Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
81828384858687888990
84 | Preparing the Mobility Controller for W-ClearPass PolicyManager Integ-
ration
Dell Networking W-ClearPass Deployment Guide
l Configuring the W-ClearPass Server as a CoA Server
l Using the CLI
About the CoA Server
This section describes how to configure the W-ClearPass server as a CoA (Change of Authorization) server.
You can configure a RADIUS server to send user disconnect, change of authorization (CoA), and session
timeout messages as described in RFC 3576, Dynamic Authorization Extensions to Remote Dial In User Service
(RADIUS).
The disconnect, session timeout, and change of authorization messages sent from the server to the mobility
controller contain information to identify the user for whom the message is sent.
The mobility controller supports the following attributes for identifying the users who authenticate with an RFC
3576 server:
l user-name: Name of the user to be authenticated.
l framed-ip-address: User’s IP address.
l calling-station-id: Phone number of a station that originated a call.
l accounting-session-id: Unique accounting ID for the user session.
If the authentication server sends both supported and unsupported attributes to the mobility controller, the
unknown or unsupported attributes are ignored.
If no matching user is found, the mobility controller sends a 503: Session Not Found error message back to the
RFC 3576 server.
Configuring the W-ClearPass Server as a CoA Server
To configure the W-ClearPass server as a CoA server:
Before you configure any server as a CoA server, RADIUS CoA must be enabled on the device (for details, see Adding
a Mobility Controller to W-ClearPass Policy Manager).
1. On the mobility controller, navigate to Configuration > SECURITY > Authentication.
The Servers tab is displayed by default.
2. To display the list of RFC 3576 servers, select RFC 3576 Server.
3. If the W-ClearPass server’s IP address is not already listed in the list of RFC 3576 servers, enter the IP
address of the W-ClearPass server in the Add text box, then click Add.
Figure 72 Adding an RFC3576 Server
The IPaddress of the W-ClearPass server is displayed in the list of RFC 3576 servers.
4. To configure the server parameters, click the name (which is the IP address) of the newly created RFC 3576
server.
The following dialog appears.