Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
121122123124125126127128129130
The mobility controller applies a Sales Department firewall role to this user's traffic. Typically for such a role, the
firewall rule applied would be IPany permit, which permits all IPtraffic.
802.1X Wired Authentication Traffic Flow
This same process applies to wired clients that connect to a Mobility Access Switch (MAS) or a third-party switch
and perform 802.1X authentication to the W-ClearPass Policy Manager server (see Figure 119).
Figure 119 Traffic flow for 802.1X Wired Authentication with Active Directory
For more information about the Dell Mobility Access Switch and 802.1X authentication, see Mobility Access
Switch Configuration for 802.1X Authentication on page 165.
Troubleshooting 802.1X Configuration Issues
This section provides information on troubleshooting potential trouble spots when configuring Active
Directory and the Mobility Controller.
Active Directory Authentication Source Configuration Issues
1. If you have configured a hostname instead of an IP address for Active Directory server in the Server field
(see ), ensure that the Active Directory hostname is resolved by the Domain Name System (DNS).
2. Ensure the Bind DN credentials have read access to the Active Directory locations where users and
computers are present.
3. Verify that the username used for Bind DN is not locked in the Active Directory.
4. While joining W-ClearPass to the Active Directory domain, use the Fully Qualified Domain Name (FQDN) of
the Active Directory host and not just the Domain Name.
5. Verify that the W-ClearPass server’s time is synchronized with the Active Directory, as a clock skew will cause
the join domain operation to fail (for details, see Confirming the Date and Time Are in Sync on page 94).
The maximum allowed clock skew between the W-ClearPass server and the Active Directory server is five minutes.
Mobility Controller Configuration Issues
1. Ensure that the Role information that was sent to the mobility controller via enforcement matches the role
defined in the mobility controller.
2. If authentication requests are not visible in the Access Tracker, verify the following:
a. Verify the shared secret in the mobility controller and W-ClearPass Policy Manager’s Network Access
Device configuration. Shared secret errors are shown in the W-ClearPass Policy Manager Event Viewer.
b. Ensure that the mobility controller’s IP address is configured correctly in W-ClearPass Policy Manager.
Dell Networking W-ClearPass Deployment Guide Preparing for 802.1X Wireless Authentication with Active Directory | 129