Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

121

122

123

124

125

126

127

128

129

130

Label Description

Monitor

Mode

Optionally check the Enable to monitor network access without enforcement to allow

authentication and health validation exchanges to take place between endpoint and Policy

Manager, but without enforcement. In monitor mode, no enforcement profiles (and

associated attributes) are sent to the network device.

Policy Manager also allows

Policy Simulation

(Monitoring > Policy Simulation) where the

administrator can test for the results of a particular configuration of policy components.

Options

Select any of the available check boxes to enable the configuration tabs for those options.

The available check boxes varies based on the type of service that is selected and may

include one or more of the following:

l Authorization: Select an authorization source from the drop-down list to add the source

or select the Add new Authentication Source link to create a new source.

l Posture Compliance: Select a Posture Policy from the drop-down list to add the policy

or create a new policy by clicking the link. Select the default Posture token. Specify

whether to enable auto-remediation of non-compliant end hosts. If this is enabled, then

enter the Remediation URL. Finally, specify the Posture Server from the drop-down list

or add a new server by clicking the Add new Posture Server link.

l Audit End-hosts: Select an Audit Server, either built-in or customized. Refer to

"Configuring Audit Servers" on page 233 for audit server configuration steps. For this

type of service you can perform audit Always, When posture is not available, or For

MAC authentication requests.

You can specify to trigger an audit always, when posture is not available, or for MAC

authentication requests. If For MAC authentication requests is specified, then you can

perform an audit For known end-hosts only or For unknown end hosts only, or For all

end hosts. Known end hosts are defined as those clients that are found in the

authentication source(s) associated with this service. Performing audit on a client is an

asynchronous task, which means the audit can be performed only after the MAC

authentication request has been completed and the client has acquired an IP address

through DHCP. Once the audit results are available, there should be a way for Policy

Manager to re-apply policies on the network device. This can be accomplished in one

of the following ways:

n No Action: The audit will not apply policies on the network device after this audit.

n Do SNMP bounce: This option will bounce the switch port or force an 802.1X re

authentication (both done via SNMP).

NOTE: Bouncing the port triggers a new 802.1X/MAC authentication request by the client.

If the audit server already has the posture token and attributes associated with this client in

its cache, it returns the token and the attributes to Policy Manager.

n Trigger RADIUS CoA action: This option sends a RADIUS Change of Authorization

command to the network device by Policy Manager.

l Optionally configure Profiler settings. Select one or more Endpoint Classification items

from the drop down list, then select the RADIUS CoA action. You can also create a new

action by selecting the Add new RADIUS CoA Action link.

Table 43:

Service Page (General Parameters) (Continued)

Dell Networking W-ClearPass Policy Manager 6.3 | User Guide Services | 125