Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

111

112

113

114

115

116

117

118

119

120

l Select an Audit Server - either built-in or customized. See "Configuring Audit Servers" on page 233 for audit server

configuration steps.

l Select an Audit Trigger Condition:

n Always

n When posture is not available

n For MAC authentication requests. If you select this, then select also one of:

n For known end-hosts only

n For unknown end hosts only

n For all end hosts

Known end hosts are defined as those clients that are found in the authentication source(s) associated with this service.

l Select an Action after audit. Performing audit on a client is an asynchronous task, which means the audit can be

performed only after the MAC authentication request has been completed and the client has acquired an IP address

through DHCP. Once the audit results are available, there should be a way for Policy Manager to re-apply policies

on the network device. This can be accomplished in one of the following ways:

n No Action: The audit will not apply policies on the network device after this audit.

n Do SNMP bounce: This option will bounce the switch port or force an 802.1X reauthentication (both done via

SNMP).

n Bouncing the port triggers a new 802.1X/MAC authentication request by the client. If the audit server already

has the posture token and attributes associated with this client in its cache, it returns the token and the attributes

to Policy Manager.

n Trigger RADIUS CoA action: This option sends a RADIUS Change of Authorization command to the

network device by Policy Manager.

Profiler Tab

The Profiler tab is not visible by default. To access it, select the Profile Endpoints check box on the Services tab.

Select one or more Endpoint Classification items from the drop-down list, then select the RADIUS CoA action. You

can also create a new action by selecting the Add new RADIUS CoA Action link.

RADIUS Proxy

Configure this service for any kind of RADIUS request that needs to be proxied to another RADIUS server (a Proxy

Target).

There are no default rules associated with this service type. Rules can be added to handle any type of standard or

vendor-specific RADIUS attributes. Typically, proxying is based on a realm or the domain of the user trying to access

the network.

Configuration for this service is the same as RADIUS Enforcement (Generic), except that you do not configure

Authentication or Posture with this service type, but you do configure Proxy Targets – the servers to which requests

are proxied. Requests can be dispatched to the proxy targets randomly. Over time these requests are Load Balanced.

Otherwise, in the Failover mode, requests can be dispatched to the first proxy target in the ordered list of targets, and

then subsequently to the other proxy targets if the prior requests failed. When you Enable proxy for accounting

requests accounting requests are also sent to the proxy targets.

Refer to "RADIUS Enforcement (Generic)" on page 112 for more information.

Dell Networking W-ClearPass Policy Manager 6.3 | User Guide Services | 115