Administrator Guide
Table Of Contents
- About W‑ClearPass Policy Manager
- Services
- Services Architecture and Flow
- Creating Service Templates
- Viewing the List of Services
- Viewing Existing Services
- Adding and Removing Services
- Reordering Services
- 802.1X Wired, 802.1X Wireless, and Dell 802.1X Wireless
- Auto Sign-On
- Dell VPN Access with Posture Checks
- Certificate/Two-Factor Authentication for W‑ClearPass Application Login
- W‑ClearPass Admin Access
- W‑ClearPass Admin SSO Login (SAML SP Service)
- W‑ClearPass Identity Provider (SAML IdP Service)
- Device MAC Authentication
- EDUROAM Service
- Encrypted Wireless Access via 802.1X Public PEAP method
- Guest Access
- Guest Access Web Login
- Guest Authentication with MAC Caching
- Guest Social Media Authentication
- OAuth2 API User Access
- Onboard
- Policy Manager Service Types
- 802.1X Wired
- 802.1X Wired - Identity Only
- Dell 802.1X Wireless
- 802.1X Wireless - Identity Only
- Dell 802.1X Wireless
- Cisco Web Authentication Proxy
- MAC Authentication
- RADIUS Authorization
- RADIUS Enforcement (Generic)
- RADIUS Proxy
- Dell W-Series Application Authentication
- Dell W-Series Application Authorization
- W‑ClearPass OnConnect Enforcement
- Event-Based Enforcement
- TACACS+ Enforcement
- Web-based Authentication
- Web-based Health Check Only
- Web-based Open Network Access
- Monitoring
- Live Monitoring: Access Tracker
- Live Monitoring: Accounting
- Modifying the Accounting Page Parameters
- RADIUS Accounting Details > Summary Tab
- RADIUS Accounting Record Details > Auth Sessions Tab
- RADIUS Accounting Record Details > Utilization Tab
- RADIUS Accounting Record Details > Details Tab
- TACACS+ Accounting Record Details > Request Tab
- TACACS+ Accounting Record Details > Auth Sessions Tab
- TACACS+ Accounting Record Details > Details Tab
- Live Monitoring: OnGuard Activity
- Live Monitoring: Analysis and Trending
- Live Monitoring: System Monitor
- Profiler and Discovery
- Profiler and Discovery: Endpoint Profiler
- Profiler and Discovery: Network Discovery
- Audit Viewer
- Event Viewer
- Data Filters
- Restoring Blacklisted Users to the Network
- Authentication and Authorization
- Configuring Identity Settings
- Posture
- Configuring Enforcement
- Configuring Enforcement Policies
- Configuring Enforcement Profiles
- Adding an Enforcement Profile
- Modifying an Existing Enforcement Profile
- Agent Enforcement
- Aruba Downloadable Role Enforcement
- Aruba RADIUS Enforcement
- Cisco Downloadable ACL Enforcement
- Cisco Web Authentication Enforcement
- ClearPass Entity Update Enforcement
- CLI Based Enforcement
- Filter ID Based Enforcement
- Generic Application Enforcement
- HTTP Based Enforcement
- RADIUS Based Enforcement
- RADIUS Change of Authorization (CoA)
- Session Notification Enforcement
- Session Restrictions Enforcement
- SNMP Based Enforcement
- TACACS+ Based Enforcement
- VLAN Enforcement
- Configuring Policy Simulation
- W‑ClearPass Policy Manager Profile
- Network Access Devices
- Administration
- W‑ClearPass Guest Portal
- Managing Admin Users
- Managing Admin Privileges
- Server Configuration
- Manage Policy Manager Zones
- Log Configuration
- Local Shared Folders
- License Management
- SNMP Trap Receivers
- Syslog Targets
- Syslog Export Filters
- Messaging Setup
- Endpoint Context Servers
- Configuring Endpoint Context Server Actions
- Adding Vendor-Specific Endpoint Context Servers
- Adding an AirWatch Endpoint Context Server
- Adding an AirWave Endpoint Context Server
- Adding an Aruba Activate Endpoint Context Server
- Adding a ClearPass Cloud Proxy Endpoint Context Server
- Adding a Google Admin Console Endpoint Context Server
- Adding a Generic HTTP Endpoint Context Server
- Integrating W‑ClearPass with Infoblox
- Integrating ClearPass with Juniper Networks SRX
- Adding a JAMF Endpoint Context Server
- Adding a MaaS360 Endpoint Context Server
- Adding a MobileIron Endpoint Context Server
- Adding a Palo Alto Networks Firewall Endpoint Context Server
- Adding a Palo Alto Networks Panorama Endpoint Context Server
- Adding an SAP Afaria Endpoint Context Server
- Adding a SOTI Endpoint Context Server
- Adding a XenMobile Endpoint Context Server
- File Backup Servers
- Server Certificate
- Certificate Trust List
- Certificate Revocation Lists
- Using ClearPass Dictionaries
- RADIUS Dictionary
- TACACS+ Services Dictionary
- Fingerprints Dictionary
- Dictionary Attributes
- Applications Dictionaries
- Updating Policy Manager Software
- OnGuard Settings
- OnGuard Global Agent Settings
- Contact Support
- Remote Assistance
- Cluster Upgrade/Update Tool
- Configuring Processing for Ingress Events
- W‑ClearPass Insight Reports
- About W‑ClearPass Insight
- About the Insight Dashboard
- Dashboard Overview
- Adding a Report Widget to the Dashboard Landing Page
- Removing a Report Widget from the Dashboard Landing Page
- Creating a Report or Alert From the Dashboard
- Specifying the Date Range for Data Collection
- Authentication Dashboard
- Endpoints Dashboard
- Guest Dashboard
- Network Dashboard
- Posture Dashboard
- System Dashboard
- System Monitor Dashboard
- Searching the Insight Database
- Creating Alerts
- Creating Reports
- Insight Report Categories Reference
- Administration Operations
- Managing Insight Admin Privileges
- Command Line Interface
- Cluster Commands
- Configure Commands
- Network Commands
- Miscellaneous Commands
- Service Commands
- Show Commands
- SSH Timed Account Lockout
- System Commands
- system apps-access-reset
- system boot-image
- system cleanup
- system create-api-client
- system gen-recovery-key
- system gen-support-key
- system install-license
- system morph-vm
- system refresh-license
- system reset-server-certificate
- system restart
- system shutdown
- system sso-reset
- system start-rasession
- system status-rasession
- system terminate-rasession
- system update
- system upgrade
- SNMP Private MIB, SNMP Traps, System Events, Error Codes
- W‑ClearPass SNMP Private MIB
- W‑ClearPass SNMP Traps and OIDs
- SNMP Trap Details
- SNMP Daemon Traps
- SNMP Daemon Trap Events
- Network Interface up and Down Events
- Network Interface Status Traps
- W‑ClearPass Processes Stop and Start Events
- Disk Space Threshold Traps
- Disk Utilization Threshold Exceed Events
- Process Status Traps
- CPU Load Average Exceed Events for 1, 5, and 15 Minute Thresholds
- CPU Load Average Traps
- Important System Events
- Admin User Interface Events
- Admin Server Events
- Async Service Events
- W‑ClearPass/Domain Controller Events
- W‑ClearPass System Configuration Events
- W‑ClearPass Update Events
- Cluster Events
- Command Line Events
- Database Replication Services Events
- Licensing Events
- Policy Server Events
- RADIUS/TACACS+ Server Events
- Service Names
- SNMP Events
- Support Shell Events
- System Auxiliary Service Events
- System Monitor Events
- Error Codes
- Use Cases
- OnGuard Dissolvable Agent
- Rules Editing and Namespaces
- Namespaces
- Application Namespace
- Audit Namespaces
- Authentication Namespaces
- Authorization Namespaces
- Certificate Namespaces
- Connection Namespaces
- Date Namespaces
- Device Namespaces
- Endpoint Namespaces
- Guest User Namespaces
- Host Namespaces
- Local User Namespaces
- Posture Namespaces
- RADIUS Namespaces
- TACACS Namespaces
- Tips Namespaces
- Variables
- Operators
- Namespaces
80 | Services Dell Networking W-ClearPass Policy Manager 6.6 | User Guide
Parameter Action/Description
Audit Server Select the audit server from the following options:
l Nessus Server: Interfaces with W-Policy Manager primarily to perform
vulnerability scanning
l Nmap Audit: Performs specific audit functions
You can click the View Details button to view the Policy Manager Entity
Details dialog with the summary of audit server details.
To view the Summary tab with audit server details, click the Modify button.
Audit Trigger Conditions Select an audit trigger condition:
l Always: Always perform an audit.
l When posture is not available: Perform audit only when posture
credentials are not available in the request.
l For MAC Authentication Request: If you select this option, W-Policy
Manager presents the following three additional settings:
n For known end-hosts only: Select this option when you want to reject
unknown end-hosts and to audit known clients. Known end-hosts are
defined as clients that are found in the authentication source(s)
associated with this service.
n For unknown end-hosts only: Select this option when known end-hosts
are assumed to be healthy, but you want to establish the identity of
unknown end-hosts and assign roles. Unknown end-hosts are end-hosts
that are not found in any of the authentication sources associated with
this service.
n For all end-hosts: For both known and unknown end-hosts.
Action after audit Specify the audit that can be performed only after the MAC authentication
request is completed and the client has acquired an IP address through DHCP.
Once the audit results are available, W-Policy Manager reapplies policies on the
network device in one of the following ways:
l No Action: The audit does not apply policies on the network device after
completing this audit.
l Do SNMP bounce: This option bounces the switch port or forces an 802.1X
reauthentication (both done using SNMP).
Bouncing the port triggers a new 802.1X or MAC authentication request by
the client. If the audit server already has the posture token and attributes
associated with this client in its cache, it returns the token and the attributes
to W-ClearPass.
l Trigger RADIUS CoA action: This option sends a RADIUS CoA command
from W-ClearPass to the network device.
Table 27: Dell 802.1X Wireless Service > Audit End-Hosts Parameters
Profiler Tab
The Profiler tab is not displayed by default.
1. To access this tab, select the More Options > Profile Endpoints check box.
The following figure displays the Profile Endpoints dialog: