Aruba Networks Amigopod 3.7 Скачать руководство пользователя страница 1 | Manualshive

Страница: 1 / 438

background image

Amigopod 3.7

Deployment Guide

1
2
3
...
»

Содержание Amigopod 3.7

Страница 1: ...Amigopod 3 7 Deployment Guide...

Страница 2: ...NU General Public License GPL GNU Lesser General Public License LGPL or other Open Source Licenses The Open Source code used can be found at this site http www arubanetworks com open_source Legal Noti...

Страница 3: ...28 Operational Concerns 28 Network Provisioning 28 Site Preparation Checklist 29 Chapter 3 Setup Guide 31 Hardware Appliance Setup 31 Default Network Configuration 31 Virtual Appliance Setup 32 VMware...

Страница 4: ...ns 54 Example Using Request Attributes in a Value Expression 54 Example Location Specific VLAN Assignment 54 Network Access Servers 55 Creating a Network Access Server Entry 55 Importing a List of Net...

Страница 5: ...tes for External Authentication Servers 106 Chapter 5 Operator Logins 109 Accessing Operator Logins 109 About Operator Logins 109 Role Based Access Control for Multiple Operator Profiles 109 Operator...

Страница 6: ...Validation Properties 172 Examples of Form field Validation 173 Advanced Form Field Properties 175 Form Field Validation Processing Sequence 176 Editing Views 179 View Field Editor 180 Customizing Se...

Страница 7: ...Services 234 Configuring SMTP Services 234 About Email Receipts 234 Email Receipt Options 236 SMTP Receipt Fields 238 Chapter 7 Report Management 241 Accessing Reporting Manager 241 Viewing Reports 2...

Страница 8: ...g Network Interface Settings 284 Managing Static Routes 287 Creating a Tunnel Network Interface 287 Creating a VLAN Interface 288 Managing VLAN Interfaces 289 Creating a Secondary Network Interface 29...

Страница 9: ...g 333 Filtering the System Log 333 Exporting the System Log 334 Viewing the Application Log 334 Searching the Application Log 335 Exporting the Application Log 335 Chapter 9 Hotspot Manager 337 Manage...

Страница 10: ...x 363 Standard HTML Styles 364 Smarty Template Syntax 365 Basic Template Syntax 365 Text Substitution 365 Template File Inclusion 365 Comments 366 Variable Assignment 366 Conditional Text Blocks 366 S...

Страница 11: ...etAttr 402 ShowAttr 402 MacAddr 402 MacEqual 403 MacAddrConvert 403 GetTraffic 403 GetTime 403 GetSessions 404 GetCallingStationTraffic 404 GetUserTraffic 405 GetIpAddressTraffic 405 GetCallingStation...

Страница 12: ...yment Guide List of Standard Radius Attributes 423 Authentication Attributes 423 RADIUS Server Internal Attributes 425 LDAP Standard Attributes for User Class 425 Regular Expressions 425 Chapter 12 Gl...

Страница 13: ...ovisioned 134 Figure 19 Customize Guest Manager page part 1 149 Figure 20 Customize Guest Manager page part 2 continued 151 Figure 21 Customize Guest Manager page part 3 continued 152 Figure 22 Steps...

Страница 14: ...14 Amigopod 3 7 Deployment Guide...

Страница 15: ...pported in filters 206 Table 20 Operators supported in filters 221 Table 21 Default Table Layouts 271 Table 22 Transposed Table Layouts 271 Table 23 Template Variables 272 Table 24 Default Interface S...

Страница 16: ...tion Settings 412 Table 49 Proxy Configuration Settings 412 Table 50 Thread Pool Settings 413 Table 51 Authentication Module Configuration Settings 415 Table 52 Database Modeule Configuration Settings...

Страница 17: ...scratch cards each with a defined network access time which can then be handed out in a corporate environment or sold in public access scenarios Using the built in customization features your visitors...

Страница 18: ...ounts including setting up guest self provisioning and defining new SMS or email receipts Chapter 7 Report Management covers the use of the built in reports and explains how to create new reports to s...

Страница 19: ...e Quick Help tab located at the top left of the list to display additional information about the list you are viewing and the actions that are available within the list Context Sensitive Help For more...

Страница 20: ...tep should be to consult the appropriate section in this Deployment Guide If you cannot find an answer here the next step is to contact your reseller The reseller can usually provide you with the answ...

Страница 21: ...shows a high level representation of a typical visitor access scenario See Figure 1 Figure 1 Visitor access using the Amigopod Visitor Management Appliance In this scenario visitors are using their ow...

Страница 22: ...ator operators and visitors may use different network interfaces to access the visitor management features The exact topology of the network and the connections made to it will depend on the type of n...

Страница 23: ...nsists of a group of RADIUS attributes These attributes are used to control every aspect of the guest s network session effectively defining a security policy that controls what the guest is permitted...

Страница 24: ...e user s access is granted the NAS permits the guest to access the network based on the settings provided by the Amigopod Visitor Management Appliance The NAS reports details about the user s session...

Страница 25: ...sitor accounts individually or in groups Standard Guest Management Features Manage active RADIUS sessions using RFC 3576 dynamic authorization support Active Sessions Management Import and export visi...

Страница 26: ...ticated via LDAP LDAP Operator Authentication Restrict operator logins by IP address ranges Creating a VLAN Interface Role based access control for operators Operator Profiles Configure network interf...

Страница 27: ...rminal server When a user connects to the NAS device a RADIUS access request is generated by the NAS Operator Profile The characteristics assigned to a class of operators such as the permissions grant...

Страница 28: ...What requirements will you place on the shared secret between NAS and the RADIUS server to ensure network security is not compromised What IP address ranges will operators be using to access the serv...

Страница 29: ...ss Time of day access Bandwidth allocation to guests Prioritization of traffic Different guest roles IP address ranges for operators Enforce access via HTTPS Operational Concerns Who will manage guest...

Страница 30: ...30 Management Overview Amigopod 3 7 Deployment Guide...

Страница 31: ...o the Hardware Setup Guide sheet included in the box with the appliance for detailed installation information for the chassis and rack assembly Default Network Configuration The AMG HW 100 and AMG HW...

Страница 32: ...zip file to a new directory Then start VMware vSphere Client and use the File Deploy OVF Template command to create a new virtual machine from the files in the virtual appliance directory The configu...

Страница 33: ...appliance s root password This is amigopod by default but is changed during the initial setup wizard Console User Interface Functions When logging in to the console user interface the following menu o...

Страница 34: ...C addresses of the appliance s network adapters 9 Logout Exits the console user interface 10 Shutdown appliance Shuts down and powers off the appliance Accessing the Graphical User Interface After sta...

Страница 35: ...using the default username and password Enter the username admin and the password amigopod when logging in for the first time Amigopod License Agreement Review and accept the software license agreemen...

Страница 36: ...nistrator password will not change the appliance s root password See Resetting the Root Password in the Administrator s Tasks chapter for details on resetting the appliance s root password You can pro...

Страница 37: ...work Interfaces List lets you view details and configure settings for the system s network interfaces To open this page choose Administrator Network Setup Network Interfaces The results of an automate...

Страница 38: ...rator Tasks chapter Configure HTTP Proxy If your network configuration requires the use of a HTTP proxy to access the Internet enter the details for the proxy here and click Save Changes If your HTTP...

Страница 39: ...figuration in the Administrator Tasks chapter Click the Send Test Message button to send an email to a test email address in the selected format This can be used to verify the SMTP configuration as we...

Страница 40: ...SNMP server and enable SNMP access For details on SNMP configuration See SNMP Configuration in the Administrator Tasks chapter Click the Save Changes button to apply the SNMP configuration Configure S...

Страница 41: ...nformation refer to the NTP Pool Project Web site http www pool ntp org Click the Save and Continue button to apply the server s time configuration and continue with setup Configure Default RADIUS NAS...

Страница 42: ...s to existing NAS devices Click the Create tab to define a new NAS entry for the RADIUS server For more details about creating NAS entries See Creating a Network Access Server Entry in the RADIUS Serv...

Страница 43: ...7n6 If your subscription includes SMS capabilities an SMS gateway is automatically created based on your subscription ID Incorrectly formatted subscription IDs cannot be entered in this form A form va...

Страница 44: ...erator account is configured during the setup process See About Operator Logins in the Operator Logins chapter for more details on configuring operator logins Visitor accounts are the user accounts fo...

Страница 45: ...hanges in authorization to be made while a guest is connected Lastly the RADIUS database records summarized accounting information about each guest session This allows you to generate reports about gu...

Страница 46: ...coming clients and generating responses However if you are troubleshooting an authentication problem sometimes it is convenient to see exactly what is being sent and received by the RADIUS server This...

Страница 47: ...g account Never the user has never logged in and no sessions have been recorded Logged Out the user has previously logged in but there is no current active session for this user hover over the text to...

Страница 48: ...he application log to view the AAA debug messages However for performance reasons this option should be disabled in a production environment If you do enable it for troubleshooting remember to disable...

Страница 49: ...c consentry consentry cons entr consent consen conse cons con co c Example Correcting the NAS IP Address Attribute Some NAS equipment notably Chillispot will send a NAS IP Address of 0 0 0 0 in accou...

Страница 50: ...it The attribute is enabled and will always be included in a RADIUS Access Accept message The attribute is disabled and will never be included in a RADIUS Access Accept message The attribute has a co...

Страница 51: ...ndard RADIUS attributes that are applicable to all vendors or to use the attributes particular to your vendor If you want to use the vendor specific attributes select the vendor from the drop down lis...

Страница 52: ...ibute will be included in the response only if the expression is true See Example Time of Day Conditions and Example Time Based Authorization in this chapter Expressions must be entered as PHP code Us...

Страница 53: ...ute tab 3 Select the Reply Message attribute from the drop down list Any attribute can be used for this example because the attribute will never be included in the response 4 Select Enter condition ex...

Страница 54: ...les are available for use in value expressions See View Display Expression Technical Reference in the Reference chapter for details Example Using Request Attributes in a Value Expression In this examp...

Страница 55: ...168 30 2 if it is then 100 is returned as the VLAN ID In all other cases the value 200 is returned as the VLAN ID Multiple ternary statements can be nested in parentheses to allow more than two value...

Страница 56: ...following predefined types Other NAS RFC 3576 Dynamic Authorization Extensions Compatible Aerohive RFC 3576 support Aruba Networks RFC 3576 support Aruba Networks Bluesocket Chillispot RFC 3576 suppor...

Страница 57: ...secret is used as the same value must be configured on both the RADIUS client and the RADIUS server The Web Login check box is displayed when certain vendors are selected Select this option to automat...

Страница 58: ...your data Select the Force first row as header row check box if your data contains a header row that specifies the field names This option is only required if the header row is not automatically detec...

Страница 59: ...or if an existing NAS entry will be updated Click the Update existing entries check box to select or unselect all existing NAS entries in the list Click the Create Network Access Servers button to fin...

Страница 60: ...et 7 In this way you can provide a branded and customized login page that is integrated with your existing network access devices Use this list view to define new Web login pages and to make changes t...

Страница 61: ...behavior of the Web login form There may only be some fields displayed here depending on which of the Vendor Settings you have chosen Changing the vendor settings may overwrite any customizations you...

Страница 62: ...low users to be detected via their MAC address option and click Save Configuration On the RADIUS Web Login page select Anonymous in the Authentication field Check the Auto generate the anonymous accou...

Страница 63: ...ters in this chapter for details about these parameters The NAS parameters and any extra fields specified are available for use within the Submit URL which may be a template expression This allows for...

Страница 64: ...be of use when you are creating a landing page suitable for both registered and unregistered visitors You are able to optionally create a login message in this section This could be used to welcome th...

Страница 65: ...0 0 0 0 0 to the Allowed Access list If the Denied Access list is empty only clients with an IP address that matches one of the entries in the Allowed Access list will be allowed access This behavior...

Страница 66: ...thin the template code Each parameter is defined as a page variable with the same name You can use the syntax var to display the value of the parameter var More complicated expressions can be built us...

Страница 67: ...Store for retail applications Provide mobile device App based Web authentication for transparent Wi Fi access in retail application Mobile Device Access Control MDAC environments where the Web authen...

Страница 68: ...the Open network will be dropped automatically preventing any further interaction via the full browser or other applications The following are examples of these Web sheet sessions from a Mac OS X Lio...

Страница 69: ...igopod Web Login page has shown to also prevent the display of the Captive Network Assistant on Apple devices It appears that the redirect process to the HTTPS hosted Web Login page on Amigopod preven...

Страница 70: ...redirected as part of the Aruba controller Captive Portal configuration If these devices are detected their initial request to the Apple Web site will be served locally from the Amigopod and hence em...

Страница 71: ...DIUS server uses a database to store the user accounts for authentication and other settings for the server You can set up as many databases as you like including databases on other servers However ex...

Страница 72: ...Dictionary is a complete list of all the vendor IDs vendor specific attributes and attribute values used in the RADIUS protocol The dictionary is used to translate between human readable strings and t...

Страница 73: ...tab and choosing the Export Dictionary command This saves the complete contents of the dictionary as a text file Reset Dictionary You can reset the dictionary to its default set of vendors by clickin...

Страница 74: ...an or equal to 65535 Once you have completed the form click the Create Vendor button to add this vendor to the dictionary Edit Vendor You are able to change the Vendor s name or number with the Edit V...

Страница 75: ...one of Integer String Binary IPv4 Address Date Time IPv6 Address IPv6 Prefix Interface ID 8 octets Ascend Binary Filter Attribute numbers are normally small decimal numbers in the range 0 255 These ma...

Страница 76: ...Delete Attribute icon link You will be prompted to confirm the delete operation before it takes place Add Attribute Value A Value Name with a corresponding numerical value can be created for a select...

Страница 77: ...ypes of authentication methods including digital certificates smart cards and passwords This authentication protocol is the basis for the IEEE 802 1X standard which provides port based network access...

Страница 78: ...ertificate To export a server certificate see Exporting Server Certificates Specifying Supported EAP Types To enable the EAP TLS EAP TTLS and PEAP options on the EAP Configuration form you must first...

Страница 79: ...check certificate revocation status If this option is selected an OCSP responder defined in the client certificate is used to obtain revocation status If no OCSP responder is defined in the client ce...

Страница 80: ...step 3 the certificate authority and server certificates are installed on the RADIUS server The CA root certificate is then downloaded for distribution to clients who will use this RADIUS server for a...

Страница 81: ...Expiration fields 3 Click the Continue button to proceed to step 3 Installing the Self Signed RADIUS Server Certificate On the Certificate Details form the details of the RADIUS server certificate an...

Страница 82: ...it up for use with EAP See Importing a Server Certificate Importing a Server Certificate To import a digital certificate and its private key go to RADIUS Authentication EAP 802 1X and click the Impor...

Страница 83: ...ates The Export Server Certificate form is used to export the RADIUS server s digital certificate or the certificate authority s root certificate in several different formats Select one of these optio...

Страница 84: ...ad File button and a file named Amigopod Certificate Authority p7b will be downloaded the precise name depends on the common name for the CA certificate 7 This file must be imported as a trusted root...

Страница 85: ...Guide RADIUS Services 85 2 Select the certificate in the list Right click it and choose Open 3 Click the Install Certificate button The Certificate Import Wizard appears 4 Click Next The Certificate...

Страница 86: ...ces Amigopod 3 7 Deployment Guide 5 Click the Browse button to select the Trusted Root Certification Authorities store 6 Click OK and then click Next The last page of the Certificate Import Wizard wil...

Страница 87: ...h A security warning dialog box will be displayed indicating that the root certificate authorities store is about to be updated 8 To make use of the imported root certificate make sure that the CA is...

Страница 88: ...hentication Servers To view the current domain information join or leave a domain or perform authentication tests for user accounts in the domain use the Active Directory Services command link on the...

Страница 89: ...in related information is automatically detected Use the Edit Settings link at the top of this page if any of the automatically detected settings need to be modified Joining the server to the Active D...

Страница 90: ...ement Appliance has joined the domain Plain text password Use this option to perform a plain text verification of the user s password Configuring Active Directory Domain Authentication After joining t...

Страница 91: ...s However network access equipment is often shared between all of these users This requires that different authentication sources be integrated for use by the network infrastructure The Amigopod RADIU...

Страница 92: ...ADIUS Authentication Authentication Servers The RADIUS Authentication Servers page lists all available sources that may be used for authentication Changing the properties of an authentication server r...

Страница 93: ...ings for this server See Configuring Authorization for External Authentication Servers in this chapter for details Configuring an Active Directory External Authentication Server Microsoft Active Direc...

Страница 94: ...ory but may be set to the root of the directory for example DC example DC com in order to authenticate both user and machine accounts Advanced Options additional options controlling authentication aga...

Страница 95: ...sts and is not set to FALSE the user is permitted access If the attribute exists and is set to FALSE the user is denied access If the attribute does not exist the user is denied access If access_attr_...

Страница 96: ...yes Windows sends the RADIUS server a username in the form of DOMAIN user but sends the challenge response based on only the user portion Enable this option to handle this behavior correctly ntlm_auth...

Страница 97: ...chapter for information about installing digital certificates for external authentication servers The certificate verification options that may be selected are Do not request or verify the server s c...

Страница 98: ...External Authentication Servers for a description of properties in this chapter For additional settings refer to the LDAP module options See LDAP Module Configuration in the Reference chapter Note tha...

Страница 99: ...n for External Authentication Servers The Test Authentication form for Local Certificate Authority servers includes EAP TLS settings For information on testing a Local Certificate Authority authentica...

Страница 100: ...well as all RADIUS attributes returned by the proxy server Use this option when authorization is performed entirely by the proxy RADIUS server Assign a fixed user role may be used to map all users aut...

Страница 101: ...previous usage for example via the accounting based authorization functions or based on properties of a user account for example maximum session lifetime is based on the expiration time for the accoun...

Страница 102: ...0 1 port 1812 User Name demouser User Password XXXXXXXX rad_recv Access Accept packet from host 127 0 0 1 1812 id 165 length 20 Note that in this case no RADIUS attributes are returned The Access Acc...

Страница 103: ...ed rules and an appropriate role ID is returned If no match is found false is returned which means that authorization fails and the user s Access Request will be rejected Information on the stripos fu...

Страница 104: ...ervers The Test Authentication option for a server may be used to check the connection to an authentication server or verify the authorization rules that have been configured To test an authentication...

Страница 105: ...12 container with certificate and key p12 pfx for the TLS identity 1 In the PKCS 12 row browse to the file in your system that contains both the client certificate and the client s private key When th...

Страница 106: ...ty you can use the Certificate Authority row to browse to the file When you have completed the fields for the network settings outer authentication and inner authentication click the Run Test button M...

Страница 107: ...509 or plain text Delete remove the certificate so that it will no longer be used for trust purposes To import a new certificate click the Import Certificate tab Use the Import Certificate form to spe...

Страница 108: ...108 RADIUS Services Amigopod 3 7 Deployment Guide...

Страница 109: ...gins About Operator Logins The Amigopod Visitor Management Appliance supports role based access control through the use of operator profiles Each operator using the Amigopod is assigned a profile whic...

Страница 110: ...le may be overridden in a specific operator s account settings These customized settings will take precedence over the default values defined in the operator profile Click the Manage Operator Profiles...

Страница 111: ...choose an option from the drop down list Password options are as follows Allow operators to change their password Enables the Change Password link in the navigation which allows an operator to change...

Страница 112: ...d in the database will be available This is the default option 5 The Operator Filter may be set to limit the types of accounts that can be viewed by operators Options include default no operator filte...

Страница 113: ...n the Administrator Tasks chapter 2 Optional In the Start Page row the Default setting indicates that the application s standard Home page will be the first page displayed after login To have a differ...

Страница 114: ...new visitor account select the Override the application s forms and views check box The form expands to show the forms and views that can be modified If alternative forms or views have been created y...

Страница 115: ...o view to edit and to create new profiles When you click an operator profile entry in the Operator Profiles list a menu appears that allows you to perform any of the following operations View Hide Det...

Страница 116: ...hat profile Any properties for the operator login that are set to Default are taken from the operator profile The Operator Filter field lets you select from three other options besides Default No oper...

Страница 117: ...tion of the username or any other fields that are configured for search and may include the following operators The Account Limit field lets you set a limit for the number of accounts that an operator...

Страница 118: ...t Disable temporarily disables an operator login while retaining its entry in the Operator Logins list Enable reenables a disabled operator login Duplicate makes a copy of the profile to use as a basi...

Страница 119: ...e authentication mechanism that can be readily adapted to any LDAP server s method of authenticating users by name There are built in defaults for Microsoft Active Directory servers POSIX compliant di...

Страница 120: ...AP server connection hostname and optional port number use a Server URL of the form ldap hostname or ldap hostname port See Advanced LDAP URL Syntax in this chapter for more details about the types of...

Страница 121: ...POSIX Compliant Server URL The URL of the LDAP server Bind DN The password to use when binding to the LDAP server or empty for an anonymous bind Bind Password The password to use when binding to the L...

Страница 122: ...f the form dc domain dc com where the domain name components are taken from the bind username To specify a different organizational unit within the directory include a distinguished name in the LDAP s...

Страница 123: ...ookup has been enabled for the server on the Edit Authentication Server page LDAP Operator Server Troubleshooting You can use the LDAP Operator Servers list to troubleshoot network connectivity operat...

Страница 124: ...de field use the drop down list to specify whether to search for an exact match or use wildcard values 4 Optional Click the Advanced check box to display detailed authorization information for the spe...

Страница 125: ...DN is correct the Base DN for user searches is fixed and must be specified as part of the Server URL If you need to search in different Base DNs to match different kinds of operators then you should d...

Страница 126: ...tch at end of string 4 Select a Value The Value field states what is to be matched in this case CN Administrators to look for a specific group of which the user is a member 5 Click the On Match drop d...

Страница 127: ...led operator login Move Up moves the rule up to a higher priority on the rule list Move Down moves the rule down to a lower priority on the rule list Custom LDAP Translation Processing When matching a...

Страница 128: ...ps The operator field enabled will determine if the user is permitted to log in or not The custom template uses the strip block function to remove any whitespace which makes the contents of the templa...

Страница 129: ...inistrator Operator Logins and click the Operator Logins Configuration command link to modify these configuration parameters Custom Login Message If you are deploying the Amigopod Visitor Management A...

Страница 130: ...ormation that you want displayed in the Operator Login form Select the login skin from the Login Skin drop down menu Options include the default skin or a customized skin Operator Password Options The...

Страница 131: ...og all access Log messages for operator logins whether successful or unsuccessful are shown in the application log Automatic Logout The Logout After option in the Advanced Options section lets you to...

Страница 132: ...132 Operator Logins Amigopod 3 7 Deployment Guide...

Страница 133: ...as well as the forms for guest self registration Accessing Guest Manager Use the Guest Manager command link on the Amigopod Visitor Management Appliance home page to access the guest management featur...

Страница 134: ...r to sponsored guest access but there is no need for an operator to create the account or to print the receipt See Figure 18 Figure 18 Guest access when guest is self provisioned The guest logs on to...

Страница 135: ...ts Viewing and managing active sessions Importing new accounts from a text file Exporting a list of accounts Viewing MAC devices Creating new MAC devices Customizing Guest Manager settings forms and v...

Страница 136: ...t cannot be used before the activation time or after the expiration time The Account Role specifies what type of account the visitor should have A random password is created for each visitor account T...

Страница 137: ...SMS message has been sent Click the Send email receipt link to send an email copy of the guest account receipt Use the Email Receipt form to enter the email address to which the receipt should be sent...

Страница 138: ...st Account Receipts Once a group of guest accounts has been created the details for the accounts are displayed To print the receipts select an appropriate template from the Open print window using tem...

Страница 139: ...uests List Guest Accounts This view guest_users may be customized by adding new fields or modifying or removing the existing fields See Customization of Fields in this chapter for details about this c...

Страница 140: ...lity to customize the view Click a user account s row to select it You can then select from one of these actions Reset password Changes the password for a guest account A new randomly generated passwo...

Страница 141: ...a guest account Select the appropriate Action radio button and click the Make Changes button to disable or delete the account Activate Re enables a disabled guest account or specifies an activation t...

Страница 142: ...ceipt To recover a forgotten or lost guest account password use the Reset password link Managing Multiple Guest Accounts Use the Edit Accounts list view to work with multiple guest accounts This view...

Страница 143: ...ork with You may click either the check box or the row to select a visitor account To select or unselect all visible visitor accounts click the check box in the header row of the table Table 16 Operat...

Страница 144: ...are no visitor accounts selected This form may be customized by adding new fields or modifying or removing the existing fields See Customizing Self Provisioned Access in this chapter for details abou...

Страница 145: ...at character set encoding you are using Import format The format of the accounts file is automatically detected You may specify one of the following encoding types if the automatic detection is not su...

Страница 146: ...leven secret011 2011 06 13 12 00 Because this data includes a header row that contains field names the corresponding fields have been automatically detected in the data Use the Match Fields form to id...

Страница 147: ...st at the bottom of the form and select the number of entries that should appear on each page Click the check box by the account entries you want to create or click one of the following options to sel...

Страница 148: ...lifetime is not set Expire Action Number specifying the action to take when the guest account expires 0 through 4 The default XML format consists of a userlist element containing a user element for ea...

Страница 149: ...ensitive content and advertising Default Settings for Account Creation The Guest Manager plugin configuration holds the default settings for account creation These settings can be modified by navigati...

Страница 150: ...is set to Format picture It sets the format of the password to be created See Format Picture String Symbols in the Reference chapter for a list of the special characters that may be used in the forma...

Страница 151: ...ue is 1 year after the user account is deleted If you do not want to retain any data set the value to 0 If you want to view deleted accounts in a list view or report add the delete_time field to the o...

Страница 152: ...using the Content Manager See Content Manager in the Administrator Tasks chapter If this file is called terms html then the Terms of Use URL should be public terms html Active Sessions Default maximum...

Страница 153: ...on the Guest Manager start page to be customized or removed if a single hyphen is entered About Fields Forms and Views A field is a named item of information A form is a group of fields that is used...

Страница 154: ...ed random_password_method The method used to generate a random account password If not specified the default value from the GuestManager configuration is used random_password_length The length in char...

Страница 155: ...e that expiration time and set do_expire to 4 if it has not otherwise been set If the expire_time specified is in the past set do_expire to 0 and ignore the specified expiration time Otherwise if expi...

Страница 156: ...Forms and Views The figure below shows the standard forms and views in the Amigopod Visitor Management Appliance The table below lists all the forms and views used for visitor management Table 18 Visi...

Страница 157: ...list of current or historical sessions See Active Sessions Management in this chapter guest_users view displays a list of guest accounts optimized for working with individual accounts Customization of...

Страница 158: ...line descriptions which result in separate lines displayed on the form The Field Type can be one of String Integer Boolean or No data type The No data type field would be used as a label or a submit b...

Страница 159: ...d be card_code_1 To rename the field click Edit Editing a Field You are able to alter the properties of the field by making changes to the Field Name Field Type or Description when you click the Edit...

Страница 160: ...orm or view indicates that the form or view has been modified from the defaults Click the Reset to Defaults link to remove your modifications and restore the original form Resetting a form or view is...

Страница 161: ...shows the fields in order by rank The type of each form field is displayed This controls what kind of user interface element is used to interact with the user The label and description displayed on th...

Страница 162: ...ee sections Form Display Properties Form Validation Properties Advanced Properties Each of these sections is described in more detail below Form Display Properties The form display properties control...

Страница 163: ...box A check box is displayed for the field The check box label can be specified using HTML If the check box is selected the field is submitted with its value set to the check box value default and rec...

Страница 164: ...separated list of the selected values enable the Advanced options select NwaImplodeComma for Conversion select NwaExplodeComma for Display Function and enter the field s name for Display Param The Ve...

Страница 165: ...r and time chooser A date may be typed directly into the text field or selected using the calendar The text value typed is submitted with the form If using a date time picker you should validate the f...

Страница 166: ...User Interface drop down list the field is not displayed to the user but is submitted with the form This option is often used to force a specific value such as a user s role or an expiration date Howe...

Страница 167: ...od 3 7 Deployment Guide Guest Management 167 Password text field The field is displayed as a text field with input from the user obscured The text typed in this field is submitted as the value for the...

Страница 168: ...the radio buttons are organized in top to bottom or left to right order The default is Vertical if not specified Static text The field s value is displayed as a non editable text string An icon image...

Страница 169: ...the form field editor If the Hide when no options are selectable option is selected the field will be hidden if its value is blank Static text Options lookup The value of the field is assumed to be o...

Страница 170: ...rtant CSS class to visually distinguish the group heading s title Submit button The field is displayed as a clickable form submit button with the label of the field the label of the button The descrip...

Страница 171: ...he desired minimum dimensions of the text area either with the Rows and Columns options or by specifying a width in the CSS Style for example width 460px height 100px specifies a 460 x 100 pixel minim...

Страница 172: ...value should be the key of the desired default option Likewise for date time fields that have a display function set the initial value should be a value that can be passed to the display function Sele...

Страница 173: ...the validator The Validator Argument is used to provide further instructions to the selected validator Not all validators require an argument a validator such as IsValidEmail is entirely self containe...

Страница 174: ...e a drop down list is the most suitable user interface An initial value for the form field as shown above could be used if most visitors are in fact there to visit the sales team To match against a li...

Страница 175: ...al value on form submit check box to prevent attempts to override the value set for a field When this option is set if a user modifies the field s value it reverts to the specified initial value when...

Страница 176: ...ntered value must match case or all characters choose Guest must supply field match case from the drop down list If the guest s entry does not successfully match the preregistered value the account re...

Страница 177: ...epresentation from the form field for example 2008 01 01 to UNIX time for example 1199145600 The Validator for the expire_time field is IsValidFutureTimestamp which checks an integer argument against...

Страница 178: ...ay Argument specifies the format to use for the conversion See Form Field Display Formatting Functions in the Reference chapter for a detailed list of the options available to you for the Display Func...

Страница 179: ...re columns each of which contains a single field You can change which fields are displayed and how each field is displayed You can also define your own fields using the Customize Fields page and then...

Страница 180: ...the value of a single field To use the default view display properties for a field you only need to select the field to display in the column and then click the Save Changes button To customize the v...

Страница 181: ...stomizing Self Provisioned Access Guest self registration allows an administrator to customize the process for guests to create their own visitor accounts The registration process consists of a data c...

Страница 182: ...e is displayed 4 with the details of the guest account If NAS login is enabled submitting the form on this page will display a login message 5 and automatically redirect the guest to the NAS login 6 A...

Страница 183: ...button to proceed to the next step of the setup Once a self registration page has been created you are able to edit delete duplicate or go to it providing self registration has been enabled Editing S...

Страница 184: ...oose Skin or Rename Page links to edit the basic settings for guest self registration The Basic Properties window has configurable settings such as Name Description enabling guest self registration Re...

Страница 185: ...als prior to registering guest check box The sponsor s operator profile must have the Guest Manager Create New Guest Account privilege already configured If you choose this option the authenticated pa...

Страница 186: ...maller network such as 192 168 2 192 26 which in turn is less specific than the IP address 192 168 2 201 which may also be written as 192 168 2 201 32 To determine the result of the access control lis...

Страница 187: ...he effects of the changes Click the Save Changes button to return to the process diagram for self registration Click the Save and Continue button to update the self registration page and continue to t...

Страница 188: ...dress has their existing account automatically updated Receipt Page Properties Click the Receipt Page link or one of the Title Header or Footer fields for the Receipt Page to edit the properties of th...

Страница 189: ...actions that are available once a visitor account has been created Download and Print Actions Select the Download or Print check box to enable the template and display options to deliver a receipt to...

Страница 190: ...zero value an email receipt will be generated and sent to the visitor s email address The auto send field can be used to create an opt in facility for guests Use a check box for the auto_send_smtp fi...

Страница 191: ...an be used to create an opt in facility for guests Use a check box for the auto_send_sms field and add it to the create_user form or a guest self registration instance and SMS messages will be sent to...

Страница 192: ...automatic guest login is enabled and a guest clicks the submit button from the receipt page to log in The login page is also a separate page that can be accessed by guests using the login page URL Th...

Страница 193: ...HTML sections The login message page is displayed after the login form has been submitted while the guest is being redirected to the NAS for login The title and message displayed on this page can be c...

Страница 194: ...rvice portal The behavioral properties of the self service portal are described below The Enable self service portal check box must be selected for guests to be able to access the portal Access to the...

Страница 195: ...to reset a guest account s password The default user interface for the self service portal is shown below Clicking the I ve forgotten my password link displays a form where the user password may be re...

Страница 196: ...s Print templates are used to define the format and appearance of a guest account receipt The Print Templates menu item is now located under the Customization Print Templates navigation menu Click a p...

Страница 197: ...s logos You are able to add Smarty template functions and blocks to your code These act as placeholders to be substituted when the template is actually used See Smarty Template Syntax in the Reference...

Страница 198: ...ese print template styles are designed for small thermal printers in various widths On screen assistance is provided when printing to ensure that a consistent result can be obtained Click the Preview...

Страница 199: ...list To add an entry to the list or remove an entry from the list click one of the icons in the row A Delete icon and an Add icon will then be displayed for that row Select one of the following entiti...

Страница 200: ...nager to create multiple accounts that have the ability to log in in with only the username We will refer to this as an Access Code Access Code logins requires the following plugin versions Amigopod R...

Страница 201: ...as shown below 5 Remove extraneous data from the User Account HTML field Example text is shown below table table_class_content thead tr th class nwaTop colspan 3 Access Details th tr thead tbody tr td...

Страница 202: ...olded and enabled select it and click Enable Field If the field does not exist select any field in the list for example num_accounts and select Insert After Click the Field Name drop down list select...

Страница 203: ...tication will be denied The example shown below will create 10 accounts that will expire in two weeks or fours hours after the visitors first log in whichever comes first 3 Click Create Accounts to di...

Страница 204: ...portal fallback Please refer to the Aruba WLAN documentation for setting up the controller appropriately To verify that you have the most recent MAC Authentication Plugin installed and enabled before...

Страница 205: ...Figure 25 MAC Authentication Plugin Configuration On the controller the fields look as follows Figure 26 MAC Authentication Profile Managing Devices To view the list of current MAC devices go to Guest...

Страница 206: ...click an individual page number to jump directly to that page To select a device click the device you want to work with Changing a Device s Expiration Date To change a device s expiration date click t...

Страница 207: ...then click a day to select the date 2 If you choose any option other than will not expire or now in the Account Expiration field the Expire Action row is added to the table Use the drop down list in t...

Страница 208: ...added to the form Click the button to open the calendar picker In the calendar use the arrows to select the year and month click the numbers in the Time fields to increment the hours and minutes then...

Страница 209: ...e Account expires after the Expires After row is added to the form Choose an interval of hours days or weeks from the drop down list The maximum is two weeks If you choose Account Expires at a specifi...

Страница 210: ...sing template drop down list opens a print preview window and the printer dialog Options include account details receipts in various formats a session expiration alert and a sponsorship confirmation n...

Страница 211: ...lick the Configuration link for the MAC Authentication Plugin 4 Choose one of the options in the Account Activation drop down list You may choose to activate the account immediately at a preset interv...

Страница 212: ...ink and read the agreement then mark the check box to agree to the terms 8 To commit your changes and create the device click Create MAC The Account Details and print options are displayed For more in...

Страница 213: ...ration Paired Accounts Paired accounts is a means to create a standard visitor account with credentials but to have a MAC account created in parallel that is directly tied to the visitor account These...

Страница 214: ...some form of transparent login and the Amigopod server registers the MAC for future use The device may be configured to do this automatically or you may enter the following PHP code Edit the role of...

Страница 215: ...synched modify_expire_time Friday 17 00 OPTIONAL Fixed caching time Default inherits paired account create_time time initialize the creation time auto_update_account 1 empty user id NwaCreateUser arra...

Страница 216: ...216 Guest Management Amigopod 3 7 Deployment Guide Figure 28 RADIUS Role Editor Note that modify_expire_time supports any valid syntax of strtotime...

Страница 217: ...ys to Enter conditional expression return MacEqual GetAttr Calling Station Id user mac AccessReject There is an alternative syntax where you keep the condition at Always and instead adjust the Value M...

Страница 218: ...gin Manager Manage Plugins MAC Authentication Configuration and enable MAC Detect Create a Web Login Authentication Anonymous Anonymous User _mac _mac is a special secret value Pre Auth Check Local Te...

Страница 219: ...e bottom of the list to jump forwards or backwards by one page or to the first or last page of the list You can also click an individual page number to jump directly to that page To display only sessi...

Страница 220: ...isconnected When a session is explicitly ended in either of these ways the NAS sends an accounting stop message to the RADIUS server This closes the session No further accounting updates are possible...

Страница 221: ...to save your changes and update the view or click the Reset button to remove the filter and return to the default view Managing Multiple Active Sessions To close multiple stale or open sessions or dis...

Страница 222: ...default value and can be configured for the RADIUS server Closing All Stale Sessions and Specifying a Duration You can choose to close all stale sessions at a specified time and include the reason fo...

Страница 223: ...rs days or weeks To set a specific date and time choose Specify a fixed end time from the drop down list This adds the Session End row to the form with a calendar option In the Session End row click t...

Страница 224: ...nge click the button to open the calendar picker In the calendar use the arrows to select the year and month click the numbers in the Time fields to increment the hours and minutes then click a day to...

Страница 225: ...ic date and time for closing that will apply to all selected sessions choose Specify a fixed end time from the drop down list This adds the Session End row to the form with a calendar option In the Se...

Страница 226: ...arted before the specified end time are selected If this End Time field and the Start Time field are both specified all sessions that started between the start time and end time are selected 4 When yo...

Страница 227: ...uests You can use SMS to send a customized guest account receipt to your guest s mobile phone You are also able to use SMS Services to send an SMS from your Web browser To use the SMS features of the...

Страница 228: ...onal dialing prefix such as 0 you may enter this on the form When sending an SMS to a number that starts with the national dialing prefix the prefix is removed and replaced with the country code inste...

Страница 229: ...address is determined by looking up all local operators with the special IT Administrators operator profile and using any configured email address for those operators Up to three messages will be sen...

Страница 230: ...ect the guest to which you want to send a receipt then click the Send SMS receipt link displayed on the guest account receipt page When using guest self registration SMS Delivery options are available...

Страница 231: ...ceipt Select the print template to be used when an SMS receipt is created The print template used for the receipt must be in plain text format Phone Number Field Select which guest account field conta...

Страница 232: ...list and select one of the following options Use the visitors value When you select this option the SMS gateway will always send the SMS message using the phone number and country code entered by the...

Страница 233: ...e SMS service provider If blank or unset the default value from the SMS plugin configuration is used sms_template_id This field specifies the print template ID for the SMS receipt If blank or unset th...

Страница 234: ...ied phone number SMTP Services With SMTP Services you can configure the Amigopod Visitor Management Appliance to send customized guest account receipts to visitors and sponsors by email Email receipts...

Страница 235: ...email address Auto send guest receipts by email with a special field set If the Auto Send Field is set to a non empty string or a non zero value an email receipt will be generated and sent to the visi...

Страница 236: ...in Plain text only A skin is not used and the email will be sent in plain text format Use this option to remove all formatting from the email No skin HTML only A skin is not used but the email will be...

Страница 237: ...gure 32 Customize Email Receipt page continued Check Enable warnings if you to send an alert sent when the session is about to be logged out Enter the exact text that you want to appear as the alert i...

Страница 238: ...to_send_field This field specifies the name of the field that contains the auto send flag If blank or unset the default value from the email receipt configuration is used Additionally the special valu...

Страница 239: ...ceive a copy of the visitor account receipt under Logout Warnings on the email receipt If the value is default the default carbon copy list under Logout Warnings from the email receipt configuration i...

Страница 240: ...240 Guest Management Amigopod 3 7 Deployment Guide...

Страница 241: ...ated and manage the report definitions There are twelve predefined reports Average link utilization This report calculates the average link utilization for all accounting traffic in the selected perio...

Страница 242: ...t Recent Report To view the most recently generated report click the View HTML link This opens a window with the report s name date generated and date range A graph is displayed in your default graph...

Страница 243: ...ptions form Click the Run Report button to generate the report using the selected parameters A progress window will appear as the report is generated and then the report will be displayed automaticall...

Страница 244: ...eport The Permissions link is only displayed if the current operator has the Object Permissions privilege This privilege is located in the Amigopod Administrator group of privileges The permissions de...

Страница 245: ...or deleted Update access the report is visible in the list and may be duplicated and edited The report cannot be deleted and the permissions for the report cannot be modified Update and delete access...

Страница 246: ...port If you select the Download file option clicking the Export Reports button will download the selected report definitions to your Web browser Otherwise if the View in browser option is selected the...

Страница 247: ...e the check boxes to select the reports to import and click the Import Reports button to create new reports Importing a report that already exists will replace the existing report definition Resetting...

Страница 248: ...rs in this chapter is used to restrict which data is included in the report In some reports data is classified and grouped into Bins and Groups Classification Groups Using these classification groups...

Страница 249: ...urement into a date is a bin classification because all time measurements that are made on any particular date will fall into the same bin when this classification is applied Binning can only be appli...

Страница 250: ...Groups Grouping is a classification method that applies to discrete values For example collecting together data records that have the same username is a group classification Some time measurements ca...

Страница 251: ...the statistic here could be the total amount of traffic per day See Figure 37 Figure 37 Reporting Bin statistics without groups The next figure shows statistics calculated per group when both bins and...

Страница 252: ...re 39 Components of the Report Editor Report Type The Report Type link opens a window where you type a distinct name or Title for the report You can add additional information in the Description field...

Страница 253: ...ner A report parameter can be used in many places throughout the report including In an expression used to calculate the value of a derived field As a value used in a source filter range match or list...

Страница 254: ...true else false if Substitutes the word true or false depending on the value of the parameter To create a parameter click the Create Parameter tab at the top of the Edit Parameters list view The Crea...

Страница 255: ...eport is run Otherwise if another type of user interface element is selected clicking the Run icon link from the list of reports will display a Run Options form that includes an additional user interf...

Страница 256: ...Form Validation Properties for form validation properties or Advanced Form Field Properties for advanced properties Data Source You must select a data source for the report using the Select Data Sour...

Страница 257: ...s constructed You should add source fields for any item of data on which you want to filter any items that must be aggregated or grouped together or any item over which statistics are to be calculated...

Страница 258: ...you select a field from the Data Source Field drop down list that field name is automatically placed in the Field Name area It can be changed if you want As derived fields do not exist in the Data So...

Страница 259: ...rt to be easily specified when a report is run for example by selecting the last month option for the report range When running a report you can also select specific date and time values for the start...

Страница 260: ...r The Edit link allows you to alter the options for the source filter as well as being able to disable the filter Click the Save Changes button to keep any changes you have made The Insert After link...

Страница 261: ...port subdividing it into various groups of related data and then analyzing the groups using statistics and graphs to identify the desired features Classification groups perform the task of grouping re...

Страница 262: ...ve of the endpoints of the range The bin offset is used to account for time zones See Binning Example Time Measurements in this chapter for a description Discrete bins from value of source field See D...

Страница 263: ...This is used as the group number which collects together all data records that have the same hour of the day Time measurement group by month of the year This group classification uses the specified da...

Страница 264: ...property that each value shares Indicates the structure of the classification group What is the underlying data that is being summarized Indicates the type of statistic or metric and the source fields...

Страница 265: ...of the source field over the selected classification group is calculated The form is slightly different if you select to create a metric The Field Type parameter must be changed to Computed metric an...

Страница 266: ...tput series one item in the series is generated for each item in the selected dimension of the report For example the report might define a group which contains sets of related input records this grou...

Страница 267: ...t available for the selected output series dimension or because they have been deleted from the report definition The order in which you select output fields is significant because table and chart pre...

Страница 268: ...t to determine whether a particular item will be included in the output of the report The presentation blocks of the report can only include the output data that has passed through the output filters...

Страница 269: ...of output filter that are available are the same as used in the source filters See Source Filters in this chapter for details about the types of filter that are available The Match Rule allows you to...

Страница 270: ...presentations are blocks of text included in the report You may insert the values of metrics or perform custom processing to include the output data from the report in the text For details See Text Pr...

Страница 271: ...ld be applied to the table The table may be displayed in one of two ways Assuming the output series dimension covers three values A B and C the default table layout will displays the output series fie...

Страница 272: ...eates a basic data report for the specified time range and for the specified data fields The report editor may then be used to further customize the report by defining new filters classification group...

Страница 273: ...clicked the Data Source option in the Report Editor See Data Sources in this chapter for more details about this form When you are first creating a report the fields you select here will be used to au...

Страница 274: ...rt Editor The Bin classification needs to be changed from days to weeks This is done by clicking on the Bin and then clicking the Edit button 6 The Classification method should be changed to Time meas...

Страница 275: ...ate a new report without it being based on an existing report click Create New Report 2 You must give the report a Title For this report Today s Sessions would be an appropriate name 3 Enable the repo...

Страница 276: ...ort the fields are shown in the screen below These are the fields of interest for the report 7 Click the Save Changes button to have the report created The Report Editor screen is displayed 8 If you c...

Страница 277: ...Duplicate link This creates a copy of the report which will be titled Copy of Average Traffic Volume per User 3 Click the Copy of Average Traffic Volume per User report 4 Click the Edit link to open...

Страница 278: ...rt the average_bytes field must be updated to refer to the total_nas field instead Click the average_bytes field and then click the Edit link Change Value 2 to total_nas 14 Click the Save Changes butt...

Страница 279: ...ta store so if you are not getting the results you expect from the report this could be because the data store either does not contain the right data or does not contain the right classification group...

Страница 280: ...to do this filtering Use only one classification group Multiple bin and group classification groups can be defined but this can complicate the report s structure unnecessarily To build an easily under...

Страница 281: ...res Alternatively use the Administrator navigation menu to jump directly to any of the system administration features Network Setup The Network Setup command allows you to configure the system s netwo...

Страница 282: ...the results of the diagnostic are displayed The problems that can be detected with this built in diagnostic include No default gateway set Default gateway is not responding to ICMP echo request DNS na...

Страница 283: ...remove new network interfaces To open this page choose Administrator Network Setup Network Interfaces The icons for each network interface indicate its state Down Network interface is disabled Up Netw...

Страница 284: ...e choose Administrator Network Setup Network Interfaces to display the Network Interfaces List Click the network interface s row in the list then click the Edit command The row expands to provide conf...

Страница 285: ...1500 bytes you may find it necessary to reduce the MTU slightly in some network topologies The Amigopod Visitor Management Appliance uses a default MTU of 1476 bytes unless otherwise specified in thi...

Страница 286: ...ss is configured Click the Continue button to apply the new network settings If the appliance s IP address has changed you will be automatically redirected to the new IP address If the computer you ar...

Страница 287: ...ges made to the routing table entries are applied immediately To manage existing routing entries click the entry in the table The Edit link may be used to modify the settings for a routing entry Click...

Страница 288: ...supplied which may be used without modification A Display Name may be specified to identify the connection in the list of network interfaces The IP address settings for the GRE tunnel must be specifi...

Страница 289: ...new network interface with the corresponding VLAN identifier Your network infrastructure must support tagged 802 1Q packets on the physical interface selected VLAN ID 1 is often reserved for use by ce...

Страница 290: ...Disables and re enables the VLAN interface This operation may be used to renew a DHCP lease Creating a Secondary Network Interface A secondary network interface is a secondary IP address assigned to...

Страница 291: ...and then defining those networks in the Network Login Access form To access this form navigate to Administrator Network Setup then click the Network Login Access command link The login access rules th...

Страница 292: ...es any of the entries in the Denied Access list This behavior is equivalent to adding the entry 0 0 0 0 0 to the Allowed Access list If the Denied Access list is empty only clients with an IP address...

Страница 293: ...ses Interface State Displays a summary of all network interfaces and the internal state of each interface Netstat Displays a list of currently open TCP and UDP sockets Network Kernel Parameters Displa...

Страница 294: ...gured for the system Traceroute Enter a hostname or IP address to determine the route that packets traverse to that host The test may take a considerable amount of time 30 seconds or more depending on...

Страница 295: ...packets to be captured You can enter network addresses in the Source IP and Destination IP fields by using an IP address and a network address length for example 192 168 2 0 24 Click the Capture butto...

Страница 296: ...if required and click the Capture button Network Hosts The built in hosts file may be edited to make resolving hostnames easier in certain situations or to work around DNS issues that may be present i...

Страница 297: ...should be entered on this form To manage and view the current HTTP Proxy configuration click the HTTP Proxy command link on the Administrator Network Setup page Common port numbers for HTTP proxy acc...

Страница 298: ...d MIBs in this chapter for a list of supported MIBs To restrict access to the SNMP server a list of IP address and networks may be provided from which SNMP access will be permitted Network addresses m...

Страница 299: ...ether encryption should be used Traps are notification messages sent when certain conditions are reached A trap server and community string may be provided Currently there are no defined SNMP trap mes...

Страница 300: ...link on the Administrator Network Setup page See SMTP Services in the Guest Management chapter for additional configuration options for SMTP services The built in Sendmail mail transfer agent may be...

Страница 301: ...and view SSL certificates click the SSL Certificate Setup command link on the Administrator Network Setup page If you already have a valid digital certificate for this server it may be uploaded and u...

Страница 302: ...download a csr file to your browser This file should be sent to your certificate authority to be signed and converted into a digital certificate Some certificate authorities will also request the type...

Страница 303: ...ficate is optional but is typically required for many public certificate authorities The reason for this is that the certificate authority s root certificate is not used to sign your certificate direc...

Страница 304: ...urrent SSL Certificate After a certificate has been installed either a self signed certificate created with the certificate signing request or a certificate issued by a certification authority you may...

Страница 305: ...of hardware failure or an unintended change to the configuration Backing Up Appliance Configuration The Configuration Backup command allows you to back up the current configuration of the Amigopod Vis...

Страница 306: ...3 Partial complete backup Both the down arrow and tick marks are highlighted The components of the area are displayed and any that have not been specifically marked for no backup will be changed to a...

Страница 307: ...kup filename will be backup 20080101 123456 dat The target URL specifies where the automatic backups are stored The following URL schemes are supported FTP Use the syntax ftp user password example com...

Страница 308: ...able to accept backup files Click the Run Backup Now button to run the scheduled backup immediately A progress window is displayed as the backup is run Click the Save and Close button to save the new...

Страница 309: ...found during the system restore a diagnostic message will be displayed indicating the error More details about the error will be available in the application log One or more warning messages will be d...

Страница 310: ...f content inserted To manually reference a content item you can use the URL of the item directly For example an item named logo jpg could be accessed using a URL such as http 192 168 88 88 public logo...

Страница 311: ...s size You are able to delete the content item using the Delete link You will be asked to confirm the deletion You can rename the content item using the Rename link Click the Download link to save a c...

Страница 312: ...be marked as resolved by clicking the Mark as Resolved link When this is done the status of the message will change to Resolved Marking a message as Resolved does not disable the corresponding securit...

Страница 313: ...password is required to log into the appliance s console user interface either directly at the console or remotely via SSH See Console Login in the Setup Guide chapter for an explanation The default r...

Страница 314: ...maintained by the Plugin Manager You can check for and install software updates using the process See Adding or Updating New Plugins in this chapter for details In some situations manual OS updates m...

Страница 315: ...ugins are listed by category and include Standard application plugins Provide corresponding functionality for interactive use by operators Kernel plugins Provide the basic framework for the applicatio...

Страница 316: ...rently included in your application and lets you manage them Depending on the plugin options in the list let you view details configure enable or disable or remove the plugin To view the list of avail...

Страница 317: ...ernet navigate to Administrator Plugin Manager and choose the Check for Updates command The Add New Plugins page opens Use this page to select the plugins or updates you want to install The default vi...

Страница 318: ...ble the following notification message is displayed at the top of the page This message is only displayed to administrators Configuring Plugins You can configure most standard kernel and skin plugins...

Страница 319: ...anager in this chapter Amigopod OS See Security Manager in this chapter Amigopod RADIUS Services See Server Configuration in the RADIUS Services chapter Amigopod Skin See Configuring the Amigopod Skin...

Страница 320: ...alerts you that the change cannot be undone and a comparison of the current and default settings highlights the changes that will be made 4 Review the differences between the current settings and the...

Страница 321: ...a Amigopod skin navigate to it in the Available Plugins list and click its Enable link The default skin is displayed on all visitor pages and on the login page if no other skin is specified for it How...

Страница 322: ...ekeeping and will eliminate the need for additional Internet traffic for the time server To use a public NTP server enter the following hostnames 0 pool ntp org 1 pool ntp org 2 pool ntp org You can a...

Страница 323: ...system is rebooted For this reason it is recommended that you always reboot after modifying any of these parameters System Log Configuration The System Log Configuration form allows you to modify opti...

Страница 324: ...Managing Data Retention Log Collector Storing Incoming Syslog Messages Your Amigopod server can also act as a syslog server To configure the Amigopod server to receive syslog messages sent by remote h...

Страница 325: ...option None Do not send application log messages to syslog stores all application generated messages in the separate application log If you select a specific syslog facility the minimum priority level...

Страница 326: ...ollowing priority levels are defined in the syslog protocol which is fully specified in RFC 3164 Click the Save Changes button to apply the new system log parameters The changes will take effect immed...

Страница 327: ...ow many weeks you want log files kept before they are deleted You can specify how many weeks a guest account persists after the account is disabled in the Guest Accounts field For mobile device certif...

Страница 328: ...ld that accepts multiple name value pairs You can also add comments by entering lines starting with a character The Database Maintenance of this form allows you to adjust the time or times at which th...

Страница 329: ...increased to allow larger content items to be uploaded or larger backup files to be restored Use the Enable zlib output compression check box to compress output sent to the Web server This option may...

Страница 330: ...P connections also known as pipelining may be enabled using the Enable persistent HTTP connections check box This feature is only supported for HTTP 1 1 compliant clients Click the Save Changes button...

Страница 331: ...downloaded for support purposes Adding Disk Space Storage capacity can be increased on VMware based deployments To increase available storage click the Add Space option on the System Information scre...

Страница 332: ...332 Administrator Tasks Amigopod 3 7 Deployment Guide...

Страница 333: ...ou have installed additional message sources may also be included in the system log viewer The information shown in the table is a summary of the log message Click a log entry in the table to view the...

Страница 334: ...e timestamp source level and message The details follow on lines that start with a space 2010 10 04 14 15 31 10 Amigopod info Guest account created for 98084707 XML document xml the exported data is c...

Страница 335: ...ds using the form displayed when you click the Search tab Click the Reset Form button to clear the search and return to displaying all records in the log Exporting the Application Log Use the Export t...

Страница 336: ...336 Administrator Tasks Amigopod 3 7 Deployment Guide...

Страница 337: ...aptive portal to the login page Existing customers may log in with their Hotspot username and password to start browsing New customers click the Hotspot Sign up link On page 1 the customer selects one...

Страница 338: ...navigating to Customization Hotspot Manager and selecting the Manage Hotspot Sign up command This allows you to change user interface options and set global preferences for the self provisioning of v...

Страница 339: ...his situation the MAC address of the customer will not be available and no automatic redirection to the customer s home page will be made You may want to recommend to your customers that JavaScript be...

Страница 340: ...tor Management Appliance Plans that you have enabled have their name in bold with the following icon Plans that have not been enabled do not have names in bold and their icon is a little different You...

Страница 341: ...Hotspot visitors See Format Picture String Symbols in the Reference chapter for a list of the special characters that may be used in the Generated Username and Generated Password format strings Managi...

Страница 342: ...rocessor list When you select an individual processors in the list the list displays a menu that allows you to perform the following actions Edit changes the properties of the specified transaction pr...

Страница 343: ...t basic HTML syntax You are able to use Smarty functions on this page See Smarty Template Syntax in the Reference chapter for further information on these You are able to insert content items such as...

Страница 344: ...to give this page a title some introductory text and a footer The Introduction and the Footer are HTML text that may use template syntax See Smarty Template Syntax in the Reference chapter Customize...

Страница 345: ...Amigopod 3 7 Deployment Guide Hotspot Manager 345...

Страница 346: ...Template Syntax in the Reference chapter for details about the template syntax you may use to format the content on this page View Hotspot User Interface The Hotspot manager allows you to view and te...

Страница 347: ...se if you need to recover a failed cluster Accessing High Availability Use the High Availability command link available from the Administrator start page to access the clustering and replication featu...

Страница 348: ...ty Systems for the following settings and procedure Keep alive Database replication Configuration replication Downtime threshold Network Architecture The figure below shows the network architecture fo...

Страница 349: ...unning normally In this state the primary node is assigned the cluster IP address and is responsible for delivering network services to clients Each node is also continuously performing failure detect...

Страница 350: ...ery minute The configuration items that are replicated include Configuration for installed plugins See Configuring Plugins in the Administrator Tasks chapter Fields defined in Guest Manager See Custom...

Страница 351: ...after the primary node has been offline for the downtime threshold which is 30 seconds by default Once failover has occurred the cluster status will be displayed on the secondary node as The secondar...

Страница 352: ...ter Status The current status of the cluster is shown at the top of each page that is related to High Availability Services for an explanation of each possible status and the recommended action to tak...

Страница 353: ...matically If the secondary node needs to be replaced the cluster must be rebuilt See Recovering From a Hardware Failure in this chapter The secondary node is running but the primary node is down or st...

Страница 354: ...s an IPv4 multicast address and port number By default these values are 226 94 1 1 on UDP port 4000 If this address and port combination overlaps an existing solution on your network you can adjust th...

Страница 355: ...name A valid hostname is a domain name that contains two or more components separated by a period Hostname parameters are as follows Each component of the hostname must not exceed 63 characters The to...

Страница 356: ...mary node Prepare Secondary Node To prepare the secondary node log in to that node and click the Join Cluster command link Use the Cluster Configuration form to enter the shared secret for the cluster...

Страница 357: ...s should use the cluster s IP address when provisioning guest accounts Configure NAS devices to redirect visitors to the cluster s IP address for Web login pages Only the IP address in the redirection...

Страница 358: ...rary outage and the cluster has failed over to the secondary node 2 Ensure that the primary node and the secondary node are both online 3 Log into the secondary node Due to failover this node will be...

Страница 359: ...vailable until the cluster is reinitialized 7 Click the Create New Cluster command link 8 Recreate the cluster See Cluster Setup in this chapter for a description of the process Note that the new clus...

Страница 360: ...exact synchronization of the two servers is required for High Availability Services you must first destroy the cluster then re create the cluster after the plugins are updated See Destroying a Cluste...

Страница 361: ...shorter than the downtime threshold of the cluster During a failover from the primary to the secondary node the network services provided by the cluster will be unavailable The time that the cluster w...

Страница 362: ...362 High Availability Services Amigopod 3 7 Deployment Guide...

Страница 363: ...ide the angle brackets with a forward slash for example p Use the following standard HTML tags in customization Table 29 Standard HTML Tags Item HTML Syntax Basic Content Heading level 1 h1 Main Headi...

Страница 364: ...ock div style Uses CSS formatting div div class Uses predefined style div Hypertext Hyperlink a href url Link text to click on a Inline image img src url img src url XHTML equivalent Floating image im...

Страница 365: ...e text substitution in the templates may be done with the syntax variable as shown below The current page s title is title Template File Inclusion To include the contents of another file this can be d...

Страница 366: ...ition is true use the following syntax if username tr td class nwaBody Username td td class nwaBody username td tr else No user name no table row if The condition tested in the if if block should be a...

Страница 367: ...er for the current item starting at 1 for the first item smarty foreach name total value indicating the total number of items in the collection Note that the content after a foreachelse tag is include...

Страница 368: ...embedded HTML is not interpreted by the browser nwa_commandlink nwa_commandlink nwa_commandlink Smarty registered block function Generates a command link consisting of an icon main text and explanato...

Страница 369: ...a_iconlink icon images icon info22 png text More Information more_information php nwa_iconlink The icon parameter is the SRC to the image of the icon This should normally be a relative path The text p...

Страница 370: ...ather than a P element If neither icon nor type is supplied the default behavior is to insert an info type image Specifying a type is equivalent to specifying an icon width height and alt parameter an...

Страница 371: ...control how the result should be processed _assign Name of a page variable to store the output if not set output is sent to the browser as the result of evaluating the template function _output Index...

Страница 372: ...ious request variables may also be accessed using one of two supported methods nwa_assign var _GET get_variable value nwa_assign var smarty get get_variable value The variables that can be accessed th...

Страница 373: ...ontrol HTML of a particular type Blocks are individual components of the navigation area which basically consist of HTML Blocks for actual navigation items have substitution tags in the form tagname T...

Страница 374: ...vel2_parent_inactive level3_active level3_inactive enter_level1 enter_level2 enter_level3 exit_level1 exit_level2 exit_level3 nwa_plugin nwa_plugin Smarty registered template function Generates plugin...

Страница 375: ...ss The name parameter is the name of the privilege to check If name is prefixed with a the output is included only if that privilege is NOT granted inverts the sense of the test An optional level para...

Страница 376: ...width required the width in pixels of the video height required the height in pixels of the video autoplay optional if true auto play the video chrome optional if true use the chromed player that is p...

Страница 377: ...7 2008 nwatimeformat Modifier The nwatimeformat modifier takes one argument the format description The minutes_to_natural argument converts an argument specified in minutes to a text string describing...

Страница 378: ...imal number a single digit is preceded by a space 1 to 31 h Same as b H Hour as a decimal number 00 to 23 I Hour as a decimal number 01 to 12 m Month as a decimal number 01 to 12 M Minute as a decimal...

Страница 379: ...ByteFormatBase10 NwaByteFormatBase10 bytes unknown null Formats a non negative size in bytes as a human readable number bytes KB MB GB etc Assumes base 10 rules in measurement that is 1 KB 1000 bytes...

Страница 380: ...length Any length beyond the required minimum will be made up of any allowed characters lower specifies the minimum number of lowercase characters to include or 1 to not use any lowercase characters u...

Страница 381: ...ns Function Description fs The field separator character default is comma rs The record separator character default is newline n quo The quote character default is double quote excel_compatible If tru...

Страница 382: ...nctuation At least one symbol complex At least one of each uppercase letter lowercase letter digit and symbol NwaSmsIsValidPhoneNumber NwaSmsIsValidPhoneNumber phone_number Validates a phone number su...

Страница 383: ...cters and a minimum length of 3 characters len must be at least 3 Table 36 NwaVLookup Options Option Description value The value to look for table A 2D array of data to search for example a data table...

Страница 384: ...ontrols account creation behavior it is not stored with created visitor accounts captcha Special field used to enable the use of a CAPTCHA security code on a form This field should be used with the us...

Страница 385: ...is field is available when modifying an account using the change_expiration or guest_edit forms dynamic_session_time Integer The maximum session time that would be allowed for the account if an author...

Страница 386: ...ay be set to one of the following values expire_postlogin to set the post login expiration time to the value in the expire_postlogin field plus X or minus X where X is a time measurement to extend or...

Страница 387: ...ut may be 0 to disable activation time schedule_after to set the activation time to the current time plus the number of hours in the schedule_after field plus X where X is a time measurement to extend...

Страница 388: ...e created or updated This can be used to verify that a password has been typed correctly This field controls account creation and modification behavior it is not stored with created or modified visito...

Страница 389: ...he random_password_length field nwa_strong_password to create a password using a combination of digits uppercase letters lowercase letters and some punctuation Certain characters are omitted from the...

Страница 390: ...s specified by the random_username_length field random_username_picture String The format string to use when creating a username if the random_username_method field is set to nwa_picture_password See...

Страница 391: ...racters in length visitor_company String The visitor s company name visitor_name String The visitor s full name vvisitor_phone String The visitor s contact telephone number Table 38 Hotspot Standard F...

Страница 392: ...upon creation of the account sms_auto_send_field String This field specifies the name of the field that contains the auto send flag If blank or unset the default value from the SMS plugin configuratio...

Страница 393: ...configuration is used Additionally the special value _None indicates that the visitor should not be sent any email smtp_enabled String This field may be set to a non zero value to enable sending an e...

Страница 394: ...ail receipt configuration is used smtp_warn_before_cc_action String This field overrides how copies are sent as indicated under Logout Warnings on the email receipt to send copies of email receipts It...

Страница 395: ...validator IsInOptionsList Checks against a list of options in the policy definition IsNonEmpty Checks that the value is a non empty string length non zero and not all whitespace or a non empty array...

Страница 396: ...meCidr Checks that the value is a valid IP address or hostname which may also have an optional N suffix indicating the network prefix length in bits CIDR notation IsValidHostnamePort Checks that the v...

Страница 397: ...ath is The validator argument may optionally be an array containing a scheme key that specifies an array of acceptable URL protocols IsValidUsername Checks that the value is a valid username Usernames...

Страница 398: ...or false and true respectively If the argument is a string containing a character the string is split at the separator and used for false and true values If the argument is an array the 0 and 1 index...

Страница 399: ...by splitting the string at each comma and forming an array of all the substrings created in this way NwaNumberFormat Formats a numeric value as a string If the argument is null or not supplied the cur...

Страница 400: ..._BooleanText data enabled Enabled Disabled Displays either Enabled or Disabled depending on the value of the enabled field parseInt data do_expire 0 Nwa_DateFormat data expire_time Y m d H M N A Displ...

Страница 401: ...et and the if_undefined parameter was provided returns if_undefined Otherwise the number is converted to a string using the number of decimal places specified in decimals default 0 the decimal point c...

Страница 402: ...f the attribute to look up The attribute name is not case sensitive If the attribute was not included with the Access Request returns NULL Example usage As a condition expression for an attribute retu...

Страница 403: ...ally to_time is used with the criteria to narrow the search If to_time is not specified from_time is a look back time that is the time interval in seconds before the current time If to_time is specifi...

Страница 404: ...ified This should be a sprintf style format string that accepts 6 arguments the octets of the MAC address The default if not specified is the IEEE 802 standard format 02X 02X 02X 02X 02X 02X that is u...

Страница 405: ...etCallingStationTime GetCallingStationTime from_time to_time null mac_format null Calculate sum of session times in a specified time interval Because different NAS equipment can send differently forma...

Страница 406: ...sSessions from_time null to_time null Calculate the number of sessions for accounting records matching a specific IP address The IP address attribute is looked up automatically from the RADIUS Access...

Страница 407: ...essCurrentSession ip_addr null Looks up the current most recent active session for the specified client IP address If ip_addr is not specified it defaults to the current value of smarty server REMOTE_...

Страница 408: ...at relative Calculates the session time remaining for a given user account if the user account was to be authenticated at the moment of the call The username parameter is required This is the username...

Страница 409: ...86400 50e6 ChangeToRole Over Quota RADIUS Server Options These are the advanced server options that may be configured using the RADIUS Server Options text field Where applicable the default value for...

Страница 410: ...s out from that address This directive is most useful for machines with multiple IP addresses on one interface It can either contain or an IP address or a fully qualified Internet domain name listen i...

Страница 411: ...er no nospace_pass no Some users like to enter spaces in their username or password incorrectly To save yourself the tech support call you can eliminate those spaces here Allowed values before after n...

Страница 412: ...ning Allowed values are no and yes Table 49 Proxy Configuration Settings Value Description proxy_requests yes Turns proxying of RADIUS requests on or off The server has proxying turned on by default I...

Страница 413: ...robably don t want too many spare threads around otherwise they ll be sitting there taking up resources and not doing anything productive The default configuration should be adequate for most situatio...

Страница 414: ...ty or the servers never exit thread max_queue_size 65536 Set the maximum number of incoming requests which may be queued for processing After the queue reaches this size new requests are dropped The d...

Страница 415: ...osoft CHAP authentication This module supports MS CHAP and MS CHAPv2 authentication It also enforces the SMB Account Ctrl attribute mschap use_mppe no If use_mppe is set to yes the mschap module will...

Страница 416: ...elay retrying on a failed database connection per socket sql safe_characters not set A list of characters that may be stored in database fields without being escaped This may be set to the value all t...

Страница 417: ...Access Accept it copies one more byte than it should Work around this issue by adding an extra zero byte module eap_md5 yes Enables md5 EAP type EAP MD5 authentication is not recommended for wireless...

Страница 418: ...ocol which can be described as EAP inside of Diameter inside of TLS inside of EAP inside of RADIUS The TTLS module needs the TLS module to be installed and configured in order to use the TLS tunnel in...

Страница 419: ...in EAP There is another incompatible implementation of MS CHAPv2 in EAP by Cisco which is not currently supported Table 54 LDAP Module Settings Setting Description module ldap no Lightweight Director...

Страница 420: ...p_debug 0 Debug flags for LDAP SDK see OpenLDAP documentation Example LDAP_DEBUG_FILTER LDAP_DEBUG_CONNS ldap ldap_debug 0x0028 ldap identity not set The DN under which LDAP searches are done ldap pas...

Страница 421: ...o yes and the attribute exists the user is allowed to get remote access If the attribute exists and is set to FALSE the user is denied remote access If the attribute does not exist the user is denied...

Страница 422: ...t states the group the user belongs to The attribute can either contain the group name or the group DN If it contains the group DN groupmembership_attribute will also be used to find the group s name...

Страница 423: ...nd Access Accept packets Framed Protocol This attribute indicates the framing to be used for framed access It may be used in both Access Request and Access Accept packets module attr_rewrite name repl...

Страница 424: ...ed Attributes not suitable for general usage Session Timeout This attribute sets the maximum number of seconds of service to be provided to the user before termination of the session or prompt Idle Ti...

Страница 425: ...account using an incorrect password badPwdCount The badPwdCount property specifies the number of times the user tried to log on to the account using an incorrect password codePage The codePage proper...

Страница 426: ...characters a b or c a z0 9A Z Any alphanumeric character a z Any character not in the set a through z a Matches zero or one a a Matches one or more a aa aaa a Matches zero or more empty string a aa aa...

Страница 427: ...by NAS Provides access to network only to authorized users criteria An array that consists of one or more criteria on which to perform a data based search This array is used for advanced cases where p...

Страница 428: ...tor access to the Amigopod Visitor Management Appliance see Operator Profile session Service provided by a NAS to an authorized user skin The skin of a Web site is its external appearance or look and...

Страница 429: ...323 System information 330 System logs 333 Web application settings 329 Web server settings 330 amigopod subscription ID 42 Apple Captivie Network Assistant 67 Application log 334 Export 334 Files 334...

Страница 430: ...rce field 257 Source filter 259 Static route 287 Statistic 264 User Roles 50 Vendor 74 VLAN interface 289 Web login page 60 creating account filter 112 117 session filter 112 117 CSV Caching 379 Parsi...

Страница 431: ..._expiry 391 card_name 391 card_number 391 city 391 country 391 creator_accept_terms 153 Customize 157 Delete 159 do_expire 155 do_schedule 154 dynamic_expire_time 385 dynamic_is_expired 385 Edit 159 e...

Страница 432: ...27 157 Form field Advanced properties 175 CAPTCHA 163 Checklist 163 Date time picker 165 Display properties 162 Drop down list 165 Enable If 178 Group heading 170 Hidden 166 Initial value 172 Passwor...

Страница 433: ...347 Cluster initialization 357 Cluster maintenance 357 Cluster status 352 Deployment process 357 Destroy cluster 360 Join cluster 356 Navigation 347 Network architecture 348 Primary failure 351 Rebuil...

Страница 434: ...teway 286 Default settings 31 DHCP configuration 284 Diagnostics 292 DNS lookup 293 Ethernet settings 285 Firewall rules 293 GRE tunnel 288 Hostname 282 Hosts file 294 296 HTTP proxy 297 Install SSL c...

Страница 435: ...stom fields 198 Edit using wizard 199 Print Templates 27 Print templates 196 Create 197 Create using wizard 198 Permissions 199 244 SMS receipts 196 Proxy RADIUS 92 Configuring 98 Public key infrastru...

Страница 436: ...anager 241 Reports Bin number 249 Binning 249 Classification groups 251 Custom reports 248 Data source field 257 Delete 244 Derived field 257 Duplicate 244 Export 246 Grouping 250 History 242 Import 2...

Страница 437: ...01 Installing 302 Stale session 220 Static routes 287 Statistics 263 Average 264 Maximum value 264 Median value 265 Minimum value 265 Sum 265 Subscription ID 42 316 Sysctl parameters 323 System contro...

Страница 438: ...27 VLAN RADIUS Attributes 54 VLAN interface 289 VSA 75 Delete 76 W Web login Using parameters 66 Web Logins 27 Web logins 59 Access controls 64 Destination URL 63 Look and feel 63 NAS redirect 65 Web...

Отзывы:

Нет отзывов

Похожие инструкции для Amigopod 3.7

Бренд: IBM Страницы: 34

WiFi-Doc Client for iOS

Бренд: Mitsubishi Страницы: 10

Bluetooth for Microsoft Windows

Бренд: Broadcom Страницы: 30

Бренд: SonicWALL Страницы: 20

Бренд: HP Страницы: 15

Surestore 5200ex - Optical Disk Drives

Бренд: HP Страницы: 77

Бренд: HP Страницы: 778

Network Video Recorder

Бренд: ACTi Страницы: 132

Earthmate GPS BT-20

Бренд: DeLorme Страницы: 9

Topo North America

Бренд: DeLorme Страницы: 369

Бренд: Navman Страницы: 82

Бренд: Mackie Страницы: 12

Бренд: MACROMEDIA Страницы: 358

Interactive UNIX

Бренд: ICP Страницы: 6

VBRICK APPLIANCE VB4000

Бренд: VBrick Systems Страницы: 124

PowerRIP Stylus

Бренд: Epson Страницы: 80

Бренд: Epson Страницы: 16

Бренд: HP Страницы: 283

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды