Users Guide
73 Dell Networking W-ClearPass Policy Manager 6.2 | User Guide
Service Type Description
Select an Audit Server - either built-in or customized. Refer to "Configuring Audit
Servers" on page 180 for audit server configuration steps.
You can specify to trigger an audit always, when posture is not available, or for MAC
authentication requests. If For MAC authentication requests is specified, then you can
perform an audit For known end-hosts only or For unknown end hosts only, or For all
end hosts. Known end hosts are defined as those clients that are found in the
authentication source(s) associated with this service. Performing audit on a client is an
asynchronous task, which means the audit can be performed only after the MAC
authentication request has been completed and the client has acquired an IP address
through DHCP. Once the audit results are available, there should be a way for Policy
Manager to re-apply policies on the network device. This can be accomplished in one
of the following ways:
l No Action: The audit will not apply policies on the network device after this audit.
l Do SNMP bounce: This option will bounce the switch port or to force an 802.1X
reauthentication (both done via SNMP).Note: Bouncing the port triggers a new
802.1X/MAC authentication request by the client. If the audit server already has the
posture token and attributes associated with this client in its cache, it returns the
token and the attributes to Policy Manager.
l Trigger RADIUS CoA action: This option sends a RADIUS Change of Authorization
command to the network device by Policy Manager.
You must select an enforcement policy (see "Configuring Enforcement Policies " on
page 204) for a service.
Optionally configure Profiler settings. Select one or more Endpoint Classification items
from the drop down list, then select the RADIUS CoA action. You can also create a new
action by selecting the Add new RADIUS CoA Action link.