Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
71727374757677787980
71 Dell Networking W-ClearPass Policy Manager 6.2 | User Guide
Service Type Description
By default, this type of service does not have Audit checking enabled. To enable
posture checking for this service select the Audit End-hosts check box on the Service
tab.
Select an Audit Server - either built-in or customized. Refer to "Configuring Audit
Servers" on page 180 for audit server configuration steps.
You can specify to trigger an audit always, when posture is not available, or for MAC
authentication requests. If For MAC authentication requests is specified, then you can
perform an audit For known end-hosts only or For unknown end hosts only, or For all
end hosts. Known end hosts are defined as those clients that are found in the
authentication source(s) associated with this service. Performing audit on a client is an
asynchronous task, which means the audit can be performed only after the MAC
authentication request has been completed and the client has acquired an IP address
through DHCP. Once the audit results are available,there should be a way for Policy
Manager to re-apply policies on the network device. This can be accomplished in one
of the following ways:
l No Action: The audit will not apply policies on the network device after this audit.
l Do SNMP bounce: This option will bounce the switch port or to force an 802.1X
reauthentication (both done via SNMP).
NOTE: Bouncing the port triggers a new 802.1X/MAC authentication request by the
client. If the audit server already has the posture token and attributes associated with
this client in its cache, it returns the token and the attributes to Policy Manager.
l Trigger RADIUS CoA action: This option sends a RADIUS Change of Authorization
command to the network device by Policy Manager.
You must select an enforcement policy (see "Configuring Enforcement Policies " on
page 204) for a service.
Optionally configure Profiler settings. Select one or more Endpoint Classification items
from the drop down list, then select the RADIUS CoA action. You can also create a new
action by selecting the Add new RADIUS CoA Action link.
To create an authorization source for this service click on the Authorization tab. This tab
is not visible by default. To enable Authorization for this service select the Authorization
check box on the Service tab. Policy Manager fetches role mapping attributes from the
authorization sources associated with service, regardless of which authentication
source was used to authenticate the user. For a given service, role mapping attributes
are fetched from the following authorization sources: