ClearPass Guest 3.9
Deployment Guide
www.arubanetworks.com
1344 Crossman Avenue
Sunnyvale, California 94089
Phone: 408.227.4500
Fax 408.227.4550
ClearPass Guest 3.9.2|Deployment Guide 0511112-03 | July 2, 2012
Copyright
© 2012 Aruba Networks, Inc. Aruba Networks trademarks include, Aruba Networks
®
, Aruba Wireless Networks
®
,
the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System
®
, Mobile Edge Architecture
®
, People Move.
Networks Must Follow
®
, RFProtect
®
, Green Island
®
. All rights reserved. All other trademarks are the property of their respective owners.
Open Source Code
Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU
General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used
can be found at this site:
http://www.arubanetworks.com/open_source
Legal Notice
The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN
client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba
Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those
vendors.
Warranty
This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to the
ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS.
Altering this device (such as painting it) voids the warranty.
ClearPass Guest 3.9 | Deployment Guide | 3
Contents
Chapter 1 ClearPass Guest .................................................................................... 19
About this Manual................................................................................................19
Documentation Conventions.........................................................................19
Documentation Overview..............................................................................20
Getting Support ...................................................................................................21
Field Help ......................................................................................................21
Quick Help ....................................................................................................21
Context-Sensitive Help .................................................................................21
Searching Help..............................................................................................21
If You Need More Assistance........................................................................22
Chapter 2 Management Overview ......................................................................... 23
Visitor Access Scenarios .....................................................................................23
Reference Network Diagram ...............................................................................24
Key Interactions...................................................................................................24
AAA Framework...................................................................................................25
Key Features........................................................................................................27
Visitor Management Terminology........................................................................29
Deployment Process ...........................................................................................30
Security Policy Considerations .....................................................................30
Operational Concerns ...................................................................................30
Network Provisioning ....................................................................................30
Site Preparation Checklist.............................................................................31
Chapter 3 Setup Guide............................................................................................ 33
Hardware Appliance Setup..................................................................................33
Default Network Configuration......................................................................33
Setting Up the Virtual Appliance..........................................................................34
VMware Workstation or VMware Player .......................................................34
VMware ESXi.................................................................................................34
Accessing the Console User Interface ................................................................35
Console Login ...............................................................................................35
Console User Interface Functions.................................................................36
Accessing the Graphical User Interface ..............................................................37
Initial Configuraton Using the Setup Wizard .......................................................37
Logging In .....................................................................................................37
Accepting the ClearPass Guest License Agreement ....................................38
Setting the Administrator Password .............................................................38
Setting the System Hostname ......................................................................39
Configuring Network Interfaces ....................................................................40
Configuring HTTP Proxy Settings .................................................................41
Configuring SMTP Mail Settings ...................................................................42
Configuring SNMP Settings ..........................................................................42
Configuring Server Time and Time Zone ......................................................43
Configuring the Default RADIUS NAS Vendor Type .....................................44
Defining RADIUS Network Access Servers ..................................................44
4 | ClearPass Guest 3.9 | Deployment Guide
Configuring the ClearPass Guest Subscription ID........................................45
Installing Subscription Updates ....................................................................46
Setup Completion .........................................................................................47
Chapter 4 Onboard.................................................................................................. 49
About ClearPass Onboard...................................................................................49
Onboard Deployment Checklist....................................................................49
Onboard Feature List ....................................................................................51
Supported Platforms.....................................................................................51
Public Key Infrastructure for Onboard ..........................................................52
Certificate Hierarchy ...............................................................................52
Revoking Unique Device Credentials............................................................53
Revoking Credentials to Prevent Network Access.................................54
Re-Provisioning a Device .......................................................................54
Network Requirements for Onboard.............................................................55
Using the Same SSID for the Provisioning and
Provisioned Networks ......................................................................55
Using a Different SSID for the Provisioning and
Provisioned Networks ......................................................................55
Configuring the Online Certificate Status Protocol for the
Provisioned Network........................................................................55
Configuring a Certificate Revocation List (CRL) for the
Provisioned Network........................................................................56
Network Architecture for Onboard................................................................56
Network Architecture for Onboard when Using ClearPass Guest .........57
The ClearPass Onboard Process..................................................................58
Devices Supporting Over-the-Air Provisioning.......................................58
Devices Supporting Onboard Provisioning ............................................61
Accessing Onboard .............................................................................................64
Configuring the User Interface for Device Provisioning ......................................64
Customizing the Device Provisioning Web Login Page ................................65
Using the {nwa_mdps_config} Template Function .......................................66
Configuring ClearPass Servers for Device Provisioning......................................66
Configuring the Certificate Authority ..................................................................68
Setting Up the Certificate Authority ..............................................................69
Setting Up a Root Certificate Authority.........................................................70
Setting Up an Intermediate Certificate Authority ..........................................72
Obtaining a Certificate for the Certificate Authority ......................................74
Using Microsoft Active Directory Certificate Services ..................................74
Installing a Certificate Authority’s Certificate ................................................77
Renewing the Certificate Authority’s Certificate ...........................................78
Configuring Data Retention Policy for Certificates .......................................79
Uploading Certificates for the Certificate Authority.............................................79
Viewing the Certificate Authority’s Trust Chain ............................................79
Creating a Certificate...........................................................................................80
Specifying the Identity of the Certificate Subject..........................................81
Issuing the Certificate Request .....................................................................82
Managing Certificates..........................................................................................82
Searching for Certificates..............................................................................83
Working with Certificates ..............................................................................83
Working with Certificate Signing Requests...................................................85
Requesting a Certificate ......................................................................................87
Providing a Certificate Signing Request in Text Format ...............................87
Providing a Certificate Signing Request File.................................................88
Specifying Certificate Properties ..................................................................89
ClearPass Guest 3.9 | Deployment Guide | 5
Configuring Provisioning Settings .......................................................................89
Configuring Basic Provisioning Settings.......................................................90
Configuring Certificate Properties for Device Provisioning...........................90
Configuring Provisioning Settings for iOS and OS X ....................................93
Configuring Provisioning Settings for Mac OS X, Windows, and
Android Devices .....................................................................................94
Configuring User Interface Options for Mac OS X, Windows, and
Android Devices .....................................................................................96
Configuring Authorization Settings for Device Provisioning .........................96
Configuring Network Settings for Device Provisioning .......................................97
Configuring Basic Network Access Settings ................................................97
Configuring 802.1X Authentication Network Settings...................................99
Configuring Device Authentication Settings ...............................................100
Configuring Mutual Authentication Settings ...............................................100
Configuring Windows-Specific Network Settings.......................................102
Configuring Proxy Settings .........................................................................102
Configuring Post-Installation Instructions...................................................103
Configuring an iOS Device VPN Connection.....................................................104
Configuring an iOS Device Email Account ........................................................106
Configuring an iOS Device Passcode Policy.....................................................108
Resetting Onboard Certificates and Configuration ...........................................110
Advanced: Device Authentication During Provisioning .....................................110
Onboard Troubleshooting .................................................................................111
iOS Device Provisioning Failures ................................................................112
Chapter 5 RADIUS Services ................................................................................. 113
Accessing RADIUS Services .............................................................................113
Server Control....................................................................................................113
RADIUS Log Snapshot................................................................................113
Debug RADIUS Server ................................................................................114
Viewing Failed Authentications ...................................................................114
Server Configuration..........................................................................................115
Example: Removing a User-Name Suffix....................................................117
Removing a Variable-Length Suffix ......................................................117
Example: Correcting the NAS-IP-Address Attribute ...................................117
Example: Adding a Reply-Message to an Access-Reject Packet ..............117
User Roles .........................................................................................................117
Creating a User Role...................................................................................118
Adding Role Attributes ................................................................................119
Defining Attribute Tags ...............................................................................120
Adding Authorization Conditions to Attribute Definitions ...........................120
Example: Time of Day Conditions ........................................................121
Example: Time-Based Authorization ....................................................121
Example: Accounting-Based Authorization..........................................121
Calculating Attribute Value Expressions .....................................................122
Example: Using Request Attributes in a Value Expression ..................122
Example: Location-Specific VLAN Assignment....................................123
Configuring MAC Caching During User Authentication..............................123
Network Access Servers ...................................................................................124
Creating a Network Access Server Entry....................................................125
Importing a List of Network Access Servers...............................................126
Web Logins........................................................................................................128
Creating a Web Login Page ........................................................................129
Universal Access Method (UAM) Password Encryption .............................134
NAS Redirect Parameters ...........................................................................134
6 | ClearPass Guest 3.9 | Deployment Guide
NAS Login Parameters................................................................................135
Using Web Login Parameters .....................................................................135
Apple Captive Network Assistant Bypass with ClearPass Guest .....................136
Solution Implementation .............................................................................138
Captive Portal Profile Configuration .....................................................139
Database Lists...................................................................................................140
Database Maintenance Tasks.....................................................................141
Dictionary...........................................................................................................141
Import Dictionary.........................................................................................142
Export Dictionary.........................................................................................142
Reset Dictionary..........................................................................................142
Vendors .......................................................................................................143
Creating a New Vendor...............................................................................143
Edit Vendor .................................................................................................143
Delete Vendor .............................................................................................143
Export Vendor .............................................................................................143
Vendor-Specific Attributes..........................................................................144
Add a Vendor-Specific Attribute (VSA) .......................................................144
Edit Vendor-Specific Attribute ....................................................................144
Delete Vendor-Specific Attribute ................................................................145
Add Attribute Value .....................................................................................145
Editing Attribute Value.................................................................................145
Deleting Attribute Value ..............................................................................146
EAP and 802.1X Authentication and Certificate Management..........................146
Specifying Supported EAP Types...............................................................147
Creating a Server Certificate and Self-Signed Certificate Authority ...........148
Creating the Certificate Signing Request .............................................149
Signing RADIUS Server Certificate.......................................................150
Installing the Self-Signed RADIUS Server Certificate...........................150
Requesting a Certificate from a Certificate Authority .................................150
Importing a Server Certificate .....................................................................151
Installing a Server Certificate from a Certificate Authority .........................152
Installing an Imported Server Certificate ..............................................152
Exporting Server Certificates .....................................................................152
PEAP Sample Configuration .......................................................................152
Importing a Root Certificate – Windows Vista and Windows 7............153
Active Directory Domain Services .....................................................................157
Joining an Active Directory Domain............................................................158
Testing Active Directory User Authentication .............................................159
Configuring Active Directory Domain Authentication..................................160
Leaving an Active Directory Domain ...........................................................160
External Authentication Servers (EAS)...............................................................161
Types of External Authentication Server.....................................................161
Managing External Authentication Servers .................................................162
Configuring Properties for External Authentication Servers .......................162
Configuring an Active Directory EAS....................................................163
Configuring an LDAP EAS ....................................................................166
Configuring a Proxy RADIUS EAS ........................................................168
Configuring a Local Certificate Authority EAS......................................169
Configuring Authorization for External Authentication Servers...................170
About Authorization Methods in External Authentication Servers........171
Testing External Authentication Servers .....................................................174
Testing a Local Certificate Authority EAS.............................................175
Managing Certificates for External Authentication Servers ........................176
ClearPass Guest 3.9 | Deployment Guide | 7
Chapter 6 Operator Logins................................................................................... 179
Accessing Operator Logins ...............................................................................179
About Operator Logins ......................................................................................179
Role-Based Access Control for Multiple Operator Profiles ........................179
Operator Profiles ...............................................................................................180
Creating an Operator Profile .......................................................................180
Configuring the User Interface..............................................................184
Customizing Forms and Views .............................................................185
Operator Profile Privileges ..........................................................................186
Managing Operator Profiles ........................................................................186
Local Operator Authentication...........................................................................187
Creating a New Operator ............................................................................187
Viewing All Operator Logins........................................................................188
Changing Operator Passwords...................................................................190
LDAP Operator Authentication ..........................................................................190
Manage LDAP Servers................................................................................190
Creating an LDAP Server ............................................................................190
Advanced LDAP URL Syntax......................................................................193
Viewing the LDAP Server List .....................................................................193
LDAP Operator Server Troubleshooting .....................................................194
Testing Connectivity .............................................................................194
Testing Operator Login Authentication.................................................194
Looking Up Sponsor Names ................................................................195
Troubleshooting Error Messages .........................................................195
LDAP Translation Rules ..............................................................................196
Custom LDAP Translation Processing........................................................198
Operator Logins Configuration ..........................................................................200
Custom Login Message ..............................................................................200
Operator Password Options .......................................................................201
Advanced Operator Login Options .............................................................202
Automatic Logout .................................................................................202
Chapter 7 Guest Management ............................................................................. 203
Accessing Guest Manager ................................................................................203
About Guest Management Processes...............................................................203
Sponsored Guest Access ...........................................................................204
Self Provisioned Guest Access ...................................................................204
Standard Guest Management Features ............................................................205
Creating a Guest Account...........................................................................205
Creating a Guest Account Receipt .............................................................206
Creating Multiple Guest Accounts ..............................................................207
Creating Multiple Guest Account Receipts.................................................208
Creating a Single Password for Multiple Accounts.....................................209
Managing Guest Accounts..........................................................................211
Managing Multiple Guest Accounts............................................................214
Importing Guest Accounts ..........................................................................216
Exporting Guest Account Information.........................................................220
Guest Manager Customization..........................................................................220
Default Settings for Account Creation ........................................................221
About Fields, Forms, and Views .................................................................225
Business Logic for Account Creation .........................................................225
Verification Properties ..........................................................................225
Basic User Properties...........................................................................225
Visitor Account Activation Properties ...................................................226
8 | ClearPass Guest 3.9 | Deployment Guide
Visitor Account Expiration Properties...................................................227
Other Properties ...................................................................................227
Account Expiration Types ...........................................................................227
Standard Fields ...........................................................................................228
Standard Forms and Views.........................................................................228
Customization of Fields .....................................................................................229
Creating a Custom Field .............................................................................230
Duplicating a Field.......................................................................................231
Editing a Field .............................................................................................231
Deleting a Field ...........................................................................................231
Displaying Forms that Use a Field ..............................................................231
Displaying Views that Use a Field ...............................................................232
Customization of Forms and Views...................................................................232
Editing Forms and Views ............................................................................232
Duplicating Forms and Views .....................................................................233
Editing Forms ..............................................................................................233
Form Field Editor.........................................................................................234
Form Display Properties..............................................................................235
Form Validation Properties..........................................................................245
Examples of Form field Validation...............................................................246
Advanced Form Field Properties ................................................................248
Form Field Validation Processing Sequence ..............................................249
Editing Views...............................................................................................252
View Field Editor .........................................................................................253
Customizing Self Provisioned Access ...............................................................254
Self-Registration Sequence Diagram..........................................................254
Creating a Self-Registration Page...............................................................255
Editing Self-Registration Pages ..................................................................256
Configuring Basic Properties for Self-Registration .....................................257
Using a Parent Page.............................................................................258
Paying for Access.................................................................................258
Requiring Operator Credentials............................................................258
Editing Registration Page Properties ..........................................................259
Editing the Default Self-Registration Form Settings ...................................260
Editing Guest Receipt Page Properties ......................................................261
Editing Receipt Actions...............................................................................262
Enabling Sponsor Confirmation for Role Selection ..............................262
Editing Download and Print Actions for Guest Receipt Delivery..........264
Editing Email Delivery of Guest Receipts .............................................264
Editing SMS Delivery of Guest Receipts ..............................................265
Enabling and Editing NAS Login Properties ...............................................266
Editing Login Page Properties ....................................................................267
Self-Service Portal Properties.....................................................................268
Resetting Passwords with the Self-Service Portal......................................270
Customizing Print Templates ............................................................................271
Creating New Print Templates ....................................................................272
Print Template Wizard.................................................................................273
Modifying Wizard-Generated Templates ....................................................274
Setting Print Template Permissions............................................................274
Configuring Access Code Logins......................................................................275
Customize Random Username and Passwords .........................................276
Create the Print Template ...........................................................................276
Customize the Guest Accounts Form .........................................................277
Create Access Code Guest Accounts ........................................................278
ClearPass Guest 3.9 | Deployment Guide | 9
MAC Authentication in ClearPass Guest...........................................................279
MAC Address Formats................................................................................279
Managing Devices ......................................................................................280
Changing a Device’s Expiration Date ...................................................281
Disabling and Deleting Devices ............................................................282
Activating a Device ...............................................................................283
Editing a Device....................................................................................283
Viewing Current Sessions for a Device.................................................285
Viewing and Printing Device Details .....................................................285
MAC Creation Modes..................................................................................285
Creating Devices Manually in ClearPass Guest ..................................285
Creating Devices During Guest Self-Registration - MAC Only.............287
Creating Devices During Guest Self-Registration - Paired Accounts ..288
Accounting-Based MAC Authentication .....................................................289
Automatically Registering MAC Devices in ClearPass Policy Manager......292
Importing MAC Devices ..............................................................................292
Advanced MAC Features ............................................................................293
2-Factor Authentication ........................................................................293
MAC-Based Derivation of Role.............................................................293
User Detection on Landing Pages........................................................293
Click-Through Login Pages ..................................................................294
Active Sessions Management ...........................................................................294
Session States ............................................................................................295
RFC 3576 Dynamic Authorization ...............................................................296
Filtering the List of Active Sessions ............................................................296
Managing Multiple Active Sessions ............................................................297
Closing All Stale Sessions Immediately................................................297
Closing All Stale Sessions and Specifying a Duration..........................297
Closing Specified Open Sessions ........................................................299
Disconnecting or Reauthorizing Active Sessions .................................300
Sending Multiple SMS Alerts ......................................................................301
SMS Services ....................................................................................................302
Configuring SMS Gateways........................................................................302
Sending an SMS .........................................................................................304
About SMS Credits .....................................................................................305
About SMS Guest Account Receipts..........................................................305
SMS Receipt Options..................................................................................306
Customize SMS Receipt .............................................................................308
SMS Receipt Fields.....................................................................................309
SMTP Services ..................................................................................................310
Configuring SMTP Services ........................................................................310
About Email Receipts..................................................................................310
Email Receipt Options.................................................................................312
SMTP Receipt Fields...................................................................................314
Chapter 8 Report Management............................................................................ 317
Accessing Reporting Manager ..........................................................................317
Viewing Reports.................................................................................................317
Running and Managing Reports........................................................................318
Viewing the Most Recent Report ................................................................318
Report History .............................................................................................318
Previewing the Report ................................................................................318
Run Default .................................................................................................318
Run..............................................................................................................319
Edit a report ................................................................................................319
10 | ClearPass Guest 3.9 | Deployment Guide
Delete a Report ...........................................................................................320
Duplicate a Report ......................................................................................320
Permissions.................................................................................................320
Exporting Report Definitions .............................................................................322
Importing report Definitions ........................................................................323
Resetting Report Definitions .......................................................................323
About Custom Reports......................................................................................324
Data Sources ..............................................................................................325
Binning ........................................................................................................325
Binning Example – Time Measurements.....................................................325
Groups ........................................................................................................326
Statistics from Classification Groups..........................................................327
Components of the Report Editor .....................................................................327
Report Type ................................................................................................328
Report Parameters......................................................................................329
Parameter User Interface Editing................................................................331
Data Source ................................................................................................332
Select Fields................................................................................................333
Source Filters ..............................................................................................335
Classification Groups ..................................................................................337
Statistics and Metrics..................................................................................339
Output Series ..............................................................................................342
Output Series Fields....................................................................................343
Output Filters ..............................................................................................344
Presentation Options ..................................................................................346
Chart Presentations..............................................................................346
Table Presentations..............................................................................347
Text Presentations................................................................................347
Final Report.................................................................................................348
Creating Reports ...............................................................................................348
Creating the Report – Step 1 ......................................................................349
Creating the Report – Step 2 ......................................................................349
Creating Sample Reports ..................................................................................350
Report Based on Modifying an Existing Report..........................................350
Report Created from Report Manager using Create New Report ..............351
Report Created by Duplicating an Existing Report .....................................353
Report Troubleshooting.....................................................................................355
Report Preview with Debugging .................................................................355
Troubleshooting Tips ..................................................................................356
Chapter 9 Administrator Tasks ............................................................................ 357
Accessing Administrator....................................................................................357
Network Setup...................................................................................................357
Configuring Integration with Other ClearPass Servers ...............................358
Automatic Network Diagnostics..................................................................360
Viewing or Setting System Hostname.........................................................361
Viewing Network Interface Settings ............................................................361
Changing Network Interface Settings .........................................................362
About Default Gateway Settings ..........................................................364
Managing Static Routes..............................................................................365
Creating a Tunnel Network Interface ..........................................................365
Creating a VLAN Interface...........................................................................366
Managing VLAN Interfaces................................................................................367
Creating a Secondary Network Interface....................................................368
Login Access Control..................................................................................369
Network Diagnostic Tools ...........................................................................370
ClearPass Guest 3.9 | Deployment Guide | 11
Network Diagnostics – Packet Capturing ...................................................372
Network Hosts ............................................................................................374
HTTP Proxy Configuration ..........................................................................375
SNMP Configuration ...................................................................................375
Supported MIBs..........................................................................................377
SMTP Configuration....................................................................................378
SSL Certificate...................................................................................................379
Requesting an SSL Certificate ....................................................................379
Installing an SSL Certificate ........................................................................380
Displaying the Current SSL Certificate .......................................................382
Backup and Restore..........................................................................................383
Backing Up Appliance Configuration..........................................................383
Scheduling Automatic Backups..................................................................384
Restoring a Backup.....................................................................................386
Content Manager...............................................................................................387
Uploading Content......................................................................................388
Downloading Content .................................................................................389
Additional Content Actions .........................................................................389
Security Manager ..............................................................................................389
Performing a Security Audit ........................................................................390
Reviewing Security Audit Results ...............................................................390
Changing Network Security Settings ..........................................................391
Resetting the Root Password .....................................................................391
Notifications.......................................................................................................391
OS Updates .......................................................................................................392
Manual Operating System Updates............................................................392
Reviewing the Operating System Update Log............................................392
Determining Installed Operating System Packages....................................393
Plugin Manager..................................................................................................393
Managing Subscriptions .............................................................................394
Viewing Available Plugins............................................................................394
Adding or Updating New Plugins................................................................395
Configuring Plugin Update Notifications.....................................................396
Configuring Plugins.....................................................................................396
Configuring the Kernel Plugin...............................................................397
Configuring the Aruba ClearPass Skin Plugin ......................................398
Server Time........................................................................................................399
System Control..................................................................................................401
Changing System Configuration Parameters..............................................401
System Log Configuration ..........................................................................401
Log Rotation: Configuring Data Retention ...........................................402
Log Collector: Storing Incoming Syslog Messages .............................402
Facility: Redirecting Application Log Messages...................................403
Managing Data Retention ...........................................................................404
Changing Database Configuration Parameters ..........................................406
Changing Web Application Configuration...................................................407
Changing Web Server Configuration ..........................................................408
System Information ...........................................................................................408
Adding Disk Space......................................................................................409
System Log........................................................................................................411
Filtering the System Log .............................................................................411
Exporting the System Log...........................................................................412
Viewing the Application Log........................................................................412
Searching the Application Log....................................................................413
Exporting the Application Log.....................................................................413
12 | ClearPass Guest 3.9 | Deployment Guide
Chapter 10 Hotspot Manager................................................................................. 415
Manage Hotspot Sign-up ..................................................................................416
Captive Portal Integration ...........................................................................417
Look and Feel .............................................................................................417
SMS Services..............................................................................................417
Hotspot Plans ....................................................................................................417
Modifying an Existing Plan..........................................................................418
Creating New Plans.....................................................................................419
Managing Transaction Processors....................................................................419
Creating a New Transaction Processor ......................................................420
Managing Existing Transaction Processors................................................420
Managing Customer Information.......................................................................420
Managing Hotspot Invoice ................................................................................420
Customize User Interface ..................................................................................421
Customize Page One ..................................................................................422
Customize Page Two ..................................................................................422
Customize Page Three................................................................................424
View Hotspot User Interface..............................................................................424
Chapter 11 High Availability Services.................................................................... 425
Accessing High Availability................................................................................425
About High Availability Systems........................................................................425
Terminology & Concepts.............................................................................425
Network Architecture ..................................................................................426
Deploying an SSL Certificate ......................................................................427
Normal Cluster Operation ...........................................................................427
Failure Detection .........................................................................................427
Database Replication ..................................................................................427
Configuration Replication............................................................................428
Primary Node Failure...................................................................................429
Secondary Node Failure..............................................................................429
Email Notification ........................................................................................430
Cluster Status ....................................................................................................430
Cluster Setup.....................................................................................................431
Prepare Primary Node.................................................................................432
Prepare Secondary Node............................................................................434
Cluster Initialization .....................................................................................434
Cluster Deployment ....................................................................................435
Cluster Maintenance..........................................................................................436
Recovering From a Failure ..........................................................................436
Recovering From a Temporary Outage.......................................................436
Recovering From a Hardware Failure .........................................................437
Performing Scheduled Maintenance...........................................................438
Updating Plugins.........................................................................................438
Destroying a Cluster....................................................................................438
Cluster Troubleshooting..............................................................................439
Chapter 12 Reference ............................................................................................. 441
Basic HTML Syntax ...........................................................................................441
Standard HTML Styles ................................................................................442
Smarty Template Syntax ...................................................................................443
Basic Template Syntax ...............................................................................443
Text Substitution .........................................................................................443
Template File Inclusion ...............................................................................443
ClearPass Guest 3.9 | Deployment Guide | 13
Comments...................................................................................................444
Variable Assignment ...................................................................................444
Conditional Text Blocks ..............................................................................444
Script Blocks...............................................................................................444
Repeated Text Blocks.................................................................................444
Foreach Text Blocks ...................................................................................445
Modifiers .....................................................................................................445
Predefined Template Functions ..................................................................446
dump ....................................................................................................446
nwa_commandlink................................................................................446
nwa_iconlink .........................................................................................447
nwa_icontext ........................................................................................447
nwa_quotejs .........................................................................................448
nwa_radius_query.................................................................................448
Advanced Developer Reference .................................................................450
nwa_assign ...........................................................................................450
nwa_bling..............................................................................................450
nwa_makeid..........................................................................................451
nwa_nav................................................................................................451
nwa_plugin............................................................................................452
nwa_privilege ........................................................................................453
nwa_replace .........................................................................................453
nwa_text ...............................................................................................453
nwa_userpref ........................................................................................453
nwa_youtube ........................................................................................454
Date/Time Format Syntax..................................................................................454
nwadateformat Modifier..............................................................................454
nwatimeformat Modifier ..............................................................................455
Date/Time Format String Reference ...........................................................456
Programmer’s Reference...................................................................................457
NwaAlnumPassword...................................................................................457
NwaBoolFormat ..........................................................................................457
NwaByteFormat ..........................................................................................457
NwaByteFormatBase10 ..............................................................................457
NwaComplexPassword...............................................................................457
NwaCsvCache ............................................................................................457
NwaDigitsPassword($len) ...........................................................................458
NwaDynamicLoad.......................................................................................458
NwaGeneratePictureString .........................................................................458
NwaGenerateRandomPasswordMix...........................................................458
NwaLettersDigitsPassword.........................................................................458
NwaLettersPassword ..................................................................................458
NwaMoneyFormat.......................................................................................458
NwaParseCsv..............................................................................................459
NwaParseXml..............................................................................................460
NwaPasswordByComplexity.......................................................................460
NwaSmsIsValidPhoneNumber ....................................................................460
NwaStrongPassword ..................................................................................460
NwaVLookup...............................................................................................461
NwaWordsPassword...................................................................................461
Field, Form and View Reference........................................................................461
GuestManager Standard Fields ..................................................................461
Hotspot Standard Fields .............................................................................469
SMS Services Standard Fields ...................................................................470
SMTP Services Standard Fields .................................................................470
Format Picture String Symbols ...................................................................472
Form Field Validation Functions..................................................................473
14 | ClearPass Guest 3.9 | Deployment Guide
Form Field Conversion Functions ...............................................................475
Form Field Display Formatting Functions ...................................................476
View Display Expression Technical Reference ...........................................478
Standard RADIUS Request Functions...............................................................479
Variables Available in Execution Context....................................................479
AccessReject().............................................................................................479
EnableDebug().............................................................................................480
DisableDebug()............................................................................................480
GetAttr().......................................................................................................480
ShowAttr()....................................................................................................480
MacAddr()....................................................................................................480
MacEqual() ..................................................................................................481
MacAddrConvert().......................................................................................481
GetTraffic()...................................................................................................481
GetTime().....................................................................................................481
GetSessions() ..............................................................................................482
GetCallingStationTraffic() ............................................................................482
GetUserTraffic() ...........................................................................................483
GetIpAddressTraffic() ..................................................................................483
GetCallingStationTime() ..............................................................................483
GetUserTime() .............................................................................................483
GetIpAddressTime() ....................................................................................483
GetCallingStationSessions()........................................................................484
GetUserSessions().......................................................................................484
GetIpAddressSessions()..............................................................................484
GetUserActiveSessions().............................................................................484
GetCurrentSession()....................................................................................484
GetUserCurrentSession() ............................................................................485
GetIpAddressCurrentSession() ...................................................................485
GetCallingStationCurrentSession() .............................................................485
GetUserStationCount() ................................................................................486
GetSessionTimeRemaining() .......................................................................486
ChangeToRole()...........................................................................................486
RADIUS Server Options.....................................................................................487
General Configuration .................................................................................487
Security Configuration ................................................................................489
Proxy Configuration ....................................................................................489
SNMP Query Configuration.........................................................................490
Thread Pool Configuration ..........................................................................490
Authentication Module Configuration .........................................................491
Database Module Configuration .................................................................492
EAP Module Configuration..........................................................................492
LDAP Module Configuration .......................................................................495
Rewrite Module Configuration ....................................................................498
List of Standard Radius Attributes ....................................................................499
Authentication Attributes.............................................................................499
RADIUS Server Internal Attributes ..............................................................501
LDAP Standard Attributes for User Class .........................................................501
Regular Expressions..........................................................................................501
Chapter 13 Glossary................................................................................................ 503
Index................................................................................................................................... 507
ClearPass Guest 3.9 | Deployment Guide | 15
Figures
Figure 1 Visitor access using ClearPass Guest.................................................................23
Figure 2 Reference network diagram for visitor access ....................................................24
Figure 3 Interactions involved in guest access..................................................................25
Figure 4 Sequence diagram for network access using AAA .............................................26
Figure 5 Rear port configuration for AMG-HW-100/-2500 appliances .............................33
Figure 6 Relationship of Certificates in the Onboard Public Key Infrastructure................53
Figure 7 ClearPass Onboard Network Architecture ..........................................................56
Figure 8 Detailed View of the ClearPass Onboard Network Architecture .........................57
Figure 9 ClearPass Onboard Network Architecture when Using ClearPass Guest ..........58
Figure 10 ClearPass Onboard Process for iOS Devices .....................................................59
Figure 11 Sequence Diagram for the Onboard Workflow on iOS Platform.........................60
Figure 12 Over-the-Air Provisioning Workflow for iOS Platform .........................................61
Figure 13 ClearPass Onboard Process for Onboard-Capable Devices ..............................62
Figure 14 Sequence Diagram for the Onboard Workflow on Android Platform ..................63
Figure 15 Onboard Provisioning Workflow in the QuickConnect App ................................64
Figure 16 RADIUS Role Editor page..................................................................................118
Figure 17 Sequence diagram for guest captive portal and Web login ..............................129
Figure 18 Captive Network Assistant on MacOS X ...........................................................137
Figure 19 Captive Network Assistant on iPad ...................................................................137
Figure 20 Captive Network Assistant on iPhone ...............................................................138
Figure 21 Captive Portal Profile Configuration ..................................................................139
Figure 22 Configuring the Web Login page.......................................................................140
Figure 23 Operator profiles and visitor access control .....................................................180
Figure 24 Sponsored guest access with guest created by operator ................................204
Figure 25 Guest access when guest is self-provisioned ...................................................204
Figure 26 Customize Guest Manager page (part 1)...........................................................221
Figure 27 Customize Guest Manager page (part 2)—continued .......................................223
Figure 28 Customize Guest Manager page (part 3)—continued .......................................224
Figure 29 Steps involved in form field processing ............................................................249
Figure 30 Sequence diagram for guest self-registration ...................................................255
Figure 31 Guest self-registration process .........................................................................257
Figure 32 MAC Authentication Plugin—Configuration ......................................................280
Figure 33 MAC Authentication Profile ...............................................................................280
Figure 34 Modify fields ......................................................................................................288
Figure 35 RADIUS Role Editor...........................................................................................291
Figure 36 Configure SMS Services Plugin.........................................................................307
Figure 37 Customize SMS Receipt page ..........................................................................309
Figure 38 Customize Email Receipt page .........................................................................312
Figure 39 Customize Email Receipt page—continued......................................................313
Figure 40 Report generation process ................................................................................324
Figure 41 Bin number calculation......................................................................................325
Figure 42 Reporting – Bin west of GMT ............................................................................326
Figure 43 Reporting – Bin east of GMT .............................................................................326
Figure 44 Reporting – Bin statistics without groups..........................................................327
16 | ClearPass Guest 3.9 | Deployment Guide
Figure 45 Reporting – Bin statistics with groups...............................................................327
Figure 46 Components of the Report Editor .....................................................................328
Figure 47 Network diagram showing IP addressing for a GRE tunnel ..............................366
Figure 48 Data Retention Policy page ...............................................................................405
Figure 49 Guest self-provisioning......................................................................................415
Figure 50 Network architecture of high availability cluster................................................426
ClearPass Guest 3.9 | Deployment Guide | 17
Tables
Table 1 Quick Links ..........................................................................................................20
Table 2 List of Key features..............................................................................................27
Table 3 Common Terms...................................................................................................29
Table 4 Site Preparation Checklist ...................................................................................31
Table 5 Default port configurations ..................................................................................33
Table 6 Ethernet adapter configuration............................................................................34
Table 7 Virtual ethernet adapter configuration .................................................................35
Table 8 Console access methods ....................................................................................35
Table 9 Console user interface functions.........................................................................36
Table 10 Onboard Deployment Checklist ..........................................................................49
Table 11 Onboard Features................................................................................................51
Table 12 Platforms Supported by ClearPass Onboard......................................................51
Table 13 Properties Available for Use with the
(nwa_mdps_ocnfig) Smarty Template
Function66
Table 14 Subject Alternative Name Fields Supported When Creating a TLS Client Certifi-
cate Signing Request82
Table 15 Types of Certificate Supported by Onboard Certificate Management................83
Table 16 Device Information Stored in TLS Client Certificates ..........................................92
Table 17 RADIUS Attributes Included with a Device Authentication Request. ................111
Table 18 Web Login Page Syntax ....................................................................................135
Table 19 Operators supported in filters............................................................................184
Table 20 Operators supported in filters............................................................................188
Table 21 Server Type Parameters ....................................................................................192
Table 22 LDAP Error Messages .......................................................................................195
Table 23 Template Variables ............................................................................................198
Table 24 Operators supported in filters............................................................................212
Table 25 Operators supported in filters............................................................................215
Table 26 Account Expiration Types..................................................................................227
Table 27 Visitor Management Forms and Views..............................................................228
Table 28 Operators supported in filters............................................................................281
Table 29 Operators supported in filters............................................................................297
Table 30 Default Table Layouts........................................................................................347
Table 31 Transposed Table Layouts ................................................................................347
Table 32 Template Variables ............................................................................................348
Table 33 Default Interface Settings ..................................................................................364
Table 34 Network Interface States ...................................................................................368
Table 35 Sylog Priority Levels ..........................................................................................404
Table 36 Cluster Status Descriptions...............................................................................430
Table 37 Failure Modes ....................................................................................................436
Table 38 Standard HTML Tags ........................................................................................441
Table 39 Formatting Classes............................................................................................442
Table 40 Smarty Modifiers ...............................................................................................445
Table 41 Navigation Tags.................................................................................................451
Table 42 Date and Time Formats .....................................................................................455
18 | ClearPass Guest 3.9 | Deployment Guide
Table 43 Date and Time Format Strings...........................................................................456
Table 44 Parsing Options .................................................................................................459
Table 45 NwaVLookup Options........................................................................................461
Table 46 GuestManager Standard Fields.........................................................................462
Table 47 Hotspot Standard Fields....................................................................................469
Table 48 SMS Services Standard Fields..........................................................................470
Table 49 SMPT Services Standard Fields........................................................................471
Table 50 Picture String Symbols......................................................................................472
Table 51 Picture String Example Passwords ...................................................................473
Table 52 Complexity Requirements .................................................................................475
Table 53 Form Field Display Functions ............................................................................476
Table 54 Display Expressions for Data Formatting ..........................................................478
Table 55 PHP Variables....................................................................................................479
Table 56 General Configuration Settings .........................................................................487
Table 57 Security Configuration Settings.........................................................................489
Table 58 Proxy Configuration Settings.............................................................................489
Table 59 Thread Pool Settings .........................................................................................490
Table 60 Authentication Module Configuration Settings..................................................491
Table 61 Database Modeule Configuration Settings........................................................492
Table 62 Optional EAP Module Options...........................................................................493
Table 63 LDAP Module Settings ......................................................................................495
Table 64 Rewrite Module Configuration Settings.............................................................498
Table 65 Regular Expressions for Pattern Matching........................................................502
ClearPass Guest 3.9 | Deployment Guide ClearPass Guest | 19
Chapter 1
ClearPass Guest
Collaboration between companies and mobility of staff has never been greater. Distributed workforces,
traveling sales staff and a dependence on outsourced contractors and consultants requires efficient
management, which can pose problems for network security and operational staff.
With visitors increasingly requiring online access to perform their work, ClearPass Guest provides a simple
interface that can quickly create and manage visitor accounts within a pre-defined security profile. The
faster and easier staff can connect with visitors, the quicker they can start being productive.
ClearPass Guest provides a simple and personalized user interface through which operational staff can
quickly and securely manage visitor network access. With ClearPass Guest, your non-technical staff have
controlled access to a dedicated visitor management user database. Through a customizable Web portal,
your staff can easily create an account, reset a password, or set an expiry time for visitors. Access
permissions to ClearPass Guest functions are controlled through an operator profile that can be integrated
with an LDAP server or Active Directory login.
Visitors can be registered at reception and provisioned with an individual guest account that defines their
visitor profile and the duration of their visit. The visitor can be given a customized print receipt with
account details or they can be delivered wirelessly using the integrated SMS services. Companies are also
able to pre-generate custom scratch cards, each with a defined network access time, which can then be
handed out in a corporate environment or sold in public access scenarios.
Using the built-in customization features, your visitors are also able to self-provision their own guest
accounts using the settings you have defined. The registration experience is delivered with a branded and
customized Web portal, ensuring a streamlined and professional user experience. Visitors may also be
asked to complete additional survey questions during the self-registration process, with the collected data
stored for later analysis by the reporting system to provide additional feedback on your visitors and their
usage of the network.
ClearPass Guest integrates with all leading wireless and NAC solutions through its AAA enterprise services
interface. This ensures that IT administrators have a standard integration with the network security
framework, but gives operational staff the user interface they require.
ClearPass Guest is an effective solution to resolve the ever-growing demand for network access from
external visitors, contractors and business partners.
About this Manual
This deployment guide is intended for system administrators and the persons installing and configuring
ClearPass Guest. It takes you through the process of installing and configuring ClearPass Guest as your
solution for visitor management.
Documentation Conventions
Tab and button names are shown in bold, preceded by the appropriate icon, for example, Save
Changes.
Code samples are shown in a fixed-width font; for example:
Sample template code or HTML text
Command link icons are shown in the margin. These icons are used within the ClearPass Guest user
interface to visually identify the different components of the software.
20 |ClearPass Guest ClearPass Guest 3.9 | Deployment Guide
Documentation Overview
Click the context-sensitive Help link displayed at the top right of each page to go directly to the relevant
section of the deployment guide.
The following quick links may be useful in getting started.
A brief outline of this deployment guide includes:
Chapter 2, “Management Overview” provides an overview of the processes and interactions involved in
visitor management.
Chapter 3, “Setup Guide” covers the hardware installation (or virtual appliance deployment) and initial
configuration of the ClearPass Guest servcr.
Chapter 5, “RADIUS Services” provides reference material about implementing network access control
using ClearPass Guest’s RADIUS services.
Chapter 6, “Operator Logins” describes how to define operator profiles and operator logins for
ClearPass Guest, including integrating operator logins with an LDAP directory server.
Chapter 7, “Guest Management” explains the built-in guest management features and the customization
options for provisioning guest accounts, including setting up guest self-provisioning and defining new
SMS or email receipts.
Chapter 8, “Report Management” covers the use of the built-in reports and explains how to create new
reports to summarize visitor account information and network usage accounting data.
Chapter 9, “Administrator Tasks” describes the configuration and maintenance tools used by network
administrators to manage ClearPass Guest.
Chapter 10, “Hotspot Manager” introduces the optional features that may be used to deploy a
commercial hotspot and enable visitors to purchase self-provisioned network access.
Table 1Quick Links
For information about... Refer to...
What visitor management is and how it works “Management Overview”
Using the guest management features “Standard Guest Management Features”
Running reports “Running and Managing Reports”
Creating new reports “Creating Reports”
Role-based access control for operators “Operator Profiles”
Setting up LDAP authentication for operators “LDAP Operator Authentication”
Guest self-provisioning features “Self Provisioned Guest Access”
Dynamic authorization extensions “RFC 3576 Dynamic Authorization”
SMS receipts for guest accounts “SMS Services”
Email receipts for guest accounts “SMTP Services”
Network administration of the appliance “Administrator Tasks”
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
/