Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

271

272

273

274

275

276

277

278

279

280

Parameter Description

Audit

Server/Add

new Audit

Server

Select a built-in server profile from the list:

l The [Nessus Server] performs vulnerability scanning. It returns a Healthy/Quarantine

result.

l The [Nmap Audit] performs network port scans. The health evaluation always

returns Healthy. The port scan gathers attributes that allow determination of Role

(s) through post-audit rules.

NOTE: For Policy Manager to trigger an audit on an end-host, it needs to get the IP

address of this end-host. The IP address of the end-host is not available at the time of

initial authentication, in the case of 802.1X and MAC authentication requests. Policy

Manager has a built-in DHCP snooping service that can examine DHCP request and

response packets to derive the IP address of the end-host. For this to work, you need to

use this service, Policy Manager must be configured as a DHCP “IP Helper” on your

router/switch (in addition to your main DHCP server). Refer to your switch

documentation for “IP Helper” configuration.

To audit devices that have a static IP address assigned, it is recommended that a static

binding between the MAC and IP address of the endpoint be created in your DHCP

server. Refer to your DHCP Server documentation for configuring such static bindings.

NOTE: Policy Manager does not issue the IP address; it just examines the DHCP traffic

in order to derive the IP address of the end-host.

Audit

Trigger

Conditions

l Always: Always perform an audit.

l When posture is not available: Perform audit only when posture credentials are

not available in the request.

l For MAC Authentication Request, If you select this option, then Policy Manager

presents three additional settings:

n For known end-hosts only. For example, when you want to reject unknown

end-hosts, but audit known clients for. Known end-hosts are defined as those

clients that are found in the authentication source(s) associated with this

service.

n For unknown end-hosts only. For example, when known end-hosts are

assumed to be healthy, but you want to establish the identity of unknown end-

hosts and assign roles. Unknown end-hosts are those end-hosts that are not

found in any of the authentication sources associated with this service.

n For all end-hosts. For both known and unknown end-hosts.

Re-

authenticate

client

Check the check box for Force re-authentication of the client after audit to bounce the

switch port or to force an 802.1X reauthentication (both done via SNMP).

NOTE: Bouncing the port triggers a new 802.1X/MAC authentication request by the

client. If the audit server already has the posture token and attributes associated with

this client in its cache, it returns the token and the attributes to Policy Manager.

Table 140:

Audit tab

Modifying Built-In Audit Servers

To reconfigure a default Policy Manager Audit Servers:

1. Open the audit server profile.

Navigate to Configuration > Posture > Audit Servers, then select an Audit Server from the list of

available servers.

Dell Networking W-ClearPass Policy Manager 6.4 | User Guide Audit Servers | 251