Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Meru Networks Off-Box / External Captive Portal

advertisement 
Configuration Guide
Meru Networks Off-Box / External Captive Portal
Version 1.0
June, 2011
Copyright © 2011 Avenda Systems, Inc. All rights reserved worldwide. Avenda Systems, its product and program names and design marks are trademarks of Avenda Systems,
Inc. All other trademarks mentioned in this document are the property of their respective owners.
Table of Content:
Introduction ...................................................................... 3
Network Requirements ............................................................. 3
Meru Controller ................................................................... 3
eTIPS configuration................................................................ 6
Copyright © 2011 Avenda Systems, Inc. All rights reserved worldwide. Avenda Systems, its product and program names and design marks are trademarks of Avenda Systems,
Inc. All other trademarks mentioned in this document are the property of their respective owners.
Introduction
This document describes the configuration needed for using an External Captive Portal with a
Meru Networks Wireless Controller. The configuration examples provided are for reference
only as it may require site specific changes during the course of deployment to satisfy use
cases.
Network Requirements
1. Meru Controller – MC5000/MC3000 (version 4.1 or higher) with a “Per User Firewall”
license installed
2. Avenda eTIPS appliance or VM edition (version 3.5.1 or higher)
Configuration
1) Meru Controller
a) Configure Captive Portal ACL (fwExternalCP) to permit network traffic to the following
destinations:




src (any) port (any) to dst(eTIPS) port(80) protocol 6
src (eTIPS) port (80) to dst(any) port(any) protocol 6
src (any) port (any) to dst(eTIPS) port(443) protocol 6
src (eTIPS) port (443) to dst(any) port(any) protocol 6
b) Configure Quarantine Access ACL - (fwQuarantineAccess) to permit network traffic to desired
destinations for quarantined hosts
c) Configure Healthy Access ACL - (fwHealthyAccess) to permit network traffic to desired
destinations for healthy hosts.
d) Configure Unknown Host ACL - (fwGuestAccess) to permit network traffic to desired
destinations for unknown hosts
e) Configure Disabled Access ACL - (fwDisabledAccess) to deny network traffic to network
destinations.
Sample configuration for QoS Rules (ACLs) on Meru Controller shown below:
Copyright © 2011 Avenda Systems, Inc. All rights reserved worldwide. Avenda Systems, its product and program names and design marks are trademarks of Avenda Systems,
Inc. All other trademarks mentioned in this document are the property of their respective owners.
f)
Configure Meru’s Controller Index by using:
(Configuration--> Devices--> Controller--> Controller Index)
g) Enter a URL that points to the External Captive Portal. This will point to the URL of Avenda
Captive Portal. This can be set by navigating to:
(Configuration-->Security-->Captive Portal-->Select and edit the SSL Server entry-->
Specify Captive Portal External URL)
Copyright © 2011 Avenda Systems, Inc. All rights reserved worldwide. Avenda Systems, its product and program names and design marks are trademarks of Avenda Systems,
Inc. All other trademarks mentioned in this document are the property of their respective owners.
h) Create a new Security Profile (spCPExternal). This can be created by navigating to:
(Configuration-->Security-->Profile-->Add)
i.
ii.
iii.
iv.
v.
vi.
i)
j)
In the Security Profile section configure the following details:
Name the Security Profile – spCPExternal
Set the Captive Portal to “WebAuth”
Set the Captive Portal Authentication Method to “external”
Set the Firewall Capability to “radius-configured”
Set “Passthrough Firewall Filter ID” to “fwExternalCP”
Associate the security profile from (h) to an ESS Profile
Configuration complete
Copyright © 2011 Avenda Systems, Inc. All rights reserved worldwide. Avenda Systems, its product and program names and design marks are trademarks of Avenda Systems,
Inc. All other trademarks mentioned in this document are the property of their respective owners.
2) eTIPS configuration
a) The Meru Controller must be added into eTIPS as a Network Access Device

Go to the following screen:
o (Configuration--> Network-->Devices--> Add Device)
o Add the attribute “Controller Id” using the Controller Index that was defined in step 1f
during the configuration of the Meru Controller
Copyright © 2011 Avenda Systems, Inc. All rights reserved worldwide. Avenda Systems, its product and program names and design marks are trademarks of Avenda Systems,
Inc. All other trademarks mentioned in this document are the property of their respective owners.
o Enter “CLI Settings” section for the controller and click Add
b) Add Enforcement Profiles to permit/deny network access, based on the ACLs configured on
the Meru Controller:
(Configuration-->Enforcement-->Profiles-->Add Profile)
 Create a “Disabled Access” Enforcement Profile by choosing CLI Based Enforcement
template. Set the following values in the “Attributes” section:
Target Device = %{Connection:NAD-IP-Address}
Command = change-mac-state %{Connection:Src-IP-Address} on fwDisabledAccess
Copyright © 2011 Avenda Systems, Inc. All rights reserved worldwide. Avenda Systems, its product and program names and design marks are trademarks of Avenda Systems,
Inc. All other trademarks mentioned in this document are the property of their respective owners.
c) Create 3 additional Enforcement Profiles described below:

Create an Enforcement Profile called, “Guest Access” by choosing the CLI Based
Enforcement template. Set the following values in the “Attributes” section:
Target Device = %{Connection:NAD-IP-Address}
Command = change-mac-state %{Connection:Src-IP-Address} on fwGuestAccess

Create an Enforcement Profile called, “Healthy Host Access” by choosing the CLI Based
Enforcement template. Set the following values in the “Attributes” section:
Target Device = %{Connection:NAD-IP-Address}
Command = change-mac-state %{Connection:Src-IP-Address} on fwHealthyAccess

Create an Enforcement Profile called, “Quarantine Host Access” by choosing the CLI
Based Enforcement template. Set the following values in the “Attributes” section:
Target Device = %{Connection:NAD-IP-Address}
Command = change-mac-state %{Connection:Src-IP-Address} on fwQuarantineAccess
d) Configuration complete
Copyright © 2011 Avenda Systems, Inc. All rights reserved worldwide. Avenda Systems, its product and program names and design marks are trademarks of Avenda Systems,
Inc. All other trademarks mentioned in this document are the property of their respective owners.
Related documents
Public Relations Guide Sample Press Release
Public Relations Guide Sample Press Release
What is Marketing? Chapter 1 Section 1
What is Marketing? Chapter 1 Section 1
John Roiko Vice President of Finance
John Roiko Vice President of Finance
Download
advertisement