ClearPass QuickConnect 2.0

Similar documents
Wireless LAN Security. Gabriel Clothier

FAQ on Cisco Aironet Wireless Security

Configuring the Client Adapter through the Windows XP Operating System

COPYRIGHTED MATERIAL. Contents

Authentication and Security: IEEE 802.1x and protocols EAP based

PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL

Configure Network Access Manager

Configuring Wireless Security Settings on the RV130W

Standard For IIUM Wireless Networking

AirGroup Configuration How- To with ClearPass Technical Note

The following chart provides the breakdown of exam as to the weight of each section of the exam.

ArubaOS 6.2. Quick Start Guide. Install the Controller. Initial Setup Using the WebUI Setup Wizard

Instructions for connecting to winthropsecure

Configuring the Client Adapter through Windows CE.NET

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide

Procedure: You can find the problem sheet on the Desktop of the lab PCs.

Instructions for connecting to the FDIBA Wireless Network. (Windows XP)

Exam Questions CWSP-205

ForeScout Extended Module for VMware AirWatch MDM

Figure 5-25: Setup Wizard s Safe Surfing Screen

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

User Guide. Omada Controller Software

Aruba Networks and AirWave 8.0

Connect to eduroam WiFi

Configuring Authentication Types

A Division of Cisco Systems, Inc. GHz g. Wireless-G. Access Point. User Guide WIRELESS. WAP54G ver Model No.

Connecting Devices to the PSD-BYOD Network

Setting Up Cisco SSC. Introduction CHAPTER

Instructions for connecting to the FDIBA Wireless Network (Windows Vista)

Manual UCSFwpa Configuration for Windows 7

The SSID to use and the credentials required to be used are listed below for each type of account: SSID TO CREDENTIALS TO BE USED:

Protected EAP (PEAP) Application Note

ONUnet ONU Setup Guide for Windows 7

CounterACT Afaria MDM Plugin

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

simplifying... Wireless Access

Creating Wireless Networks

A Division of Cisco Systems, Inc. GHz 2, g. Wireless-G. User Guide. Access Point WIRELESS WAP54G (EU/LA/UK) Model No.

HCC Wireless Instructions for Windows 10 (long version)

Configuring the Client Adapter through the Windows XP Operating System

Cisco Secure ACS for Windows v3.2 With PEAP MS CHAPv2 Machine Authentication

Johns Hopkins

Network Access Flows APPENDIXB

Support Device Access

U S E R M A N U A L b/g PC CARD

802.1X: Deployment Experiences and Obstacles to Widespread Adoption

IMC inode Intelligent Client v7.0 (E0106) Copyright (c) Hewlett-Packard Development Company, L.P. and its licensors.

Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients

Configure Client Provisioning

Certificate Management

MSP Solutions Guide. Version 1.0

Cisco Desktop Collaboration Experience DX650 Security Overview

Access Connections 5.1 for Windows Vista: User Guide

NWD2705. User s Guide. Quick Start Guide. Dual-Band Wireless N450 USB Adapter. Version 1.00 Edition 1, 09/2012

GHz g. Wireless A+G. User Guide. Notebook Adapter. Dual-Band. Dual-Band WPC55AG a. A Division of Cisco Systems, Inc.

Amigopod. Implementing Multiple Visitor Account Creation Forms

Configure Client Provisioning

Aruba PEAP-GTC Supplicant Plug-In Guide

Wireless-N Business Notebook Adapter

Mac OS X version 10.6 and Below for Students

Internet Access: Wireless WVU.Encrypted Network Connecting a Windows 7 Device

User Guide. Omada Controller Software

Johns Hopkins

A Division of Cisco Systems, Inc. GHz g. Wireless-G. USB Network Adapter. User Guide WIRELESS WUSB54G. Model No.

150Mbps N Wireless USB Adapter

What Is Wireless Setup

User Guide. EAP Controller Software

P ART 3. Configuring the Infrastructure

PMS 138 C Moto Black spine width spine width 100% 100%

Avaya Identity Engines Ignition CASE Administration. Avaya Identity Engines Ignition Server Release 8.0

How to connect to Wi-Fi

Configuring 802.1X Authentication Client for Windows 8

Forescout. Configuration Guide. Version 4.4

Support Device Access

Buna ISD Secure Wireless CougarNet+

ACCP-V6.2Q&As. Aruba Certified Clearpass Professional v6.2. Pass Aruba ACCP-V6.2 Exam with 100% Guarantee

A Division of Cisco Systems, Inc. GHz g. Wireless-G. User Guide. Access Point WIRELESS. WAP54G v2. Model No.

Aruba Instant Release Notes

AXIS M1065-LW Network Camera. User Manual

Summary. Deployment Guide: Configuring the Cisco Wireless Security Suite 1 OL

Aruba Instant Release Notes

User Guide. EAP Controller Software REV

802.11ac Wireless Access Point Model WAC104

IT Quick Reference Guides Connecting to SU-Secure using Windows 8

Agile Controller-Campus V100R002C10. Permission Control Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Figure 35: Active Directory Screen 6. Select the Group Policy tab, choose Default Domain Policy then click Edit.

Johns Hopkins

802.11a g Dual Band Wireless Access Point. User s Manual

Using the Cisco Unified Wireless IP Phone 7921G Web Pages

Manually Configuring Windows 8 for Wireless PittNet

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

NCR. Wi-Fi Setup Assistant. User guide

Cisco Exam Questions & Answers

Wireless technology Principles of Security

Package Content IEEE g Wireless LAN USB Adapter... x 1 Product CD-ROM.x 1

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)

Securing a Wireless LAN

Release Notes for Cisco Aironet a/b/g Client Adapters (CB21AG and PI21AG) for Windows Vista 1.1

Transcription:

ClearPass QuickConnect 2.0 User Guide

Copyright 2013 Aruba Networks, Inc. Aruba Networks trademarks include, Aruba Networks, Aruba Wireless Networks, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System, Mobile Edge Architecture, People Move. Networks Must Follow, RFProtect, Green Island. All rights reserved. All other trademarks are the property of their respective owners. Open Source Code Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. Includes software from Litech Systems Design. The IF-MAP client library copyright 2011 Infoblox, Inc. All rights reserved.this product includes software developed by Lars Fenneberg et al. The Open Source code used can be found at this site: http://www.arubanetworks.com/open_source Legal Notice The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors. Warranty This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS. Altering this device (such as painting it) voids the warranty. February 2013 0511285 ClearPass QuickConnect 2.0 User Guide

Contents QuickConnect 2.0 Introduction 5 Benefits 5 Getting Started 5 Supported Browsers 6 Logging In 6 Navigation 6 Configuration 7 Packaging 7 Resources 7 User Account 8 Help 8 Available Template Types 8 802.1X Wireless 8 Pre-Shared Key Wireless 8 802.1X Wired 8 802.1X Wired and Wireless 8 Create a Network 9 Configure a 802.1X Wireless Network 9 Configure General Settings 9 Configure Windows Settings 10 Configure MacOS X Settings 11 Configure ios Settings 11 Configure Android Settings 11 Configure a Pre-Shared Key Wireless Network 11 Configure General Settings 12 Configure Windows Settings 12 Configure Wired Networks 13 Configure General Settings 13 Configure Windows Settings 13 Configure MacOS X Settings 14 Configure 802.1X Wireless and Wired Network 14 Configure General Settings 15 Configure Windows Settings 16 Configure MacOS X Settings 16 Configure Android Settings 16 Configure ios Settings 16 Save Configuration Settings 16 ClearPass QuickConnect 2.0 User Guide 3

Deploy Packages 17 Create New User Interface 17 Generate Package 17 Manage Resources 19 Add Certificates 19 Add Applications 19 Edit User Account 21 Upload Generated Package 23 Glossary 25 4 ClearPass QuickConnect 2.0 User Guide

Chapter 1 QuickConnect 2.0 Introduction Thank you for choosing ClearPass QuickConnect 2.0. QuickConnect 2.0 provides a simple way to configure your endpoints so that they can connect to 802.1X enabled wireless and wired networks. Minimal interaction for end-users reduces helpdesk calls and increases the adherence of more secure policies. This chapter covers the following topics: "Benefits" on page 5 "Getting Started" on page 5 "Navigation" on page 6 "Available Template Types" on page 8 Benefits QuickConnect 2.0 offers the following benefits: Management from the Cloud Authorized IT staff uses a website hosted by Aruba Networks to configure, download, and store 802.1X configuration deployment packages. Compliance and Adherence In addition to easily changing 802.1X variables or pushing out new pre-shared keys, QuickConnect 2.0 ensures that endpoints meet key Windows and security compliance requirements. Point-and-Click Configuration Users no longer have to manually configure their own devices. The IT administrator simply points them to the QuickConnect 2.0 portal to begin the upgrade to 802.1X. Painless endpoint configuration Sometimes configuring end-user devices for network access might confuse the user and require the user to contact the IT helpdesk.the QuickConnect 2.0 wizard automatically configures each device for secure wireless or wired access in one minute or less. Push incremental or required security updates or fixes on the fly without contacting the IT helpdesk. Security without the hassle QuickConnect 2.0 offers the unique ability to configure settings for most Windows, MacOS X, ios, and Android devices. Push wireless and wired network attributes, and NAP or NAC health settings to the endpoint prior to their initial connection to a dot1x network. If needed, QuickConnect 2.0 can also push an application to the endpoint and install it. Wizard guides the end-user through the download and authentication process, ensuring painless network connectivity. Getting Started QuickConnect 2.0 uses a standard Web-based management interface. For information on the Web-based management interface, refer to the following sections: "Supported Browsers" on page 6 "Logging In" on page 6 ClearPass QuickConnect 2.0 User Guide QuickConnect 2.0 Introduction 5

Supported Browsers QuickConnect 2.0 uses a standard web-based management interface. Supported web browsers include: Mozilla Firefox 3.0 + Microsoft Internet Explorer 7.0+ Google Chrome 1.0 Logging In To reach the QuickConnect 2.0 administrative interface, point the browser to: http://quickconnect.arubanetworks.com. Use the supplied User ID/Password and then click Login to launch the user interface. Figure 1 QuickConnect 2.0 Login Page Navigation The navigation links are located on the left side of the pane as shown in the following figure and includes these sections. Clicking on these navigation links on the left side pane shows the corresponding page in the right side pane. "Configuration" on page 7 "Packaging" on page 7 "Resources" on page 7 "User Account" on page 8 6 QuickConnect 2.0 Introduction ClearPass QuickConnect 2.0 User Guide

Figure 2 Navigation Configuration In this section an administrator can enter the parameters such as the SSID of a wireless network the users are to connect to, the authentication type, security type to be used, and the Operating Systems supported. You may start creating a network configuration by using one of the available types of templates or by clicking Network Configurations. Start Here shows the list of available templates for creating network configurations. For more information, refer to "Available Template Types" on page 8. Network Configurations shows the list of available network configurations, allows the administrator to create a new network or edit any previously created network from the list. To configure a network using the templates, enter the basic configuration details and retain the default options and save the configuration settings. To configure a network using your preferences, refer to "Create a Network" on page 9. Packaging A deployment package comprises of one or more network configurations and a user interface. A user interface allows an administrator to provide the title, logo, and other text that should go on the Web page as well as on the wizard that runs on the end user devices.the package is hosted on a Web server such as Apache or IIS and provides the necessary configuration and application for the end-devices to connect to the secure network. The application runs as a wizard on the end devices. User Interfaces (UI) shows available UIs and allows administrator to create new UIs or edit existing UIs. To start with, there is a Default UI. Deployment Package allows administrator to create a package using one or more network configurations and a UI. For configuration steps, refer to "Deploy Packages" on page 17. Resources This section is used to manage certificates and applications. These resources are used in creating network configurations. The Certificates and Applications links show the list of corresponding entities on the right hand pane and allows administrator to add new resources. For configuration steps, refer to "Manage Resources" on page 19. ClearPass QuickConnect 2.0 User Guide QuickConnect 2.0 Introduction 7

User Account This section is used to edit the administrative account settings. For configuration steps, refer to "Edit User Account" on page 21. Help The Help icon at the top right corner of the QuickConnect 2.0 UI allows you to view a short description or definition of selected terms and fields. Clicking it again hides the help text. Available Template Types QuickConnect 2.0 supports the following network types. You can use these templates to create a network. 802.1X Wireless Use this template to provision 802.1X authentication for a wireless network connection. This sets up a wireless network that uses enterprise mode authentication with WPA/WPA2. Pre-Shared Key Wireless Use this template to provision shared key based authentication for a wireless network connection. This sets up a wireless network that uses shared key based authentication with WPA/WPA2. 802.1X Wired Use this template to provision 802.1X authentication for a wired network connection. This sets up a wired network that uses 802.1X authentication. 802.1X Wired and Wireless Use this template to provision 802.1X authentication for wired and wireless network connections. This sets up a wireless network that uses enterprise mode authentication with WPA/WPA2 and a wired network that uses 802.1X authentication. To configure a network using the templates, enter the basic configuration details and retain the default options and save the configuration settings. To configure a network using other preferences, refer to "Create a Network" on page 9. 8 QuickConnect 2.0 Introduction ClearPass QuickConnect 2.0 User Guide

Chapter 2 Create a Network The following sections provide the detailed configuration steps to configure the various types of networks available for QuickConnect 2.0. "Configure a 802.1X Wireless Network" on page 9 "Configure a Pre-Shared Key Wireless Network" on page 11 "Configure Wired Networks" on page 13 "Configure 802.1X Wireless and Wired Network" on page 14 "Save Configuration Settings" on page 16 Configure a 802.1X Wireless Network The following procedures show how to create configurations required to deploy 802.1X wireless network on Windows, MacOSX, ios, and Android platforms. "Configure General Settings" on page 9 "Configure Windows Settings" on page 10 "Configure MacOS X Settings" on page 11 "Configure ios Settings" on page 11 "Configure Android Settings" on page 11 Configure General Settings Follow these steps to configure general settings: 1. Navigate to Configuration > Network Configurations. 2. Click Create Network Configuration. 3. Configure the following in the General section. a. Enter a name and a brief description for the 802.1X wireless network. b. Select one or more checkboxes next to the Operating Systems for which you want to configure wireless network connection under Configure Wireless. 4. Configure the following in the Wireless section: a. Enter the SSID name. b. Select the security type for the wireless network. You can select one of the following options: WPA2 with AES WPA with TKIP WPA or WPA2 c. Select the network type for the wireless network as Enterprise. d. Select the Hidden Network option if the wireless network is not broadcasting. e. If you want the client wizard to delete any existing configured wireless profiles from end devices, click Add SSID to add it to the delete list. 5. Enter an anonymous identity to be used for identity privacy. ClearPass QuickConnect 2.0 User Guide Create a Network 9

Anonymous identity is not applicable for Windows XP and Legacy OS X (10.6). 6. Select the option Validate Server's Certificate to set the client to verify server's certificate. 7. Provide names of RADIUS servers to trust. Name must be a CommonName (CN) in the server's certificate. 8. Check Allow User to Accept Other Servers to allow users to optionally accept servers that do not confirm to these trust settings. 9. Select the certificate from the drop-down list. This certificate is used to verify the server's certificate. 10. Select the option Use Additional Trusted Certificates to provide list of additional certificates to trust. 11. Click Add Certificate to add additional certificates in the certificate store. Additional Certificate installation is not supported for Android. 12. If required, configure the proxy settings for the ios and Android devices. a. Manual Enter proxy server's network address and port number. b. Automatic Enter the URL of the PAC file that defines the proxy configuration. 13. Click Next to move to the next tab. Configure Windows Settings Follow these steps to configure Windows settings: 1. Select an authentication mode. Following authentication methods are supported: Machine Or User Machine only User only Guest only 2. Select the authentication credentials. Following credentials can be used: Use Domain Credentials: If you want to use user's domain logon credentials for authentication. Ask for Credentials: If you prefer user to enter credentials other than their domain credentials. 3. Select the authentication protocol to be used. Following protocols are supported: PEAP with MSCHAPv2 TLS PEAP with TLS 4. Configure the following for authentication protocol options: a. Select Enable Fast Reconnect to allow client to use fast reconnect during re-authentication. b. Select Enable Cryptobinding to set the client to reject a server if a valid cryptobinding TLV is not received. c. Select Enforce Network Access Protection to set the client to support Network Access Protection health checks. This option is called Enforce Quarantine Checks in Windows versions less than Windows 7. 5. Configure the following under Advanced Settings: a. Enter the appropriate administrator credentials if the network configuration requires administrator privileges on the end device. b. Select Show Icon in Notification (XP Only) to show icon for the connection in notification area. 10 Create a Network ClearPass QuickConnect 2.0 User Guide

c. Select Notify when Connectivity is limited (XP Only) to show notification when connectivity is limited. d. Select Enforce IP address assignment using DHCP to force the client to use DHCP for getting IP address e. Select Enforce DNS server assignment using DHCP to force the client to use DHCP for getting DNS servers. If this option is un-selected, client continues to use existing configuration.. f. Select Enforce address registration with DNS to force the client to register its address with DNS servers. g. Select Enable NAP Service option to enable and start the Network Access Protection service and EAP Quarantine Enforcement Client on the system. 6. If required, click Add Application to add an application to network configuration. This application runs on the end client device when the client wizard starts. 7. Click Next to move to the next tab. Configure MacOS X Settings Follow these steps to configure MacOS X settings: 1. Select the authentication protocol to be used. The following protocols are supported. PEAP with MSCHAPv2 TTLS with PAP TTLS with MSCHAPv2 2. Click Next to move to the next tab. Configure ios Settings Follow these steps to configure ios settings: 1. Select the authentication protocol to be used. The following protocols are supported. PEAP with MSCHAPv2 TTLS with PAP EAP-FAST 2. Click Next to move to the next tab. Configure Android Settings Follow these steps to configure ios settings: 1. Select the authentication protocol to be used. The following protocols are supported: PEAP with MSCHAPv2 PEAP with GTC TTLS with PAP TTLS with MSCHAPv2 TTLS with GTC 2. Select Disallow Rooted Devices to prevent network provisioning on rooted Android devices. 3. Click Next to move to the next tab. Configure a Pre-Shared Key Wireless Network ClearPass QuickConnect 2.0 User Guide Create a Network 11

The following procedures show how to create configurations required to deploy a Pre-Shared Key (PSK) Wireless network:. "Configure General Settings" on page 12 "Configure Windows Settings" on page 12 Configure General Settings Follow these steps to configure general settings: 1. Navigate to Configuration > Network Configurations. 2. Click Create Network Configuration. 3. Configure the following in the General section. a. Enter a name and a brief description for the PSK wireless network. b. Select the Windows check box under Configure Wireless. 4. Configure the following in the Wireless section: a. Enter the SSID name. b. Select the security type for the wireless network. You can select one of the following options: WPA2 with AES WPA with TKIP WPA or WPA2 c. Select the network type as PSK for the wireless network. d. Enter a passphrase for the network. e. If you want the client wizard to delete any existing configured wireless profiles from end devices, click Add SSID to add it to the delete list. 5. Click Next to move to the next tab. Configure Windows Settings Follow these steps to configure Windows settings: 1. Select an authentication mode. The following authentication methods are supported: Machine Or User Machine only User only Guest only 2. Configure the following under Advanced Settings: a. Enter appropriate administrator credentials if the network configuration requires administrator privileges on the end device. b. Select Show Icon in Notification (XP Only) to show icon for the connection in notification area. c. Select Notify when Connectivity is limited (XP Only) to show notification when connectivity is limited. d. Select Enforce IP address assignment using DHCP to force the client to use DHCP for getting IP Address. e. Select Enforce DNS server assignment using DHCP to force the client to use DHCP for getting DNS servers. If this option is un-selected, client continues to use existing configuration. f. Select Enforce address registration with DNS to force the client to register its address with DNS servers. 12 Create a Network ClearPass QuickConnect 2.0 User Guide

g. Select Enable NAP Service option to enable and start the Network Access Protection service and EAP Quarantine Enforcement Client on the system. 3. If required, click Add Application to add an application to network configuration. This application runs on the end client device when the client wizard starts. 4. Click Next to move to the next tab. Configure Wired Networks The following procedures show how to create configurations required to deploy wired networks on Windows and MacOS X platforms. "Configure General Settings" on page 13 "Configure Windows Settings" on page 13 "Configure MacOS X Settings" on page 14 Configure General Settings Follow these steps to configure general settings: 1. Navigate to Configuration > Network Configurations. 2. Click Create Network Configuration. 3. Configure the following in the General section. a. Enter a name and a brief description for the wired network. b. Under Configure Wired, select one or more checkboxes next to the Operating Systems for which you want to configure wireless network connection. 4. Enter an anonymous identity to be used for identity privacy. Anonymous Identity is not applicable for Windows XP and Legacy OS X (10.6). 5. Select Validate Server's Certificate to set the client to verify the server's certificate. 6. Provide names of RADIUS servers to trust. The Name must be a CommonName (CN) in the server's certificate. 7. Select Allow User to Accept Other Servers to allow users to optionally accept servers that do not confirm to these trust settings. 8. Select Use Additional Trusted Certificates to provide list of additional certificates to trust. 9. Click Add Certificate to add additional certificates in the certificate store. Additional certificate installation is not supported for Android. 10. Click Next to move to the next tab. Configure Windows Settings Follow these steps to configure Windows settings: 1. Select an authentication mode.the following authentication methods are supported: Machine Or User Machine only ClearPass QuickConnect 2.0 User Guide Create a Network 13

User only Guest only 2. Select the authentication credentials. The following credentials can be used: Use Domain Credentials: If you want to use the user's domain logon credentials for authentication. Ask for Credentials: If you prefer the user to enter credentials other than their domain credentials. 3. Select the authentication protocol to be used. The following protocols are supported. PEAP with MSCHAPv2 TLS PEAP with TLS 4. Configure the following for authentication protocol options: a. Select Enable Fast Reconnect to allow client to use fast reconnect during re-authentication. b. Select Enable Cryptobinding to set the client to reject a server if a valid cryptobinding TLV is not received. c. Select Enforce Network Access Protection to set the client to support Network Access Protection health checks. This option is called 'Enforce Quarantine Checks' in Windows versions less than Windows 7. 5. Configure the following under Advanced Settings: a. Enter appropriate administrator credentials if the network configuration requires administrator privileges on the end device. b. Select Show Icon in Notification (XP Only) to show icon for the connection in notification area. c. Select Notify when Connectivity is limited (XP Only) to show notification when connectivity is limited. d. Select Enforce IP address assignment using DHCP to force the client to use DHCP for getting IP address. e. Select Enforce DNS server assignment using DHCP to force the client to use DHCP for getting DNS servers. If this option is un-selected, client continues to use existing configuration. f. Select Enforce address registration with DNS to force the client to register its address with DNS servers. g. Select Enable NAP Service option to enable and start the Network Access Protection service and EAP Quarantine Enforcement Client on the system. h. Select Fallback to unauthorized network access to allow the client to connect to wired ports which do not require authentication. 6. If required, click Add Application to add an application to network configuration. This application runs on the end client device when the client wizard starts. 7. Click Next to move to the next tab. Configure MacOS X Settings For configuration steps, refer to the procedure "Configure MacOS X Settings" on page 11. Configure 802.1X Wireless and Wired Network The following procedures show how to create configurations required to deploy an 802.1X wireless and wired networks on Windows, MacOSX, ios, and Android platforms. "Configure General Settings" on page 15 "Configure Windows Settings" on page 16 "Configure MacOS X Settings" on page 16 "Configure ios Settings" on page 16 "Configure Android Settings" on page 16 14 Create a Network ClearPass QuickConnect 2.0 User Guide

Configure General Settings Follow these steps to configure general settings: 1. Navigate to Configuration > Network Configurations. 2. Click Create Network Configuration. 3. Click the Configuration tab. 4. Configure the following in the General section. a. Enter a name and a brief description for the network. b. Select one or more checkboxes next to the Operating Systems for which you want to configure a wireless and wired network connection. 5. For wireless network configuration, enter the following details in the Wireless section: a. Enter the SSID name. b. Select the security type for the wireless network. You can select one of the following options: WPA2 with AES WPA with TKIP WPA or WPA2 c. Select the network type for the wireless network as Enterprise or PSK. Enter a Passphrase of the network if the network type is PSK. d. Select the Hidden Network option if the wireless network is not broadcasting. e. If you want the client wizard to delete any existing configured wireless profiles from end devices, click Add SSID to add it to the delete list. 6. Enter an anonymous identity to be used for identity privacy. Anonymous identity is not applicable for Windows XP and Legacy OS X (10.6). 7. Select Validate Server's Certificate to set the client to verify the server's certificate. 8. Provide names of RADIUS servers to trust. The name must be a CommonName (CN) in the server's certificate. 9. Check Allow User to Accept Other Servers to allow users to optionally accept servers that do not confirm to these trust settings. 10. Select the certificate from the drop-down list. This certificate is used to verify the server's certificate. 11. Select Use Additional Trusted Certificates to provide list of additional certificates to trust. 12. Click Add Certificate to add additional certificates in the certificate store. Additional certificate installation is not supported for Android. 13. If required, configure the proxy settings for the ios and Android devices. Manual Enter the proxy server's network address and port number. Automatic Enter the URL of the PAC file that defines the proxy configuration. 14. Click Next to move to the next tab. ClearPass QuickConnect 2.0 User Guide Create a Network 15

Configure Windows Settings For configuration steps, refer to the procedure "Configure Windows Settings" on page 13. Configure MacOS X Settings For configuration steps, refer to the procedure "Configure MacOS X Settings" on page 11. Configure Android Settings For configuration steps refer to the procedure "Configure Android Settings" on page 11. Configure ios Settings For configuration steps, refer to the procedure "Configure ios Settings" on page 11. Save Configuration Settings Follow these steps to save the configuration settings: 1. Review and ensure the desired settings are saved. 2. If you want to make changes to these settings either click on the respective tab or the links provided in the Summary tab. 3. Click Save to save the configuration settings. When saving a configuration, you can create a package for the current network configuration in the wizard using the default user interface. 16 Create a Network ClearPass QuickConnect 2.0 User Guide

Chapter 3 Deploy Packages Complete the following procedures to deploy a package: "Create New User Interface" on page 17 "Generate Package" on page 17 Create New User Interface Follow these steps to create a new user interface: 1. Navigate to Packaging > User Interfaces. 2. Click Create User Interface. 3. Enter a name for the interface and provide a brief description. 4. Enter a title name for the user interface. 5. Enter the name of the organization for which the interface is being created. 6. Enter the helpdesk URL for contacting the help desk in case the users run into issues during provisioning or require other configuration details. 7. Enter the URL for resetting user's password to authenticate to the network. Provide an applicable URL for the helpdesk. 8. Browse and select the company logo and click Upload. 9. Click Save User Interface. Generate Package Follow these steps to generate a package: 1. Navigate to Packaging > Deployment Package. 2. Select one or more network configurations from the drop-down list to include in the package. 3. You can either select the default user interface or create a customized user interface. To use default user interface select Default from the drop-down list. To create a customized user interface, refer to "Create New User Interface" on page 17. 4. Click Generate Package. The Package generated successfully message appears. 5. You can download the package from the link Package Download URL. For more information on using the generated package, refer to "Upload Generated Package" on page 23. ClearPass QuickConnect 2.0 User Guide Deploy Packages 17

18 Deploy Packages ClearPass QuickConnect 2.0 User Guide

Chapter 4 Manage Resources Complete the following procedures to add network resources: "Add Certificates" on page 19 "Add Applications" on page 19 Add Certificates Follow these steps to add certificates: 1. Navigate to Resources > Certificates. 2. Click Add Certificate link. The Add Certificate page appears. 3. Browse and select the required certificate file. 4. Click Add Certificate. The certificate list will be populated with the newly added certificate. Certificates should be in der,.crt, or.pem formats. 5. You can also view the certificate details by clicking on the certificate name. Add Applications Follow these steps to add an application: 1. Navigate to Resources > Applications. 2. Click Add Application link. The Add Application Page appears. 3. Enter the name of the application. 4. Select Windows operating system. 5. Click option Yes for Restart Required if you want to restart the system after you install the application. 6. Browse for the application file and click Add Application. The application list will be populated with the newly added application. Application file should be in.exe format. ClearPass QuickConnect 2.0 User Guide Manage Resources 19

20 Manage Resources ClearPass QuickConnect 2.0 User Guide

Chapter 5 Edit User Account In QuickConnect 2.0, the User Account screen consists of details of the user logged into the user interface. Editing the user details involves changing username, password, email ID, and company name of the user. The login credentials for these users are provided outside the QuickConnect 2.0 system. Follow these steps to edit a user account: 1. Navigate to Administration > User Account. 2. Click Edit. You can edit the following details: User Name Password Email ID Company Name 3. Click Save. ClearPass QuickConnect 2.0 User Guide Edit User Account 21

22 Edit User Account ClearPass QuickConnect 2.0 User Guide

Appendix A Upload Generated Package When a QuickConnect 2.0 package is downloaded, it will be in a.zip format. You must perform the following steps to upload the generated package to a web server: 1. Upload the generated package to the web server. 2. Unzip the package file. 3. Configure the web server to serve the contents of the unzipped directory at an appropriate URL. 4. Set the following MIME types for the mentioned extensions in the web server for the deployment package to work properly..html text/html.json application/json.exe application/octet-stream.bin application/octet-stream.dmg application/x-apple-diskimage.jnlp application/x-java-jnlp-file.jar application/x-java-archive.der application/x-x509-ca-cert.mobileconfig application/x-apple-aspen-config.networkconfig arubanetworks/networkconfig Refer to the web server documentation for details on how to configure a web server to serve the contents of the directory and to configure the MIME types. The following example illustrates the steps to upload a QuickConnect 2.0 deployment package to a ClearPass Policy Manager version 6.0.1. 1. Increase the file upload size limit service parameters: a. Log in to ClearPass Policy Manager Web UI. b. Navigate to Administration > Server Manager > Server Configuration and click on the appropriate server. c. Navigate to Service Parameters tab and select ClearPass System Services. d. Change the parameters Form POST Size and File Upload Size to 20 MB and save. 2. Upload the ArubaQuickConnect.webdeploy.zip to ClearPass Guest: a. Log in to ClearPass Guest Web UI. b. Navigate to Configuration > Content Manager. c. Click Upload New Content. d. Select the ArubQuickConnect.webdeploy.zip file and upload. 3. Extract the uploaded package: a. After the successful upload, select the uploaded file and click Extract Archive. b. Click OK to extract the archive. After the extraction, the QuickConnect 2.0 package will be accessible at http://<ip address of the server>/guest/public/arubaquickconnect. ClearPass QuickConnect 2.0 User Guide Upload Generated Package 23

24 Upload Generated Package ClearPass QuickConnect 2.0 User Guide

Glossary AES : Advanced Encryption Standard (AES) is a National Institute of Standards and Technology specification and cryptographic algorithm that can be used to protect electronic data. AES is an iterative, symmetric-key block cipher that can use keys of 128, 192, and 256 bits, and encrypts and decrypts data in blocks of 128 bits (16 bytes). Authentication Modes: Machine Only: Use computer-only credentials. User Only: Use user-only credentials Machine Or User: Use computer-only credentials or user-only credentials. When a user is logged on, the user's credentials are used for authentication. When no user is logged on, computer-only credentials are used for authentication. Guest: Use guest-only credentials. Certificate: In cryptography, a certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind a public key with an identity information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual. Cryptobinding: Cryptobinding is a process which enables to protect authentication protocol negotiation against manin-the-middle attacks. The Cryptobinding request and response achieve a two-way handshake between the peer and the authentication server by using key materials. EAP: Extensible Authentication Protocol (EAP) is an 802.1X standard that allows developers to pass authentication data between RADIUS servers and wireless access points. EAP has a number of variants, including: EAP MD5, EAP- TLS, EAP-TTLS, LEAP, and PEAP. EAP-TLS: EAP Transport Layer Security (EAP-TLS) was developed under the 802.1X standard by Microsoft to use digital certificates for authentication. MSCHAPV2: Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) is a password-based, challenge-response, mutual authentication protocol that uses MD4 and DES encryption. NAP: Network Access Protection (NAP) is a feature in Windows Server 2008 that controls access to network resources based on a client computer s identity and compliance with corporate governance policy. NAP allows network administrators to define granular levels of network access based on who a client is, the groups to which the client belongs, and the degree to which that client is compliant with corporate governance policy. If a client is not compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically increase its level of network access. PEAP: Protected Extensible Authentication Protocol (PEAP) is a type of EAP communication that addresses security issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS. PEAP Fast Reconnect: PEAP Fast Reconnect is a PEAP property that enables wireless clients to move between wireless access points on the same network without being re-authenticated each time they associate with a new access point. PEAP Enforce NAP: This PEAP option specifies that Network Access Protection (NAP) performs system health checks on clients to ensure they meet health requirements, before connections to the network are permitted. PSK: In cryptography, PSK (Pre-Shared Key) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. To build a key from shared secret, the key derivation function ClearPass QuickConnect 2.0 User Guide Glossary 25

should be used. Such systems almost always use symmetric key cryptographic algorithms. The term PSK is used in Wi- Fi encryption such as WEP or WPA, where both the wireless access points (AP) and all clients share the same key. SSID: Service set identifier (SSID) is the name given to a WLAN and used by the client to identify the correct settings and credentials necessary for access to a WLAN. TKIP: Temporal Key Integrity Protocol (TKIP) is part of the WPA encryption standard for wireless networks. TKIP is the next generation of WEP, which provides per-packet key mixing to address flaws discovered in the WEP standard. TLS: Transport Layer Security is cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. WEP: The Wired Equivalent Privacy (WEP) is part of the IEEE 802.11 standard and uses 64 or 128 bit RC4 encryption. Serious flaws were found in the WEP standard in 2001, mostly due to the length of the initialization vector of the RC4 stream cipher, which allowed for passive decoding of the RC4 key. WPA: Wi-Fi Protected Access (WPA) introduced in 2003, in response to weaknesses found in the WEP standard is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. WPA2: WPA2 established in September 2004 by the Wi-Fi Alliance is the certified interoperable version of the full IEEE 802.11i specification ratified in June 2004. Like its predecessor, WPA2 supports IEEE 802.1X/EAP authentication or PSK technology but includes a new advanced encryption mechanism using Counter-Mode/CBC- MAC Protocol (CCMP) called the Advanced Encryption Standard (AES). 26 Glossary ClearPass QuickConnect 2.0 User Guide

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback