Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
121122123124125126127128129130
124 | Services Dell Networking W-ClearPass Policy Manager 6.3 |User Guide
Enforcement Tab
The Enforcement tab is where you select an enforcement policy for a service. You must select one.
See "Configuring Enforcement Policies" on page 281 for more information.
Audit Tab
By default, this type of service does not have Audit checking enabled and the Audit tab is not visible. To access it and
enable posture checking for this service select the Audit End-hosts check box on the Service tab.
l Select an Audit Server - either built-in or customized. See "Configuring Audit Servers" on page 237 for audit server
configuration steps.
l Select an Audit Trigger Condition:
n Always
n When posture is not available
n For MAC authentication requests. If you select this, then select also one of:
n For known end-hosts only
n For unknown end hosts only
n For all end hosts
Known end hosts are defined as those clients that are found in the authentication source(s) associated with this service.
l Select an Action after audit. Performing audit on a client is an asynchronous task, which means the audit can be
performed only after the MAC authentication request has been completed and the client has acquired an IP address
through DHCP. Once the audit results are available, there should be a way for Policy Manager to re-apply policies
on the network device. This can be accomplished in one of the following ways:
n No Action: The audit will not apply policies on the network device after this audit.
n Do SNMP bounce: This option will bounce the switch port or force an 802.1X reauthentication (both done via
SNMP).
n Bouncing the port triggers a new 802.1X/MAC authentication request by the client. If the audit server already
has the posture token and attributes associated with this client in its cache, it returns the token and the attributes
to Policy Manager.
n Trigger RADIUS CoA action: This option sends a RADIUS Change of Authorization command to the
network device by Policy Manager.
Services
The Services page shows the current list and order of services that CPPM follows during authentication and
authorization. You can use the default service types as configured, or you can add additional services. Services
included in "[]" indicate default services.
For more information, see:
l "Adding Services" on page 125
l "Modifying Services" on page 128
l "Reordering Services" on page 130