Dell Networking W-ClearPass 6.
Copyright Information © Copyright 2016 Hewlett Packard Enterprise Development LP. Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc. All rights reserved. Specifications in this manual are subject to change without notice. Originated in the USA. All other trademarks are the property of their respective owners. Open Source Code This product includes code licensed under the GNU General Public License, the GNU Lesser General Public License, and/or certain other open source licenses.
Contents Setting Up W-ClearPass Hardware Appliances About This Guide Intended Audience About the W-ClearPass Access Management System 5 5 5 5 W-ClearPass Access Management System Overview 5 Key Features 6 Advanced Policy Management 7 W-ClearPass Policy Manager Hardware and Virtual Appliances 8 W-ClearPass Specifications 8 Setting Up the W-ClearPass Hardware Appliances About the W-ClearPass Hardware Appliances 9 9 W-ClearPass Policy Manager 500 Hardware Appliance 10 W-ClearPass Policy Manage
Using Hyper-V to Install W-ClearPass on a Virtual Appliance Introduction 34 Before Starting the W-ClearPass Installation 35 W-ClearPass Hyper-V Virtual Appliance Installation Summary 36 Importing the Virtual Machine 36 Adding a Hard Disk to a Virtual Machine 39 Launching the W-ClearPass Virtual Appliance 43 Completing the Virtual Appliance Configuration 45 Applying and Activating the W-ClearPass License 46 Logging in to the W-ClearPass Virtual Appliance 47 Signing Up for Live Software Upda
Chapter 1 Setting Up W-ClearPass Hardware Appliances This chapter documents the procedures for installing and configuring W-ClearPass on a hardware appliance. About This Guide Welcome to the W-ClearPass Getting Started Guide.
With W-ClearPass, IT can centrally manage network policies, automatically configure devices and distribute security certificates, admit guest users, assess device health, and even share information with third-party solutions—through a single pane of glass, on any network and without changing the current infrastructure.
l Device profiling and self-service onboarding l Guest access with extensive branding and customization and sponsor-based approvals l IPv6 administration support Advanced Policy Management W-ClearPass advanced policy management support includes: l Employee access W-ClearPass Policy Manager offers user and device authentication based on 802.1X, non-802.1X, and Web Portal access methods.
W-ClearPass Policy Manager Hardware and Virtual Appliances W-ClearPass Policy Manager is available as hardware or a virtual appliance that supports 500, 5000, and 25,000 authenticating devices. To increase scalability and redundancy, you can deploy virtual appliances, as well as the hardware appliances, within a cluster. l For W-ClearPass hardware appliance installation and deployment procedures, see Setting Up the WClearPass Hardware Appliances on page 9.
Setting Up the W-ClearPass Hardware Appliances This section documents the procedures for installing and configuring W-ClearPass on a hardware appliance, as well as how to complete important administrative tasks, such as registering for W-ClearPass software updates and changing the admin password.
W-ClearPass Policy Manager 500 Hardware Appliance The W-ClearPass W-Policy Manager 500 hardware appliance (CP-HW-500) is a RADIUS/ TACACS+ server that provides advanced policy control for up to 500 unique endpoints. CP-HW-500 has a single 500 GB SATA disk with no RAID disk protection. Figure 1 shows the ports on the rear panel of the W-ClearPass 500 hardware appliance. The function of each of these ports is described in Table 1.
CP-HW-500 Component Specification Environmental Specifications Operating temperature 10º C to 35º C (50º F to 95º F) Operating vibration 0.26 G at 5 Hz to 350 Hz for 5 minutes Operating shock 1 shock pulse of 31 G for up to 2.
CP-HW- 5K Component Maximum number of authentications per day Specification l HGC not enabled: 5,000 l High Capacity Guest (HGC) mode enabled: 400,000 HGC not enabled: 200,000 l Form Factor Dimensions (WxHxD 17.53” x 1.7” x 16.
Table 4 describes the specifications for the W-ClearPass Policy Manager 25K hardware appliance. Table 4: CP-HW-25K Specifications CP-HW-25K Component Specification CPUs (2) Xeon X5650 2.
Before Starting the W-ClearPass Installation Before starting the W-ClearPass installation and configuration procedures for the hardware appliance, determine the following information for the W-ClearPass server on your network, note the corresponding values for the parameters listed in Table 5, and keep it for your records: Table 5: W-ClearPass Server Configuration Values Required Information Value for Your Installation Host name (Policy Manager server) Management port IP address Management port subnet mas
3. Log in. Use the following preconfigured credentials to log in to the hardware appliance. (You will create a unique appliance/cluster administration password in Step 5.) n login: appadmin n password: eTIPS123 This initiates the Policy Manager Configuration wizard. 4. Configure the W-ClearPass hardware appliance.
2. Accept any security warnings from your browser regarding the self-signed SSL certificate, which comes installed in W-ClearPass by default. The Admin Login screen appears with a message indicating that you have 90 days to activate the product and a link to activate the product. Figure 4: Activating W-ClearPass 3. To activate W-ClearPass on this hardware appliance, click Activate Now.
Logging in to the W-ClearPass Hardware Appliance After a successful activation, the Admin Login dialog opens. Figure 6: Logging in to the W-ClearPass Hardware Appliance 1. Log in to the W-ClearPass hardware appliance with the following credentials: n Username: admin n Password: Enter the cluster password defined in Configuring the W-ClearPass Hardware Appliance. 2. Click Log In. The W-ClearPass Policy Manager home page is displayed.
Figure 8: Entering the Subscription ID for Live Updates 2. If the W-ClearPass Policy Manager server has Internet access, enter your subscription ID, then click Save. After successfully applying the subscription ID, you will see a message indicating that the subscription ID was updated successfully and W-ClearPass is processing updates from the W-ClearPass Webservice. Note that Posture & Profile Data Updates are downloaded and installed automatically, while Firmware & Patch Updates are displayed only.
Powering Off the W-ClearPass Hardware Appliance This procedure gracefully shuts down the hardware appliance without having to log in. To power off the W-ClearPass hardware appliance: 1. Connect to the CLI from the console using the serial port. 2. Enter the following commands: n login: poweroff n password: poweroff The W-ClearPass hardware appliance shuts down. You can also power off from the WebUI and the appadmin prompt.
* WARNING: This command will reset the system account * * passwords to factory default values * ******************************************************* Are you sure you want to continue? [y/n]: y INFO - Password changed on local node INFO - System account passwords have been reset to factory default values 3. To reset the system account passwords to the factory default values, enter y. 4. You can now log in with the new administrator password sent to you by Dell Technical Support.
Chapter 2 Setting Up W-ClearPass Virtual Machines This chapter describes the procedures for using the VSphere Web Client and Hyper-V to install W-ClearPass on a virtual machine.
Be sure that your system meets the recommended specifications required for the W-ClearPass virtual appliance. Supplemental Storage/Hard Disk Requirement The W-ClearPass VMware ships with a 20 GB hard disk volume. This must be supplemented with additional storage/hard disk by adding a virtual hard disk (see Adding a Virtual Hard Disk on page 26 for details). The additional space required depends on the W-ClearPass virtual appliance version.
Required Information Data port IP address (optional) Value for Your Installation NOTE: Make sure that the Data interface IP address is not in the same subnet as the Management interface IP address. Data interface subnet mask (optional) Data interface gateway (optional) Primary DNS Secondary DNS NTP server (optional) vSphere Web Client W-ClearPass Installation Overview W-ClearPass 6.x VMware software packages are distributed as Zip files.
If you are not using the vSphere Web Client or the standard vSphere Client, follow the instructions for your method of deploying the OVF file. Figure 11: Deploy OVF Template: Selecting the Source Location 5. Select Local File, then click Browse. 6. Find the folder where you extracted the files, then click Next. The Review Details screen appears. 7. Review the information presented, then click Next. The Accept EULAs screen appears. 8.
Figure 13: Selecting a Resource 10.If required, choose the VMware host where W-ClearPass will be deployed, then click Next. The Select Storage screen appears. Figure 14: Selecting the Location to Store the Files 11.Choose the virtual disk format and data store for the W-ClearPass virtual appliance, then click Next. The virtual disk format specified in Figure 14 is Thin Provision.
Adding a Virtual Hard Disk After the OVF has been deployed and before you power on, you must add a virtual hard disk to the VM hardware and make sure that the network adapters are assigned correctly. 1. From the W-ClearPass Policy Manager appliance, select the Summary tab. Figure 16: Virtual Appliance Summary Tab 2. Click Edit Settings. The Edit Settings dialog appears. Figure 17: Editing the Virtual Machine Settings 3. Add a new virtual hard disk: a.
c. Click Add. Figure 18: Specifying the Size of the New Hard Disk d. Enter the size of the new hard disk, then click OK. For the latest information on the recommended disk sizes for a virtual hard disk, refer to the W-ClearPass Release Notes at https://download.dell-pcw.com under the W-ClearPass 6.6.0 Upgrade folder. Access to this site requires login credentials. 4. Make sure that the network adapters are assigned correctly: a. Network adapter 1: Assigned to the Management port. b.
Figure 20: Initial Virtual Machine Console Screen 3. To proceed, enter y. W-ClearPass setup and installation begins. Two console screens appear sequentially, which indicate that first the W-ClearPass Installer reboots, then the virtual appliance reboots. When the rebooting process is complete, the W-ClearPass virtual appliance is configured, and the virtual appliance will power on and boot up within a couple of minutes.
3. Configure the W-ClearPass virtual appliance. Follow the prompts, replacing the placeholder entries in the following illustration with the information you entered in Table 6. n Enter hostname: n Enter Management Port IP Address: n Enter Management Port Subnet Mask: n Enter Management Port Gateway: n Enter Data Port IP Address: n Enter Data Port Subnet Mask: n Enter Data Port Gateway: n Enter Primary DNS: n Enter Secondary DNS: 4. Specify the cluster password.
Figure 22: Entering the License Key 3. Do the following: a. In the Select Application drop-down, make sure the application is set to Policy Manager. b. Make sure the I agree to the above terms and conditions check box is enabled. c. In the Enter license key text box, enter your W-ClearPass license key. d. Click Add License. Upon successfully entering the license key, the Admin Login screen appears with a message indicating that you have 90 days to activate the product and a link to activate the product.
Figure 24: Performing Offline Activation After successfully activating W-ClearPass online, you will see a message above the Admin Login screen indicating that the product has been successfully activated. Logging in to the W-ClearPass Virtual Appliance After a successful activation, the Admin Login dialog appears. Figure 25: Logging in to the W-ClearPass Virtual Appliance 1.
Figure 26: W-ClearPass Policy Manager Home Page Signing Up for Live Software Updates Upon your initial login to W-ClearPass Policy Manager, Dell recommends that you register for software updates. 1. Navigate to the Administration > Agents and Software Updates > Software Updates page. A message is displayed indicating that the W-ClearPass virtual appliance is not signed up for live updates and that you must enter your subscription ID. Figure 27: Entering the Subscription ID for Live Updates 2.
Changing the Administration Password When the cluster password for this W-ClearPass server is set upon initial configuration (see Completing the Virtual Appliance Setup on page 28), the administration password is also set to the same password. If you wish to assign a unique admin password, use this procedure to change it. To change the administration password: 1. In W-ClearPass, navigate to Administration > Users and Privileges > Admin Users. The Admin Users page opens. Figure 28: Admin Users Page 2.
Using Hyper-V to Install W-ClearPass on a Virtual Appliance This section documents the procedures for installing the W-ClearPass Policy Manager virtual appliance on a host that runs Microsoft's hypvervisor, Hyper-V™, as well as completing important administrative tasks, such as registering for W-ClearPass software updates and changing the admin password.
Virtual appliance recommendations are adjusted to align with the requirements for W-ClearPass hardware appliances. If you don't have the virtual appliance resources to support a full workload, consider ordering the W-ClearPass Policy Manager hardware appliance. Supplemental Storage/Hard Disk Requirement The W-ClearPass Hyper-V ships with a 20 GB hard disk volume.
Required Information Value for Your Installation Primary DNS Secondary DNS NTP server (optional) W-ClearPass Hyper-V Virtual Appliance Installation Summary The process of installing the W-ClearPass Policy Manager virtual appliance on one or more hosts that runs Microsoft Hyper-V consists of four stages: 1. From the Dell Support Center (https://download.dell-pcw.com), download the Hyper-V package and copy the files to a folder on your server. 2. Import the virtual machine. a. Choose the import type. b.
The Before You Begin dialog opens. 5. Click Next. The Locate Folder dialog opens. Figure 31: Locating the Folder 6. In the Locate Folder step, select the folder you unzipped in Step 1, then click Next. The Select Virtual Machine dialog opens. Figure 32: Selecting the Virtual Machine 7. Make sure the correct virtual appliance is highlighted, then click Next. The Choose Import Type dialog opens. Figure 33: Specifying the Import Type 8.
The Choose Folders for Virtual Machine Files dialog opens. Figure 34: Specifying the Folders for the Virtual Machine Files 9. You can choose to either specify an alternate location to store the virtual appliance's files or accept the defaults: a.
Figure 36: Specifying the Virtual Switch in the Event of an Error 11.From the Connection drop-down, choose the virtual switch that will be used for the Management interface on the W-ClearPass Policy Manager virtual appliance, then click Next. The Connect Network dialog will be displayed to allow you to (optionally) specify the Data interface of the W-ClearPass Policy Manager virtual appliance. Figure 37: Specifying the Data Interface (Optional) 12.
1. Open Hyper-V Manager. 2. In the Results pane, under Virtual Machines, select the virtual appliance that you want to configure. 3. In the Action pane, under the name of the virtual appliance, click Settings. The Settings page opens. Figure 38: Specifying the Controller 4. To select the controller to attach the virtual hard disk to, in the Navigation (left) pane, select IDE Controller 0, then click Add. The Hard Drive dialog opens. Figure 39: Configuring the Hard Drive 5. In the Hard Drive dialog: a.
Figure 40: Specifying the Disk Format 8. For the disk format, choose VHDX, then click Next. The Choose Disk Type dialog opens. Figure 41: Specifying the Virtual Hard Disk Type 9. For the disk type, choose Fixed size, then click Next. The Specify Name and Location dialog opens.
Figure 42: Specifying the Name and Location of the Hard Disk File 10.Do the following: a. Enter the name of the virtual hard disk file. b. Browse to the location of the virtual hard disk file, select it, then click Next. The Configure Disk dialog opens. Figure 43: Configuring the New Virtual Hard Disk 11.Select Create a new blank virtual hard disk. a. Then enter the size of the of virtual hard disk in Gigabytes (GB).
b. When finished, click Next. The Completing the New Virtual Hard Disk Wizard screen appears. 12.Review the settings displayed in the Summary page, and if they are correct, click Finish. Depending on the options you choose for the virtual hard disk, the process can take a considerable amount of time. This completes the procedure to add a virtual hard disk.
Figure 45: Launching the VM Console The initial virtual machine console screen is displayed. Figure 46: Initial Virtual Machine Console Screen 3. To proceed with the installation, enter y. W-ClearPass setup and installation begins. Two console screens appear sequentially—the first screen indicates that the W-ClearPass Installer is rebooting, and the second screen indicates that the virtual appliance is rebooting.
Figure 47: Virtual Appliance Login Banner 5. Proceed to the next section, Completing the Virtual Appliance Configuration. Completing the Virtual Appliance Configuration To complete the virtual appliance configuration: 1. Refer to and note the required W-ClearPass server configuration information listed in Table 7. 2. Log in to the virtual appliance using the following preconfigured credentials : n login: appadmin n password: eTIPS123 This initiates the W-Policy Manager Configuration wizard. 3.
6. Apply the configuration. a. To apply the configuration, press Y. n To restart the configuration procedure, press N. n To quit the setup process, press Q. Configuration on the virtual appliance console is now complete. The next task is to activate the W-ClearPass license, which is described in the next section.
Figure 49: Activating W-ClearPass 4. To activate W-ClearPass on this virtual appliance, click Activate Now. When you click Activate Now, W-ClearPass Policy Manager attempts to activate the license over the Internet with Dell License Activation servers. If the W-ClearPass Policy Manager virtual appliance does not have Internet access, you can perform the license activation offline by following the steps for offline activation presented in the Offline Activation section shown in Figure 50.
1. Log in to the W-ClearPass virtual appliance with the following credentials: n Username: admin n Password: Enter the cluster password defined in Completing the Virtual Appliance Configuration on page 45. 2. Click Log In. The W-ClearPass Policy Manager Home Page is displayed. Figure 52: W-ClearPass Policy Manager Home Page Signing Up for Live Software Updates Upon your initial login to W-ClearPass Policy Manager, we recommend that you register for software updates. 1.
After successfully applying the subscription ID, you will see a message indicating that the subscription ID was updated successfully and W-ClearPass is processing updates from the W-ClearPass Webservice. Note that Posture & Profile Data Updates are downloaded and installed automatically, while Firmware & Patch Updates are merely displayed.
| Setting Up W-ClearPass Virtual Machines Dell Networking W-ClearPass Policy Manager | Getting Started Guide
Chapter 3 Maintaining W-ClearPass Services Maintaining W-ClearPass Policy Manager Services This section contains the following information: l Starting or Stopping W-ClearPass Services l Summary of the Server Configuration Page l Subset of CLI for W-ClearPass Maintenance Tasks Starting or Stopping W-ClearPass Services From the Services Control page, you can view the status of a service (that is, see whether a service is running or not), and stop or start W-ClearPass Policy Manager services, including
Summary of the Server Configuration Page The Server Configuration page provides many options. Table 8 describes each of the top-level server configuration options that are available. For details, refer to the "Server Configuration" chapter in the WClearPass Policy Manager User Guide. Table 8: Description of the Server Configuration Page Tab Description Comments System Displays server identity and connection parameters.
***************************************************************************************** * Dell ClearPass Policy Manager * * Software Version : 6.6.0.62080 * ***************************************************************************************** Logged in as group Local Administrator [appadmin@company.
| Maintaining W-ClearPass Services Dell Networking W-ClearPass Policy Manager | Getting Started Guide