Dell Powerconnect W-ClearPass Virtual Appliances Getting Started Guide
Dell Networking
W-ClearPass
Policy Manager
Getting Started Guide
Copyright Information
© 2014 Aruba Networks, Inc. Aruba Networks trademarks include the Aruba Networks logo, Aruba Networks®, Aruba
Wireless Networks®, the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management System®.
Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc.
All rights reserved. Specifications in this manual are subject to change without notice.
Originated in the USA. All other trademarks are the property of their respective owners.
Open Source Code
Certain Aruba products include Open Source software code developed by third parties, including software code subject
to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source
Licenses. Includes software from Litech Systems Design. The IF-MAP client library copyright 2011
Infoblox, Inc. All rights reserved. This product includes software developed by Lars Fenneberg, et al. The Open Source
code used can be found at this site:
http://www.arubanetworks.com/open_source
Legal Notice
The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate
other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for
this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it
with respect to infringement of copyright on behalf of those vendors.
March 2014 | 0511213-03 Dell Networking W-W-ClearPass Polic y Manager | Getting Started Guide
Contents
Powering Up and Configuring Policy Manager Hardware 5
Overview 5
Server Port Overview 5
Server Port Configuration 5
Powering Off the System 7
Resetting the Passwords to Factory Default 8
Generating a Support Key for Technical Support 8
A Subset of Useful CLI Commands 9
Accessing Policy Manager 11
Accessing Help 12
Checking Basic Services 13
Use Cases 15
802.1X Wireless Use Case 15
Configuring the Service 15
Web Based Authentication Use Case 21
Configuring the Service 22
MAC Authentication Use Case 28
Configuring the Service 29
TACACS+ Use Case 31
Configuring the Service 32
Single Port Use Case 33
Dell Networking W-ClearPass Policy Manager | Getting Started Guide Contents | 3
4 | Contents
Dell Networking W-ClearPass Policy Manager | Getting Started
Guide
Chapter 1
Powering Up and Configuring Policy
Manager Hardware
Overview
This Getting Started Guide for the Dell Networking W-W-ClearPass Policy Manager System (Policy Manager)
describes the steps for installing the appliance using the Command Line Interface (CLI) and using the User Interface
(UI) to ensure that the required services are running.
Server Port Overview
The W-ClearPass Policy Manager server requires initial port configuration. The backplane of the Policy Manager
contains three ports.
Figure 1: Policy Manager Backplane
The ports in the figure above are described in the following table:
Table 1:
Key Port Description
A Serial
B eth0
C eth1
Device Ports
Management
(gigabit
Ethernet)
Data (gigabit
Ethernet)
Configures the W-ClearPass Policy Manager appliance initially using hardwired
terminal.
Provides access for cluster administration and appliance maintenance using Web
access, CLI, or internal cluster communications.
Configuration is mandatory.
Provides point of contact for RADIUS, TACACS+, Web Authentication, and other
data-plane requests. Configuration is optional. If this port is not configured,
requests are redirected to the management port.
Server Port Configuration
Before starting the installation, collect the following information that you need, write it in the table below, and keep it
for your records:
Table 2:
Required Information
Requirement Value for Your Installation
Hostname (Policy
Manager server)
Management Port IP
Address
Dell Networking W-ClearPass Policy Manager | Getting Started Guide Powering Up and Configuring Policy Manager Hardware | 5
Table 2:
Required Information (Continued)
Requirement Value for Your Installation
Management Port Subnet
Mask
Management Port
Gateway
Data Port IP Address
(optional)
Data Port Gateway
(optional)
Data Port Subnet Mask
(optional)
Primary DNS
Secondary DNS
NTP Server (optional)
NOTE: The Data Port IP Address must not be in the same subnet as the
Management Port IP Address.
Perform the following steps to set up the Policy Manager appliance:
1. Connect and power on
Connect a serial port on the appliance to a terminal using the null modem cable provided and power on. The
appliance is available for configuration.
Use the following parameters for the serial port connection:
l Bit Rate: 9600
l Data Bits: 8
l Parity: None
l Stop Bits: 1
l Flow Control: None
2. Login
You can create a unique appliance/cluster administration password later. For now, use the following preconfigured
credentials:
login: appadmin
password: eTIPS123
This initiates the Policy Manager Configuration Wizard.
3. Configure the Appliance
Replace the bolded placeholder entries in the following illustration with your local information:
Enter hostname: verne.xyzcompany.com
Enter Management Port IP Address: 192.168.5.10
Enter Management Port Subnet Mask: 255.255.255.0
Enter Management Port Gateway: 192.168.5.1
Enter Data Port IP Address: 192.168.7.55
Enter Data Port Subnet Mask: 255.255.255.0
6 | Powering Up and Configuring PolicyManager Hardwar e DellNetworking W-ClearPass Policy Manager | Getting Started Guide
Enter Data Port Gateway: 192.168.7.1
Enter Primary DNS: 198.168.5.3
Enter Secondary DNS: 192.168.5.1
4. Change your password
Use any string with a minimum of six characters:
New Password:************
Confirm Password: ************
From now, you must use this password for cluster administration and management of the appliance.
5. Change the system date/time
Do you want to configure system date time information [y|n]: y
Please select the date time configuration options.
1) Set date time manually
2) Set date time by configuring NTP servers
Enter the option or press any key to quit: 2
Enter Primary NTP Server: pool.ntp.org
Enter Secondary NTP Server: time.nist.gov
Do you want to configure the timezone? [y|n]: y
After the timezone information is entered, you are prompted to confirm the selection.
6. Commit or restart the configuration
Follow the prompts:
Proceed with the configuration [y[Y]/n[N]/q[Q]
y[Y] to continue
n[N] to start over again
q[Q] to quit
Enter the choice:Y
Successfully configured Policy Manager appliance
*************************************************************
* Initial configuration is complete.
* Use the new login password to login to the CLI.
* Exiting the CLI session in 2 minutes. Press any key to exit now.
When the Policy Manager system is up and running, navigate to the Administration > Agents and Software Updates
> Software Updates page to view and download any available software updates. Refer to in the UserGuide for more
information.
Powering Off the System
Perform the following steps to power off the system gracefully without logging in:
Connect to the CLI from the serial console using the front serial port and enter the following:
login: poweroff
password: poweroff
This procedure gracefully shuts down the appliance.
Dell Networking W-ClearPass Policy Manager | Getting Started Guide Powering Up and Configuring Policy Manager Hardware | 7
Resetting the Passwords to Factory Default
To reset Administrator passwords in Policy Manager to factory defaults, you can login to the CLI as the apprecovery
user. The password to log in as the apprecovery user is dynamically generated.
Perform the following steps to generate the recovery password:
1. Connect to the Policy Manager appliance using the front serial port (using any terminal program). See "Resetting
the Passwords to Factory Default" on page 8 for details.
2. Reboot the system and execute the restart command.
3. After the system restarts, the following prompt is displayed for ten seconds:
Generate support keys? [y/n]:
Enter y at the prompt. The system prompts you with the following choices:
Please select a support key generation option.
1) Generate password recovery key
2) Generate a support key
3) Generate password recovery and support keys
Enter the option or press any key to quit.
4. To generate the recovery key, select option 1.
5. To generate a support key and a recovery key and support, select option 3.
6. After the password recovery key is generated, email the key to Dell technical support. A unique password will be
generated from the recovery key and emailed back to you.
7. Enter the following command at the command prompt:
[apprecovery] app reset-passwd
*******************************************************
* WARNING: This command will reset the system account *
* passwords to factory default values *
*******************************************************
Are you sure you want to continue? [y/n]: y
INFO - Password changed on local node
INFO - System account passwords have been reset to factory default values
Generating a Support Key for Technical Support
To troubleshoot certain critical system level errors, Dell technical support might need to log into a support shell.
Perform the following steps to generate a dynamic support password:
1. Log into the Command Line Interface (CLI) and enter the following command:
system gen-support-key
2. Connect to the Policy Manager appliance using the front serial port (using any terminal program). See "Server Port
Configuration" on page 5 for details.
3. Reboot the system using the restart command.
4. When the system restarts, the following prompt appears for 10 seconds:
Generate support keys? [y/n]:
Enter y at the prompt. The system prompts with the following choices:
Please select a support key generation option.
8 | Powering Up and Configuring PolicyManager Hardwar e DellNetworking W-ClearPass Policy Manager | Getting Started Guide
1) Generate password recovery key
2) Generate a support key
3) Generate password recovery and support keys
Enter the option or press any key to quit.
5. To generate the support key, select option 2. Select 3, if you want to generate a password recovery key as well.
6. After the password recovery key is generated, email the key to Dell technical support. A unique password can now
be generated by Dell technical support to log into the support shell.
A Subset of Useful CLI Commands
The CLI provides a way to manage and configure Policy Manager information. Refer to Appendix A: Command Line
Interface in the User Guide for more detailed information on the CLI.
The CLI can be accessed from the console using a serial port interface or remotely using SSH:
*****************************************************************************************
* Dell W-ClearPass Policy Manager *
* Software Version : 6.3.0.62080 *
*****************************************************************************************
Logged in as group Local Administrator
[appadmin@company.com]#
The following subset of CLI commands may be useful at this point:
l To view the Policy Manager data and management port IP address, and DNS configuration:
[appadmin]# show ip
l To reconfigure DNS or add a new DNS:
[appadmin]# configure dns <primary> [secondary] [tertiary]
l To reconfigure or add management and data ports:
[appadmin]# configure ip <mgmt | data > <ipadd> netmask <netmask address> gateway <gateway address>
where:
Flag/Parameter Description
ip <mgmt|data> <ip
address>
netmask <netmask
address>
gateway <gateway
address>
l To configure the date (time and time zone optional):
[appadmin]# configure date –d <date> [-t <time>] [-z <timezone>]
l To configure the hostname to the node:
configure hostname <hostname>
l If you are using Active Directory to authenticate users, be sure to join the Policy Manager appliance to that domain
l Network interface type:
l Server ip address.
Netmask address.
Gateway address.
mgmtordata
as well.
ad netjoin <domain-controller.domain-name> [domain NETBIOS name]
where:
Dell Networking W-ClearPass Policy Manager | Getting Started Guide Powering Up and Configuring Policy Manager Hardware | 9
Flag/Parameter Description
<domain-controller.
domain-name>
[domain NETBIOS name]
Required.
Host to be joined to the domain.
Optional.
10 | Powering Up and Configuring PolicyManager Hardware Dell Networking W-ClearPass Policy Manager |Getting Started Guide
Accessing Policy Manager
Use Firefox 3.0 (or higher) or Internet Explorer 7.0.5 (or higher) to perform the following steps:
1. Open the administrative interface.
Navigate to https://<hostname>/tips, where <hostname> is the hostname you configured during the initial
configuration.
2. Enter License Key.
3. Click the Activate Now link.
Chapter 2
4. Activate the product.
If the appliance is connected to the Internet, click on the Activate Now button. If not, click on the Download
button to download the Activation Request Token. Contact Dell Support and provide your technician with the
downloaded token in an email attachment. Once you receive the Activation Key from Dell Support, save it to a
known location on your computer. Come back to this screen and click on the Browse button to select the
Activation Key. Upload the key by clicking on the Upload button.
The product is now activated.
5. Login. Username: admin, Password: eTIPS123
Dell Networking W-ClearPass Policy Manager | Getting Started Guide Accessing Policy Manager | 11
Loading...