ClearPass QuickConnect 2.0.

User Guide
Copyright

© 2013 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless
Networks , the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge
®

Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks
are the property of their respective owners.

Open Source Code

Certain Aruba products include Open Source software code developed by third parties, including software code subject to
the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses.
Includes software from Litech Systems Design. The IF-MAP client library copyright 2011 Infoblox, Inc. All rights
reserved.This product includes software developed by Lars Fenneberg et al. The Open Source code used can be found at
this site:
http://www.arubanetworks.com/open_source

Legal Notice
The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other ven-
dors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and
indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringe-
ment of copyright on behalf of those vendors.

Warranty
This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to
the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS.
Altering this device (such as painting it) voids the warranty.

May 2013 | 0511286 ClearPass QuickConnect 2.0.2 | User Guide

Contents

ClearPass QuickConnect 2.0.2 Introduction 5

Benefits 5
Getting Started 5
Supported Browsers 6
Logging In 6
Navigation 6
Configuration 7
Packaging 7
Resources 7
User Account 8
Help 8
Available Template Types 8
802.1X Wireless 8
Pre-Shared Key Wireless 8
802.1X Wired 8
802.1X Wired and Wireless 8
Create a Network 9
Configure a 802.1X Wireless Network 9
Configure General Settings 9
Configure Windows Settings 10
Configure MacOS X Settings 11
Configure iOS Settings 11
Configure Android Settings 11
Configure a Pre-Shared Key Wireless Network 11
Configure General Settings 12
Configure Windows Settings 12
Configure Wired Networks 13
Configure General Settings 13
Configure Windows Settings 13
Configure MacOS X Settings 14
Configure 802.1X Wireless and Wired Network 14
Configure General Settings 15
Configure Windows Settings 16
Configure MacOS X Settings 16
Configure Android Settings 16
Configure iOS Settings 16
Save Configuration Settings 16

ClearPass QuickConnect 2.0.2 | User Guide |3

Deploy Packages 17
Create New User Interface 17
Generate Package 17
Manage Resources 19
Add Certificates 19
Add Applications 19
Edit User Account 21
Upload Generated Package 23
Glossary 25

4| ClearPass QuickConnect 2.0.2 | User Guide

Chapter 1
ClearPass QuickConnect 2.0.2 Introduction

QuickConnect provides a simple way to configure your endpoints so that they can connect to 802.1X enabled wireless
and wired networks. Minimal interaction for end-users reduces helpdesk calls and increases the adherence of more
secure policies.
QuickConnect is available as a cloud service for the IT administrators and is licensed yearly based on the total number
of users that require configuration of devices to 802.1X enabled networks.
This chapter covers the following topics:
l "Benefits" on page 5
l "Getting Started" on page 5
l "Navigation" on page 6
l "Available Template Types" on page 8

Benefits
QuickConnect offers the following benefits:
l Management from the Cloud
Authorized IT staff uses a website hosted by Aruba Networks to configure, download, and store 802.1X
configuration “deployment” packages.
l Compliance and Adherence
In addition to easily changing 802.1X variables or pushing out new pre-shared keys, QuickConnect ensures that
endpoints meet key Windows and security compliance requirements.
l Point-and-Click Configuration
Users no longer have to manually configure their own devices. The IT administrator simply points them to the
QuickConnect portal to begin the upgrade to 802.1X.
l Painless endpoint configuration
Sometimes configuring end-user devices for network access might confuse the user and require the user to contact
the IT helpdesk.The QuickConnect wizard automatically configures each device for secure wireless or wired access
in one minute or less. Push incremental or required security updates or fixes on the fly without contacting the IT
helpdesk.
l Security without the hassle
QuickConnect offers the unique ability to configure settings for most Windows, MacOS X, iOS, and Android
devices. Push wireless and wired network attributes, and NAP or NAC health settings to the endpoint prior to their
initial connection to a ‘dot1X’ network. If needed, QuickConnect can also push an application to the endpoint and
install it. Wizard guides the end-user through the download and authentication process, ensuring painless network
connectivity.

Getting Started
QuickConnect uses a standard Web-based management interface. This interface enables the users to configure their
end-points to support 802.1X wired and wirelss networks.
For information on the Web-based management interface, refer to the following sections:
l "Supported Browsers" on page 6

ClearPass QuickConnect 2.0.2 | User Guide ClearPass QuickConnect 2.0.2 Introduction | 5

l "Logging In" on page 6

Supported Browsers
QuickConnect uses a standard web-based management interface. Supported web browsers include:
l Mozilla Firefox 3.0 +
l Microsoft Internet Explorer 7.0+
l Google Chrome 1.0

Logging In
To reach the QuickConnect administrative interface, point the browser to: http://quickconnect.arubanetworks.com.
Use the supplied User ID/Password and then click Login to launch the user interface.

Figure 1 QuickConnect Login Page

Navigation
The navigation links are located on the left side of the pane as shown in the following figure and includes these
sections. Clicking on these navigation links on the left side pane shows the corresponding page in the right side pane.
l "Configuration" on page 7
l "Packaging" on page 7
l "Resources" on page 7
l "User Account" on page 8

6 | ClearPass QuickConnect 2.0.2 Introduction ClearPass QuickConnect 2.0.2 | User Guide

Figure 2 Navigation

Configuration
In this section an administrator can enter the parameters such as the SSID of a wireless network the users are to connect
to, the authentication type, security type to be used, and the Operating Systems supported. You may start creating a
network configuration by using one of the available types of templates or by clicking Network Configurations.
Start Here shows the list of available templates for creating network configurations. For more information, refer to
"Available Template Types" on page 8.
Network Configurations shows the list of available network configurations, allows the administrator to create a new
network or edit any previously created network from the list.
To configure a network using the templates, enter the basic configuration details and retain the default options and
save the configuration settings. To configure a network using your preferences, refer to "Create a Network" on page 9.

Packaging
A deployment package comprises of one or more network configurations and a user interface. A user interface allows
an administrator to provide the title, logo, and other text that should go on the Web page as well as on the wizard that
runs on the end user devices.The package is hosted on a Web server such as Apache or IIS and provides the necessary
configuration and application for the end-devices to connect to the secure network. The application runs as a wizard
on the end devices.
User Interfaces (UI) shows available UIs and allows administrator to create new UIs or edit existing UIs. To start with,
there is a Default UI.
Deployment Package allows administrator to create a package using one or more network configurations and a UI.
For configuration steps, refer to "Deploy Packages" on page 17.

Resources
This section is used to manage certificates and applications. These resources are used in creating network
configurations.
The Certificates and Applications links show the list of corresponding entities on the right hand pane and allows
administrator to add new resources.
For configuration steps, refer to "Manage Resources" on page 19.

ClearPass QuickConnect 2.0.2 | User Guide ClearPass QuickConnect 2.0.2 Introduction | 7

User Account
This section is used to edit the administrative account settings. For configuration steps, refer to "Edit User Account" on
page 21.

Help
The Help icon at the top right corner of the QuickConnect UI allows you to view a short description or definition
of selected terms and fields. Clicking it again hides the help text.

Available Template Types

QuickConnect supports the following network types. You can use these templates to create a network.

802.1X Wireless
Use this template to provision 802.1X authentication for a wireless network connection. This sets up a wireless
network that uses enterprise mode authentication with WPA/WPA2.

Pre-Shared Key Wireless

Use this template to provision shared key based authentication for a wireless network connection. This sets up a
wireless network that uses shared key based authentication with WPA/WPA2.

802.1X Wired
Use this template to provision 802.1X authentication for a wired network connection. This sets up a wired network
that uses 802.1X authentication.

802.1X Wired and Wireless

Use this template to provision 802.1X authentication for wired and wireless network connections. This sets up a
wireless network that uses enterprise mode authentication with WPA/WPA2 and a wired network that uses 802.1X
authentication.

To configure a network using the templates, enter the basic configuration details and retain the default options and save
the configuration settings. To configure a network using other preferences, refer to "Create a Network" on page 9.

8 | ClearPass QuickConnect 2.0.2 Introduction ClearPass QuickConnect 2.0.2 | User Guide

Chapter 2
Create a Network

ClearPass QuickConnect 2.0.2 offers an easy way for users to self‐configure their Windows, Mac OS X, iOS, and
Android devices to support 802.1X authentication on wired and wireless networks. The following sections provide the
detailed configuration steps to configure the various types of networks available for QuickConnect.
l "Configure a 802.1X Wireless Network" on page 9
l "Configure a Pre-Shared Key Wireless Network" on page 11
l "Configure Wired Networks" on page 13
l "Configure 802.1X Wireless and Wired Network" on page 14
l "Save Configuration Settings" on page 16

Configure a 802.1X Wireless Network

The following procedures show how to create configurations required to deploy 802.1X wireless network on
Windows, MacOSX, iOS, and Android platforms.
l "Configure General Settings" on page 9
l "Configure Windows Settings" on page 10
l "Configure MacOS X Settings" on page 11
l "Configure iOS Settings" on page 11
l "Configure Android Settings" on page 11

Configure General Settings

Follow these steps to configure general settings:
1. Navigate to Configuration > Network Configurations.
2. Click Create Network Configuration.
3. Configure the following in the General section.
a. Enter a name and a brief description for the 802.1X wireless network.
b. Select one or more checkboxes next to the Operating Systems for which you want to configure wireless network
connection under Configure Wireless.
4. Configure the following in the Wireless section:
a. Enter the SSID name.
b. Select the security type for the wireless network. You can select one of the following options:
l WPA2 with AES
l WPA with TKIP
l WPA or WPA2
c. Select the network type for the wireless network as Enterprise.
d. Select the Hidden Network option if the wireless network is not broadcasting.
e. If you want the client wizard to delete any existing configured wireless profiles from end devices, click Add
SSID to add it to the delete list.
5. Enter an anonymous identity to be used for identity privacy.

ClearPass QuickConnect 2.0.2 | User Guide Create a Network | 9

Anonymous identity is not applicable for Windows XP and Legacy OS X (10.6).

6. Select the option Validate Server's Certificate to set the client to verify server's certificate.
7. Provide names of RADIUS servers to trust.
Name must be a CommonName (CN) in the server's certificate.
8. Check Allow User to Accept Other Servers to allow users to optionally accept servers that do not confirm to
these trust settings.
9. Select the certificate from the drop-down list.
This certificate is used to verify the server's certificate.
10. Select the option Use Additional Trusted Certificates to provide list of additional certificates to trust.
11. Click Add Certificate to add additional certificates in the certificate store.

Additional Certificate installation is not supported for Android.

12. If required, configure the proxy settings for the iOS and Android devices.
a. Manual — Enter proxy server's network address and port number.
b. Automatic — Enter the URL of the PAC file that defines the proxy configuration.
13. Click Next to move to the next tab.

Configure Windows Settings

Follow these steps to configure Windows settings:
1. Select an authentication mode. Following authentication methods are supported:
l Machine Or User
l Machine only
l User only
l Guest only
2. Select the authentication credentials. Following credentials can be used:
l Use Domain Credentials: If you want to use user's domain logon credentials for authentication.
l Ask for Credentials: If you prefer user to enter credentials other than their domain credentials.
3. Select the authentication protocol to be used. Following protocols are supported:
l PEAP with MSCHAPv2
l TLS
l PEAP with TLS
l PEAP with GTC
4. Configure the following for authentication protocol options:
a. Select Enable Fast Reconnect to allow client to use fast reconnect during re-authentication.
b. Select Enable Cryptobinding to set the client to reject a server if a valid cryptobinding TLV is not received.
c. Select Enforce Network Access Protection to set the client to support Network Access Protection health
checks. This option is called Enforce Quarantine Checks in Windows versions less than Windows 7.
5. Configure the following under Advanced Settings:
a. Enter the appropriate administrator credentials if the network configuration requires administrator privileges on
the end device.

10 | Create a Network ClearPass QuickConnect 2.0.2 | User Guide

b. Select Show Icon in Notification (XP Only) to show icon for the connection in notification area.
c. Select Notify when Connectivity is limited (XP Only) to show notification when connectivity is limited.
d. Select Enforce IP address assignment using DHCP to force the client to use DHCP for getting IP address
e. Select Enforce DNS server assignment using DHCP to force the client to use DHCP for getting DNS servers.

If this option is un-selected, client continues to use existing configuration..

f. Select Enforce address registration with DNS to force the client to register its address with DNS servers.
g. Select Enable NAP Service option to enable and start the Network Access Protection service and EAP
Quarantine Enforcement Client on the system.
6. If required, click Add Application to add an application to network configuration. This application runs on the end
client device when the client wizard starts.
7. Click Next to move to the next tab.

Configure MacOS X Settings

Follow these steps to configure MacOS X settings:
1. Select the authentication protocol to be used. The following protocols are supported.
l PEAP with MSCHAPv2
l TTLS with PAP
l TTLS with MSCHAPv2
2. Click Next to move to the next tab.

Configure iOS Settings

Follow these steps to configure iOS settings:
1. Select the authentication protocol to be used. The following protocols are supported.
l PEAP with MSCHAPv2
l TTLS with PAP
l EAP-FAST
2. Click Next to move to the next tab.

Configure Android Settings

Follow these steps to configure iOS settings:
1. Select the authentication protocol to be used. The following protocols are supported:
l PEAP with MSCHAPv2
l PEAP with GTC
l TTLS with PAP
l TTLS with MSCHAPv2
l TTLS with GTC
2. Select Disallow Rooted Devices to prevent network provisioning on rooted Android devices.
3. Click Next to move to the next tab.

Configure a Pre-Shared Key Wireless Network

ClearPass QuickConnect 2.0.2 | User Guide Create a Network | 11

The following procedures show how to create configurations required to deploy a Pre-Shared Key (PSK) Wireless
network:.
l "Configure General Settings" on page 12
l "Configure Windows Settings" on page 12

Configure General Settings

Follow these steps to configure general settings:
1. Navigate to Configuration > Network Configurations.
2. Click Create Network Configuration.
3. Configure the following in the General section.
a. Enter a name and a brief description for the PSK wireless network.
b. Select the Windows check box under Configure Wireless.
4. Configure the following in the Wireless section:
a. Enter the SSID name.
b. Select the security type for the wireless network. You can select one of the following options:
n WPA2 with AES
n WPA with TKIP
n WPA or WPA2
c. Select the network type as PSK for the wireless network.
d. Enter a passphrase for the network.
e. If you want the client wizard to delete any existing configured wireless profiles from end devices, click Add
SSID to add it to the delete list.
5. Click Next to move to the next tab.

Configure Windows Settings

Follow these steps to configure Windows settings:
1. Select an authentication mode. The following authentication methods are supported:
l Machine Or User
l Machine only
l User only
l Guest only
2. Configure the following under Advanced Settings:
a. Enter appropriate administrator credentials if the network configuration requires administrator privileges on the
end device.
b. Select Show Icon in Notification (XP Only) to show icon for the connection in notification area.
c. Select Notify when Connectivity is limited (XP Only) to show notification when connectivity is limited.
d. Select Enforce IP address assignment using DHCP to force the client to use DHCP for getting IP Address.
e. Select Enforce DNS server assignment using DHCP to force the client to use DHCP for getting DNS servers.

If this option is un-selected, client continues to use existing configuration.

f. Select Enforce address registration with DNS to force the client to register its address with DNS servers.

12 | Create a Network ClearPass QuickConnect 2.0.2 | User Guide

g. Select Enable NAP Service option to enable and start the Network Access Protection service and EAP
Quarantine Enforcement Client on the system.
3. If required, click Add Application to add an application to network configuration. This application runs on the end
client device when the client wizard starts.
4. Click Next to move to the next tab.

Configure Wired Networks

The following procedures show how to create configurations required to deploy wired networks on Windows and
MacOS X platforms.
l "Configure General Settings" on page 13
l "Configure Windows Settings" on page 13
l "Configure MacOS X Settings" on page 14

Configure General Settings

Follow these steps to configure general settings:
1. Navigate to Configuration > Network Configurations.
2. Click Create Network Configuration.
3. Configure the following in the General section.
a. Enter a name and a brief description for the wired network.
b. Under Configure Wired, select one or more checkboxes next to the Operating Systems for which you want to
configure wireless network connection.
4. Enter an anonymous identity to be used for identity privacy.

Anonymous Identity is not applicable for Windows XP and Legacy OS X (10.6).

5. Select Validate Server's Certificate to set the client to verify the server's certificate.
6. Provide names of RADIUS servers to trust.
The Name must be a CommonName (CN) in the server's certificate.
7. Select Allow User to Accept Other Servers to allow users to optionally accept servers that do not confirm to
these trust settings.
8. Select Use Additional Trusted Certificates to provide list of additional certificates to trust.
9. Click Add Certificate to add additional certificates in the certificate store.

Additional certificate installation is not supported for Android.

10. Click Next to move to the next tab.

Configure Windows Settings

Follow these steps to configure Windows settings:
1. Select an authentication mode.The following authentication methods are supported:
l Machine Or User
l Machine only

ClearPass QuickConnect 2.0.2 | User Guide Create a Network | 13

l User only
l Guest only
2. Select the authentication credentials. The following credentials can be used:
l Use Domain Credentials: If you want to use the user's domain logon credentials for authentication.
l Ask for Credentials: If you prefer the user to enter credentials other than their domain credentials.
3. Select the authentication protocol to be used. The following protocols are supported.
l PEAP with MSCHAPv2
l TLS
l PEAP with TLS
l PEAP with GTC
4. Configure the following for authentication protocol options:
a. Select Enable Fast Reconnect to allow client to use fast reconnect during re-authentication.
b. Select Enable Cryptobinding to set the client to reject a server if a valid cryptobinding TLV is not received.
c. Select Enforce Network Access Protection to set the client to support Network Access Protection health
checks. This option is called 'Enforce Quarantine Checks' in Windows versions less than Windows 7.
5. Configure the following under Advanced Settings:
a. Enter appropriate administrator credentials if the network configuration requires administrator privileges on the
end device.
b. Select Show Icon in Notification (XP Only) to show icon for the connection in notification area.
c. Select Notify when Connectivity is limited (XP Only) to show notification when connectivity is limited.
d. Select Enforce IP address assignment using DHCP to force the client to use DHCP for getting IP address.
e. Select Enforce DNS server assignment using DHCP to force the client to use DHCP for getting DNS servers.

If this option is un-selected, client continues to use existing configuration.

f. Select Enforce address registration with DNS to force the client to register its address with DNS servers.
g. Select Enable NAP Service option to enable and start the Network Access Protection service and EAP
Quarantine Enforcement Client on the system.
h. Select Fallback to unauthorized network access to allow the client to connect to wired ports which do not
require authentication.
6. If required, click Add Application to add an application to network configuration. This application runs on the end
client device when the client wizard starts.
7. Click Next to move to the next tab.

Configure MacOS X Settings

For configuration steps, refer to the procedure "Configure MacOS X Settings" on page 11.

Configure 802.1X Wireless and Wired Network

The following procedures show how to create configurations required to deploy an 802.1X wireless and wired
networks on Windows, MacOSX, iOS, and Android platforms.
l "Configure General Settings" on page 15
l "Configure Windows Settings" on page 16
l "Configure MacOS X Settings" on page 16
l "Configure iOS Settings" on page 16

14 | Create a Network ClearPass QuickConnect 2.0.2 | User Guide

l "Configure Android Settings" on page 16

Configure General Settings

Follow these steps to configure general settings:
1. Navigate to Configuration > Network Configurations.
2. Click Create Network Configuration.
3. Click the Configuration tab.
4. Configure the following in the General section.
a. Enter a name and a brief description for the network.
b. Select one or more checkboxes next to the Operating Systems for which you want to configure a wireless and
wired network connection.
5. For wireless network configuration, enter the following details in the Wireless section:
a. Enter the SSID name.
b. Select the security type for the wireless network. You can select one of the following options:
l WPA2 with AES
l WPA with TKIP
l WPA or WPA2
c. Select the network type for the wireless network as Enterprise or PSK.

Enter a Passphrase of the network if the network type is PSK.

d. Select the Hidden Network option if the wireless network is not broadcasting.
e. If you want the client wizard to delete any existing configured wireless profiles from end devices, click Add
SSID to add it to the delete list.
6. Enter an anonymous identity to be used for identity privacy.

Anonymous identity is not applicable for Windows XP and Legacy OS X (10.6).

7. Select Validate Server's Certificate to set the client to verify the server's certificate.
8. Provide names of RADIUS servers to trust.
The name must be a CommonName (CN) in the server's certificate.
9. Check Allow User to Accept Other Servers to allow users to optionally accept servers that do not confirm to these
trust settings.
10. Select the certificate from the drop-down list.
This certificate is used to verify the server's certificate.
11. Select Use Additional Trusted Certificates to provide list of additional certificates to trust.
12. Click Add Certificate to add additional certificates in the certificate store.

Additional certificate installation is not supported for Android.

13. If required, configure the proxy settings for the iOS and Android devices.
l Manual — Enter the proxy server's network address and port number.
l Automatic — Enter the URL of the PAC file that defines the proxy configuration.

ClearPass QuickConnect 2.0.2 | User Guide Create a Network | 15

14. Click Next to move to the next tab.

Configure Windows Settings

For configuration steps, refer to the procedure "Configure Windows Settings" on page 13.

Configure MacOS X Settings

For configuration steps, refer to the procedure "Configure MacOS X Settings" on page 11.

Configure Android Settings

For configuration steps refer to the procedure "Configure Android Settings" on page 11.

Configure iOS Settings

For configuration steps, refer to the procedure "Configure iOS Settings" on page 11.

Save Configuration Settings

Follow these steps to save the configuration settings:
1. Review and ensure the desired settings are saved.
2. If you want to make changes to these settings either click on the respective tab or the links provided in the
Summary tab.
3. Click Save to save the configuration settings.
When saving a configuration, you can create a package for the current network configuration in the wizard using
the default user interface.

16 | Create a Network ClearPass QuickConnect 2.0.2 | User Guide

Chapter 3
Deploy Packages

Complete the following procedures to deploy a package:

l "Create New User Interface" on page 17
l "Generate Package" on page 17

Create New User Interface

Follow these steps to create a new user interface:
1. Navigate to Packaging > User Interfaces.
2. Click Create User Interface.
3. Enter a name for the interface and provide a brief description.
4. Enter a title name for the user interface.
5. Enter the name of the organization for which the interface is being created.
6. Enter the helpdesk URL for contacting the help desk in case the users run into issues during provisioning or require
other configuration details.
7. Enter the URL for resetting user's password to authenticate to the network.

Provide an applicable URL for the helpdesk.

8. Browse and select the company logo and click Upload.

9. Click Save User Interface.

Generate Package
Follow these steps to generate a package:
1. Navigate to Packaging > Deployment Package.
2. Select one or more network configurations from the drop-down list to include in the package.
3. You can either select the default user interface or create a customized user interface. To use default user interface
select Default from the drop-down list. To create a customized user interface, refer to "Create New User Interface"
on page 17.
4. Click Generate Package.
The Package generated successfully message appears.
5. You can download the package from the link Package Download URL. For more information on using the
generated package, refer to "Upload Generated Package" on page 23.

ClearPass QuickConnect 2.0.2 | User Guide Deploy Packages | 17

18 | Deploy Packages ClearPass QuickConnect 2.0.2 | User Guide
Chapter 4
Manage Resources

Complete the following procedures to add network resources:

l "Add Certificates" on page 19
l "Add Applications" on page 19

Add Certificates
Follow these steps to add certificates:
1. Navigate to Resources > Certificates.
2. Click Add Certificate link.
The Add Certificate page appears.
3. Browse and select the required certificate file.
4. Click Add Certificate.
The certificate list will be populated with the newly added certificate.

Certificates should be in der, .crt, or .pem formats.

5. You can also view the certificate details by clicking on the certificate name.

Add Applications
Follow these steps to add an application:
1. Navigate to Resources > Applications.
2. Click Add Application link.
The Add Application Page appears.
3. Enter the name of the application.
4. Select Windows operating system.
5. Click option Yes for Restart Required if you want to restart the system after you install the application.
6. Browse for the application file and click Add Application.
The application list will be populated with the newly added application.

Application file should be in .exe format.

ClearPass QuickConnect 2.0.2 | User Guide Manage Resources | 19

20 | Manage Resources ClearPass QuickConnect 2.0.2 | User Guide
Chapter 5
Edit User Account

In QuickConnect, the User Account screen consists of details of the user logged into the user interface. Editing the user
details involves changing username, password, email ID, and company name of the user. The login credentials for these
users are provided outside the QuickConnect system. Follow these steps to edit a user account:
1. Navigate to Administration > User Account.
2. Click Edit. You can edit the following details:
l User Name
l Password
l Email ID
l Company Name
3. Click Save.

ClearPass QuickConnect 2.0.2 | User Guide Edit User Account | 21

22 | Edit User Account ClearPass QuickConnect 2.0.2 | User Guide
Appendix A
Upload Generated Package

When a QuickConnect package is downloaded, it will be in a .ZIP format. You must perform the following steps to
upload the generated package to a web server:
1. Upload the generated package to the web server.
2. Unzip the package file.
3. Configure the web server to serve the contents of the unzipped directory at an appropriate URL .
4. Set the following MIME types for the mentioned extensions in the web server for the deployment package to work
properly.
l .html — text/html
l .json — application/json
l .exe — application/octet-stream
l .bin — application/octet-stream
l .dmg — application/x-apple-diskimage
l .jnlp — application/x-java-jnlp-file
l .jar — application/x-java-archive
l .der — application/x-x509-ca-cert
l .mobileconfig — application/x-apple-aspen-config
l .networkconfig — arubanetworks/networkconfig
Refer to the web server documentation for details on how to configure a web server to serve the contents of the
directory and to configure the MIME types.
The following example illustrates the steps to upload a QuickConnect deployment package to a ClearPass Policy
Manager version 6.0.1.
1. Increase the file upload size limit service parameters:
a. Log in to ClearPass Policy Manager Web UI.
b. Navigate to Administration > Server Manager > Server Configuration and click on the appropriate server.
c. Navigate to Service Parameters tab and select ClearPass System Services.
d. Change the parameters Form POST Size and File Upload Size to 20 MB and save.
2. Upload the ArubaQuickConnect.webdeploy.zip to ClearPass Guest:
a. Log in to ClearPass Guest Web UI.
b. Navigate to Configuration > Content Manager.
c. Click Upload New Content.
d. Select the ArubQuickConnect.webdeploy.zip file and upload.
3. Extract the uploaded package:
a. After the successful upload, select the uploaded file and click Extract Archive.
b. Click OK to extract the archive.
After the extraction, the QuickConnect package will be accessible at
http://<ip address of the server>/guest/public/arubaquickconnect.

ClearPass QuickConnect 2.0.2 | User Guide Upload Generated Package | 23

24 | Upload Generated Package ClearPass QuickConnect 2.0.2 | User Guide
Glossary

AES : Advanced Encryption Standard (AES) is a National Institute of Standards and Technology specification and
cryptographic algorithm that can be used to protect electronic data. AES is an iterative, symmetric-key block cipher
that can use keys of 128, 192, and 256 bits, and encrypts and decrypts data in blocks of 128 bits (16 bytes).
Authentication Modes:
l Machine Only: Use computer-only credentials.
l User Only: Use user-only credentials
l Machine Or User: Use computer-only credentials or user-only credentials. When a user is logged on, the user's
credentials are used for authentication. When no user is logged on, computer-only credentials are used for
authentication.
l Guest: Use guest-only credentials.
Certificate: In cryptography, a certificate (also known as a digital certificate or identity certificate) is an electronic
document which uses a digital signature to bind a public key with an identity — information such as the name of a
person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to
an individual.
Cryptobinding: Cryptobinding is a process which enables to protect authentication protocol negotiation against man-
in-the-middle attacks. The Cryptobinding request and response achieve a two-way handshake between the peer and the
authentication server by using key materials.
EAP: Extensible Authentication Protocol (EAP) is an 802.1X standard that allows developers to pass authentication
data between RADIUS servers and wireless access points. EAP has a number of variants, including: EAP MD5, EAP-
TLS, EAP-TTLS, LEAP, and PEAP.
EAP-TLS: EAP Transport Layer Security (EAP-TLS) was developed under the 802.1X standard by Microsoft to use
digital certificates for authentication.
GTC: Generic Token Card (GTC) protocol can be used as an alternative to MSCHAPv2 protocol. This protocol allows
authentication to various authentication databases even in cases where MSCHAPv2 is not supported by the database.
MSCHAPV2: Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) is a password-based,
challenge-response, mutual authentication protocol that uses MD4 and DES encryption.
NAP: Network Access Protection (NAP) is a feature in Windows Server 2008 that controls access to network resources
based on a client computer’s identity and compliance with corporate governance policy. NAP allows network
administrators to define granular levels of network access based on who a client is, the groups to which the client
belongs, and the degree to which that client is compliant with corporate governance policy. If a client is not
compliant, NAP provides a mechanism to automatically bring the client back into compliance and then dynamically
increase its level of network access.
PEAP: Protected Extensible Authentication Protocol (PEAP) is a type of EAP communication that addresses security
issues associated with clear text EAP transmissions by creating a secure channel encrypted and protected by TLS.
PEAP Fast Reconnect: PEAP Fast Reconnect is a PEAP property that enables wireless clients to move between
wireless access points on the same network without being re-authenticated each time they associate with a new access
point.
PEAP Enforce NAP: This PEAP option specifies that Network Access Protection (NAP) performs system health
checks on clients to ensure they meet health requirements, before connections to the network are permitted.

ClearPass QuickConnect 2.0.2 | User Guide Glossary | 25

PSK: In cryptography, PSK (Pre-Shared Key) is a shared secret which was previously shared between the two parties
using some secure channel before it needs to be used. To build a key from shared secret, the key derivation function
should be used. Such systems almost always use symmetric key cryptographic algorithms. The term PSK is used in Wi-
Fi encryption such as WEP or WPA, where both the wireless access points (AP) and all clients share the same key.
SSID: Service set identifier (SSID) is the name given to a WLAN and used by the client to identify the correct settings
and credentials necessary for access to a WLAN.
TKIP: Temporal Key Integrity Protocol (TKIP) is part of the WPA encryption standard for wireless networks. TKIP is
the next generation of WEP, which provides per-packet key mixing to address flaws discovered in the WEP standard.
TLS: Transport Layer Security is cryptographic protocol that provides communication security over the Internet. TLS
encrypts the segments of network connections above the Transport Layer, using asymmetric cryptography for key
exchange, symmetric encryption for privacy, and message authentication codes for message integrity.
WEP: The Wired Equivalent Privacy (WEP) is part of the IEEE 802.11 standard and uses 64 or 128 bit RC4
encryption. Serious flaws were found in the WEP standard in 2001, mostly due to the length of the initialization vector
of the RC4 stream cipher, which allowed for passive decoding of the RC4 key.
WPA: Wi-Fi Protected Access (WPA) introduced in 2003, in response to weaknesses found in the WEP standard is an
interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication
capabilities and uses TKIP for data encryption.
WPA2: WPA2 established in September 2004 by the Wi-Fi Alliance is the certified interoperable version of the full
IEEE 802.11i specification ratified in June 2004. Like its predecessor, WPA2 supports IEEE 802.1X/EAP
authentication or PSK technology but includes a new advanced encryption mechanism using Counter-Mode/CBC-
MAC Protocol (CCMP) called the Advanced Encryption Standard (AES).

26 | Glossary ClearPass QuickConnect 2.0.2 | User Guide