Adding a Mobility Controller or Gateway to Policy Manager

The mobility controller or gateway Gateway is a network node that allows traffic to flow in and out of the network. is responsible for managing access to the Wireless LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server..

You can use this procedure to add any network device from any vendor that supports RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  or TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS.  to Policy Manager.

To define a new mobility controller or gateway Gateway is a network node that allows traffic to flow in and out of the network. in Policy Manager:

1. In Policy Manager, navigate to Configuration > Network > Devices. The Network Devices screen opens:

Figure 1  Network Devices Screen

2. Click the Add link. The Add Device page opens: You can also import a list of devices from a file. For details, see Importing a List of Network Devices.

Figure 2  Add Device Page > Device Tab

For a complete description of adding a device to ClearPass Policy Manager, refer to "Adding and Modifying Network Devices" in the ClearPass Policy Manager 6.11 User Guide:

3. Populate the Network Device parameters as described in Table 1 .

Table 1: Defining a Mobility Controller

Parameter	Action/Description
Name	Enter the name of the controller or gateway Gateway is a network node that allows traffic to flow in and out of the network..
IP or Subnet Address	Enter the IP address or subnet Subnet is the logical division of an IP network. address of the controller or gateway Gateway is a network node that allows traffic to flow in and out of the network..
Description	Enter a description of the device (recommended).
RADIUS Shared Secret	Specify the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Shared Secret for the current Policy Manager server. NOTE: Make sure that the value of the Key parameter for the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server configured on the controller or gateway Gateway is a network node that allows traffic to flow in and out of the network. is identical to the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Shared Secret you specify here for the current Policy Manager server (see Adding a Policy Manager/RADIUS Server to the Mobility Controller).
TACACS+ Shared Secret	If adding a device because you want Policy Manager to manage access to that device with TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. , specify the TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS.  Shared Secret.
Vendor Name	From the drop-down, select the manufacturer of the controller or gateway Gateway is a network node that allows traffic to flow in and out of the network..
Enable RADIUS CoA	To enable RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. -initiated Change of Authorization (CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. ) on the controller or gateway Gateway is a network node that allows traffic to flow in and out of the network., select the check box for this parameter. This parameter is enabled by default.
RADIUS CoA Port	If RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. is enabled, this specifies the default port 3799. Change this value only if you defined a custom port on the mobility controller or gateway Gateway is a network node that allows traffic to flow in and out of the network.. For related information, see Configuring Policy Manager as an RFC 3576 (CoA) Server.
Enable RadSec	To enable RadSec, click the Enable Radsec check box. When RadSec is enabled, the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  shared secret is populated with a default shared secret named “radsec.” NOTE: It is important that the controller is configured with the same shared secret.

4. Click Add.

You return to the Network Devices page. The new mobility controller or gateway Gateway is a network node that allows traffic to flow in and out of the network. is now present in the list of network devices.

Importing a List of Network Devices

To import a list of network devices from a file:

The import file must be in XML Extensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. format. See the next section for an example of the import file XML Extensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. format.

1. In Policy Manager, navigate to Configuration > Network > Devices. The Network Devices page opens.

2. From the Network Devices page, click Import, then click Import from file. The Import from File dialog opens.

2. To browse to the file, click Browse.

3. Enter the shared secret if required, then click Import. The list of network devices is imported into Policy Manager.

Generating an Example of Import File XML Format

To generate an example of the import file XML Extensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. format:

1. From the Network Devices dialog, click the Add link. The Add Device dialog opens.

2. In the Device tab, define your network device, then click Add. You return to the Network Devices dialog, where the new device is listed.

3. Click Export All. The Export to File dialog opens.

Figure 3  Export to File Dialog

4. Export file with password protection: Select No.

5. Click Export.

6. Download the XML Extensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. file to your system.

7. Open the XML Extensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. file in a text editor to view the format.