Administrator Guide
Table Of Contents
- About W‑ClearPass Policy Manager
- Services
- Services Architecture and Flow
- Creating Service Templates
- Viewing the List of Services
- Viewing Existing Services
- Adding and Removing Services
- Reordering Services
- 802.1X Wired, 802.1X Wireless, and Dell 802.1X Wireless
- Auto Sign-On
- Dell VPN Access with Posture Checks
- Certificate/Two-Factor Authentication for W‑ClearPass Application Login
- W‑ClearPass Admin Access
- W‑ClearPass Admin SSO Login (SAML SP Service)
- W‑ClearPass Identity Provider (SAML IdP Service)
- Device MAC Authentication
- EDUROAM Service
- Encrypted Wireless Access via 802.1X Public PEAP method
- Guest Access
- Guest Access Web Login
- Guest Authentication with MAC Caching
- Guest Social Media Authentication
- OAuth2 API User Access
- Onboard
- Policy Manager Service Types
- 802.1X Wired
- 802.1X Wired - Identity Only
- Dell 802.1X Wireless
- 802.1X Wireless - Identity Only
- Dell 802.1X Wireless
- Cisco Web Authentication Proxy
- MAC Authentication
- RADIUS Authorization
- RADIUS Enforcement (Generic)
- RADIUS Proxy
- Dell W-Series Application Authentication
- Dell W-Series Application Authorization
- W‑ClearPass OnConnect Enforcement
- Event-Based Enforcement
- TACACS+ Enforcement
- Web-based Authentication
- Web-based Health Check Only
- Web-based Open Network Access
- Monitoring
- Live Monitoring: Access Tracker
- Live Monitoring: Accounting
- Modifying the Accounting Page Parameters
- RADIUS Accounting Details > Summary Tab
- RADIUS Accounting Record Details > Auth Sessions Tab
- RADIUS Accounting Record Details > Utilization Tab
- RADIUS Accounting Record Details > Details Tab
- TACACS+ Accounting Record Details > Request Tab
- TACACS+ Accounting Record Details > Auth Sessions Tab
- TACACS+ Accounting Record Details > Details Tab
- Live Monitoring: OnGuard Activity
- Live Monitoring: Analysis and Trending
- Live Monitoring: System Monitor
- Profiler and Discovery
- Profiler and Discovery: Endpoint Profiler
- Profiler and Discovery: Network Discovery
- Audit Viewer
- Event Viewer
- Data Filters
- Restoring Blacklisted Users to the Network
- Authentication and Authorization
- Configuring Identity Settings
- Posture
- Configuring Enforcement
- Configuring Enforcement Policies
- Configuring Enforcement Profiles
- Adding an Enforcement Profile
- Modifying an Existing Enforcement Profile
- Agent Enforcement
- Aruba Downloadable Role Enforcement
- Aruba RADIUS Enforcement
- Cisco Downloadable ACL Enforcement
- Cisco Web Authentication Enforcement
- ClearPass Entity Update Enforcement
- CLI Based Enforcement
- Filter ID Based Enforcement
- Generic Application Enforcement
- HTTP Based Enforcement
- RADIUS Based Enforcement
- RADIUS Change of Authorization (CoA)
- Session Notification Enforcement
- Session Restrictions Enforcement
- SNMP Based Enforcement
- TACACS+ Based Enforcement
- VLAN Enforcement
- Configuring Policy Simulation
- W‑ClearPass Policy Manager Profile
- Network Access Devices
- Administration
- W‑ClearPass Guest Portal
- Managing Admin Users
- Managing Admin Privileges
- Server Configuration
- Manage Policy Manager Zones
- Log Configuration
- Local Shared Folders
- License Management
- SNMP Trap Receivers
- Syslog Targets
- Syslog Export Filters
- Messaging Setup
- Endpoint Context Servers
- Configuring Endpoint Context Server Actions
- Adding Vendor-Specific Endpoint Context Servers
- Adding an AirWatch Endpoint Context Server
- Adding an AirWave Endpoint Context Server
- Adding an Aruba Activate Endpoint Context Server
- Adding a ClearPass Cloud Proxy Endpoint Context Server
- Adding a Google Admin Console Endpoint Context Server
- Adding a Generic HTTP Endpoint Context Server
- Integrating W‑ClearPass with Infoblox
- Integrating ClearPass with Juniper Networks SRX
- Adding a JAMF Endpoint Context Server
- Adding a MaaS360 Endpoint Context Server
- Adding a MobileIron Endpoint Context Server
- Adding a Palo Alto Networks Firewall Endpoint Context Server
- Adding a Palo Alto Networks Panorama Endpoint Context Server
- Adding an SAP Afaria Endpoint Context Server
- Adding a SOTI Endpoint Context Server
- Adding a XenMobile Endpoint Context Server
- File Backup Servers
- Server Certificate
- Certificate Trust List
- Certificate Revocation Lists
- Using ClearPass Dictionaries
- RADIUS Dictionary
- TACACS+ Services Dictionary
- Fingerprints Dictionary
- Dictionary Attributes
- Applications Dictionaries
- Updating Policy Manager Software
- OnGuard Settings
- OnGuard Global Agent Settings
- Contact Support
- Remote Assistance
- Cluster Upgrade/Update Tool
- Configuring Processing for Ingress Events
- W‑ClearPass Insight Reports
- About W‑ClearPass Insight
- About the Insight Dashboard
- Dashboard Overview
- Adding a Report Widget to the Dashboard Landing Page
- Removing a Report Widget from the Dashboard Landing Page
- Creating a Report or Alert From the Dashboard
- Specifying the Date Range for Data Collection
- Authentication Dashboard
- Endpoints Dashboard
- Guest Dashboard
- Network Dashboard
- Posture Dashboard
- System Dashboard
- System Monitor Dashboard
- Searching the Insight Database
- Creating Alerts
- Creating Reports
- Insight Report Categories Reference
- Administration Operations
- Managing Insight Admin Privileges
- Command Line Interface
- Cluster Commands
- Configure Commands
- Network Commands
- Miscellaneous Commands
- Service Commands
- Show Commands
- SSH Timed Account Lockout
- System Commands
- system apps-access-reset
- system boot-image
- system cleanup
- system create-api-client
- system gen-recovery-key
- system gen-support-key
- system install-license
- system morph-vm
- system refresh-license
- system reset-server-certificate
- system restart
- system shutdown
- system sso-reset
- system start-rasession
- system status-rasession
- system terminate-rasession
- system update
- system upgrade
- SNMP Private MIB, SNMP Traps, System Events, Error Codes
- W‑ClearPass SNMP Private MIB
- W‑ClearPass SNMP Traps and OIDs
- SNMP Trap Details
- SNMP Daemon Traps
- SNMP Daemon Trap Events
- Network Interface up and Down Events
- Network Interface Status Traps
- W‑ClearPass Processes Stop and Start Events
- Disk Space Threshold Traps
- Disk Utilization Threshold Exceed Events
- Process Status Traps
- CPU Load Average Exceed Events for 1, 5, and 15 Minute Thresholds
- CPU Load Average Traps
- Important System Events
- Admin User Interface Events
- Admin Server Events
- Async Service Events
- W‑ClearPass/Domain Controller Events
- W‑ClearPass System Configuration Events
- W‑ClearPass Update Events
- Cluster Events
- Command Line Events
- Database Replication Services Events
- Licensing Events
- Policy Server Events
- RADIUS/TACACS+ Server Events
- Service Names
- SNMP Events
- Support Shell Events
- System Auxiliary Service Events
- System Monitor Events
- Error Codes
- Use Cases
- OnGuard Dissolvable Agent
- Rules Editing and Namespaces
- Namespaces
- Application Namespace
- Audit Namespaces
- Authentication Namespaces
- Authorization Namespaces
- Certificate Namespaces
- Connection Namespaces
- Date Namespaces
- Device Namespaces
- Endpoint Namespaces
- Guest User Namespaces
- Host Namespaces
- Local User Namespaces
- Posture Namespaces
- RADIUS Namespaces
- TACACS Namespaces
- Tips Namespaces
- Variables
- Operators
- Namespaces
![](/manual/dell/w-clearpass-virtual-appliances/administrator-guide-english/images/img-513.png)
Enterprises (PFE) environment, where a large volume of unique endpoints need wireless access.
The licensing scheme in High Capacity Guest mode supports a high volume of user traffic in the following PFEs
where the number of endpoints changes every day:
l Transportation: Airports and rail stations
l Hospitality: Hotels, casinos, and resorts
l Healthcare: Hospitals, clinics, and health centers
l Retail: Shopping malls
l Large public venues: Stadiums, convention centers, and theaters
l Restaurants and coffee shops: Quick-serve restaurants
In enterprise deployments, W-ClearPass Policy Manager licensing accumulates the unique endpoint count for
seven days, which can cause the number of licenses to exceed their limit.
To address this license limit in the PFE environment, you can enable High Capacity Guest mode on a cluster. In
High Capacity Guest mode, the count of unique endpoints is reset every day, instead of accumulating the
count for seven days. In High Capacity Guest mode, only you can view the supported guest authentication
methods supported in the Authentication Methods page.
When High Capacity Guest mode is enabled, you cannot enable the RADIUS services with the following
authentication methods:
l EAP-FAST
l EAP-GTC
l EAP-MSCHAPv2
l EAP-PEAP
l EAP-TLS
l EAP-TTLS
Licensing Restrictions
You can add only guest licenses to High Capacity Guest mode. This mode is intended to handle only a high
volume of guest users in PFE environments. After enabling High Capacity Guest mode, you cannot add
enterprise licenses.
If the number of licenses used exceeds the number of licenses purchased, a warning message appears four
months after the number is exceeded. The number of licenses used is based on the daily moving average.
In High Capacity Guest mode, a maximum of 2x licenses are allowed. For example, if you use the CP-HW-5K
platform (which supports 5,000 licenses), a maximum of 10,000 licenses are allowed.
Cluster Restrictions
When High Capacity Guest mode is enabled in a cluster, the following restrictions apply:
l Configuration settings cannot be moved from one cluster to another cluster that operates in High Capacity
Guest mode.
l Restoring configuration is allowed only with the backup files from servers that have High Capacity Guest
mode enabled.
l High Capacity Guest mode is intended only for high volumes of guest access.
l Use-case related settings other than those for High Capacity Guest mode are restricted.
l OnGuard and OnBoard access is restricted.
l Default cleanup interval values are reset.
l Only guest application licenses are supported.
Dell Networking W-ClearPass Policy Manager 6.6 | User Guide Administration | 513