...le This page is linked to the Wi Fi Logout button on the previous welcome page and allows for further messaging to be displayed on the logout page As shown in Figure 35 the inclusion of this sample lo...

Страница 42: ...ents are in place and are working as expected Create a Test Account Within Amigopod Guest Manager To start testing the guest access functionality an account must be created in the Amigopod local datab...

Страница 43: ...wn in Figure 37 Figure 37 Completed guest account If numeric user credentials will be challenging during your testing phase these credentials can be edited easily by clicking the List guest accounts o...

Страница 44: ...ge as shown in Figure 39 Figure 39 Updated guest account Testing RADIUS This section shows how RADIUS transactions with the Amigopod server can be tested to confirm that the configuration is correct T...

Страница 45: ...te On the Amigopod side you can also look at the end of the RADIUS log to verify that the transactions are executing on that side Figure 41 RADIUS log tail If you experience any issues with the authen...

Страница 46: ...Test Login and Verify Successful RADIUS Transaction Now that everything is set up on the Amigopod and the Aruba controller attempt to connect a test wireless or wired client to the network The session...

Страница 47: ...Log In a successful end to end RADIUS transaction should be the result You can verify by referring to the end of the RADIUS log as shown in Figure 43 Note that the client MAC address is now visible in...

Страница 48: ...Sessions page shown in Figure 44 Given the Interim Accounting support in ArubaOS 6 1 this page displays live traffic statistics based on these updates If you also have configured RFC 3576 on your Aru...

Страница 49: ...eceived from the Aruba controller Check the web login page and ensure that the correct IP address for controller is configured Check the captive portal policy and ensure that traffic is permitted to t...

Страница 50: ...emea_support arubanetworks com WSIRT Email Please email details of any security problem found in an Aruba product wsirt arubanetworks com Validated Reference Design Contact and User Forum Validated Re...

Страница 51: ...4 34526 KT 1 820 494 34526 ONSE 8 821 494 34526 Singapore Singapore Telecom 1 822 494 34526 Taiwan U CHT I 0 824 494 34526 Belgium Belgacom 0 827 494 34526 Israel Bezeq 14 807 494 34526 Barack ITC 13...

Отзывы:

Нет отзывов

Похожие инструкции для AMIGOPODOS 3.3

Бренд: Samsung Страницы: 59

COLDFUSION 5 - INSTALING AND CONFIGURING...

Бренд: MACROMEDIA Страницы: 160

PCoIP Technology

Бренд: EVGA Страницы: 27

Бренд: Navman Страницы: 53

Бренд: DeLorme Страницы: 34

POLICY MANAGER 9.0

Бренд: F-SECURE Страницы: 102

Бренд: Nordic Messaging Technologies Страницы: 62

Бренд: GRASS VALLEY Страницы: 2

Бренд: Oracle Страницы: 224

Baby Lock Embroidery Professional PLUS

Бренд: Baby Lock Страницы: 5

Бренд: Cabletron Systems Страницы: 108

VCLOUD REQUEST MANAGER

Бренд: VMware Страницы: 2

High Performance Storage System HPSS

Бренд: IBM Страницы: 311

System Generator V2.1

Бренд: Xilinx Страницы: 148

Бренд: Lucid Страницы: 10

FM2A85X Extreme4

Бренд: Lucid Страницы: 12

PowerShot A620 - 7.1MP Digital Camera

Бренд: Canon Страницы: 106

Бренд: AVIRA Страницы: 25

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды