You are here: AirGroup > Configuring AirGroup-CPPM Interface in Instant
Configuring AirGroup-CPPM Interface in Instant
Configure the AirGroup and CPPM interface to allow an AirGroup IAP and CPPM to exchange information regarding device sharing, and location. The configuration options define the RADIUS server that is used by the AirGroup RADIUS client. The following steps are required for this configuration:
|
1.
|
Create a RADIUS server.
|
|
2.
|
Assign a server to AirGroup.
|
|
3.
|
Configure CPPM to enforce registration.
|
Creating a RADIUS Server
Navigate to the PEF link at the top right corner of the Instant UI to configure an external RADIUS server for a wireless network.
Figure 172 - New Authentication Server
|
1.
|
Click New and update the following fields to configure an external RADIUS server for a wireless network. |
|
|
Name— Enter the name of the new external RADIUS server. The maximum length is 32 characters. |
|
|
IP address— Enter the IP address of the external RADIUS server. |
|
|
Auth port— Enter the authorization port number of the external RADIUS server. The port number is set to 1812 by default. |
|
|
Accounting port— Enter the accounting port number. This port is used to send accounting records to the RADIUS server. The port number is set to 1813 by default |
|
|
Shared key— Enter a shared key for communicating with the external RADIUS server. |
|
|
Timeout— Indicates the timeout for one RADIUS request. The IAP retries to send the request several times (as configured in the "Retry count") before the user gets disconnected. e.g. If the "Timeout" is 5 sec, "Retry counter" is 3, user is disconnected after 20 sec ("Timeout" x "Retry counter + 1). The default value is 5 seconds. Specify a number between 1 and 30 (seconds). |
|
|
Retry count— Specify a number between 1 and 5. Indicates the maximum number of authentication requests that are sent to server group, and the default value is 3 requests. |
|
|
RFC 3576— When enabled, the Access Points process RFC 3576-compliant Change of Authorization (CoA) messages from the RADIUS server. |
|
|
Air Group CoA port— Indicates that the AirGroup CoA is sent on a different port than the standard CoA port. The default value is 5999. |
|
|
NAS IP address— Enter the Virtual Controller IP address. The NAS IP address is the Virtual Controller IP address that is sent in data packets. Note: If you do not enter the IP address, the Virtual Controller IP address is used by default when Dynamic RADIUS Proxy is enabled. |
|
|
NAS identifier— Use this to configure strings for RADIUS attribute 32, NAS Identifier, to be sent with RADIUS requests to the RADIUS server. |
|
2.
|
Click OK to apply the changes. |
|
|
Alternatively, you can also create a RADIUS server in the Air Group window of the Instant UI. Navigate to Settings > Show advanced options > AirGroup > Clear Pass Settings > CPPM server 1> and select New from the drop-down menu.
|
Assign a Server to AirGroup
After configuration is complete, the server that you configured will appear in the CPPM server option section. To view this server go to Settings > AirGroup > ClearPass Settings and assign the server for AirGroup policy.
|
|
The CPPM server 1 acts as a primary server and the CPPM server 2 is optional and acts as a backup server.
|
Figure 173 - CPPM Server
Configure CPPM to Enforce Registration
When enabled, only devices registered with CPPM will be discovered by Bonjour devices, based on the CPPM policy.
Change of Authorization (CoA)
CoA only server is ClearPass Guest server which allows guest users to register their devices.
To configure the CoA only server follow the steps below:
|
1.
|
Navigate to the PEF link at the top right corner of the Instant UI and click New. |
|
|
Ensure to configure CPPM server and the AirGroup IAP with the same AirGroup RFC-3576 UDP port. By default the AirGroup CoA port is 5999 on IAP as well as the CPPM server. For more information on how to configure the CPPM server refer to Enabling Support for Dynamic Notifications.
|
|
2.
|
Select CoA only and update the following fields to enable change of authorization. |
Figure 174 - Change of Authorization
|
|
Name— Enter the name of the new external RADIUS server. The maximum length is 32 characters. |
|
|
IP address— Specify the IP address of the external RADIUS server |
|
|
Air Group CoA port— Indicates that the AirGroup CoA is sent on a different port than the standard CoA port. The default value is 5999. |
|
|
Shared key— Enter a shared key for communicating with the external RADIUS server. |
|
3.
|
Click OK to apply the changes. |
|
|
Alternatively, you can also create a CoA only server in the Air Group window of the Instant UI. Navigate to Settings > Show advanced options > AirGroup > Clear Pass Settings > CoA server > and select New.
|
After configuration is complete, this particular server will appear in the CoA server option. To view this server go to Settings > AirGroup > ClearPass Settings > CoA server.