Passport 3.0
Passport provides RADIUS authentification services for secure network acces with a very high degree of funcionality and configurability:
RADIUS Services
Main features:
- RADIUS authentication services and accounting supporting multiple authentication methods (PAP, CHAP, MSCHAP, MACHAPv2, MD5, GTC, TTLS, PEAP and TLS).
- Optional authorization and session policies with support of session control through Change of Authorization (CoA) functionality.
- Multiple authentication profiles.
- HTTPS login portals.
- User auto registration portals with optional contact authorization.
- Certification authorities for certificate based authentication (TLS).
- Client hardware address caching.
- HTTPS enrollment portals for certificate based authentication (TLS) client auto provisioning.
- Trends. Long term authentication, performance and traffic reports.
- Extensive help with application examples for Aruba, Fortinet and AirPort access devices.
- Added disable MAC randomization option in Apple profiles.
- High Availability, run 2 Passport servers to form a cluster with automatic synchronization.
Configuration overview
A graphical view of RADIUS clients, authentication profiles and identity databases allows you to review the current configuration easily and check how these objects are interacting.
RADIUS clients and LDAP servers can be monitored to detect when they are unavailable.
Configurability
It is possible to set very complex configurations entirely from the graphical user interface.
Multiple authentication profiles allow to provide different authentication services simultaneously. Each profile can use several user identity databases to authenticate and authorize network clients. Identity sources include local user databases, local Certification Authorities and external LDAP servers.
Authentication profiles
Authentication profile establish RADIUS authentication services with particular characteristics and can additionally define an HTTPS authentication portals.
Profiles optionally establish authorization and session policies with support of session control through Change of Authorization (CoA) functionality. Policies can check RADIUS attributes, session parameters and client device type.
Authentication portals
Authentication portals provide layer 3 authentication in which the user enters their credentials using its web browser to get access to the network. To automate the process of the user account creation, user auto registration with optional contact authorization is available.
Authentication portals are normally used to implement guest access. Client hardware address authentication can be enabled to prevent customers from having to re-authenticate during a period of time.
Enrollment portals
Digital identities generated by local Certification Authorities (CA's) are used to implement certiticate based authentication (TLS).
To automate the distribution and installation of the digital identities to the client devices, each CA can define an enrollment portal to provide client auto provisioning.
Detailed session information
Authentications and sessions are shown in real time and you can get detailed information about the authentication method, the identity database used to authenticate the user and session data obtained through RADIUS accounting received from the access device such as the client IP address and the download and upload traffic.
Additionally, the request, reply and session RADIUS attributes can be examined for debugging.
Session charts
Several graphical trend reports are available have visibility of processed authentication and accounting requests and user sessions.
Traffic Charts
Trend traffic reports provide charts with the download and upload traffic of the network users.
Distribution charts
A graphical view of RADIUS clients, authentication profiles and identity databases allows you to review the current configuration easily and check how these objects are interacting.
RADIUS clients and LDAP servers can be monitored to detect when they are unavailable.
Trend reports
Authentication and session information can be optionally stored in the trends database to provide long term visibility of services usage and user activity.
Authentication and session summary and detailled views are available through trend reports with several filtering options.
What’s new in Passport 3.0?
High Availability
Install 2 Passport servers to form a cluster with automatic syncronization of configuration, user databasses and CA directories.
Both servers provide authentication services but only the Primary one allows to modify the Passport configuration. The Primary server sets the configuration of the Secondary and when changes are made to the Primary configuration, it is automatically synchronized on the Secondary server.
If you configure the NAS (Network Access Server) or a load balancing device with the IP address of both Passport servers, if one Passport server becomes unavailable, the authentications can be done using the other Passport server:
Mode popup.
Standalone.
The server is not part or a High Availability cluster.
Primary.
Set server as primary.
Secondary.
Set server as secondary.
Modifications of the Passport configuration must be done in the Primary server. Changes are automatically copied to the Secondary server.
Learn more about Passport
We have implemented 4 extensive examples configurations in the user manual.
Therefore, ermitacode’s team will be pleased to help you and troubleshoot anything you need.
AirPort
Apple AirPort NAS device, as is shown in the following figure:
Fortigate
FortiWifi firewall (FW) NAS device, as is shown in the following figure:
Aruba Controller
Aruba controller NAS device and an Aruba Access Point (AP), as is shown in the following figure:
Aruba Instant configuration
The configuration examples are based on a Mac mini computer running the Passport application and an Aruba Instant (IAP) NAS device:
Although the devices used are configured with static IP addresses, it is necessary a DHCP service in the network segment in which the wireless clients are connected.
Download Passport
Download Passport through the macOS App Store
Download DEMO for a 30 days trial.
Find details and step-by-step instructions on how to use the software.