Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

101

102

103

104

105

106

107

108

109

110

110 | Services Dell Networking W-ClearPass Policy Manager 6.3 |User Guide

l Modify it.

For more information on configuring authorization sources, see "Adding and Modifying Authentication Methods" on

page 133.

Roles Tab

To associate a role mapping policy with this service click on the Roles tab. For information on configuring role

mapping policies, see "Configuring a Role Mapping Policy" on page 191.

Enforcement Tab

The Enforcement tab is where you select an enforcement policy for a service. You must select one.

See "Configuring Enforcement Policies" on page 281 for more information.

Audit Tab

By default, this type of service does not have Audit checking enabled and the Audit tab is not visible. To access it and

enable posture checking for this service select the Audit End-hosts check box on the Service tab.

l Select an Audit Server - either built-in or customized. See "Configuring Audit Servers" on page 237 for audit server

configuration steps.

l Select an Audit Trigger Condition:

n Always

n When posture is not available

n For MAC authentication requests. If you select this, then select also one of:

n For known end-hosts only

n For unknown end hosts only

n For all end hosts

Known end hosts are defined as those clients that are found in the authentication source(s) associated with this service.

l Select an Action after audit. Performing audit on a client is an asynchronous task, which means the audit can be

performed only after the MAC authentication request has been completed and the client has acquired an IP address

through DHCP. Once the audit results are available, there should be a way for Policy Manager to re-apply policies

on the network device. This can be accomplished in one of the following ways:

n No Action: The audit will not apply policies on the network device after this audit.

n Do SNMP bounce: This option will bounce the switch port or force an 802.1X reauthentication (both done via

SNMP).

n Bouncing the port triggers a new 802.1X/MAC authentication request by the client. If the audit server already

has the posture token and attributes associated with this client in its cache, it returns the token and the attributes

to Policy Manager.

n Trigger RADIUS CoA action: This option sends a RADIUS Change of Authorization command to the

network device by Policy Manager.

Profiler Tab

The Profiler tab is not visible by default. To access it, select the Profile Endpoints check box on the Services tab.

Select one or more Endpoint Classification items from the drop-down list, then select the RADIUS CoA action. You

can also create a new action by selecting the Add new RADIUS CoA Action link.