Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

191

192

193

194

195

196

197

198

199

200

Enforcement

Profile

Template

Description

C—Cisco

Downloadable

ACL

Enforcement

Enforcement profile template for Cisco IOS downloadable ACLs.

D—Cisco Web

Authentication

Enforcement

Enforcement profile template to set Cisco Web Authentication ACLs.

E—(Generic)

RADIUS-

Based

Authentication

Type is any RADIUS vendor dictionary that is pre-packaged with Policy Manager, or

imported by the Administrator. This field is prepopulated with the dictionary names.

Name is the name of the attribute from the dictionary selected in the Type field. The

attribute names are prepopulated from the dictionary.

Value is the value of the attribute. If the value has prepopulated values is the dictionary,

these appear in a drop-down list. Otherwise, you can enter freeform text.

An Enforcement Profile can also contain dynamic values (as received in the request or

authentication handshake, or as derived by the Policy Manager policy system).

For example, to set the name of the VLAN to the name of the role, enter %{Tips:Role}

as the value for RADIUS:IETF:Tunnel-Private-Group-Id. These dynamic values

must be entered in the following format, without any spaces: %

{namespace:attribute-name}.

For convenience, the value field also has a drop down that contains all the authorization

attributes. You can use these directly to assign dynamic values in the profile. Refer to

figure above.

RADIUS CoA Enforcement Profiles

The RADIUS CoA tab contains a template type and the actions associated with that template type.

The RADIUS CoA Enforcement Profile tab loads the CoA template attributes supported a specific template.

Interface Description

Select

RADIUS

CoA

Template

The supported template types are:

l Cisco - Disable-Host-Port

l Cisco - Bounce-Host-Port

l Cisco - Reauthenticate-Session

l HP - Change-VLAN

l HP - Generic-CoA

Attributes The RADIUS (standard and vendor-specific) shown here are base on the CoA Template

selected from the drop down. Fill in values for all entries marked “Enter value here”. The

other pre-filled attributes must not be deleted, since the device requires these to be present.

SNMP Enforcement Profiles

The SNMP tab contains a VLAN identifier and timeout.

Dell Networking W-ClearPass Policy Manager 6.2 | User Guide 198