How it Works
Dell
Loading...
P
Loading...
Loading...
Powerconnect W-ClearPass Virtual Appliances
User Manual
558 pgs16.26 Mb0
Installation Manual
8 pgs3.88 Mb0
Getting Started Guide
34 pgs1.36 Mb0
Quick Start Manual
28 pgs1.11 Mb0
Deployment Guide
320 pgs11.54 Mb0
Configuration manual
39 pgs1.36 Mb0
Reference Guide
4 pgs188.49 Kb0
Tech Note
31 pgs1.18 Mb0
Tech Sheet
18 pgs625.58 Kb0
Table of contents
Loading...

Dell Powerconnect W-ClearPass Virtual Appliances Configuration manual

Colin King
Dell Networking W-Series ClearPass Configuration Guide
Network Solutions Engineer in g Tea m
This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The content is provided as is, without express or implied warranties of any kind.
© 2013 Dell Inc. All rights reserved. Dell and its affiliates cannot be responsible for errors or omissions in typography or photography. Dell™, the Dell logo, PowerConnect™, Force10™ , and PowerEdge™ are trademarks of Dell Inc. Intel®, Pentium®, Xeon®, Core® and Celeron® are registered trademarks of Intel Corporation in the U.S. and other countries. Microsoft®, Windows®, Windows Server®, Internet Explorer®, MS-DOS®, Windows Vista® and Active Directory® are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims proprietary interest in the marks and names of others.
August 2013| Rev 1.0
Dell Networking W-Series ClearPass Configuration Guide 2
Dell Networking W-Series ClearPass Configuration Guide 3
Contents
Executive Summary ...................................................................................... 6
Introduction ............................................................................................... 6
Network Topology ........................................................................................ 7
Applicable Hardware and Software Versions ......................................................... 8
Dell W-Series ClearPass ............................................................................................... 8
Dell Networking Switches ............................................................................................ 8
MAC Authentication with W-ClearPass and Dell Networking 7024P Switch ...................... 8
Dell Networking 7024P Configuration .............................................................................. 9
Add a RADIUS Server .............................................................................................. 10
Enable Authentication and configure the port ............................................................... 11
Dell Networking ClearPass Configuration ........................................................................ 13
Adding Network Authenticator .................................................................................. 13
Create a Static Host List .......................................................................................... 14
Configuring a Network Policy .................................................................................... 15
Testing MAC Authentication ....................................................................................... 19
MAC Authentication Conclusion ................................................................................... 20
OnGuard posture enforcement with Dell Networking 7024P Switch ............................. 21
Dell Networking 7024P Configuration ............................................................................ 21
Enable Authentication and configure the port ............................................................... 22
SNMP Configuration ................................................................................................ 23
Dell Networking ClearPass Configuration ........................................................................ 23
Enter a user into the Local Users database ................................................................... 24
Configuring an OnGuard Network Policy ....................................................................... 25
Configuring a Wired 802.1x Policy .............................................................................. 31
Testing OnGuard Posture Configuration ......................................................................... 35
OnGuard Configuration Conclusion ............................................................................... 36
Appendix A ............................................................................................... 37
Dell Networking 55xx Series Switches............................................................................ 37
Dell Networking 55xx Series Firmware ......................................................................... 37
MAC Authentication Configuration for 55xx Series Switch ................................................... 37
Dell Networking W-ClearPass MAC Authentication Configuration ......................................... 39
OnGuard posture enforcement with Dell Networking 55xx Switch ......................................... 39
Dell Networking W-ClearPass MAC Authentication Configuration ......................................... 39
Dell Networking W-Series ClearPass Configuration Guide 4
Figures
Figure 1. Basic Topology ................................................................................................. 7
Figure 2. MAC Authentication Configuration Flowchart ............................................................ 9
Figure 3. MAC Authentication 7024P Switch - RADIUS Server Configuration .................................. 11
Figure 4. MAC Authentication 7024P Switch - Authentication Configuration ................................. 12
Figure 5. MAC Authentication ClearPass - Adding Network Authenticator .................................... 13
Figure 6. MAC Authentication ClearPass – Create Static Host List .............................................. 14
Figure 7. MAC Authentication ClearPass – Configuring a Network Policy Service ............................ 15
Figure 8. MAC Authentication ClearPass – Configuring Authentication Method and Source ................ 16
Figure 9. MAC Authentication ClearPass – Configuring Roles .................................................... 18
Figure 10. MAC Authentication ClearPass – Configuring Enforcement ......................................... 19
Figure 11. OnGuard Configuration Flowchart ...................................................................... 22
Figure 12. OnGuard 7024P Switch – Authentication Configuration ............................................. 23
Figure 13. OnGuard ClearPass – Adding Local User ................................................................ 25
Figure 14. OnGuard ClearPass – Web-Based Authentication Service ........................................... 26
Figure 15. OnGuard ClearPass – Authentication Source .......................................................... 26
Figure 16. OnGuard ClearPass - Roles ............................................................................... 27
Figure 17. OnGuard ClearPass – Adding New Posture Policy ..................................................... 28
Figure 18. OnGuard ClearPass – Posture Policy Main Tab ........................................................ 29
Figure 19. OnGuard ClearPass – Enforcement Policy .............................................................. 31
Figure 20. Wired 802.1x ClearPass – Service Configuration ...................................................... 32
Figure 21. Wired 802.1x ClearPass – Authentication Types ...................................................... 33
Figure 22. Wired 802.1x ClearPass – Roles .......................................................................... 34
Figure 23. Wired 802.1x ClearPass – Enforcement................................................................. 35
Figure 24. Appendix A, 5524P Dot1x Global Settings ............................................................. 38
Figure 25. Appendix A, 5524P Dot1x Interface Settings, MAC Only............................................. 38
Figure 26. Appendix A, 5524P Dot1x Interface Settings, 802.1x only .......................................... 39
Dell Networking W-Series ClearPass Configuration Guide 5

Executive Summary

The Dell Networking W-Series ClearPass platform is a powerful access control appliance for use with wired or wireless networking. W-ClearPass is highly optimized for use with wireless access using the W­Series controllers and APs as the network access devices. In addition to wireless network access control, W-ClearPass can service authentication requests from Dell Networking wired switches. The combination of W-ClearPass, W-Series Controllers, and Dell Networking switches provides a complete solution for network access control.
Administrators with devices that do not support 802.1x (printers, cameras, IP phones) will learn the authentication method used with Dell switches for MAC authentication and how to configure the corresponding W-ClearPass services.
Administrators can also learn how to use the OnGuard client within W-ClearPass to ensure all PCs connected directly to Dell switches are screened for health compliance.

Introduction

This configuration guide details the steps required to configure both MAC Authentication and OnGuard posture enforcement usi ng Dell Networking switches. The W-ClearPass Policy Manager will be the centerpiece for all RADIUS credentials and network access authentication decisions for devices accessing the network through the Dell Networking switch.
Dell Networking W-Series ClearPass Configuration Guide 6

Network Topology

Figure 1. Basic Topology
The figure above shows the setup used for this document. The printer is used for the MAC Authentication example configuration, while the PC is used for the OnGuard heath posture example configuration.
The Dell Networking 7024P is representative of a typical closet access switch. The Dell Networking W­ClearPass appliance is normally located in the Data Center. The Dell 7024P switch is also capable of supplying PoE+ power to devices connected to its ports. This PoE+ capability can simplify the deployment of devices like Phones, Cameras, and similar corporate devices that will benefit from the MAC Authentication methodology described in this document.
Dell Networking W-Series ClearPass Configuration Guide 7

Applicable Hardware and Software Versions

The examples in this document are validated on the following HW and SW versions:
Dell W-Series ClearPass SW v6.0.2
Dell Networking 7024P firmware v5.1.0.1

Dell W-Series ClearPass

Dell W-Series ClearPass SW v6.0.2 Configuration for the ClearPass appliance is the same for the latest version released during the
publishing of this document, ClearPass v6.1.2. No changes to the MAC Authentication feature were implemented in this later version. The OnGuard client application was upgraded to include a VPN client in ClearPass v6.1.2. The VPN feature and its configuration will not affect the behavior or configuration of the methodology described in this document.

Dell Networking Switches

Dell Networking 7024P – firmware v5.1.0.1 The following Dell Networking branded switches contain the same firmware base and can be
substituted for the 7024P used in this example. Dell Networking switches: 8132, 8164, 8132F, 8164F, 7024, 7048, 7024P, 7048P, 7024F, 7048R, 7048R-RA, 8024, 8024F, M6220,
M6348, M8024, M8024-k NOTE: Dell Networking Switches not included in the list above could have behaviors that would require
some modification to the methods used in the example configurations below, however the methodology and mechanisms are similar and can therefore be applied with minor changes. See Appendix A for information on how to use Dell 55xx switches.

MAC Authenti c at ion with W-ClearPass and Dell Networking 7024P Switch

The use of MAC Authentication is mainly used for devices such as printers, cameras, and IP phones that do not support 802.1x authentication and require the use of MAC Authentication.
The configuration example in this guide will only detail the basic setup of both the W-ClearPass Policy Manager and the Dell Networking 7024P switch. Network administrators may also want to configure specific VLANs to restrict traffic to the type needed for the device being placed on the 7024P switch port. The assignment of VLANs based on successful authentication is not covered in this document.
Dell Networking W-Series ClearPass Configuration Guide 8
Figure 2. MAC Authentication Configuration Flowchart

Dell Networking 7024P Configuration

The following configuration steps start from a switch that has been configured to be an access switch with no network security settings in place. Basic settings outlined in the Quick Start Guide have been completed.
Dell Networking W-Series ClearPass Configuration Guide 9
Series ClearPass Configuration Guide

Add a RADIUS Server

Navigate to System > Management Security > RADIUS > RADIUS Server Configuration Click on Add Input IP address of the ClearPass appliance into RADIUS Server Host Address Change RADIUS Server Name to an appropriate name Click Apply Click on Detail Choose the IP address from the RADIUS Server Host Address drop dow n lis t Click on the checkbox located in the Secret field. Enter a secret key to be used with the ClearPass
appliance. Choose Enable from the dropdown list in the Primary Server field Click on Apply Save your configuration to the running configuration (disk icon at the upper right of the GUI)
Dell Networking W-
10
Series ClearPass Configuration Guide
Figure 3. MAC Authentication 7024P Switch - RADIUS Server Configuration

Enable Authentication and configure the port

Navigate to Switching > Network Security > Dot1x Authentication > Authentication Under Global Parameters, choose Enable from the dropdown list in the Administrative Mode field Identify the port to be used for MAC Authentication Under Interface Parameters, choose the port number from the dropdown list in the Interface field Choose Mac-based from the dropdown list and check the MAB box in the Admin Interface Control field All other fields can remain default Repeat the above for any other ports requiring MAC Authenticatio n
Dell Networking W-
11
Series ClearPass Configuration Guide
Figure 4. MAC Authentication 7024P Switch - Authentication Configuration
There are likely other ports on the switch that do not require Authentication. For those ports at this time it is recommended to force the port interface into Authorized mode.
Under Interface Parameters, choose the port number from the dropdown list in the Interface field Choose Authorized from the dropdown list in the Admin Interface Control field All other fields can remain default Repeat the above for all ports requiring access without Authentication NOTE: Administrators can edit multiple ports at one time by using the Show All configuration page
under Authentication. Click Apply Save your configuration to the running co nfi g urat i on This completes the steps required for Mac Authentication on the Dell Networking 7024P. For additional information and CLI examples, please refer to the Dell Networking 7000 Series Switch
User’s Configuration Guide.
Dell Networking W-
12
Loading...
+ 27 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use