ClearPass Guest Setup

This chapter consists of the following topics:

Configuring ClearPass Guest

Verifying ClearPass Guest Setup

Troubleshooting

Configuring ClearPass Guest

1. From the ClearPass Guest WebUI, navigate to Administration > AirGroup Services.

2. Click Configure AirGroupThe application that allows the end users to register their personal mobile devices on a local network and define a group of friends or associates who are allowed to share them. AirGroup is primarily designed for colleges and other institutions. AirGroup uses zero configuration networking to allow Apple mobile devices, such as the AirPrint wireless printer service and the AirPlay mirroring service, to communicate over a complex access network topology. Services.

Figure 1   Configure AirGroup Services

3. Click Add a new controller.

Figure 2  Add a New Controller for AirGroup Services

4. Update the parameters with appropriate values.

 

Ensure that the port configured matches the CoAChange of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. port (RFC 3576) set on the Instant AP configuration.

Figure 3   Configure AirGroup Services: Controller Settings

5. Click Save Configuration.

In order to demonstrate AirGroup, either an AirGroup Administrator or an AirGroup Operator account must be created.

Creating AirGroup Administrator and Operator Account

To create a AirGroup administrator and AirGroup operator account using the ClearPass Policy Manager UIUser Interface.:

1. Navigate to the ClearPass Policy Manager WebUI, and navigate to Configuration > Identity > Local Users.

Figure 4  Configuration > Identity > Local Users Selection

2. Click Add User.

3. Create an AirGroupThe application that allows the end users to register their personal mobile devices on a local network and define a group of friends or associates who are allowed to share them. AirGroup is primarily designed for colleges and other institutions. AirGroup uses zero configuration networking to allow Apple mobile devices, such as the AirPrint wireless printer service and the AirPlay mirroring service, to communicate over a complex access network topology. Administrator by entering the required values.

Figure 5  Create an AirGroup Administrator

4. Click Add.

5. Now click Add User to create an AirGroupThe application that allows the end users to register their personal mobile devices on a local network and define a group of friends or associates who are allowed to share them. AirGroup is primarily designed for colleges and other institutions. AirGroup uses zero configuration networking to allow Apple mobile devices, such as the AirPrint wireless printer service and the AirPlay mirroring service, to communicate over a complex access network topology. Operator.

Figure 6  Create an AirGroup Operator

6. Click Add to save the user with an AirGroupThe application that allows the end users to register their personal mobile devices on a local network and define a group of friends or associates who are allowed to share them. AirGroup is primarily designed for colleges and other institutions. AirGroup uses zero configuration networking to allow Apple mobile devices, such as the AirPrint wireless printer service and the AirPlay mirroring service, to communicate over a complex access network topology. Operator role. The AirGroupThe application that allows the end users to register their personal mobile devices on a local network and define a group of friends or associates who are allowed to share them. AirGroup is primarily designed for colleges and other institutions. AirGroup uses zero configuration networking to allow Apple mobile devices, such as the AirPrint wireless printer service and the AirPlay mirroring service, to communicate over a complex access network topology. Administrator and AirGroupThe application that allows the end users to register their personal mobile devices on a local network and define a group of friends or associates who are allowed to share them. AirGroup is primarily designed for colleges and other institutions. AirGroup uses zero configuration networking to allow Apple mobile devices, such as the AirPrint wireless printer service and the AirPlay mirroring service, to communicate over a complex access network topology. Operator IDs will be displayed in the Local Users UIUser Interface. screen.

Figure 7  Local Users UI Screen

7. Navigate to the ClearPass Guest UIUser Interface. and click Logout. The ClearPass GuestClearPass Guest is a configurable ClearPass application for secure visitor network access management. Login page is displayed. Use the AirGroup admin credentials to log in.

8. After logging in, click Create Device.

Figure 8  Create a Device

The Register Shared Device page is displayed.

Figure 9   ClearPass Guest- Register Shared Device

For this test, add your AppleTV device name and MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address but leave all other boxes empty.

9. Click Register Shared Device.

Verifying ClearPass Guest Setup

1. Disconnect your AppleTV and OSX Mountain Lion or iOS 6 devices if they were previously connected to the wireless network. Remove their entries from the controller’s user table using these commands:

Find the MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address—show user table

Delete the address from the table—aaa user delete mac 00:aa:22:bb:33:cc

2. Reconnect both devices. To limit access to the AppleTV, access the ClearPass Guest UIUser Interface. using either the AirGroup admin or the AirGroup operator credentials. Next, navigate to List Devices > Test Apple TV > Edit. Add a username that is not used to log in to the Apple devices in the Shared With box.

3. Disconnect and remove the OSX Mountain Lion or iOS 6 device from the controller’s user table. Reconnect the device by not using the username that you added to the Shared With box. The AppleTV should not be available to this device.

4. Disconnect the OSX Mountain Lion or iOS 6 device and delete it from the controller’s user table. Reconnect using the username that was added to the Shared With box. The OSX Mountain Lion or iOS 6 device should once again have access to the AppleTV.

Troubleshooting

Table 1: Troubleshooting

Problem

Solution

Limiting devices has no effect.

Ensure IPv6 is disabled.

Apple Macintosh running Mountain Lion can use AirPlay but iOS devices cannot.

Ensure IPv6 is disabled.