Administrator Guide
Table Of Contents
- About W‑ClearPass Policy Manager
- Services
- Services Architecture and Flow
- Creating Service Templates
- Viewing the List of Services
- Viewing Existing Services
- Adding and Removing Services
- Reordering Services
- 802.1X Wired, 802.1X Wireless, and Dell 802.1X Wireless
- Auto Sign-On
- Dell VPN Access with Posture Checks
- Certificate/Two-Factor Authentication for W‑ClearPass Application Login
- W‑ClearPass Admin Access
- W‑ClearPass Admin SSO Login (SAML SP Service)
- W‑ClearPass Identity Provider (SAML IdP Service)
- Device MAC Authentication
- EDUROAM Service
- Encrypted Wireless Access via 802.1X Public PEAP method
- Guest Access
- Guest Access Web Login
- Guest Authentication with MAC Caching
- Guest Social Media Authentication
- OAuth2 API User Access
- Onboard
- Policy Manager Service Types
- 802.1X Wired
- 802.1X Wired - Identity Only
- Dell 802.1X Wireless
- 802.1X Wireless - Identity Only
- Dell 802.1X Wireless
- Cisco Web Authentication Proxy
- MAC Authentication
- RADIUS Authorization
- RADIUS Enforcement (Generic)
- RADIUS Proxy
- Dell W-Series Application Authentication
- Dell W-Series Application Authorization
- W‑ClearPass OnConnect Enforcement
- Event-Based Enforcement
- TACACS+ Enforcement
- Web-based Authentication
- Web-based Health Check Only
- Web-based Open Network Access
- Monitoring
- Live Monitoring: Access Tracker
- Live Monitoring: Accounting
- Modifying the Accounting Page Parameters
- RADIUS Accounting Details > Summary Tab
- RADIUS Accounting Record Details > Auth Sessions Tab
- RADIUS Accounting Record Details > Utilization Tab
- RADIUS Accounting Record Details > Details Tab
- TACACS+ Accounting Record Details > Request Tab
- TACACS+ Accounting Record Details > Auth Sessions Tab
- TACACS+ Accounting Record Details > Details Tab
- Live Monitoring: OnGuard Activity
- Live Monitoring: Analysis and Trending
- Live Monitoring: System Monitor
- Profiler and Discovery
- Profiler and Discovery: Endpoint Profiler
- Profiler and Discovery: Network Discovery
- Audit Viewer
- Event Viewer
- Data Filters
- Restoring Blacklisted Users to the Network
- Authentication and Authorization
- Configuring Identity Settings
- Posture
- Configuring Enforcement
- Configuring Enforcement Policies
- Configuring Enforcement Profiles
- Adding an Enforcement Profile
- Modifying an Existing Enforcement Profile
- Agent Enforcement
- Aruba Downloadable Role Enforcement
- Aruba RADIUS Enforcement
- Cisco Downloadable ACL Enforcement
- Cisco Web Authentication Enforcement
- ClearPass Entity Update Enforcement
- CLI Based Enforcement
- Filter ID Based Enforcement
- Generic Application Enforcement
- HTTP Based Enforcement
- RADIUS Based Enforcement
- RADIUS Change of Authorization (CoA)
- Session Notification Enforcement
- Session Restrictions Enforcement
- SNMP Based Enforcement
- TACACS+ Based Enforcement
- VLAN Enforcement
- Configuring Policy Simulation
- W‑ClearPass Policy Manager Profile
- Network Access Devices
- Administration
- W‑ClearPass Guest Portal
- Managing Admin Users
- Managing Admin Privileges
- Server Configuration
- Manage Policy Manager Zones
- Log Configuration
- Local Shared Folders
- License Management
- SNMP Trap Receivers
- Syslog Targets
- Syslog Export Filters
- Messaging Setup
- Endpoint Context Servers
- Configuring Endpoint Context Server Actions
- Adding Vendor-Specific Endpoint Context Servers
- Adding an AirWatch Endpoint Context Server
- Adding an AirWave Endpoint Context Server
- Adding an Aruba Activate Endpoint Context Server
- Adding a ClearPass Cloud Proxy Endpoint Context Server
- Adding a Google Admin Console Endpoint Context Server
- Adding a Generic HTTP Endpoint Context Server
- Integrating W‑ClearPass with Infoblox
- Integrating ClearPass with Juniper Networks SRX
- Adding a JAMF Endpoint Context Server
- Adding a MaaS360 Endpoint Context Server
- Adding a MobileIron Endpoint Context Server
- Adding a Palo Alto Networks Firewall Endpoint Context Server
- Adding a Palo Alto Networks Panorama Endpoint Context Server
- Adding an SAP Afaria Endpoint Context Server
- Adding a SOTI Endpoint Context Server
- Adding a XenMobile Endpoint Context Server
- File Backup Servers
- Server Certificate
- Certificate Trust List
- Certificate Revocation Lists
- Using ClearPass Dictionaries
- RADIUS Dictionary
- TACACS+ Services Dictionary
- Fingerprints Dictionary
- Dictionary Attributes
- Applications Dictionaries
- Updating Policy Manager Software
- OnGuard Settings
- OnGuard Global Agent Settings
- Contact Support
- Remote Assistance
- Cluster Upgrade/Update Tool
- Configuring Processing for Ingress Events
- W‑ClearPass Insight Reports
- About W‑ClearPass Insight
- About the Insight Dashboard
- Dashboard Overview
- Adding a Report Widget to the Dashboard Landing Page
- Removing a Report Widget from the Dashboard Landing Page
- Creating a Report or Alert From the Dashboard
- Specifying the Date Range for Data Collection
- Authentication Dashboard
- Endpoints Dashboard
- Guest Dashboard
- Network Dashboard
- Posture Dashboard
- System Dashboard
- System Monitor Dashboard
- Searching the Insight Database
- Creating Alerts
- Creating Reports
- Insight Report Categories Reference
- Administration Operations
- Managing Insight Admin Privileges
- Command Line Interface
- Cluster Commands
- Configure Commands
- Network Commands
- Miscellaneous Commands
- Service Commands
- Show Commands
- SSH Timed Account Lockout
- System Commands
- system apps-access-reset
- system boot-image
- system cleanup
- system create-api-client
- system gen-recovery-key
- system gen-support-key
- system install-license
- system morph-vm
- system refresh-license
- system reset-server-certificate
- system restart
- system shutdown
- system sso-reset
- system start-rasession
- system status-rasession
- system terminate-rasession
- system update
- system upgrade
- SNMP Private MIB, SNMP Traps, System Events, Error Codes
- W‑ClearPass SNMP Private MIB
- W‑ClearPass SNMP Traps and OIDs
- SNMP Trap Details
- SNMP Daemon Traps
- SNMP Daemon Trap Events
- Network Interface up and Down Events
- Network Interface Status Traps
- W‑ClearPass Processes Stop and Start Events
- Disk Space Threshold Traps
- Disk Utilization Threshold Exceed Events
- Process Status Traps
- CPU Load Average Exceed Events for 1, 5, and 15 Minute Thresholds
- CPU Load Average Traps
- Important System Events
- Admin User Interface Events
- Admin Server Events
- Async Service Events
- W‑ClearPass/Domain Controller Events
- W‑ClearPass System Configuration Events
- W‑ClearPass Update Events
- Cluster Events
- Command Line Events
- Database Replication Services Events
- Licensing Events
- Policy Server Events
- RADIUS/TACACS+ Server Events
- Service Names
- SNMP Events
- Support Shell Events
- System Auxiliary Service Events
- System Monitor Events
- Error Codes
- Use Cases
- OnGuard Dissolvable Agent
- Rules Editing and Namespaces
- Namespaces
- Application Namespace
- Audit Namespaces
- Authentication Namespaces
- Authorization Namespaces
- Certificate Namespaces
- Connection Namespaces
- Date Namespaces
- Device Namespaces
- Endpoint Namespaces
- Guest User Namespaces
- Host Namespaces
- Local User Namespaces
- Posture Namespaces
- RADIUS Namespaces
- TACACS Namespaces
- Tips Namespaces
- Variables
- Operators
- Namespaces
42 | Services Dell Networking W-ClearPass Policy Manager 6.6 | User Guide
Parameter Action/Description
optional.
Monitor Mode Optionally check the Enable to monitor network access without enforcement to allow
authentication and health validation exchanges to take place between endpoint and Policy
Manager, but without enforcement.
In Monitor Mode, no enforcement profiles (and associated attributes) are sent to the network
device.
W-Policy Manager also allows Policy Simulation (Monitoring > Policy Simulation), where the
administrator can test the results of a particular configuration of policy components.
More Options Select any of the available check boxes to enable the configuration tabs for those options.
The available check boxes varies based on the type of service that is selected and may include
one or more of the following:
l Authorization: Select an authorization source from the drop-down list to add the source or
select the Add new Authentication Source link to create a new source.
l Posture Compliance: Select a Posture Policy from the drop-down list to add the policy or
create a new policy by clicking the link. Select the default Posture token. Specify whether to
enable auto-remediation of non-compliant end hosts. If this is enabled, then enter the
Remediation URL. You can specify the Posture Server from the drop-down list or add a new
server by clicking the Add new Posture Server link.
l Audit End-hosts: Select an Audit Server, either built-in or customized. Refer to Configuring
Audit Servers on page 327 for audit server configuration steps. For this type of service, you
can perform audit Always, When posture is not available, or For MAC authentication
requests.
You can specify to trigger an audit always, when posture is not available, or for MAC
authentication requests. If For MAC authentication requests is specified, then you can
perform an audit For known end-hosts only or For unknown end hosts only, or For all
end hosts. Known end hosts are defined as those clients that are found in the authentication
source(s) associated with this service. Performing audit on a client is an asynchronous task,
which means the audit can be performed only after the MAC authentication request has
been completed and the client has acquired an IP address through DHCP. Once the audit
results are available, Policy Manager re-applies policies on the network deviceby one of the
following ways:
n No Action: The audit does not apply policies on the network device after this audit.
n Do SNMP bounce: This option bounces the switch port or force an 802.1X re-
authentication (both done using SNMP).
NOTE: Bouncing the port triggers a new 802.1X or MAC authentication request by the client. If
the audit server already has the posture token and attributes associated with this client in its
cache, it returns the token and the attributes to Policy Manager.
n Trigger RADIUS CoA action: This option sends a RADIUS CoA command to the network
device by Policy Manager.
l Optionally configure Profiler settings. Select one or more Endpoint Classification items from
the drop down list, then select the RADIUS CoA action. You can also create a new action by
selecting the Add new RADIUS CoA Action link.
Table 4: Services Page (Continued)
Creating a Service by Copying an Existing Service
You can perform a service copy operation only on a Publisher node.