Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

141

142

143

144

145

146

147

148

149

150

Label Description

Monitor

Mode

Optionally check the Enable to monitor network access without enforcement to allow

authentication and health validation exchanges to take place between endpoint and Policy

Manager, but without enforcement. In Monitor Mode, no enforcement profiles (and

associated attributes) are sent to the network device.

Policy Manager also allows Policy Simulation (Monitoring > Policy Simulation), where

the administrator can test the results of a particular configuration of policy components.

Options

Select any of the available check boxes to enable the configuration tabs for those options.

The available check boxes varies based on the type of service that is selected and may

include one or more of the following:

l Authorization: Select an authorization source from the drop-down list to add the

source or select the Add new Authentication Source link to create a new source.

l Posture Compliance: Select a Posture Policy from the drop-down list to add the policy

or create a new policy by clicking the link. Select the default Posture token. Specify

whether to enable auto-remediation of non-compliant end hosts. If this is enabled, then

enter the Remediation URL. You can specify the Posture Server from the drop-down

list or add a new server by clicking the Add new Posture Server link.

l Audit End-hosts: Select an Audit Server, either built-in or customized. Refer to

Configuring Audit Servers on page 250 for audit server configuration steps. For this

type of service, you can perform audit Always, When posture is not available, or

For MAC authentication requests.

You can specify to trigger an audit always, when posture is not available, or for MAC

authentication requests. If For MAC authentication requests is specified, then you

can perform an audit For known end-hosts only or For unknown end hosts only,

or For all end hosts. Known end hosts are defined as those clients that are found in

the authentication source(s) associated with this service. Performing audit on a client

is an asynchronous task, which means the audit can be performed only after the MAC

authentication request has been completed and the client has acquired an IP address

through DHCP. Once the audit results are available, Policy Manager re-applies policies

on the network deviceby one of the following ways:

n No Action: The audit does not apply policies on the network device after this audit.

n Do SNMP bounce: This option bounces the switch port or force an 802.1X re-

authentication (both done using SNMP).

NOTE: Bouncing the port triggers a new 802.1X or MAC authentication request by the

client. If the audit server already has the posture token and attributes associated with this

client in its cache, it returns the token and the attributes to Policy Manager.

n Trigger RADIUS CoA action: This option sends a RADIUS CoA command to the

network device by Policy Manager.

Table 56:

Service Page (General Parameters) (Continued)

Dell Networking W-ClearPass Policy Manager 6.4 | User Guide Services | 121