Dell Networking W-ClearPass Guest 6.0 Скачать руководство пользователя страница 309 | Manualshive

Страница: 309 / 320

background image

PKI

Public-key infrastructure. Security technology based on digital certificates and the assurances provided by strong

cryptography. See also

certificate authority

,

digital certificate

,

public key

,

private key

.

print template

Formatted template used to generate guest account receipts.

private key

The part of a public/private key pair that is always kept private. The private key is used to encrypt a

message’s signature to authenticate the sender (only the sender knows the private key). The private key is also used
to decrypt a message that was encrypted with the sender’s public key (only the sender can decrypt it).

public key

The part of a public/private key pair that is made public. The public key is used to encrypt a message; the

recipient’s private key is required to decrypt the message. A large part of a digital certificate is the certificate owner’s
public key.

QuickConnect App

Application used to securely provision an Android, Windows, or OS X device and configure it

with network settings.

RFC

Request For Comments; a commonly-used format for Internet standards documents.

role

Type of access being granted. You can define multiple roles. Such roles could include employee, guest, team

member, or press. Roles are used for both guest access (user role) and operator access to Dell Networking W-
ClearPass Guest. See

operator profile

.

root CA

Certificate authority that signs its own certificate (a self-signed certificate), and must be explicitly trusted

by users of the CA.

SCEP

Simple certificate enrollment protocol. Protocol for requesting and managing digital certificates.

self-signed certificate

See

root CA

.

session

Service provided by a NAS to an authorized user.

skin

Web site’s external appearance, or “look and feel.” It can be thought of as a container that holds the

application, its style sheet (font size and color for example), its header and footer, and so forth.

SMS

Short Message System; a method for delivering short messages (up to 140 characters) to mobile phones.

sponsor

See

operator

.

TLS

See

EAP-TLS

.

trust chain

Sequence of certificates, starting at a trusted root certificate, that establishes the identity of each

certificate in the chain.

trusted root

See

root CA

.

unique device credentials

Network authentication credentials that uniquely identify the device and user and enable

management of provisioned devices. May be a username and password or a TLS client certificate, depending on the
type of device.

user database

Database of the guests on the system.

view

Table containing data. Used to interactively display data such as visitor accounts to operators.

visitor/guest

Someone who is permitted to access the Internet through your Network Access Server.

VPN

Virtual private network. Enables secure access to a corporate network when located remotely.

VSA

Vendor-specific attribute.

walled garden

Network resources that can be accessed by unauthorized users through the captive portal.

Web login

Login page displayed to a visitor.

X.509

Standard defining the format and contents of digital certificates.

Dell Networking W-ClearPass Guest 6.0 | Deployment Guide

Glossary | 309

«
...
307
308
309
310
311
...
»

Содержание Networking W-ClearPass Guest 6.0

Страница 1: ...Dell Networking W ClearPass Guest 6 0 Deployment Guide ...

Страница 2: ...subject to the GNU General Public License GPL GNU Lesser General Public License LGPL or other Open Source Licenses Includes software from Litech Systems Design The IF MAP client library copyright 2011 Infoblox Inc All rights reserved This product includes software developed by Lars Fenneberg et al The Open Source code used can be found at this site http www arubanetworks com open_source Legal Noti...

Страница 3: ...ation Checklist 22 Security Policy Considerations 23 AirGroup Deployment Process 23 Documentation and User Assistance 24 Deployment Guide and Online Help 24 Context Sensitive Help 24 Field Help 25 Quick Help 25 If You Need More Assistance 25 Use of Cookies 25 Guest Manager 27 Accessing Guest Manager 27 About Guest Management Processes 28 Sponsored Guest Access 28 Self Provisioned Guest Access 28 U...

Страница 4: ...s 52 AirGroup Device Registration 53 Registering Groups of Devices or Services 53 Registering Personal Devices 55 Automatically Registering MAC Devices in ClearPass Policy Manager 56 Importing MAC Devices 57 Advanced MAC Features 57 2 Factor Authentication 57 MAC Based Derivation of Role 57 User Detection on Landing Pages 58 Click Through Login Pages 58 Active Sessions Management 59 Session States...

Страница 5: ...ertificate Authority 86 Using Microsoft Active Directory Certificate Services 86 Installing a Certificate Authority s Certificate 88 Renewing the Certificate Authority s Certificate 90 Configuring Data Retention Policy for Certificates 90 Uploading Certificates for the Certificate Authority 91 Creating a Certificate 93 Specifying the Identity of the Certificate Subject 93 Issuing the Certificate R...

Страница 6: ...Connection 125 Configuring an iOS Device Email Account 127 Configuring an iOS Device Passcode Policy 129 Resetting Onboard Certificates and Configuration 130 Onboard Troubleshooting 131 Configuration 133 Accessing Configuration 133 Configuring ClearPass Guest Authentication 134 Content Manager 134 Uploading Content 135 Downloading Content 135 Additional Content Actions 136 Customizing Guest Manage...

Страница 7: ...a Single Password for Multiple Accounts 177 Editing Guest Receipt Page Properties 178 Editing Receipt Actions 178 Enabling Sponsor Confirmation for Role Selection 179 Editing Download and Print Actions for Guest Receipt Delivery 181 Editing Email Delivery of Guest Receipts 181 Editing SMS Delivery of Guest Receipts 182 Enabling and Editing NAS Login Properties 183 Editing Login Page Properties 184...

Страница 8: ...ing Customer Information 210 Managing Hotspot Invoices 210 Customizing the User Interface 211 Customizing Visitor Sign Up Page One 212 Customizing Visitor Sign Up Page Two 212 Customizing Visitor Sign Up Page Three 215 Viewing the Hotspot User Interface 217 Administration 219 AirGroup Services 220 Configuring the AirGroup Services Plugin 220 Creating AirGroup Administrators 221 Creating AirGroup O...

Страница 9: ...cal Operator Authentication 247 Creating a New Operator 248 External Operator Authentication 248 Manage LDAP Operator Authentication Servers 249 Creating an LDAP Server 249 Advanced LDAP URL Syntax 251 Viewing the LDAP Server List 251 LDAP Operator Server Troubleshooting 252 Testing Connectivity 252 Testing Operator Login Authentication 252 Looking Up Sponsor Names 253 Troubleshooting Error Messag...

Страница 10: ...ionSessions 270 GetCallingStationTime 270 GetCallingStationTraffic 271 GetCurrentSession 271 GetIpAddressCurrentSession 272 GetIpAddressSessions 272 GetIpAddressTime 272 GetIpAddressTraffic 272 GetSessions 273 GetSessionTimeRemaining 273 GetTime 273 GetTraffic 274 GetUserActiveSessions 274 GetUserActiveSessionCount 274 GetUserCumulativeUsage 274 GetUserCurrentSession 274 GetUserFirstLoginTime 274 ...

Страница 11: ...284 NwaParseCsv 284 NwaParseXml 285 NwaPasswordByComplexity 285 NwaSmsIsValidPhoneNumber 286 NwaStrongPassword 286 NwaVLookup 286 NwaWordsPassword 287 Field Form and View Reference 287 GuestManager Standard Fields 287 Hotspot Standard Fields 294 SMS Services Standard Fields 295 SMTP Services Standard Fields 296 Format Picture String Symbols 297 Form Field Validation Functions 298 Form Field Conver...

Страница 12: ...12 DellNetworking W ClearPass Guest 6 0 Deployment Guide ...

Страница 13: ...System items This fixed width font depicts the following l Sample screen output l System prompts l Filenames software devices and specific commands when mentioned in the text Commands In the command examples this bold font depicts text that you must type exactly as shown Arguments In the command examples italicized text within angle brackets represents items that you should replace with informatio...

Страница 14: ...E Indicates helpful suggestions pertinent information and important things to remember CAUTION Indicates a risk of damage to your hardware or loss of data WARNING Indicates a risk of personal injury or death Contacting Support Web Site Support Main Website dell com Support Website dell com support Documentation Website dell com support manuals ...

Страница 15: ...h operational staff can quickly and securely manage visitor network access It gives your non technical staff controlled access to a dedicated visitor management user database Through a customizable Web portal your staff can easily create an account reset a password or set an expiry time for visitors Access permissions to ClearPass Guest functions are controlled through an operator profile that can...

Страница 16: ...mobile devices to access a corporate wireless network Because access to the network is restricted visitors must first obtain a username and password A guest account may be provisioned by a corporate operator such as a receptionist who can then give the visitor a print receipt that shows their username and password for the network When visitors use self registration as might be the case for a netwo...

Страница 17: ...d the connections made to it will depend on the type of network access offered to visitors and the geographical layout of the access points Key Interactions The following figure shows the key interactions between ClearPass Guest and the people and other components involved in providing guest access Figure 3 Interactions involved in guest access DellNetworking W ClearPass Guest 6 0 Deployment Guide...

Страница 18: ...ithin Policy Manager s Enforcement Profile Additional features such as role mapping for ClearPass Guest can be performed in ClearPass Policy Manager The network usage of authorized guests is monitored by the NAS and reported in summary form to ClearPass Policy Manager using RADIUS accounting which allows administrators to generate network reports in ClearPass Insight AAA Framework ClearPass Guest ...

Страница 19: ...for a list of key features and a cross reference to the relevant section of this deployment guide Feature Refer to Visitor Access Web server providing content delivery for guests Content Manager on page 134 Guest self registration Customizing Self Provisioned Access on page 171 Visitor Management Create and manage visitor accounts individually or in groups Using Standard Guest Management Features ...

Страница 20: ...authenticated via LDAP External Operator Authentication on page 248 Role based access control for operators Operator Profiles on page 242 Plugin based application features automatically updated by ClearPass Policy Manager Plugin Manager on page 223 User Interface Features Context sensitive help with searchable online documentation Documentation and User Assistance on page 24 Visitor Management Ter...

Страница 21: ...Visitor Account Settings for a visitor stored in the user database including username password and other fields Web Login NAS Login Login page displayed to a guest user ClearPass Guest Deployment Process As part of your preparations for deploying a visitor management solution you should consider the following areas l Management decisions about security policy l Decisions about the day to day opera...

Страница 22: ...ecision Security Policy Segregated guest accounts Type of network access Time of day access Bandwidth allocation to guests Prioritization of traffic Different guest roles IP address ranges for operators Enforce access via HTTPS Operational Concerns Who will manage guest accounts Guest account self provisioning What privileges will the guest managers have Who will be responsible for printing report...

Страница 23: ...zation s shared devices and configure access according to username role or location AirGroup operators end users can use ClearPass Guest to register their personal devices and define the group who can share them Table 5 summarizes the steps for configuring AirGroup functionality in ClearPass Guest Details for these steps are provided in the relevant sections of this Guide This table does not inclu...

Страница 24: ...n page 28 Dynamic authorization extensions RFC 3576 Dynamic Authorization on page 61 SMS receipts for guest accounts SMS Services on page 228 Email receipts for guest accounts Email Receipts and SMTP Services on page 189 Network administration of the appliance Administration on page 219 Table 6 Quick Links Context Sensitive Help For more detailed information about the area of the application you a...

Страница 25: ... Support command available under Support Services in the user interface or see Contacting Support on page 14 Use of Cookies Cookies are small text files that are placed on a user s computer by Web sites the user visits They are widely used in order to make Web sites work or work more efficiently as well as to provide information to the owners of a site Session cookies are temporary cookies that la...

Страница 26: ...26 Use of Cookies DellNetworking W ClearPass Guest 6 0 Deployment Guide ...

Страница 27: ...ngle or multiple guest accounts and receipts l List guest accounts and edit individual or multiple accounts l View and manage active sessions l Import new accounts from a text file l Export a list of accounts l View MAC devices l Create new MAC devices Many features can also be customized For information on customizing Guest Manager settings forms and views guest self registration and print templa...

Страница 28: ...enticates and authorizes the guest s login in ClearPass Guest Once authorized the guest is able to access the network Self Provisioned Guest Access Self provisioned access is similar to sponsored guest access but there is no need for an operator to create the account or to print the receipt The following figure shows the process of self provisioned guest access Figure 6 Guest access when guest is ...

Страница 29: ...n please see Configuration on page 133 Creating a Guest Account To create a new account go to Guest Create Account or click the Create New Guest Account command link on the Guest Manager page The New Visitor Account form opens NOTE The New Visitor Account form create_user may be customized by adding new fields or modifying or removing the existing fields See Customizing Self Provisioned Access on ...

Страница 30: ... text message Use the SMS Receipt form to enter the mobile telephone number to which the receipt should be sent Sending SMS receipts requires the SMS Services plugin If the administrator has enabled automatic SMS and the visitor s phone number was typed into the New Visitor Account form an SMS message will be sent automatically A message is displayed on the account receipt page after an SMS messag...

Страница 31: ...name and password will be created for each visitor account This is not displayed on this form but will be available on the guest account receipt The visitor accounts cannot be used before the activation time or after the expiration time The Account Role specifies what type of accounts to create Click the Create Accounts button after completing the form Creating Multiple Guest Account Receipts Once...

Страница 32: ...sername the username for the visitor account l Password the password for the visitor account l Role the visitor account s role l Activation Time the date and time at which the account will be activated or N A if there is no activation time l Expiration Time the date and time at which the account will expire or N A if there is no activation time l Lifetime the account lifetime in minutes or N A if ...

Страница 33: ... password field on the Create Multiple Guest Accounts form you may change the number in the Rank field 6 In the User Interface row choose Password text field from the drop down list The Field Required check box should now be automatically marked and the Validator field should be set to IsNonEmpty 7 Click Save Changes The Customize Form Fields view opens again and the password field is now included...

Страница 34: ...idual guest accounts To open the Guest Manager Accounts list go to Guest List Accounts The Guests Manager Accounts view opens This view guest_users may be customized by adding new fields or modifying or removing the existing fields See Customizing Fields on page 145 for details about this customization process The default settings for this view are described below ...

Страница 35: ...and you can include the following operators Operator Meaning Additional Information is equal to You may search for multiple values when using the equality or inequality operators To specify multiple values list them separated by the pipe character For example specifying the filter role_id 2 3 custom_ field Value restricts the accounts displayed to those with role IDs 2 and 3 Guest and Employee and...

Страница 36: ... account A new randomly generated password is displayed on the Reset Password form Click Update Account to reset the guest account s password A new account receipt is displayed allowing you to print a receipt showing the updated account details l Change expiration Changes the expiration time for a guest account NOTE This form change_expiration may be customized by adding new fields or modifying or...

Страница 37: ...st to change the activation time of the guest account To re enable an account that has been disabled choose Now Click Enable Account to set the new activation time for the guest account A new account receipt is displayed allowing you to print a receipt showing the updated account details l Edit Changes the properties of a guest account NOTE This form may be customized by adding new fields or modif...

Страница 38: ...ulti may be customized by adding new fields or by modifying or removing the existing fields See Customizing Self Provisioned Access on page 171 for details about this customization process The default settings for this view are described below The Username Role State Activation and Expiration columns display information about the visitor accounts that have been created l The value in the Expiratio...

Страница 39: ...that page To select guest accounts click the accounts you want to work with You may click either the check box or the row to select a visitor account To select or unselect all visible visitor accounts click the check box in the header row of the table Use the selection row at the top of the table to work with the current set of selected accounts The number of currently selected accounts is shown W...

Страница 40: ...ading the list to ClearPass Guest To upload a list of existing accounts go to Guest Import Accounts or click the Import Guest Accounts command link on the Guest Manager page The Upload User List form opens The Upload User List form provides you with different options for importing guest account data To complete the form you must either specify a file containing account information or type or paste...

Страница 41: ...l be displayed together with any automatically detected field names In this example the following data was used username visitor_name password expire_time demo005 Demo five secret005 2011 06 10 09 00 demo006 Demo six secret006 2011 06 11 10 00 demo007 Demo seven secret007 2011 06 12 11 00 demo008 Demo eight secret008 2011 06 13 12 00 demo009 Demo nine secret009 2011 06 13 12 00 demo010 Demo ten se...

Страница 42: ...sting user accounts are shown The icon displayed for each user account indicates if it is a new entry or if an existing user account will be updated By default this form shows ten entries per page To view additional entries click the arrow button at the bottom of the form to display the next page or click the 10 rows per page drop down list at the bottom of the form and select the number of entrie...

Страница 43: ...ire or N A if there is no expiration time l Lifetime The guest account s lifetime in minutes after login or 0 if the account lifetime is not set l Expire Action Number specifying the action to take when the guest account expires 0 through 4 About XML Exports The default XML format consists of a GuestUsers element containing a GuestUser element for each exported guest account The numeric ID of the ...

Страница 44: ...ur WLAN documentation for setting up the controller appropriately To verify that you have the most recent MAC Authentication Plugin installed and enabled before you configure these advanced features go to Administration Plugin Manager List Available Plugins For information on plugin management see Plugin Manager on page 223 MAC Address Formats Different vendors format the client MAC address in dif...

Страница 45: ... device account will expire within the next 24 hours The expiration time is additionally highlighted in boldface if the device account will expire within the next hour l In addition icons in the MAC Address column indicate the device account s activation status n Device account is active n Device account was created but is not activated yet n Device account was disabled by Administrator n Device a...

Страница 46: ...ular expression Table 9 Operators supported in filters To restore the default view click the Clear Filter link Use the paging control at the bottom of the list to jump forwards or backwards by one page or to the first or last page of the list You can also click an individual page number to jump directly to that page To select a device click the device you want to work with Changing a Device s Expi...

Страница 47: ... it remains in the device list and you may activate it again later If you delete the account it is removed from the list permanently Activating a Device To activate a disabled device s account click the device s row in the Guest Manager Devices list then click its Activate link The row expands to include the Enable Guest Account form 1 In the Activate Account row choose one of the options in the d...

Страница 48: ...n the calendar picker In the calendar use the arrows to select the year and month click the numbers in the Time fields to increment the hours and minutes then click a day to select the date 3 If you need to change the expiration time choose one of the options in the Account Expiration drop down list You may terminate the account immediately at a preset interval of hours or days or at a specified t...

Страница 49: ...e Sessions list opens For more information see Active Sessions Management on page 59 Viewing and Printing Device Details To print details receipts confirmations or other information for a device click the device s row in the Guest Manager Devices list then click its Print link The row expands to include the Account Details form and a drop down list of information that can be printed for the device...

Страница 50: ... in the Device Name row 4 Enter the address in the MAC Address row If you need to modify the configuration for expected separator format or case go to Administration Plugin Manager Manage Plugins and click the Configuration link for the MAC Authentication Plugin 5 Choose one of the options in the Account Activation drop down list You may choose to activate the account immediately at a preset inter...

Страница 51: ... changes and create the device click Create MAC The Account Details and print options are displayed For more information see Viewing and Printing Device Details on page 49 Creating Devices During Self Registration MAC Only This section describes how to configure a guest self registration so that it creates a MAC device account Once the guest is registered future authentication can take place witho...

Страница 52: ...lel that is directly tied to the visitor account These accounts share the same role expiration and other properties This requires a vendor passing a mac parameter in the redirect URL ClearPass Guest does not support querying the controller or DHCP servers for the client s MAC based on IP To edit the registration form fields go to Configuration Forms and Views In the guest_register row click the Ed...

Страница 53: ...e to AirGroup administrators To register and manage an organization s shared devices and configure device access 1 Log in as the AirGroup administrator and go to Guest Create Device The Register Shared Device form opens 2 In the Device Name field enter the name used to identify the device 3 In the MAC Address field enter the device s MAC address 4 In the Shared Locations field enter the locations ...

Страница 54: ...owed to use the device Use commas to separate the roles in the list l To make the device available to all roles leave this field blank l If roles are entered in the Shared Roles field the device can only be accessed by users with matching roles 7 Click Register Shared Device The Finished Creating Guest Account page opens This page displays Account Details and provides printer options To view and e...

Страница 55: ...or colleagues who are allowed to use the device Use commas to separate usernames in the list You may enter up to ten usernames l If the Shared With field is left blank this device can only be accessed by devices registered by the same operator or with a dot1x username that matches the operator s name l If users are entered in the Shared With field the device can be accessed by the device owner and...

Страница 56: ... row expands to include the Edit Device form You can modify the device s name MAC address and group of users 4 When your edits are complete click Save Changes Automatically Registering MAC Devices in ClearPass Policy Manager If ClearPass Policy Manager is enabled you can configure a guest MAC address to be automatically registered as an endpoint record in ClearPass Policy Manager when the guest us...

Страница 57: ...d to the create_user form When mac is enabled in a self registration it will be included in the account as long as mac is passed in the URL Relying on self registration may defeat the purpose of two factor authentication however The 2 factors are performed as follows 1 Regular RADIUS authentication using username and password 2 Role checks the user account mac against the passed Calling Station Id...

Страница 58: ...he fields available dump var guest_receipt export html Click Through Login Pages A click through login page will present a splash or terms screen to the guest yet still provide MAC auth style seamless authentication Under this scenario you could have people create an account with a paired MAC yet still have them click the terms and conditions on every new connection Disable MAC authentication on t...

Страница 59: ...e sessions for the RADIUS server go to Guest Active Sessions The Active Sessions list opens You can use this list to modify disconnect or reauthorize or send SMS notifications for active visitor sessions manage multiple sessions or customize the list to include additional fields l To view details for an active session click the session s row in the list then click its Show Details link The form ex...

Страница 60: ...ields in the Active Sessions list or delete fields from it click the More Options tab The Customize View Fields page opens For more information see Editing Forms on page 152 l You can use the paging control at the bottom of the list to jump forwards or backwards by one page or to the first or last page of the list You can also click an individual page number to jump directly to that page Session S...

Страница 61: ...Access Request message to the RADIUS server The RADIUS server s response will contain the current authorization details for the visitor account which will then update the corresponding properties in the NAS session If the NAS does not support RFC 3576 attempts to perform dynamic authorization will time out and result in a No response from NAS error message Refer to RFC 3576 for more details about ...

Страница 62: ...ecting Multiple Active Sessions To disconnect multiple sessions click the Manage Multiple tab The Manage Multiple Sessions form opens l To close all active sessions leave the Start Time and End Time fields empty and click Make Changes All active sessions are closed and are removed from the Active Sessions list You can specify sessions in a time range 1 To close all sessions that started after a pa...

Страница 63: ...essages may contain up to 160 characters 4 Click Send About SMS Guest Account Receipts You can send SMS receipts for guest accounts that are created using either sponsored guest access or self provisioned guest access This is convenient in situations where the visitor may not be physically present to receive a printed receipt ClearPass Guest may be configured to automatically send SMS receipts to ...

Страница 64: ...64 About SMS Guest Account Receipts DellNetworking W ClearPass Guest 6 0 Deployment Guide ...

Страница 65: ...earPass Onboard includes the following key features l Automatic configuration of network settings for wired and wireless endpoints l Provisioning of unique device credentials for BYOD and IT managed devices l Support for Windows Mac OS X iOS and Android devices l Enables the revocation of unique credentials on a specific user s device l Leverages ClearPass profiling to identify device type manufac...

Страница 66: ...ard public key infrastructure and identify any certificate authorities that will be needed during the deployment Public Key Infrastructure for Onboard on page 68 Review the network requirements and the network architecture diagrams to determine how and where to deploy the Onboard solution Refer to the ClearPass Policy Manager documentation and Network Architecture for Onboard on page 72 in this ch...

Страница 67: ...the device provisioning Web login page Configuring the User Interface for Device Provisioning on page 79 Testing and Verification Test device provisioning l Verify that each type of device can be provisioned successfully Verify that each type of device can join the provisioned network and is authenticated successfully Test device revocation l Revoke a device s certificate l Verify that the device ...

Страница 68: ...ell Networking W ClearPass Onboard and the version requirements for each platform are summarized in the following table Platform Example Devices Version Required for Onboard Support Notes Apple iOS iPhone iPad iPod Touch iOS 4 iOS 5 1 3 Apple Mac OS X MacBook Pro MacBook Air Mac OS X 10 8 Mountain Lion Mac OS X 10 7 Lion 1 Mac OS X 10 6 Snow Leopard Mac OS X 10 5 Leopard 2 Android Samsung Galaxy S...

Страница 69: ...Certificate is used to digitally sign configuration profiles that are sent to iOS devices n The identity information in the profile signing certificate is displayed during device provisioning l One or more Server Certificates may be issued for various reasons typically for an enterprise s authentication server n The identity information in the server certificate may be displayed during network aut...

Страница 70: ... credentials to access the network it is possible to disable network access for an individual device This offers a greater degree of control than traditional user based authentication disabling a user s account would impact all devices using those credentials To disable network access for a device revoke the TLS client certificate provisioned to the device See Working with Certificates in the List...

Страница 71: ...rk and the provisioned network l The provisioning network must use a captive portal or other method to redirect a new device to the device provisioning page l The provisioning server Onboard server must have an SSL certificate that is trusted by devices that will be provisioned In practice this means a commercial SSL certificate is required l The provisioned network l must support EAP TLS and PEAP...

Страница 72: ...cate Status Protocol OCSP to provide a real time check on the validity of a certificate To configure OCSP for your network you will need to provide the URL of an OCSP service to your network equipment This URL can be constructed by using the relative path mdps_ocsp php 1 For example if the Onboard server s hostname is onboard example com the OCSP URL to use is http onboard example com mdps_ocsp ph...

Страница 73: ...ioned devices 4 Administrators can configure all aspects of the provisioning workflow including the devices that have been provisioned policies to apply to devices and the overall user experience for BYOD A more detailed view of the network architecture is shown in Figure 12 This diagram shows different types of client devices using the Onboard workflow to gain access to the network Some of the co...

Страница 74: ...e PEAP MSCHAPv2 authentication method with a unique username and strong password 4 Administrators can manage all Onboard devices using the certificate issued to that device Network Architecture for Onboard when Using ClearPass Guest ClearPass Guest supports the provisioning authentication and management aspects of the complete Onboard solution Figure 13 shows the high level network architecture fo...

Страница 75: ...rtificate is installed on the iOS device 2 Provisioning The user is authenticated at the device provisioning page and then provisions their device with the Onboard server The device is configured with appropriate network settings and a device specific certificate 3 Authentication Once configuration is complete the user switches to the secure network and is authenticated using an EAP TLS client cer...

Страница 76: ...rk Over the air provisioning is used to securely provision a device and configure it with network settings Figure 16 shows a sequence diagram that explains the steps involved in this workflow Figure 16 Over the Air Provisioning Workflow for iOS Platform 1 The only user interaction required is to accept the provisioning profile This profile is signed by the Onboard server so that the user can be as...

Страница 77: ... The device is configured with appropriate network settings and credentials that are unique to the device See Figure 18 for details 3 Authentication Once configuration is complete the user switches to the secure network and is authenticated using PEAP MSCHAPv2 unique device credentials Figure 18 Sequence Diagram for the Onboard Workflow on Android Platform 1 When a BYOD device first joins the netw...

Страница 78: ...p switches the device to PEAP authentication using the newly provisioned unique device credentials Mutual authentication is performed the authentication server verifies the client s username and password and the client verifies the authentication server s certificate 5 The device is now onboard and is able to securely access the network The Onboard provisioning workflow is used to securely provisi...

Страница 79: ...ws Mac OS X and Android devices The provisioning process for Windows Mac OS X and Android devices uses a separate app which has a customizable user interface See Configuring Options for Legacy OS X Windows and Android Devices on page 116 to make changes to the user interface Customizing the Device Provisioning Web Login Page Onboard creates a default Web login page that is used to start the device...

Страница 80: ...r nwa_mdps_config name organ ization_name credentials br strong 3 strong nbsp nbsp nbsp nbsp Install the certificate when prompted br strong 4 strong nbsp nbsp nbsp nbsp Go to your Wi Fi settings and connect to SSID st rong nwa_mdps_config name wifi_ssid strong br p Using the nwa_mdps_config Template Function Certain properties can be extracted from the Onboard configuration and used in the device...

Страница 81: ... the Certificate Authority on page 81 l Determine the OCSP URL for the certificate authority l View the trust chain for the certificate authority See Uploading Certificates for the Certificate Authority on page 91 l Renew the certificate authority s certificate See Renewing the Certificate Authority s Certificate on page 90 l Configure the data retention policy applied to certificates issued by th...

Страница 82: ...nd step See Setting Up a Root Certificate Authority on page 82 l Intermediate CA The Onboard certificate authority is issued a certificate by an external certificate authority The Onboard certificate authority issues client and server certificates using this certificate Use this option when you already have a public key infrastructure PKI and would like to include the certificate issued for Onboar...

Страница 83: ...er a descriptive name for the signing certificate in the Signing Common Name text field This value will be used to identify the signing certificate as the issuer of client and server certificates from this certificate authority The other identity information in the signing certificate will be the same as for the root certificate l Enter a contact email address in the Email Address text field This ...

Страница 84: ...te Root Certificate button to save the settings and generate a new root certificate Setting Up an Intermediate Certificate Authority After you choose Intermediate CA on the Certificate Authority Settings form and click Continue the Intermediate Certificate Settings form opens The Intermediate Certificate Settings form is used to configure the distinguished name and properties for the certificate a...

Страница 85: ...Key Type drop down list Creating a new key is only necessary if you are recreating the entire certificate authority from the beginning NOTE If you have previously created any client or server certificates or performed device provisioning using the existing intermediate CA certificate these certificates will be invalidated when changing the intermediate CA s private key l The Key Type drop down lis...

Страница 86: ...icate signing request as a file Use this option when you need to provide the certificate signing request as a file to obtain a certificate Once you have obtained the certificate click the Install a signed certificate link to continue configuring the intermediate certificate authority See Installing a Certificate Authority s Certificate on page 88 You can also click the Change CA settings link to r...

Страница 87: ...ext field Because this certificate is for a certificate authority select the Subordinate Certificate Authority in the Certificate Template drop down list Click the Submit button to issue the certificate Either the Certificate Pending or the Certificate Issued page is displayed Figure 20 The Certificate Pending Page DellNetworking W ClearPass Guest 6 0 Deployment Guide Using Microsoft Active Direct...

Страница 88: ...ued by another certificate authority This process is required when configuring an intermediate certificate authority n A private key is not required as the certificate authority has already generated one and used it to create the certificate signing request l Upload a certificate and private key to be used as the certificate authority s certificate This process may be used to configure a root cert...

Страница 89: ... selected Upload certificate file click Choose File in the Certificate row to browse to the file and select it l To upload a single certificate choose a certificate file in PEM base 64 encoded or binary format crt or PKCS 7 Leave the passphrase fields blank l To upload a certificate s private key as a separate file choose the private key file in PEM base 64 encoded format If the private key has a ...

Страница 90: ...newal Uses the same private key for the root certificate but reissues the root CA certificate with an updated validity period Use this option to maintain the validity of all certificates issued by the CA l Replacement Renewal Generates a new private key for the root certificate and reissues the root CA certificate with an updated validity period Use this option if the root certificate has been com...

Страница 91: ...n when configuring a certificate authority To view the Certificate Authority s trust chain go to Onboard Certificate Authority Settings and click the View CA Certificate link at the top of the page The Certificate Authority Trust Chain page is displayed This page shows a graphical representation of the certificates that make up the trust chain The first certificate listed is the root certificate R...

Страница 92: ...ent Guide To export a certificate 1 Click the Download Bundle link The Export Certificate form opens 2 In the Format row choose the certificate format The form expands to include configuration options for that format 3 Complete the fields with the appropriate information then click Export Certificate ...

Страница 93: ...ion is selected the issued certificate s extended key usage property will contain a value of Server Auth indicating that the certificate may be used to identify a server l Certificate Authority Use this option when the certificate is for a subordinate certificate authority n When this option is selected the issued certificate will contain an extension identifying it as an intermediate certificate ...

Страница 94: ...nization If you have selected TLS Client as the certificate type the Subject Alternative Name section is also shown The alternative name can be used to specify additional identification details for the certificate s subject If one or more of these options are provided the issued certificate will contain a subjectAltName extension with the specified values Table 16 explains the fields that may be i...

Страница 95: ...f the Issue this certificate immediately check box is not marked the certificate request will be displayed in the Certificate Management list view The certificate can then be issued or rejected at a later time Managing Certificates To view the list of certificates and work with them go to Onboard Certificate Management or click the Certificate Management command link The Certificate Management lis...

Страница 96: ...xpired certificate Certificate that is outside its validity period and is no longer valid Table 17 Types of Certificate Supported by Onboard Certificate Management Searching for Certificates in the List The Filter field can be used to quickly search for a matching certificate Type a username into this field to locate all certificates matching that username quickly The filter is applied to all colu...

Страница 97: ...Text Format Exports the certificate as a full openssl text format output allowing you to view advanced details such as X509v3 extensions It also includes the certificate in pem format appended to the txt file l PKCS 12 Certificate Key p12 Exports the certificate and its associated private key and optionally any other certificates required to establish the trust chain for the certificate as a PKCS ...

Страница 98: ...voked A new certificate must be issued if a certificate is revoked in error NOTE Revoking a device s certificate will also prevent the device from being re provisioned This is necessary to prevent the user from simply re provisioning and obtaining a new certificate To re provision the device the revoked certificate must be deleted l Delete certificate Removes the certificate from the list Trusted ...

Страница 99: ...ertificate request Click the Cancel button to close the certificate request properties l Export request Displays the Export Certificate Request form Use the Format drop down list to select the format in which the certificate signing request should be exported The following formats are supported n PKCS 10 Certificate Request p10 Exports the certificate signing request in binary format n Base 64 Enc...

Страница 100: ...igning request file in the selected format l Sign request Displays the Sign Request form Use this action to approve the request for a certificate and issue the certificate Use the Expiration text field to specify how long the issued certificate should remain valid Mark the Sign this request check box to confirm that the certificate should be issued and then click the Sign Request button The certif...

Страница 101: ...etention Policy for Certificates on page 90 The Delete Request form is displayed Mark the Delete this request check box to confirm the certificate signing request s deletion and then click the Delete Request button Importing a Code Signing Certificate Onboard supports importing a code signing certificate chain and private key for signing the Windows provisioning application Certificates can be upl...

Страница 102: ...For PFX and PKCS 12 files the private key must be included in the certificate file so the Private Key upload option is not available in the form The private key passphrase is required For SPC and PKCS 7 files a PEM encoded private key must be uploaded separately using the Private Key upload option on the form If it is encrypted the passphrase must also be provided 3 Click Upload Certificate The ce...

Страница 103: ...ploaded in PEM format pem To import a trusted certificate 1 Go to Onboard Certificate Management and click the Upload a trusted certificate link in the upper right corner The Import Trusted Certificate form opens 2 Click Choose File to browse to the certificate on your system then click Upload Certificate A confirmation message is displayed and the imported certificate is included in the Certifica...

Страница 104: ...al certificates l Click the Edit certificate name trust settings link to open the Trust tab of the Network Settings form Requesting a Certificate From the Certificate Management page click the Upload a certificate signing request link to access the Certificate Signing Request form Providing a Certificate Signing Request in Text Format If you have a certificate signing request in text format click ...

Страница 105: ...h34iXRQIUrnYnDfo ZezeB i4NZUhRvLMvhPW7DcLpiZJ17ILj3aPPUXWDBYYiiuOkmuFX3dG7eKCLMH Z4E9z1ozK5Znm8cWIj56kg69le7QrAZBYrd5QaBTMxEe0F9CGFsYbFx1viMUMxN6 EJILaCTBAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQB8 So9KU5BS3oxjyxftIwF dWvNP2CNruKyQaba5RQ1ixdHAsPE 3uYIHNvlqqIpSzBlfYkr21S4DdR3SSC3bXy t4l fyMuC1cEG RpPSxdDALpeT8MuoGV1JonKo2BDitOEd4y5SXGmHmDBHrPW2Nd gthkrtBb a2WAkNcRfDuiQ END CERTIFICATE REQUEST Providing a ...

Страница 106: ... certificate authority and the extended key usage property will contain the three values Client Auth Server Auth and OCSP Signing Mark the Issue this certificate immediately check box to automatically issue the certificate Click the Submit Certificate Signing Request button to save your changes l If the Issue this certificate immediately check box is marked the certificate will be issued immediate...

Страница 107: ...ime for which a client certificate issued during device provisioning will remain valid 4 The Clock Skew Allowance text field adds a small amount of time to the start and end of the client certificate s validity period This permits a newly issued certificate to be recognized as valid in a network where not all devices are perfectly synchronized For example if the current time is 12 00 and the clock...

Страница 108: ...n only to the device rather than also known by the user When a created by device option is selected the generated key is used instead of a username password authentication defined in Network Settings 6 Mark the Include device information in TLS client certificates check box to include additional fields in the TLS client certificate issued for a device These fields are stored in the subject alterna...

Страница 109: ...ion 1 Go to Onboard Provisioning Settings click the General tab and scroll to the Authority Info Access row 2 Specify one of the following options in the Authority Info Access drop down list to control automatic certificate revocation checks l Do not include OCSP responder URL The Authority Info Access extension is not included in the client certificate Certificate revocation checking must be conf...

Страница 110: ...t the maximum number of devices that each user may provision Devices are recognized as unique when they have a different MAC address or a different device identifier when the MAC address is not available 5 When your entries are complete in this tab click Save Changes You can click Next to continue to the next tab Configuring Provisioning Settings for iOS and OS X To specify provisioning settings r...

Страница 111: ...ique You should only change this value during initial configuration of device provisioning Configuring Instructions for iOS and OS X To edit the instruction text shown during provisioning for iOS and OS X devices 1 Go to Onboard Provisioning Settings click the iOS OS X tab and scroll to the Instructions area of the form 2 In the Before Provisioning text box enter the instructions that are shown to...

Страница 112: ...use Smarty template functions If this field is left empty the default text will be displayed To configure delay and timeout settings 1 Mark the check box in the Advanced Settings row The form expands to include these options 2 In the Disconnect Delay row enter the duration in seconds for the Web server to wait after receiving a disconnect request before it sends the request to the controller This ...

Страница 113: ... device The text can be entered as HTML code and you can use Smarty template functions If this field is left empty the default text will be displayed 5 You may use the Insert content item drop down list to add an image file or other content item 6 When your entries are complete in this tab click Save Changes You can click Next to continue to the next tab or Previous to return to the previous tab C...

Страница 114: ...functions If this field is left empty the default text will be displayed 5 In the After Provisioning text box enter the instructions that are shown to the user after they have provisioned their device The text can be entered as HTML code and you can use Smarty template functions If this field is left empty the default text will be displayed 6 You may use the Insert content item drop down list to a...

Страница 115: ...text box enter the instructions that are shown to the user before they provision their device The text can be entered as HTML code and you can use Smarty template functions If this field is left empty the default text will be displayed 5 In the Next Step text box enter the instructions that are shown to the user after they download the application to their device The text can be entered as HTML co...

Страница 116: ...o the next tab or Previous to return to the previous tab Configuring Options for Legacy OS X Windows and Android Devices The Onboard Client tab is used to edit basic configuration option for Windows Android and legacy OS X 10 5 and 10 6 devices To specify provisioning settings related to these Onboard capable devices 1 Go to Onboard Provisioning Settings and click the Onboard Client tab 2 In the P...

Страница 117: ...g to fail This is the default option You should change this option to No do not validate this web server s certificate only during testing or if you are waiting for a commercial SSL certificate 6 To display your enterprise s logo select an image from the list in the Logo Image field Navigate to Administration Content Manager to upload new images to use as the logo The native size of the logo used ...

Страница 118: ... of the wireless network and the type of security that is used See Configuring Basic Network Access Settings on page 118 l Protocols Specifies the 802 1X authentication protocols that are used by the network See Configuring 802 1X Authentication Network Settings on page 120 l Authentication Specifies the type of device authentication to be used for the network See Configuring Device Authentication...

Страница 119: ...network adapters 7 The options available in the Security Type drop down list are l Enterprise 802 1X Use this option to setup a network that requires user authentication l This option is the only available choice when the Network Type is set to Wired only l Personal PSK Use this option to setup a network that requires only a pre shared key password to access the network This option is only availab...

Страница 120: ...r will be able to choose the network to connect to If the Automatically join network option is not selected on this form an option to manually connect to the network will be shown to the user 11 Do one of the following l Click the Next button to continue to the Protocols tab l Click the Create Network button to make the new network configuration settings take effect l Click the Cancel button to di...

Страница 121: ...n the middle attacks The cryptobinding request and response performs a two way handshake between the peer and the authentication server using key materials If TLS is selected Enforce Cryptobinding is not available l Do one of the following n Click the Previous button to return to the Access tab n Click the Next button to continue to the Authentication tab l Click the Create Network button to make ...

Страница 122: ...display the Enterprise Trust form Use this form to create the network settings that will be sent to a provisioned device Configuring Trust Settings Automatically 1 When you open this tab the default selection in the Configure Trust field is Automatically configure trust settings recommended With this option selected Onboard automatically determines the appropriate certificate trust configuration f...

Страница 123: ...gate to the file on your computer then click Upload The certificate is imported and the certificate name is displayed above the form You can click the Show certificate link next to the name to view certificate details The certificate is also displayed in the Certificate Management list with the type trusted 5 In the Dynamic Trust row you should avoid marking the Allow trust exceptions check box th...

Страница 124: ...ndows Network Settings form Network Access Protection NAP is a feature in Windows Server 2008 that controls access to network resources based on a client computer s identity and compliance with corporate governance policy NAP allows network administrators to define granular levels of network access based on who a client is the groups to which the client belongs and the degree to which that client ...

Страница 125: ...s l Automatic The device will configure its own proxy server if the device supports it Specify the location of a proxy auto config file in the PAC URL text field l Do one of the following n Click the Previous button to return to the Windows tab l Click the Create Network button to make the new network configuration settings take effect n Click the Cancel button to discard your changes and return t...

Страница 126: ...connection easily include your organization s name in the Display Name field For example use ACME Sprockets VPN Select the appropriate Connection Type from the drop down list l L2TP Connection uses the Layer 2 Tunneling Protocol Complete the fields shown in the L2TP Connection Settings section of the form l PPTP Connection uses the Point to Point Tunneling Protocol Complete the fields shown in the...

Страница 127: ...omatically configured with this VPN profile Specify the location of a proxy auto config file in the Proxy Server URL text field Click the Save Changes button to save the VPN connection profile and return to the main Onboard configuration user interface Configuring an iOS Device Email Account To configure the Exchange ActiveSync settings that will be sent to a device go to Onboard Exchange ActiveSy...

Страница 128: ...ount Settings group choose one of the following options from the Account Details drop down list l User provided entered by user on device This option requires the user to enter their credentials on the device to access their email l Identity certificate created during provisioning This option uses the device s TLS client certificate to authenticate the user Using this option requires configuration...

Страница 129: ...sent to a device go to Onboard Passcode Policy or click the Passcode Policy command link The Passcode Policy Settings page opens This page is used to configure a passcode policy that is applied to iOS devices when provisioned Typically you would enable this policy when provisioning a corporate owned device or if you are allowing a user to access sensitive information remotely NOTE Onboard Passcode...

Страница 130: ...icy settings and return to the main Onboard configuration user interface Resetting Onboard Certificates and Configuration To delete certificates re create the Onboard Web login page or reset configuration to factory default settings go to Onboard Reset to Factory Defaults or click the Reset to Factory Defaults command link The Reset to Factory Defaults page opens This page is used to delete certif...

Страница 131: ...r has been modified and no longer functions correctly All certificates and settings are left unmodified l Delete all certificates and reset configuration to factory defaults Removes all certificates from Certificate Management including the certificate authority s root certificate intermediate certificate profile signing certificate and any server certificates The provisioning settings for iOS and...

Страница 132: ...ertificate authority will cause iOS device provisioning to fail with the message The server certificate for is invalid A workaround for this issue is to install an appropriate root certificate on the iOS device This root certificate must be the Web server s SSL certificate if it is a self signed certificate or the certificate authority that issued the SSL certificate This is not recommended for pr...

Страница 133: ...rms and views in ClearPass Guest l Guest self registration processes and forms l Format and appearance of visitor account receipts l Settings for emailing visitor account receipts l Self provisioning features of your wireless network l Content asset management l Visitor account provisioning services for IP phones l SMS visitor account receipt settings l Web login pages Accessing Configuration To a...

Страница 134: ...To force a specific bind address for RFC 3576 requests enter a value in the RFC 3576 Bind Address row This might be needed in an AirGroup environment 5 In the Internal Auth Type row choose a type from the drop down list Choices in list include PAP CHAP and MS CHAP The internal authentication type controls the RADIUS authentication used for internal RADIUS requests 6 To redirect HTTP access to use ...

Страница 135: ... files and folders or a Web deployment archive To upload multiple assets first compress the files as a tarball or zip file then browse to it in the File field Allowed file formats are tgz tar gz tb2 tar bz2 or zip When you have uploaded the file the Extract option lets you create the new directory navigate into it and view and extract the files Directory structure is preserved when extracting 3 Op...

Страница 136: ... you to view and edit the properties of the item Editable properties include the content item s filename and description Read only properties include the content type modification time file size and other content specific properties such as the image s size 3 You can use the Delete link to delete the content item You will be asked to confirm the deletion 4 You can use the using the Rename link to ...

Страница 137: ...vanced customization ClearPass Guest is flexible and can be used to provide location sensitive content and advertising Default Settings for Account Creation The Guest Manager plugin configuration holds the default settings for account creation To modify settings for the Guest Manager plugin configuration go to Configuration and click the Guest Manager Settings command link or from the Guest Manage...

Страница 138: ...be used in the format string This may be overridden by using the random_ username_picture field l Random Password Type The default method used to generate random account passwords when creating groups of accounts This may be overridden by using the random_password_method field n Random Password Length The default length of random account passwords when creating groups of accounts This may be overr...

Страница 139: ...om passwords for example letters and numbers that can look similar such as i l 1 0 O o 5 S l Disallowed Password Words Enter a comma separated list of words that are disallowed and will not be created by the random words password generator Figure 24 Customize Guest Manager Page Continued middle section l Expiration Options Default values for relative account expiration times These options are disp...

Страница 140: ...isplay of visitor account passwords in the user list To reveal passwords the password field must be added to the guest_users or guest_edit view and the operator profile in use must also have the View Passwords privilege l Initial Sequence This field contains the next available sequence number for each username prefix that has been used Automatic sequence numbering is used when the value of the mul...

Страница 141: ...d field or else the visitor account is not created l auto_update_account If this field is present and set to a non zero value account creation will not fail if the username already exists any changes will be merged into the existing account using an update instead Basic User Properties l username This field is the name for the visitor account and may be provided directly If this field is not speci...

Страница 142: ...vation time set n If modify_schedule_time is a value that specifies a relative time change for example 1h then the visitor account s activation time is modified accordingly n If modify_schedule_time is a value that specifies an absolute time for example 2010 12 31 17 00 then the visitor account s activation time is set to that value n If modify_schedule_time is schedule_after or schedule_time then...

Страница 143: ...e configured on the Customize Guest Manager page l expire_postlogin This field determines the amount of time after the initial login for which the visitor account will remain valid If this field is not specified the default value is 0 account lifetime not set l expire_usage This field determines the total amount of login time permitted for the visitor account If this field is not specified the def...

Страница 144: ... form multiple account creation l create_user form sponsored account creation l guest_register form guest self registration form These forms are accessed through the action row of the guest_users view l change_expiration form change expiration time for a single account l guest_multi_form form editing multiple accounts l guest_edit form editing single account l reset_password form reset password fo...

Страница 145: ...u have been created click the Custom Fields Only link in the bottom row of the list view To return to displaying all fields click the All Fields link Creating a Custom Field To create a custom field click the Create tab at the top of the window or the Create a new field link at the bottom of the window The Create Field form is displayed The Field Name is not permitted to have spaces but you can us...

Страница 146: ...field to a form See View Field Editor on page 169 for a list of the available user interface types You can specify the default validation rules that should be applied to this field when it is added to a form See Form Validation Properties on page 162 in this chapter for further information about form validation properties Select the Show advanced properties check box to reveal additional propertie...

Страница 147: ...se link opens the form using that field If the field is used on multiple forms you are able to select which form you would like to view Displaying Views that Use a Field You are able to click the Show Views link to see a list of views that use the selected field The list displays the views that use the selected field It also allows you to edit the view s fields by clicking on the Edit Fields link ...

Страница 148: ...presented to the user The values you enter in the Options text box control both the values stored in the shared_location field in the database as well as the text displayed to the user in the checklist Use the following format tag1 value1 Option 1 tag2 value2 Option 2 where the tag value pair tag1 value1 represents the value stored in the shared_location field in the database the pipe character is...

Страница 149: ...ct NwaExplodeComma The form expands to include the Display Param and Display Arguments rows 4 In the Display Param text field enter the value _self Be sure to include the leading underscore character 5 Click Save Changes Example If the layout is set to vertical and the following options are specified AP Group Location 1 Location One AP Group Location 2 Location Two AP Location 3 Location Three The...

Страница 150: ...w directly from the Forms and Views page To open form or view to use it go to Configuration Forms Views click the form s or view s row in the list then click its Use link The form or view opens in a separate browser tab and the Forms and Views tab stays open so you can work in both An asterisk shown next to a form or view indicates that the form or view has been modified from the defaults You can ...

Страница 151: ...ew to use as a template in order to provide different forms and views to different operator profiles See Role Based Access Control for Multiple Operator Profiles on page 242 for a description This enables you to provide different views of the underlying visitor accounts in the database depending on the operator s profile To make a copy of the form or view go to Configuration Forms Views click the ...

Страница 152: ...ore Insert After and Disable Field options To make changes to an existing field click its Edit link The Form Field Editor opens Any changes made to the field using this editor will apply only to this field on this form To make changes to an existing field s definition click its Edit Base Field link Any changes made to the field using this editor will apply to all forms that are using this field ex...

Страница 153: ... The available user interface elements are listed below together with an example of each l Use default The default user interface type defined for the field will be used l No user interface The field does not have a user interface specified Using this value will cause a diagnostic message to be displayed Form element is missing the ui element when using the form l CAPTCHA security code A distorted...

Страница 154: ...w The text displayed for each check box is the value from the options list Zero or more check boxes may be selected This user interface type submits an array of values containing the option key values of each selected check box Because an array value may not be stored directly in a custom field you should use the conversion and value formatting facilities to convert the array value to and from a s...

Страница 155: ... The NwaImplodeComma conversion is applied which converts the array value into the string value one two which is then used as the value for the field Finally when the form is displayed and the value needs to be converted back from a string the NwaExplodeComma display function is applied which turns the one two string value into an array value array one two which is used by the checklist to mark th...

Страница 156: ...of the selected value becomes the value of the field If the Hide when no options are selectable check box is selected and there is only a single option in the drop down list it will be displayed as a static text item rather than as a list with only a single item in it l File upload Displays a file selection text field and dialog box the exact appearance differs from browser to browser File uploads...

Страница 157: ... l Password text field The field is displayed as a text field with input from the user obscured The text typed in this field is submitted as the value for the field l Radio buttons The field is displayed as a group of radio buttons allowing one to be selected as shown below The text displayed for each option is the value from the options list When the form is submitted the key of the selected valu...

Страница 158: ...e is displayed as a non editable text string An icon image may optionally be displayed before the field s value A hidden element is also included for the field thereby including the field s value when the form is submitted If the Hide when no options are selectable check box is selected in the Collapse row the field will be hidden if its value is blank To set the value of this field use the Initia...

Страница 159: ...ormatting Use caution when using this type of user interface element particularly if the field s value is collected from visitors Allowing HTML from untrusted sources is a potential security risk If the Hide when no options are selectable check box is selected in the Collapse row the field will be hidden if its value is blank DellNetworking W ClearPass Guest 6 0 Deployment Guide Form Field Editor ...

Страница 160: ...also included for the field thereby including the field s value when the form is submitted If the Hide when no options are selectable check box is selected in the Collapse row the field will be hidden if its value is blank To set the value of this field use the Initial Value option in the Form Validation Properties area of the form field editor l Static group heading The label and description of t...

Страница 161: ...t area The field is displayed as a multiple line text box The text typed in this box is submitted as the value for the field It is recommended that you specify the desired minimum dimensions of the text area either with the Rows and Columns options or by specifying a width in the CSS Style option for example width 460px height 100px specifies a 460 x 100 pixel minimum area l Text field The field i...

Страница 162: ...e initial value should be the key of the desired default option Likewise for date time fields that have a display function set the initial value should be a value that can be passed to the display function Select the Field value must be supplied check box to mark the field as a required field Required fields are marked with an asterisk as shown below An optional field may be left blank In this cas...

Страница 163: ...e an argument a validator such as IsValidEmail is entirely self contained and will ignore the Validator Argument Validators such as IsEqual IsInRange and IsRegexMatch use the argument to perform validation Examples of Form field Validation Example 1 To create a form field that requires an integer value between 1 and 100 inclusive to be provided use the following settings in the form field editor N...

Страница 164: ...the most suitable user interface An initial value for the form field as shown above could be used if most visitors are in fact there to visit the sales team To match against a list of options used for a drop down list or set of radio buttons you can use the IsInOptionsList validator Example 3 To create a form field that validates U S social security numbers using a regular expression use the follo...

Страница 165: ...ted to security such as role ID or expiration date For pre registered guest accounts some fields may be completed during pre registration and some fields may be left for the guest to complete at registration You can use the Pre Registration field to specify whether the guest s entry must match the preliminary value provided for a field during pre registration l If a value was not provided for a fi...

Страница 166: ...he form and the various conversion and display options Figure 26 Steps involved in form field processing The Conversion step should be used when the type of data displayed in the user interface is different from the type required when storing the field For example consider a form field displayed as a date time picker such as the expire_time field used to specify an account expiration time on the c...

Страница 167: ...ed and so the value formatter is not used However if the Conversion function had not been used and the Validator had been set to IsValidFutureDateTime which checks a string date time value then the Value Formatter would need to be set to NwaConvertOptionalDateTime to perform the data conversion before the form processing A comparison of these two approaches is shown below to illustrate the differe...

Страница 168: ...ot used by the server for any other purpose The expression must be a Boolean expression in the JavaScript language statements and other code should not be included as this will cause a syntax error when the form is displayed in a Web browser Because of the scoping rules of JavaScript all of the user interface elements that make up the form are available as variables in the local scope with the sam...

Страница 169: ...hown in the list view Values displayed in italics are default values defined for the field being displayed Click a view field in the list view to select it Use the Edit link to make changes to an existing column using the View Field Editor Any changes made to the field using this editor will apply only to this field on this view Use the Edit Base Field link to make changes to an existing field def...

Страница 170: ...ue of the field is displayed as HTML l Boolean Yes No The value of the field is converted to Boolean and displayed as Yes or No l Boolean Enabled Disabled The value of the field is converted to Boolean and displayed as Enabled or Disabled l Boolean On Off The value of the field is converted to Boolean and displayed as On or Off l Date The value of the field is assumed to be a UNIX timestamp value ...

Страница 171: ...ation about the guest account Several different actions can be included on the receipt page enabling visitors to obtain their receipt in different ways The receipt page can also be used to automatically log the guest into a Network Access Server enabling them to start using the network immediately Detailed user interface customization can be performed for all parts of the self registration process...

Страница 172: ... details of the guest account If NAS login is enabled submitting the form on this page will display a login message 5 and automatically redirect the guest to the NAS login 6 After authentication and authorization the guest s security profile is applied by the NAS 7 enabling the guest to access the network 8 Creating a Self Registration Page To create a new guest self registration page go to Config...

Страница 173: ...ration page has been created you are able to edit delete duplicate or go to it providing self registration has been enabled Editing Self Registration Pages The guest self registration process is displayed in graphical form shown below in Figure 28 The workflow for the guest is shown using solid orange arrows while the administrator workflow is shown with dotted blue arrows To access this page in t...

Страница 174: ...or Rename Page links to edit the basic settings for guest self registration The Basic Properties window has configurable settings such as Name Description enabling guest self registration Register Page Parent and Authentication Using a Parent Page To use the settings from a previously configured self registration page select an existing page name from the Parent drop down menu This is useful if yo...

Страница 175: ...ds are access control lists that determine if a client is permitted to access this guest self registration page You can specify multiple IP addresses and networks one per line using the following syntax l 1 2 3 4 IP address l 1 2 3 4 24 IP address with network prefix length l 1 2 3 4 255 255 255 0 IP address with explicit network mask Use the Deny Behavior drop down list to specify the action to t...

Страница 176: ... is empty only clients with an IP address that matches one of the entries in the Allowed Access list will be allowed access This behavior is equivalent to adding the entry 0 0 0 0 0 to the Denied Access list Editing Registration Page Properties To edit the properties of the registration page 1 Navigate to Configuration Guest Self Registration 2 Select an entry in the Guest Self Registration list a...

Страница 177: ...clude the Password field To include the Password field on the Create Multiple Guest Accounts form 1 Go to Configuration Forms Views Click the create_multi row then click its Edit Fields link The Customize Form Fields view opens showing a list of the fields included in the Create Multiple Guest Accounts form and their descriptions At this point the Password field is not listed because the Create Mu...

Страница 178: ...3 Click the Receipt Page link or one of the Title Header or Footer fields for the Receipt Page to edit the properties of the receipt page This page is shown to guests after their visitor account has been created Click the Save Changes button to return to the process diagram for self registration Editing Receipt Actions To edit the actions that are available once a visitor account has been created ...

Страница 179: ...role selection by the sponsor 1 Go to Configuration Guest Self Registration Click the Guest Self Registration row then click its Edit link The Customize Guest Registration diagram opens 2 In the Receipt Page area of the diagram click the Actions link The Receipt Actions form opens DellNetworking W ClearPass Guest 6 0 Deployment Guide Enabling Sponsor Confirmation for Role Selection 179 ...

Страница 180: ...ompt from the drop down list 6 Complete the rest of the form with the appropriate information then click Save Changes The Customize Guest Registration diagram opens again 7 You can click the Launch this guest registration page link at the upper right corner of the Customize Guest Registration diagram to preview the Guest Registration login page The Guest Registration login page is displayed as the...

Страница 181: ...stration diagram opens 2 In the Receipt Page area of the diagram click the Actions link The Receipt Actions form opens 3 Select either the Enable download of guest receipt check box in the Download area or the Enable print window for guest receipts check box in the Print area The form expands to include configuration options Editing Email Delivery of Guest Receipts The Email Delivery options avail...

Страница 182: ...an opt in facility for guests Use a check box for the auto_send_smtp field and add it to the create_user form or a guest self registration instance and email receipts will be sent to the visitor only if the check box has been selected l Display a link enabling a guest receipt via email A link is displayed on the receipt page if the visitor clicks this link an email receipt will be generated and se...

Страница 183: ...specified phone number only if the check box has been selected l Display a link enabling a guest receipt via SMS A link is displayed on the receipt page if the visitor clicks this link an SMS receipt will be generated and sent to the visitor s phone number Only one SMS receipt per guest registration can be sent in this way Enabling and Editing NAS Login Properties To enable and edit the properties...

Страница 184: ... diagram opens 2 In the Receipt Page area of the diagram click the Title or Login Message fields for the login page to edit the properties of the login page then mark the Enable guest login to a Network Access Server check box The form expands to include configuration options The login page is also a separate page that can be accessed by guests using the login page URL The login page URL has the s...

Страница 185: ...mized If the Provide a custom login form option is selected then the form must also be provided in either the Header HTML or Footer HTML sections The login message page is displayed after the login form has been submitted while the guest is being redirected to the NAS for login The title and message displayed on this page can be customized DellNetworking W ClearPass Guest 6 0 Deployment Guide Edit...

Страница 186: ...age Summary Page Change Password or Reset Password links for the Self Service Portal 3 Mark the Enable self service portal check box The form expands to include configuration options The self service portal is accessed through a separate link that must be published to guests The page name for the portal is derived from the registration page name by appending _portal When the self service portal is...

Страница 187: ... Field may be used to select a field value that the guest must match in order to confirm the password reset request If the Auto login by IP address option is selected a guest accessing the self service portal will be automatically logged in if their client IP address matches the IP address of an active RADIUS accounting session that is the guest s HTTP client address is the same as the RADIUS Fram...

Страница 188: ...mended that when this feature of the self service portal is enabled guest registrations should also store a secret question secret answer field To enable a more secure password reset operation first enable the secret_question and secret_answer fields to the registration form The default appearance of these fields is shown below Next enable the Required Field option in the Self Service Portal prope...

Страница 189: ...visioned guest access This is convenient in situations where the visitor may not be physically present to receive a printed receipt ClearPass Guest may be configured to automatically send email receipts to visitors or to send receipts only on demand Email receipts may be sent manually from the guest account receipt page by clicking the Send email receipt link displayed there When using guest self ...

Страница 190: ...for guests Use a check box for the auto_send_sms field and add it to the create_user form or a guest self registration instance and SMS messages will be sent to the specified phone number only if the check box has been selected l Display a link enabling a guest receipt via email A link is displayed on the receipt page if the visitor clicks this link an email receipt will be generated and sent to t...

Страница 191: ...this option to provide a basic level of formatting in the email l No skin Native receipt format A skin is not used The email will be sent in either plain text or HTML format depending on the type of print template that was selected l Use the default skin The skin currently marked as the default skin is used When sending an email message using HTML formatting the images and other resources required...

Страница 192: ...essage recipient s email address then click Send Test Message The test message is sent immediately Figure 31 Example of Email Receipt Test Message Content 6 When all fields on the form are completed click Save and Close About Customizing SMTP Email Receipt Fields The behavior of email receipt operations can be customized with certain guest account fields You do this on a per user basis l smtp_enab...

Страница 193: ...it is any other value assume the auto send field is the name of another guest account field Check the value of that field and if it is zero or the empty string then no receipt is sent l Determine the email recipients n Address the email to the value specified by the email field in the visitor account If the email field is _ None then do not send an email directly to the visitor n Depending on the ...

Страница 194: ...int Templates view opens Click a print template s row in the list to select it The template s row expands to include the Edit Duplicate Delete Preview Show Usage and Permissions options The Edit code action is displayed for a print template when it has been created using the wizard but subsequently modified See Modifying Wizard Generated Templates on page 196 in this chapter for further informatio...

Страница 195: ...t content depending on the action that has been taken the following code could be used if action create p Your guest account has been created and is now ready to use p ul if site_ssid li Connect to the wireless network named b site_ssid b li if li Make sure your network adapter is set to DHCP Obtain an IP address Automatically li li Open your Web browser li li Enter your username and password in t...

Страница 196: ...ch of the basic styles provides support for a logo image title area subtitle area notes area and footer text These items can be customized by typing in an appropriate value in the Print Template Wizard NOTE As the print template is a HTML template it is possible to use HTML syntax as well as Smarty template code in these areas See the Reference on page 261 chapter for reference material about HTML...

Страница 197: ... list or remove an entry from the list click one of the icons in the row A Delete icon and an Add icon will then be displayed for that row Select one of the following entities in the Entity drop down list l Operator Profiles a specific operator profile may be selected The corresponding permissions will apply to all operators with that operator profile l Other Entities n Authenticated operators the...

Страница 198: ...ions for the print template cannot be modified n Full access ownership the print template is visible in the list and may be edited or deleted The permissions for the print template can be modified if the operator has the Object Permissions privilege Customize SMS Receipt Navigate to Configuration SMS Receipts to configure SMS receipt options These fields are described for the SMS plugin configurat...

Страница 199: ...d if it is zero or the empty string then no receipt is sent l Determine the phone number if the phone number field is set and the value of this field is at least 7 characters in length then use the value of this field as the phone number Otherwise if the value of the auto send field is at least 7 characters in length then use the value of this field as the phone number l If the phone number is at ...

Страница 200: ... table_class_content thead tr th class nwaTop colspan 3 Access Details th tr thead tbody tr td class nwaBody rowspan 99 valign top img src images icon user48 png width 48 height 48 border 0 alt td th class nwaLeft Access Code th td class nwaBody style width 12em u username htmlspecialchars td tr if u create_result error tr th class nwaLeft Error th td class nwaBody span class nwaError u create_res...

Страница 201: ...lts should be acceptable but feel free to customize the label or description 4 Click Save Changes to save your settings Once the field is enabled or inserted you should see it bolded in the list of fields Create the Access Code Guest Accounts Once the account fields have been customized you can create new accounts 1 Navigate to Guest Create Multiple 2 Mark the check box in the Username Authenticat...

Страница 202: ...ed at the same time This will not affect the printing action in the following step 4 Confirm that the accounts settings are as you expected with respect to letters and digits in the username and password expiration and role 5 Click the Open print window using template drop down list and select the new print template you created using this procedure See Create the Print Template on page 199 for a d...

Страница 203: ... her own guest account on your network for access to the Internet This can save you time and resources when dealing with individual accounts Accessing Hotspot Manager To access Dell Networking W ClearPass Guest s hotspot management features click the Configuration link in the left navigation then click Hotspot Manager About Hotspot Management The following diagram shows how the process of customer...

Страница 204: ...rchasing access l The customer s transaction is processed and if approved their visitor account is created according to the appropriate Hotspot plan l On page 3 the customer receives an invoice containing confirmation of their transaction and the details of their newly created visitor account l The customer is automatically logged in with their username and password providing instant Hotspot acces...

Страница 205: ...sitor self provisioning process new visitor registration is performed by redirecting the visitor to the URL specified on the Hotspot Preferences page for example https guest spiffywidgets com hotspot_plan php The Hotspot Sign Up page opens to the first page of the wizard Choose Plan The hotspot_plan php page accepts two parameters l The source parameter is the IP address of the customer l The dest...

Страница 206: ...rm to override the default SMS settings with your own custom configuration l SMS Receipt Click this drop down list to select the template you want to use for SMS receipts The default value is SMS Receipt l Phone Number Field Click this drop down list and identify the field that contains the visitor s phone number The default value is visitor_phone l Auto Send Field Click this drop down list and se...

Страница 207: ...description cost to purchase allocated role and the format of the customer s generated username and password 1 To create or edit a plan first go to Configuration Hotspot Manager Manage Plans then l To create a new plan click the Create Hotspot plan link in the upper right corner The Create Hotspot Plan form opens l To edit a plan click the Edit link in the plan s row The Edit Hotspot Plan form ope...

Страница 208: ...s set to To indicate a different combination of numbers letters or symbols use the following parameters l The number or hash symbol is replaced with a random digit 0 9 l The dollar symbol is replaced with a random letter l The underscore symbol _ is replaced with a random lowercase letter l The carat symbol is replaced with a random uppercase letter l The asterisk symbol is replaced with a random ...

Страница 209: ... define a new transaction processor 1 Go to Configuration Hotspot Manager click Manage Transaction Processors then select Create new transaction processor 2 In the Name field enter a name for the transaction processor 3 In the Processing Gateway drop down list select the gateway with which you have a service account The form expands to include additional configuration fields for that gateway type ...

Страница 210: ...ist l Duplicate creates a copy of a transaction processor l Show Usage opens a window in the Transaction Processors list that shows if the profile is in use and lists any hotspots associated with that transaction processor Each entry in this window appears as a link to the General Hotspot References form that lets you change the transaction processor associated with that hotspot Managing Customer ...

Страница 211: ...bout basic HTML syntax 3 Complete the rest of the fields appropriately You can use Smarty functions on this page See Smarty Template Syntax on page 264 for further information on these You can also insert content items such as logos or prepared text See Customizing Self Provisioned Access on page 171 for details on how to do this 4 Click Save Changes Customizing the User Interface Each aspect of t...

Страница 212: ... this page is displayed to the guest go to Configuration Hotspot Manager Manage Hotspot Sign Up then click the Customize page 1 Choose Plan link in the upper right corner The Edit Hotspot Plan Selection Page form opens You can use this form to edit the title introductory text and footer of the Choose Plan page The introduction and the footer are HTML text that can use template syntax See Smarty Te...

Страница 213: ... Hourly Access plan Although it is not shown in this illustration the default page also includes footer text providing information about privacy policies and security pertaining to the data collected by this page The example below shows the default Your Details page for a customer who chooses the Free Access plan DellNetworking W ClearPass Guest 6 0 Deployment Guide Customizing Visitor Sign Up Pag...

Страница 214: ...tspot Manager Manage Hotspot Sign Up then click the Customize page 2 Customer Details link in the upper right corner The Edit Hotspot User Details Page form opens You can use this form to edit the content displayed when the customer enters their personal details including credit card information if purchasing access The progress of the user s transaction is also shown on this page ...

Страница 215: ...p Page Three Page three of the guest self provisioning process provides the customer an invoice containing confirmation of their transaction and the details of their newly created wireless account An example of the default Your Receipt page is shown below DellNetworking W ClearPass Guest 6 0 Deployment Guide Customizing Visitor Sign Up Page Three 215 ...

Страница 216: ...ur Receipt page is displayed to the guest go to Configuration Hotspot Manager Manage Hotspot Sign Up then click the Customize page 3 Invoice or Receipt link in the upper right corner The Edit Hotspot User Receipt Page form opens You can use this form to edit the title introductory text and footer text of the receipt page ...

Страница 217: ...log in to and view the Hotspot self service portal that allows customers to view their current account expiration date purchase time extensions log out of the Hotspot or change their user password To access either of these user pages navigate to Configuration Hotspot manager and select the Self Provisioning or Self Service links in the left navigation menu DellNetworking W ClearPass Guest 6 0 Depl...

Страница 218: ...218 Viewing the Hotspot User Interface DellNetworking W ClearPass Guest 6 0 Deployment Guide ...

Страница 219: ...s used by a network administrator to perform both the initial configuration and ongoing maintenance of Dell Networking W ClearPass Guest Accessing Administration To access Dell Networking W ClearPass Guest s administration features click the Administration link in the left navigation Figure 34 The Administration Module s Left Navigation ...

Страница 220: ...onfigure AirGroup Services form opens 2 In the AirGroup Logging drop down list choose one of the following options l Disabled Do not log AirGroup related events l Standard Recommended Log basic information l Extended Log additional information l Debug Log debug information l Trace Log all debug information 3 In the Controllers row to add a new AirGroup controller and enable it to receive dynamic n...

Страница 221: ...ioned devices The operator can also define a group of other users who are allowed to share the operator s devices The AirGroup Operator profile is automatically created in ClearPass Guest when the AirGroup Services plugin is installed This profile is used to define the AirGroup Operator role To create an AirGroup Operator see Creating a New Operator on page 248 Authenticating AirGroup Users via LD...

Страница 222: ...ter which an expired certificate is automatically deleted Import Configuration The Import Configuration screen lets you import selected items from a ClearPass Guest 3 9 configuration To import configuration settings from a standalone ClearPass Guest 3 9 backup file 1 Go to Administration Import Configuration The Import Configuration Step 1 page opens with the Upload File form displayed 2 If your f...

Страница 223: ... is displayed while the changes are made When the backup is complete the Administration module s Start Here page displays a list of any errors that occurred during the backup operation This might include such things as items not found or plugin missing Plugin Manager Plugins are the software components that fit together to make your Web application The Available Plugins list shows all the plugins ...

Страница 224: ...on about the plugin including the installation date and update date The About page for the Kernel plugin also includes links to verify the integrity of all plugin files or perform an application check Click a plugin s Configuration link to view or modify its settings See Configuring Plugins on page 224 for details about the configuration settings Configuring Plugins You can configure most standard...

Страница 225: ... 44 Configuring the Kernel Plugin The Kernel Plugin provides the basic framework for the application Settings you can configure for this plugin include the application title the debugging level the base URL and the application URL and autocomplete 1 To change the application s title enter the new name in the Application Title field for example your company name to display that text as the title of...

Страница 226: ...enu click the Navigation Layout drop down list and select a different expansion level for menu items 3 The Page Heading field allows you to enter additional heading text to be displayed at the very top of the page 4 In the Font Family row to change the font delete the current selection and enter the list of fonts to use 5 To change a color in any of the color fields click the color sample box to o...

Страница 227: ...ify a skin for a customized guest self registration page see Configuring Basic Properties for Self Registration on page 174 Configuring the SMS Services Plugin The SMS Services plugin configuration allows you to configure options related to SMS receipts You may also configure SMS receipt options in the Customization module see Customize SMS Receipt on page 198 To view or configure SMS services and...

Страница 228: ...g options n Use the visitors value When you select this option the SMS gateway will always send the SMS message using the phone number and country code entered by the visitor n Always include the country code When you select this option the SMS gateway will always send the SMS message using the global country code and default phone number length specified in the Default Country Code and Default Ph...

Страница 229: ...clude the New SMS Message form where you can enter the recipient s mobile phone number and the message text then send the message 3 To add a carrier to the list click the Create tab above the form The SMS SMTP Carrier Editor form is added at the top of the list See Creating a New SMS Gateway on page 229 Creating a New SMS Gateway An SMS gateway is automatically created and added to the SMS Gateway...

Страница 230: ...the registration form The visitor_carrier field may be customized the default is a drop down list l Select a carrier If you choose this option the form includes the Mobile Carrier field where you specify the carrier to use l Configure carrier settings If you choose this option the form includes the SMS Address Address Template Number Format and Subject Line fields For information on completing the...

Страница 231: ... the appropriate information then click either Send Test Message or Save and Close The new configuration settings will take effect immediately Editing an SMS Gateway To edit an SMS gateway 1 Go to Administration SMS Services SMS Gateways The SMS Gateways list view opens 2 Click the gateway s row in the list The row expands to include the Edit SMS Gateway form for the existing gateway 3 The SMS Gat...

Страница 232: ...ddress format If you chose to use a fixed email address the next field is Address Enter the email address to which all messages will be sent n Number Format Choose a country code requirement option from this drop down list The available options are Use the visitor s value Always include the country code or Never include the country code n Subject Line You may enter text for the message s subject l...

Страница 233: ...updated after sending each message When credits are running low a warning message is emailed to the administrator group The email address is determined by looking up all local operators with the special IT Administrators operator profile and using any configured email address for those operators Up to three messages will be sent l A low credit warning is sent once the Credits Available value reach...

Страница 234: ...ting Receipt Actions on page 178 for full details SMS Receipt Options SMS receipt configuration options are available in the Customization module see Customize SMS Receipt on page 198 Advanced configuration options for the SMS Services including receipt options are also available in the plugin configuration see Configuring the SMS Services Plugin on page 227 in this chapter Working with the SMTP C...

Страница 235: ...o the list click the Create tab above the form The SMS SMTP Carrier Editor form is added at the top of the list l To edit an existing carrier click the carrier s row in the list The row expands to include the SMS SMTP Carrier Editor form for that carrier l When creating or editing a gateway to include the Mobile Carrier field in the visitor s registration form choose Registration form will have th...

Страница 236: ... fixed email address n the SMS Template field use the Address field to enter the email address to which all SMS messages will be sent 10 In the MMS row l To use the SMS template for MMS messages mark the check box in this row The SMS Address configuration will be applied to MMS messages and the MMS Template row is removed from the form l To use an MMS template for MMS messages leave this check box...

Страница 237: ... click the event s row The form expands to show details Click the event s row again to close it To search for a particular log record use the Keywords field above the table to enter search terms You can use the hyphen character in front of a keyword to exclude items and you can use quotes to group words as a key phrase DellNetworking W ClearPass Guest 6 0 Deployment Guide Viewing the Application L...

Страница 238: ...Log for seven days by default To review a record of significant runtime events prior to the last seven days you can use the Audit Viewer in ClearPass Policy Manager s Monitoring module Exporting the Application Log To save the log in other formats 1 Click the Export tab The Export Application Logs form opens 2 In the Format drop down list choose the format you want the file saved as The available ...

Страница 239: ...etworking W ClearPass Guest documentation 1 Go to Administration Support Documentation The Documentation page opens 2 To view this Deployment Guide in your browser click Browse Documentation The document opens in a separate browser tab 3 To search the Deployment Guide click Search Documentation The Search Documentation form opens 4 In the Search field enter keywords for the subject You can enter a...

Страница 240: ...240 Viewing Documentation DellNetworking W ClearPass Guest 6 0 Deployment Guide 6 Click a result link The online help opens in a separate browser tab with the destination displayed ...

Страница 241: ...perators may be defined locally in ClearPass Guest or externally in an LDAP directory server Accessing Operator Logins To access Dell Networking W ClearPass Guest s operator login features click the Administration link in the left navigation then click Operator Logins About Operator Logins Dell Networking W ClearPass Guest supports role based access control through the use of operator profiles Eac...

Страница 242: ...ol model This process is shown in the following diagram Figure 37 Operator profiles and visitor access control See About Operator Logins on page 241 for details on configuring different forms and views for operator profiles Operator Profiles An operator profile determines what actions an operator is permitted to take when using Dell Networking W ClearPass Guest Some of the settings in an operator ...

Страница 243: ...hen performing system maintenance tasks 2 In the Operator Privileges area use the drop down lists to select the appropriate permissions for this operator profile For each permission you may grant No Access Read Only Access Full Access or Custom access The default in all cases is No Access This means that you must select the appropriate privileges in order for the profile to work See Operator Profi...

Страница 244: ...e is useful in large deployments where an operator only wants to have a filtered view of some accounts To create an account filter enter a comma delimited list of field value pairs Supported operators are described below l The Session Filter field lets you create a filter for only that session To create a session filter enter a comma delimited list of field value pairs Supported operators are desc...

Страница 245: ...information on skins see Plugin Manager on page 223 2 Optional In the Start Page row the Default setting indicates that the application s standard Home page will be the first page displayed after login To have a different start page displayed to users with this operator profile choose a page from the drop down list For example if a profile is designed for users who do only certain tasks you might ...

Страница 246: ...ide you with control over the functionality that is available to operators No Access means that the operator will have no access to the particular area of functionality Options for that functionality will not appear for that operator in the menus Read Only Access means that the operator can see the options available but is unable to make any changes to them Full Access means that all the options a...

Страница 247: ...t that shows if the profile is in use and lists any LDAP authentication servers LDAP translation rules and operator logins associated with that profile Each entry in this window appears as a link to the form that lets you edit that LDAP or operator login setting Configuring AirGroup Operator Device Limit By default an AirGroup operator can create up to five personal devices To change this default ...

Страница 248: ...Pass Policy Manager documentation for information on creating the local user 4 Create a translation rule to map the CPPM role name to the ClearPass Guest operator profile In ClearPass Guest go to Administration Operator Logins Translation Rules 5 In the Translation Rules list choose the profile then click its Edit link 6 Edit the fields appropriately to match the CPPM role name to the ClearPass Gu...

Страница 249: ...ules In particular an operator profile will be assigned to the authenticated user with this process which controls what that user is permitted to do Creating an LDAP Server To create an LDAP server go to Administration Operator Logins Servers then click the Create new LDAP server link in the upper right corner The Server Configuration form opens To specify a basic LDAP server connection hostname a...

Страница 250: ...he LDAP search l Unique ID The name of an LDAP attribute used to match the username l Filter Additional LDAP filters to use to search for the server l Attributes List of LDAP attributes to retrieve Or leave bland to retrieve all attributes default l Default Profile The default operator profile to assign to operators authorized by this LDAP server RADIUS l RADIUS Server The hostname or IP address o...

Страница 251: ...e Directory is selected as the Server Type LDAP v3 is automatically used An LDAP v3 URL has the format ldap host port dn attributes scope filter extensions l dn is the base X 500 distinguished name to use for the search l attributes is often left empty l scope may be base one or sub l filter is an LDAP filter string for example objectclass l extensions is an optional list of name value pairs Refer...

Страница 252: ...ubleshoot network connectivity operator authentication and to look up operator usernames Testing Connectivity To test network connectivity between an LDAP server and the ClearPass Guest server click the Ping link in the server s row The results of the test appear below the server entry in the LDAP server table Testing Operator Login Authentication 1 To test authentication of operator login values ...

Страница 253: ...earch for an exact match or use wildcard values 4 Optional Click the Advanced check box to display detailed authorization information for the specified sponsor 5 Click Search Directory to attempt to find sponsor names that match the lookup values or click Cancel to cancel the test The Authentication Test area is added above the server names to indicate the search s progress Troubleshooting Error M...

Страница 254: ...at the Base DN is correct the Base DN for user searches is fixed and must be specified as part of the Server URL If you need to search in different Base DNs to match different kinds of operators then you should define multiple LDAP Servers and use the priority of each to control the order in which the directory searches are done LDAP Translation Rules LDAP translation rules specify how to determin...

Страница 255: ...erator profile assigns the selected Operator Profile to the operator n Assign attribute s value to operator field uses the value of the attribute as the value for an operator field This option can be used to store operator configuration details in the directory n Assign custom value to operator field uses a template to assign a value to a specific operator field If you choose this option the form ...

Страница 256: ... higher priority on the rule list l Move Down moves the rule down to a lower priority on the rule list Custom LDAP Translation Processing When matching an LDAP translation rule custom processing may be performed using a template The template variables available are listed in the table below Variable Description attr The name of the LDAP attribute that was matched user Contains settings for the ope...

Страница 257: ...which makes the contents of the template easier to understand The if statement first checks for membership of the Administrators group using the PHP stripos function for case insensitive substring matching if matched the operator will be enabled Otherwise the server s current time is checked to see if it is after 8am and before 6pm if so the operator will be enabled If neither condition has matche...

Страница 258: ...ion parameters Custom Login Message If you are deploying ClearPass Guest in a multi lingual environment you can specify different login messages depending on the currently selected language The following example from the demonstration site uses Danish da Spanish es and the default language English as highlighted in bold if current_language da p Indtast brugernavn og password for at br få adgang ti...

Страница 259: ...op down list l No logging l Log only failed operator login attempts l Log only Web logins l Log only XMLRPC access l Log all access Log messages for operator logins whether successful or unsuccessful are shown in the application log Automatic Logout The Logout After option in the Advanced Options section lets you configure an amount of idle time after which an operator s session will be ended The ...

Страница 260: ...260 Automatic Logout DellNetworking W ClearPass Guest 6 0 Deployment Guide ...

Страница 261: ...parts of the user interface to be customized using the Hypertext Markup Language HTML Most customization tasks only require basic HTML knowledge which is covered in this section HTML is a markup language that consists primarily of tags that are enclosed inside angle brackets for example p Most tags are paired to indicate the start and end of the text being marked up an end tag is formed by includi...

Страница 262: ...tting span span class Uses predefined style span div style Uses CSS formatting div div class Uses predefined style div Hypertext a href url Link text to click on a img src url img src url XHTML equivalent img src url align left For more details about HTML syntax and detailed examples of its use consult a HTML tutorial or reference guide Standard HTML Styles Dell Networking W ClearPass Guest define...

Страница 263: ...ader Table heading at bottom nwaBody Table Cell Style to apply to table cell containing data nwaHighlight Table Cell Highlighted text used for mouseover nwaSelected Table Cell Selected text table row after mouse click nwaSelectedHighlight Table Cell Selected text with mouseover highlight nwaInfo All Informational text message nwaError All Error text message nwaImportant All Text that should be pro...

Страница 264: ...yntax variable as shown below The current page s title is title Template File Inclusion To include the contents of another file this can be done with the following syntax include file public included_file html Smarty template syntax found in these files is also processed as if the file existed in place of the include tag itself Comments To remove text entirely from the template comment it out with...

Страница 265: ... Blocks An easier to use alternative to the section section tag is to use the foreach foreach block foreach key key_var item item_var from collection key_var item_var foreachelse included if collection is empty foreach The advantage of this syntax is that each item in the collection is immediately available as the named item variable in this example item_var This construct is also useful when iter...

Страница 266: ...at Modifier on page 279 for details about this modifier function nwatimeformat Date time formatting see Date Time Format String Reference on page 281 for details about this modifier function nwamoneyformat Formats a monetary amount for display purposes an optional modifier argument may be used to specify the format string This modifier is equivalent to the NwaMoneyFormat function see NwaMoneyForma...

Страница 267: ...s the main text of the command link l The text parameter is the explanatory text describing the action that lies behind the command link This is optional l The linkwidth parameter if specified indicates the width of the command link in pixels This should be at least 250 the recommended value is 400 l The width and height parameters if specified provide the dimensions of the icon to display If not ...

Страница 268: ... images icon info22 png Text to display nwa_icontext nwa_icontext type info Information block nwa_icontext l The icon parameter if specified is the SRC to the image of the icon This should normally be a relative path l The width and height parameters if specified provide the dimensions of the icon to display If not specified this is automatically determined from the image l The alt parameter if sp...

Страница 269: ...and will not generate any output This template function accepts the following parameters to select a RADIUS database and other connection options l _db ID of the RADIUS database service handler this parameter is optional the default service handler will be used if it not set l _debug Set to a nonzero value to enable debugging l _quiet Set to a nonzero value to inhibit warning error messages The fo...

Страница 270: ... the octets of the MAC address The default if not specified is the IEEE 802 standard format 02X 02X 02X 02X 02X 02X that is uppercase hexadecimal with each octet separated with a hyphen See GetCurrentSession on page 271 for details of the return value GetCallingStationSessions GetCallingStationSessions callingstationid from_time to_time null mac_format nu ll Calculate the number of sessions for ac...

Страница 271: ... octets or any other value to count both input and output octets towards the traffic total Examples l Use the following as the condition expression for a RADIUS role attribute Authorizes a user only if their total traffic in out in the past day does not exceed 10 MB Be aware that the attribute with this condition expression will never be included in the response l return GetUserTraffic 86400 10485...

Страница 272: ...sions GetIpAddressSessions ip_addr from_time null to_time null Calculate the number of sessions for accounting records matching a specific IP address The IP address attribute is looked up automatically from the RADIUS Access Request Framed IP Address attribute See GetTraffic on page 274 for details on how to specify the time interval See GetIpAddressTraffic on page 272 for additional details on th...

Страница 273: ...emaining for a given user account if the user account was to be authenticated at the moment of the call The username parameter is required This is the username for the authentication The format parameter is optional and defaults to relative if not otherwise specified This parameter may be one of the following values l relative or session_time Calculates the session timeout as for the Session Timeo...

Страница 274: ...ified the interval considered is between from_time and to_time in_out may be in to count only input octets out to count only output octets or any other value to count both input and output octets towards the traffic total This argument returns the computed total of traffic for all matching accounting records GetUserActiveSessions GetUserActiveSessions username callingstationid null Looks up the li...

Страница 275: ...ction is intended for advanced usage by developers nwa_assign nwa_assign Smarty registered template function Assigns a page variable based on the output of a generator function Simple usage example nwa_assign var my_variable value my_value l The var parameter specifies the page variable that will receive the output l The value parameter specifies the value to assign to var The various request vari...

Страница 276: ...parameter specifies a file which contains a unique ID This allows issued IDs to be unique across different page loads To return the value rather than assign it to a variable use the syntax nwa_makeid file filename output 1 Otherwise this template function does not generate any output nwa_nav nwa_nav nwa_nav Smarty registered block function Defines a block area for navigation a control or generates...

Страница 277: ...v nwa_nav block level1_in active li a li nwa_nav nwa_nav type simple nwa_nav this generates the HTML Block types can be one of the following types l enter_level1_item l enter_level2_item l enter_level3_item l exit_level1_item l exit_level2_item l exit_level3_item l between_level1_items l between_level2_items l between_level3_items l level1_active l level1_inactive l level2_active l level2_inactive...

Страница 278: ...an operator with read write access also has read only access To include content if the user ONLY has read access that is not if the user has full access prefix the privilege name with a character and use the parameter name readonly or ro nwa_privilege full create_user content nwa_privilege The full synonym rw parameter specifies the name of a privilege to check for full read write access The name ...

Страница 279: ... example nwa_youtube video Y7dpJ0oseIA width 320 height 240 YouTube is the world s most popular online video community nwa_youtube The supported parameters for this block function are l video required the YouTube video ID to embed l width required the width in pixels of the video l height required the height in pixels of the video l autoplay optional if true auto play the video l chrome optional i...

Страница 280: ...e format string up to the is used See Date Time Format String Reference on page 281 in this chapter for a full list of the supported date time format string arguments Examples of date formatting using the nwadateformat Smarty modifier are as follows u expire_time nwadateformat longdate Monday 07 April 2008 2 13 PM u expire_time nwadateformat iso8601 20080407 u expire_time nwadateformat iso 8601t 2...

Страница 281: ... the month as a decimal number 01 to 31 D Same as m d y e Day of the month as a decimal number a single digit is preceded by a space 1 to 31 h Same as b H Hour as a decimal number 00 to 23 I Hour as a decimal number 01 to 12 m Month as a decimal number 01 to 12 M Minute as a decimal number 00 to 59 p AM or PM r Local time using 12 hour clock I M p R Local time using 24 hour clock H M S Second as a...

Страница 282: ...word on page 284 l NwaLettersPassword on page 284 l NwaMoneyFormat on page 284 l NwaParseCsv on page 284 l NwaParseXml on page 285 l NwaPasswordByComplexity on page 285 l NwaSmsIsValidPhoneNumber on page 286 l NwaStrongPassword on page 286 l NwaVLookup on page 286 l NwaWordsPassword on page 287 NwaAlnumPassword NwaAlnumPassword len Generates an alpha numeric password mixed case of length len chara...

Страница 283: ...e true options null Loads and parses the contents of a CSV file using a built in cache The cache may be cleaned for a specific file by setting use_cache to false The cache may be cleaned for ALL files by setting csv_file to the empty string and use_cache to false CSV parsing options see NwaParseCsv on page 284 may be specified in options Additionally a 2 argument form of this function may be used ...

Страница 284: ...bol characters to include or 1 to not use any symbol or punctuation characters NwaLettersDigitsPassword NwaLettersDigitsPassword len Generates an alpha numeric password of len characters in length consisting of lowercase letters and digits NwaLettersPassword NwaLettersPassword len Generates a password of len characters in length consisting of lowercase letters NwaMoneyFormat NwaMoneyFormat amount ...

Страница 285: ... record sort post processing option order string for NwaCreateUsortFunc to sort the records by the specified column s slice_offset post processing option starting offset of slice to return see array_slice function slice_length post processing option length of slice to return see array_slice function Table 30 Parsing Options See NwaParseCsv on page 284 and NwaVLookup on page 286 NwaParseXml NwaPars...

Страница 286: ...rts with that prefix then the prefix is replaced with the country code l The phone number must contain no fewer than 5 and no more than 15 digits l The phone number is validated for a valid country code prefix l If all the foregoing conditions are met the validator returns TRUE otherwise the validator returns FALSE NwaStrongPassword NwaStrongPassword len Generate strong passwords of len characters...

Страница 287: ...waWordsPassword len Generates a password consisting of two randomly chosen words separated by a small number 1 or 2 digits that is in the format word1XXword2 The random words selected will have a maximum length of len characters and a minimum length of 3 characters len must be at least 3 Field Form and View Reference This section describes the following l GuestManager Standard Fields on page 287 l...

Страница 288: ...unctionality change_of_ authorization Boolean flag indicating that any existing sessions for a visitor account should be disconnected or modified using RFC 3576 If this field is not specified on a form that modifies the visitor account the default value is taken from the configuration for the RADIUS Services plugin Set this field to a non zero value or a non empty string to enable RFC 3576 updates...

Страница 289: ...address for the account This field may be up to 100 characters in length When creating an account if the username field is not set then the email field is used as the username of the account enabled Boolean flag indicating if the account is enabled Set this field to 0 to disable the account If an account is disabled authorization requests for the account will always fail Set this field to 1 to ena...

Страница 290: ...s l none to disable the account expiration timer do_expire and expire_time will both be set to 0 l now to disable the account immediately l expire_time to use the expiration time specified in the expire_time field l expire_after to set the expiration time to the current time plus the number of hours in the expire_after field l plus X or minus X where X is a time measurement to extend or reduce the...

Страница 291: ...ule_time unmodified This field controls account creation and modification behavior it is not stored with created or modified visitor accounts multi_initial_sequence Integer Initial sequence number This field is used when creating guest accounts and the random_username_method field is set to nwa_sequence If this field is not set the next available sequence number for the given multi_prefix is used ...

Страница 292: ...the Perform a local authentication check option enabled The default behavior is to leave guest passwords under the control of the guest With the default behavior guests are not prevented from changing their password but are also not required to change it on any particular schedule password_action_recur String Specifies a date or relative time after which a guest will be required to change their pa...

Страница 293: ...dom_username_length is ignored l For nwa_sequence the random_username_length is the length of the sequence number in the username the sequence number will be zero padded For example specifying a length of 4 will result in sequence numbers 0001 0002 etc random_username_method String Identifier specifying how usernames are to be created It may be one of the following identifiers l nwa_sequence to as...

Страница 294: ...self registration form Then in the self service portal for a guest self registration page select the Secret Question as the Required Field This configuration requires that guests provide the correct answer in order to reset their account password Answers must match with regards to case in order to be considered as correct secret_question String The guest s secret question used to confirm the ident...

Страница 295: ...sitor s last name password2 String Password for the account used to confirm a manually typed password personal_details No Type Field attached to a form label purchase_amount No Type Total amount of the transaction This field is only used during transaction processing purchase_details No Type Field attached to a form label state String The visitor s state or locality name submit_free No Type Field ...

Страница 296: ...receipt should be automatically sent upon creation of the guest account Set this field to a non zero value or a non empty string to enable an automatic email receipt to be sent This field can be used to create an opt in facility for guests Use a check box for the auto_send_smtp field and add it to the create_user form or a guest self registration instance and email receipts will be sent to the vis...

Страница 297: ...tion is used smtp_warn_before_receipt_format String This field overrides the format in the Email Receipt field under Logout Warnings It may be one of plaintext No skin plain text only html_embedded No skin HTML only receipt No skin Native receipt format default Use the default skin or the plugin ID of a skin plugin to specify that skin If blank or unset the default value in the Email Receipt Field...

Страница 298: ...idation Functions See Form Validation Properties on page 162 and Examples of Form field Validation on page 163 for details about using validation functions for form fields The built in validator functions are l IsArrayKey Checks that the value is one of the keys in the array supplied as the argument to the validator l IsArrayValue Checks that the value is one of the values in the array supplied as...

Страница 299: ... n Wildcard matching may be used on domain names the prefix means match any domain that ends with the given suffix A component can also be used inside the hostname and will match zero or more domain name components n If the allow list is empty or unset the default behavior is to accept ALL domains other than those listed in the deny list n If the deny list is empty or unset the default behavior is...

Страница 300: ...nset the password is not checked against this field for a match n minimum_length specifies the minimum length of the password in characters n disallowed_chars if set specifies characters that are not allowed in the password n complexity_mode specifies the set of rules to use when checking the password n complexity if set specifies rules for checking the composition of the password If unset default...

Страница 301: ...array key1 value1 key2 value2 l NwaImplodeComma Converts an array to a string by joining all of the array values with a comma l NwaTrim Removes leading and trailing whitespace from a string value l NwaTrimAll Removes all whitespace from a string including embedded spaces newlines carriage returns tabs etc l NwaStrToUpper Formats the text string to all uppercase letters l NwaStrToLower Formats the ...

Страница 302: ...rmat Converts a time measurement into a description of the corresponding duration l Format parameters seconds minutes hours days weeks l Any format can be converted to another l By default this function converts an elapsed time value specified in seconds to a value that is displayed in weeks days hours minutes and seconds Up to four additional arguments may be supplied to control the conversion l ...

Страница 303: ...cript in the Web browser For each item displayed in the view a JavaScript object is constructed Each field of the item is defined as a property of this object When evaluating the JavaScript Display Expression the data variable is used to refer to this object Thus the expression data my_field would return the value of the field named my_field In the above view the guest_users view the four columns ...

Страница 304: ...if the string was trimmed Nwa_ValueText value if_undefined If the value has an undefined type in other words has not been set and the if_undefined parameter was provided returns if_ undefined or a HTML non breaking space nbsp otherwise Otherwise the value is converted to a string for display LDAP Standard Attributes for User Class The following list provides some of the attributes for the LDAP Use...

Страница 305: ...ty is the password for the user Regular Expressions The characters shown in Table 41 can be used to perform pattern matching tasks using regular expressions Regex Matches a Any string containing the letter a a Any string starting with a a Only the string a a Any string ending with a Any single character A literal abc Any of the characters a b or c a z0 9A Z Any alphanumeric character a z Any chara...

Страница 306: ... Guest 6 0 Deployment Guide Regex Matches d Any decimal digit D Any character that is not a decimal digit The regular expression syntax used is Perl compatible For further details on writing regular expressions consult a tutorial or programming manual ...

Страница 307: ...users certificate authority Entity in a public key infrastructure system that issues certificates to clients A certificate signing request received by the CA is converted into a certificate when the CA adds a signature that is generated with the CA s private key See digital certificate private key and public key infrastructure common name CN See distinguished name criteria Array that consists of o...

Страница 308: ... LDAP Lightweight Directory Access Protocol communications protocol used to store and retrieve information about users and other objects in a directory Network Access Server NAS Device that provides network access to users such as a wireless access point network switch or dial in terminal server When a user connects to the NAS device a RADIUS user authentication request Access Request is generated...

Страница 309: ...citly trusted by users of the CA SCEP Simple certificate enrollment protocol Protocol for requesting and managing digital certificates self signed certificate See root CA session Service provided by a NAS to an authorized user skin Web site s external appearance or look and feel It can be thought of as a container that holds the application its style sheet font size and color for example its heade...

Страница 310: ...310 Glossary DellNetworking W ClearPass Guest 6 0 Deployment Guide ...

Страница 311: ...roller 220 enabling dynamic notifications 220 personal devices 55 registering devices 53 shared locations 53 shared roles 54 tag value pair 53 alerts SMS 63 application log 237 filtering 238 searching 237 viewing 237 applications installing 78 authentication 18 20 29 44 authorization 18 20 29 access role based 18 dynamic 61 B Base 64 encoded 97 binary certificate 97 C caching CSV 283 CAPTCHA secur...

Страница 312: ...ultiple guest accounts 30 43 operator 247 operator profile 242 operator profiles 242 print template 194 self registration 172 session filter 244 312 Index DellNetworking W ClearPass Guest 6 0 Deployment Guide SMS gateway 229 credits SMS 233 CSV caching 283 parsing 284 customer support 239 customizing content 134 email receipt 190 fields 145 Guest Manager 137 hotspot invoice 210 hotspot receipt 216...

Страница 313: ...90 SMTP services 189 enabling SMTP carrier 234 encoding 40 encryption key in guest receipt 138 DellNetworking W ClearPass Guest 6 0 Deployment Guide Index 313 expiration guest accounts editing 36 exporting certificates 97 guest accounts 43 F fields 21 141 account_activation 287 address 295 auto_send_sms 295 auto_update_account 141 card_code 295 creating 145 creator_accept_terms 141 customizing 145...

Страница 314: ...rms 147 simultaneous_use 142 sms_auto_send_field 199 296 sms_enabled 199 296 314 Index DellNetworking W ClearPass Guest 6 0 Deployment Guide sms_handler_id 199 296 sms_phone_field 199 296 sms_template_id 199 296 sms_warn_before_message 296 smtp_auto_send_field 193 smtp_cc_action 193 smtp_email_field 193 smtp_enabled 192 smtp_receipt_format 193 smtp_subject 192 297 smtp_template_id 193 297 smtp_war...

Страница 315: ... login 171 receipt page 171 registration page 171 roles 18 guest access self provisioned 28 guest accounts activate 37 DellNetworking W ClearPass Guest 6 0 Deployment Guide Index 315 change expiration 36 creating 29 creating multiple 30 43 delete 36 disable 36 edit 37 editing expiration 36 email receipt 30 export 43 exporting 43 filtering 35 38 importing 40 list 34 manage multiple 38 paging 35 pri...

Страница 316: ...ndard attributes 304 translation rules 249 translation rules creating 254 URL syntax 251 local operators 247 316 Index DellNetworking W ClearPass Guest 6 0 Deployment Guide locations AirGroup 53 log files 237 logging passwords 140 M MAC address formats 44 advanced features 57 authentication 44 registering devices 56 message sending SMS 232 MMS SMS template for 236 mobile carrier selecting 230 232 ...

Страница 317: ...sions 197 SMS receipts 194 programmer s reference 261 provisioning settings configuring 106 DellNetworking W ClearPass Guest 6 0 Deployment Guide Index 317 Q quick start Smarty template syntax 264 quick view content 136 R RADIUS server 18 accounting query 269 active sessions 59 disconnecting session 60 61 reauthorizing session 60 61 reauthorizing session 60 61 receipt page 171 editing 178 receipts...

Страница 318: ...tion 264 comments 264 foreach block 265 if block 264 include 264 318 Index DellNetworking W ClearPass Guest 6 0 Deployment Guide literal block 265 modifiers 266 Onboard 80 section block 265 variables 264 SMS alert for session 63 alerts 63 character limit 194 credits 233 guest account receipts 30 guest self registration receipts 182 receipts 63 subject line 191 SMS gateway editing 231 SMS gateways ...

Страница 319: ... 49 SMS gateways 228 SMTP carriers 234 views 21 141 144 column format 170 customization 150 duplicating 151 editing 151 169 field editor 170 guest_export 43 144 guest_multi 38 144 guest_sessions 60 144 guest_users 34 144 visitors 21 account 21 VPN settings 125 W Web logins 21 WiFi network 137 wizards print template 196 WPA key 138 DellNetworking W ClearPass Guest 6 0 Deployment Guide Index 319 X X...

Страница 320: ...320 Index DellNetworking W ClearPass Guest 6 0 Deployment Guide ...

Отзывы:

Нет отзывов

Похожие инструкции для Networking W-ClearPass Guest 6.0

4116 - SCX B/W Laser

Бренд: Samsung Страницы: 14

2252W - Printer - B/W

Бренд: Samsung Страницы: 10

Бренд: Adobe Страницы: 122

Mobile Anti-Virus 60 Series

Бренд: F-SECURE Страницы: 90

MultiRack SoundGrid

Бренд: Waves Страницы: 39

NECSAM RICHER APPT FINAL2

Бренд: NEC Страницы: 1

NECAM NEWSREL 070306

Бренд: NEC Страницы: 2

Бренд: NEC Страницы: 3

Бренд: NEC Страницы: 9

Бренд: NEC Страницы: 49

Бренд: NEC Страницы: 56

NEC Storage PathManager 3.1

Бренд: NEC Страницы: 65

MultiSync FP1375X

Бренд: NEC Страницы: 64

MultiSync FP955

Бренд: NEC Страницы: 68

Бренд: Creative Страницы: 84

Бренд: Allied Telesis Страницы: 668

Бренд: DeLorme Страницы: 29

XTRAWARE - V3.0

Бренд: YASKAWA Страницы: 263

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды