Users Guide
566 | Use Cases Dell Networking W-ClearPass Policy Manager 6.4 |User Guide
This step is optional if no Role Mapping Policy is provided, or if you want to establish health or roles using an
audit. An audit server determines health by performing a detailed system and health vulnerability analysis
(NESSUS). You can also configure the audit server (NMAP or NESSUS) with post-audit rules that enable
Policy Manager to determine client identity.
Navigation Settings
Configure the Audit Server:
l Audit (tab) >
l Audit End Hosts (enable) >
l Audit Server (selector):
NMAP
l Trigger Conditions (radio
button): For MAC
authentication requests
l Reauthenticate client (check
box): Enable
Table 366:
Audit Server Navigation and Settings
Upon completion of the audit, Policy Manager caches Role (NMAP and NESSUS) and Posture (NESSUS), then
resets the connection (or the switch reauthenticates after a short session timeout), triggering a new request,
which follows the same path until it reaches Role Mapping/Posture/Audit; this appends cached information
for this client to the request for passing to Enforcement. Select an Enforcement Policy.
4. Select the Enforcement Policy Sample_Allow_Access_Policy:
Navigation Setting
Select the Enforcement Policy:
l Enforcement (tab) >
l Use Cached Results (check
box): Select Use cached Roles
and Posture attributes from
previous sessions >
l Enforcement Policy
(selector):
UnmanagedClientPolicy
l When you are finished with
your work in this tab, click
Save.
Table 367:
Enforcement Policy Navigation and Settings
Unlike the 802.1X Service, which uses the same Enforcement Policy (but uses an explicit Role Mapping
Policy to assess Role), in this use case Policy Manager applies post-audit rules against attributes captured by
the Audit Server to infer Role(s).
5. Save the Service.
Click Save. The Service now appears at the bottom of the Services list.