Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
101102103104105106107108109110
Web-based Authentication
Configure this service for guests or agentless hosts that connect via the Dell built-in Portal. The user is redirected to
the Dell captive portal by the network device or by a DNS server that is set up to redirect traffic on a subnet to a
specific URL. The Web page collects username and password, and also optionally collects health information (on
Windows 7, Windows Vista, Windows XP, Windows Server 2008, Windows Server 2003, and popular Linux systems).
There is an internal service rule (Connection:Protocol EQUALS WebAuth) that categorizes requests into this type of
service. You can add additional rules, if needed.
Figure 67: Web-based Authentication Service
Service Tab
The Service tab includes basic information about the service including: Name, Description, and Service Type. When
adding a service, enter a Name and Description that will help you know what the service does without looking at its
details. The Service Type defines what can be configured.
Select the Monitor Mode check box to exclude enforcement.
Select any of the More Options check boxes to access that category of configuration options.
Service Rules define a set of criteria that supplicants must match to trigger the service. Some service templates have
one or more rules pre-defined. Click on a service rule to modify any of its options.
Authentication Tab
The Authentication tab contains options for configuring authentication sources.
l Authentication Sources: Select the Authentication Sources used for this type of service.
You can select one item in the list and use the buttons on the right to:
l Move it up or down.
The order of authentication matters. When a client tries to do 802.1X authentication, Policy Manager proposes the
first authentication method configured. The client can accept the authentication method proposed by Policy
Manager and continue authentication or send a NAK and propose a different authentication method. If this
authentication method is also configured, then authentication will proceed. Otherwise authentication will fail.
If most of the clients in the network use a particular authentication method, that authentication method should be
configured first in the list. This would reduce the number of RADIUS packet exchanged.
l Remove it.
l View its details.
l Modify it. (See "Adding and Modifying Authentication Methods" on page 131 and "Adding and Modifying
Authentication Sources" on page 149.)
You can also use the links on the right to add a new authentication method or source.
Dell Networking W-ClearPass Policy Manager 6.3 | User Guide Services | 109