Reference Guide
Component Service:
component ratio
Description
A - Authentication Method Zero or more per
service
EAP or non-EAP method for client authentication.
Policy Manager supports four broad classes of authentication
m ethods:
l EAP, tunneled: PEAP, EAP-FAST, or EAP-TTLS.
l EAP, non-tunneled: EAP-TLS or EAP-MD5.
l Non-EAP, non-tunneled: CHAP, MS-CHAP, PAP, or MAC-
AUTH.
l MAC_AUTH must be used exclusively in a MAC-based
Authentication Service. When the MAC_AUTH method is
selected, Policy Manager: (1) makes internal checks to
verify that the request is indeed a MAC Authentication
request (and not a spoofed request) and (2) makes sure
that the MAC address of the device is present in the
authentication source.
Some Services (for example, TACACS+) contain internal
authentication methods; in such cases, Policy Manager does
not make this tab available.
B - Authentication Source Zero or more per
service
An Authentication Source is the identity repository against
w hich Policy Manager verifies identity. It supports these
Authentication Source types:
l Mi crosoft Active Directory
l and LDAP compliant directory
l RSA or other RADIUS-based token servers
l SQL database, including the local user store.
l Static Host Lists, in the case of MAC-based Authentication
of managed devices.
C - Authorization Source One or more per
Authentication
Source and zero or
m ore per service
An Authorization Source collects attributes for use in Role
Mappi ng Rules. You specify the attributes you want to collect
w hen you configure the authentication source. Policy
Manager supports the following authorization source types:
l Mi crosoft Active Directory
l any LDAP compliant directory
l RSA or other RADIUS-based token servers
l SQL database, including the local user store.
C - Role Mapping Policy Zero or one per
service
Policy Manager evaluates Requests against Role Mapping
Policy rules to match C lients to Role(s). All rules are evaluated
and Policy Manager may return more than one Role. If no
rul es match, the request takes the configured Default Role.
Some Services (for example, MAC-based Authentication) may
handl e role mapping differently:
l For MAC-based Authentication Services, where role
i nformation is not available from an authentication source,
an Audit Server can determine role by applying post-audit
rul es against the client attributes gathered during the
Table 1:
Policy Manager Service Components
2 Dell Networking W-ClearPass Policy Model 6.1 | An Introduction