Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
71727374757677787980
75 Dell Networking W-ClearPass Policy Manager 6.2 | User Guide
Service Type Description
MAC
Authentication
MAC-based authentication service, for clients without an 802.1X supplicant or a posture
agent (printers, other embedded devices, and computers owned by guests or
contractors). The network access device sends a MAC authentication request to Policy
Manager. Policy Manager can look up the client in a white list or a black list,
authenticate and authorize the client against an external authentication/authorization
source, and optionally perform an audit on the client.
The default Authentication method used for this type of service is [MAC AUTH], which is
a special type of method called MAC-AUTH. When this authentication method is
selected, Policy Manager does stricter checking of the MAC Address of the client. This
type of service can use either a built-in static host list (refer to Adding and Modifying
Static Host Lists ), or any other authentication source for the purpose of white-listing or
black-listing the client. You can also specify the role mapping policy, based on
categorization of the MAC addresses in the authorization sources.
NOTE: You cannot configure Posture for this type of service.
Audit can optionally be enabled for this type of service by checking the Audit End-hosts
check box on the Service tab.
You can perform audit For known end-hosts only or For unknown end hosts only or For
all end hosts. Known end hosts are defined as those clients that are found in the
authentication source(s) associated with this service. Performing audit on a client is an
asynchronous task, which means the audit can be performed only after the MAC
authentication request has been completed and the client has acquired an IP address
through DHCP. Once the audit results are available, there should be a way for Policy
Manager to re-apply policies on the network device. This can be accomplished in one
of the following ways:
l No Action: The audit will not apply policies on the network device after this audit.
l Do SNMP bounce: This option will bounce the switch port or to force an 802.1X
reauthentication (both done via SNMP).Note: Bouncing the port triggers a new
802.1X/MAC authentication request by the client. If the audit server already has the
posture token and attributes associated with this client in its cache, it returns the
token and the attributes to Policy Manager.
l Trigger RADIUS CoA action: This option sends a RADIUS Change of Authorization
command to the network device by Policy Manager.
Refer to the "802.1X Wireless " on page 69 service type for a description of the other
tabs.