Security

Hi Everyone,

I am interested in finding out if anyone have integrated Amigopod with any Moto RFS switches.

regards

Ariya

Ariya, We have several customers around the world integrating with Motorola controllers. There have been some recent changes in WiNG5 implemented by Motorola that we are trying to address in our next software release.

Is this still an issue? I am trying to set up guest self-registration with RFS7000 which is running Wing 5.2 but it is not working.

no issue as far i am aware, make sure AMG is running version 3.9

Is there any Amigopod Motorola Wing 5 Integration Guide. I would like to see Amigopod working with Motorola.

there is no integration guide but use this preocedure:

•  use ClearPass Guest (CPG) 3.9 or later
• In the example the IP address of CPG is 10.100.100.3
• Add the CPG as a RADIUS server on Moto switch
• Add the Moto switch as a NAS to CPG and create an automatic weblogin.
• ensure that the weblogin is called "RFS-login.php" to match the config stub.
• This weblogin will use the new Moto weblogin that recognises the Moto redirection in WiNG4.x and 5.x
• The IP address in the Weblogin is not significant with WiNG5.x so you can even remove it and demonstrate that they need one Weblogin for all their Moto switches.
• use HTTP for Captive Portal authentication. So set it accordingly on CPG weblogin and the moto side
• and do not check the "Custom form" checkbox on CPG weblogin.

Here is the relevant part of the Moto switch config

aaa-policy CPG
authentication server 1 host 10.100.100.3 secret 0 blah
accounting server 1 host 10.100.100.3 secret 0 blah
accounting type start-interim-stop
!
dns-whitelist CPG_whitelist
 permit apple.com suffix
 permit 10.100.100.3
!
captive-portal CPG
webpage-location external
webpage external login http://10.100.100.3/RFS-login.php
webpage external welcome http://10.100.100.3/RFS-welcome.php
webpage external fail http://10.100.100.3/RFS-failed-page.php
use aaa-policy CPG
use dns-whitelist CPG_whitelist
!
wlan blah
ssid blah
vlan 666
bridging-mode tunnel
encryption-type none
authentication-type none
use captive-portal CPG
captive-portal-enforcement
!
use captive-portal server CPG
 

Thank you for the quick reply.

you never try with external https captive portal?

thanks

Hi, I'm trying to get this working with a Motorola WiNG 5.3 controller and Clearpass Guest 6.2.x

I got the captive portal redirect working, so that users connect to the Guest WLAN, get redirected to Clearpass (using http) but when they try to log in, the login tries to go to the following URL:

..which then times out.   

Not sure where it's getting this - I don't have this URL set anywhere in Clearpass so it must be happening on the Motorola but I don't have any idea how this Motorola controller works.  

Any ideas?

i got it with wing 5.5

in wing 5.5 captive portal guide there's the right path.

https://portal.motorolasolutions.com/Support/US-EN/Resolution?solutionId=91998&productDetailGUID=70c33a4a97940410VgnVCM10000081c7b10aRCRD&detailChannelGUID=231d12afa79ae310VgnVCM1000000389bd0aRCRD

i dismiss this config because actually wing 5.5 doens't support well https redirect (you've to accept ap certificate if you don't have a motorola controller).

i explain better:

if the captive portal is configured as external on https page it will work but you've to accept ap self signed certificate

if the captive portal is configured as external managed by motorola controller it will works well in https.

I just got this working for my own customer – I apologize I don't have the exact settings - I'm not at the customer site right now.  

In their case the Guest VLAN is completely isolated from production.  The Motorala controller had interfaces on both the Guest VLAN as well as internal.  Guests are directed to the Clearpass captive portal via the Internet - they go out the guest ISP and then back in via the corporate ISP and NAT into the captive portal.

Motorola was set up as a Radius client on clearpass using the internal address of the Motorola.

After much trial-and-error we found that we needed to configure the Motorola captive portal server mode to “centralized”  (*not* "centralized controller"), set to the IP address of the Motorola’s Guest  VLAN interface, and then set the captive portal URL (under the "web page") tab to point to Clearpass.  

We also had to muck about a bit and create "welcome" and "terms" html pages which we uploaded to the Motorola, but we could have just as easily put them on Clearpass under content, I suppose.

I am trying to configure the captive portal on the Moto Wing 5.5 using clearpass as the external captive portal server. Can someone point me in the right direction as to what I should set the external page on the moto? Should it be http://x.x.x.x/guest/name_of_page.php

I am running ClearPass Guest 6.5.0.31375 with Moto/Extreme Networks 5.5

Thanks in advance.