Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

78 | Preparing the Mobility Controller for W-ClearPass PolicyManager Integ-

ration

Dell Networking W-ClearPass Deployment Guide

AAA Profile

Parameter

Action/Description Comments

Upon configuration, the following warning is

issued:

Warning: Increased max-IP limit can keep

system from scaling to max users on all master

and local controllers.

RADIUS Interim

Accounting

7. Enable this option to allow the mobility

controller to send Interim-Update

messages with current user statistics to

the RADIUS accounting server at regular

intervals.

This option is disabled by default,

allowing the mobility controller to send

only start and stop messages to the

RADIUS accounting server.

User derivation

rules

8. Click the User derivation rules drop-down

list to specify a user attribute profile from

which the user role or VLAN is derived.

Wired to Wireless

Roaming

9. Enable this feature to keep users

authenticated when they roam from the

wired side of the network.

This feature is enabled by default.

SIP authentication

role

10. To specify the role assigned to a Session

Initiation Protocol (SIP) client upon

registration, click the SIP authentication

role drop-down list.

NOTE: This feature requires a Policy

Enforcement Firewall Next Generation

(PEFNG) license.

Device Type

Classification

11. Enable this option to configure the mobility

controller to parse user-agent strings and

identify the type of device connecting to the

access point.

When the device type classification is

enabled, the Global Clients table shown

in the Monitoring > Network > All

WLAN Clients window shows each

client’s device type (if the client device

can be identified).

Enforce DHCP

12. Enable this option when you create a user

rule that assigns a specific role or VLAN

based upon the client device’s type.

NOTE: If a client is removed from the user

table by the “Logon user lifetime” AAA timer,

that client will not be able to send traffic until it

renews the DHCP lease.

When you select this option, clients must

obtain an IP address using the Dynamic

Host Configuration Protocol (DHCP)

before they are allowed to associate to

an access point.

PAN Firewalls

Integration

13. Enable this option to require mapping the

IP addresses of Palo Alto Networks

firewalls.