Administrator Guide
Table Of Contents
- About W‑ClearPass Policy Manager
- Services
- Services Architecture and Flow
- Creating Service Templates
- Viewing the List of Services
- Viewing Existing Services
- Adding and Removing Services
- Reordering Services
- 802.1X Wired, 802.1X Wireless, and Dell 802.1X Wireless
- Auto Sign-On
- Dell VPN Access with Posture Checks
- Certificate/Two-Factor Authentication for W‑ClearPass Application Login
- W‑ClearPass Admin Access
- W‑ClearPass Admin SSO Login (SAML SP Service)
- W‑ClearPass Identity Provider (SAML IdP Service)
- Device MAC Authentication
- EDUROAM Service
- Encrypted Wireless Access via 802.1X Public PEAP method
- Guest Access
- Guest Access Web Login
- Guest Authentication with MAC Caching
- Guest Social Media Authentication
- OAuth2 API User Access
- Onboard
- Policy Manager Service Types
- 802.1X Wired
- 802.1X Wired - Identity Only
- Dell 802.1X Wireless
- 802.1X Wireless - Identity Only
- Dell 802.1X Wireless
- Cisco Web Authentication Proxy
- MAC Authentication
- RADIUS Authorization
- RADIUS Enforcement (Generic)
- RADIUS Proxy
- Dell W-Series Application Authentication
- Dell W-Series Application Authorization
- W‑ClearPass OnConnect Enforcement
- Event-Based Enforcement
- TACACS+ Enforcement
- Web-based Authentication
- Web-based Health Check Only
- Web-based Open Network Access
- Monitoring
- Live Monitoring: Access Tracker
- Live Monitoring: Accounting
- Modifying the Accounting Page Parameters
- RADIUS Accounting Details > Summary Tab
- RADIUS Accounting Record Details > Auth Sessions Tab
- RADIUS Accounting Record Details > Utilization Tab
- RADIUS Accounting Record Details > Details Tab
- TACACS+ Accounting Record Details > Request Tab
- TACACS+ Accounting Record Details > Auth Sessions Tab
- TACACS+ Accounting Record Details > Details Tab
- Live Monitoring: OnGuard Activity
- Live Monitoring: Analysis and Trending
- Live Monitoring: System Monitor
- Profiler and Discovery
- Profiler and Discovery: Endpoint Profiler
- Profiler and Discovery: Network Discovery
- Audit Viewer
- Event Viewer
- Data Filters
- Restoring Blacklisted Users to the Network
- Authentication and Authorization
- Configuring Identity Settings
- Posture
- Configuring Enforcement
- Configuring Enforcement Policies
- Configuring Enforcement Profiles
- Adding an Enforcement Profile
- Modifying an Existing Enforcement Profile
- Agent Enforcement
- Aruba Downloadable Role Enforcement
- Aruba RADIUS Enforcement
- Cisco Downloadable ACL Enforcement
- Cisco Web Authentication Enforcement
- ClearPass Entity Update Enforcement
- CLI Based Enforcement
- Filter ID Based Enforcement
- Generic Application Enforcement
- HTTP Based Enforcement
- RADIUS Based Enforcement
- RADIUS Change of Authorization (CoA)
- Session Notification Enforcement
- Session Restrictions Enforcement
- SNMP Based Enforcement
- TACACS+ Based Enforcement
- VLAN Enforcement
- Configuring Policy Simulation
- W‑ClearPass Policy Manager Profile
- Network Access Devices
- Administration
- W‑ClearPass Guest Portal
- Managing Admin Users
- Managing Admin Privileges
- Server Configuration
- Manage Policy Manager Zones
- Log Configuration
- Local Shared Folders
- License Management
- SNMP Trap Receivers
- Syslog Targets
- Syslog Export Filters
- Messaging Setup
- Endpoint Context Servers
- Configuring Endpoint Context Server Actions
- Adding Vendor-Specific Endpoint Context Servers
- Adding an AirWatch Endpoint Context Server
- Adding an AirWave Endpoint Context Server
- Adding an Aruba Activate Endpoint Context Server
- Adding a ClearPass Cloud Proxy Endpoint Context Server
- Adding a Google Admin Console Endpoint Context Server
- Adding a Generic HTTP Endpoint Context Server
- Integrating W‑ClearPass with Infoblox
- Integrating ClearPass with Juniper Networks SRX
- Adding a JAMF Endpoint Context Server
- Adding a MaaS360 Endpoint Context Server
- Adding a MobileIron Endpoint Context Server
- Adding a Palo Alto Networks Firewall Endpoint Context Server
- Adding a Palo Alto Networks Panorama Endpoint Context Server
- Adding an SAP Afaria Endpoint Context Server
- Adding a SOTI Endpoint Context Server
- Adding a XenMobile Endpoint Context Server
- File Backup Servers
- Server Certificate
- Certificate Trust List
- Certificate Revocation Lists
- Using ClearPass Dictionaries
- RADIUS Dictionary
- TACACS+ Services Dictionary
- Fingerprints Dictionary
- Dictionary Attributes
- Applications Dictionaries
- Updating Policy Manager Software
- OnGuard Settings
- OnGuard Global Agent Settings
- Contact Support
- Remote Assistance
- Cluster Upgrade/Update Tool
- Configuring Processing for Ingress Events
- W‑ClearPass Insight Reports
- About W‑ClearPass Insight
- About the Insight Dashboard
- Dashboard Overview
- Adding a Report Widget to the Dashboard Landing Page
- Removing a Report Widget from the Dashboard Landing Page
- Creating a Report or Alert From the Dashboard
- Specifying the Date Range for Data Collection
- Authentication Dashboard
- Endpoints Dashboard
- Guest Dashboard
- Network Dashboard
- Posture Dashboard
- System Dashboard
- System Monitor Dashboard
- Searching the Insight Database
- Creating Alerts
- Creating Reports
- Insight Report Categories Reference
- Administration Operations
- Managing Insight Admin Privileges
- Command Line Interface
- Cluster Commands
- Configure Commands
- Network Commands
- Miscellaneous Commands
- Service Commands
- Show Commands
- SSH Timed Account Lockout
- System Commands
- system apps-access-reset
- system boot-image
- system cleanup
- system create-api-client
- system gen-recovery-key
- system gen-support-key
- system install-license
- system morph-vm
- system refresh-license
- system reset-server-certificate
- system restart
- system shutdown
- system sso-reset
- system start-rasession
- system status-rasession
- system terminate-rasession
- system update
- system upgrade
- SNMP Private MIB, SNMP Traps, System Events, Error Codes
- W‑ClearPass SNMP Private MIB
- W‑ClearPass SNMP Traps and OIDs
- SNMP Trap Details
- SNMP Daemon Traps
- SNMP Daemon Trap Events
- Network Interface up and Down Events
- Network Interface Status Traps
- W‑ClearPass Processes Stop and Start Events
- Disk Space Threshold Traps
- Disk Utilization Threshold Exceed Events
- Process Status Traps
- CPU Load Average Exceed Events for 1, 5, and 15 Minute Thresholds
- CPU Load Average Traps
- Important System Events
- Admin User Interface Events
- Admin Server Events
- Async Service Events
- W‑ClearPass/Domain Controller Events
- W‑ClearPass System Configuration Events
- W‑ClearPass Update Events
- Cluster Events
- Command Line Events
- Database Replication Services Events
- Licensing Events
- Policy Server Events
- RADIUS/TACACS+ Server Events
- Service Names
- SNMP Events
- Support Shell Events
- System Auxiliary Service Events
- System Monitor Events
- Error Codes
- Use Cases
- OnGuard Dissolvable Agent
- Rules Editing and Namespaces
- Namespaces
- Application Namespace
- Audit Namespaces
- Authentication Namespaces
- Authorization Namespaces
- Certificate Namespaces
- Connection Namespaces
- Date Namespaces
- Device Namespaces
- Endpoint Namespaces
- Guest User Namespaces
- Host Namespaces
- Local User Namespaces
- Posture Namespaces
- RADIUS Namespaces
- TACACS Namespaces
- Tips Namespaces
- Variables
- Operators
- Namespaces
854 | Rules Editing and Namespaces Dell Networking W-ClearPass Policy Manager 6.6 | User Guide
l Email
l Phone
l Sponsor
Custom attributes also appear in the attribute list if they are defined as custom tags for the local user.
These attributes can be used only if you have pre-populated the values for these attributes when a local user is
configured in Policy Manager.
Posture Namespaces
The dictionaries in the posture namespace are pre-packaged with the product. The administration interface
provides a way to add dictionaries into the system (see Posture Dictionary.) Posture namespace has the
notation Vendor:Application, where Vendor is the name of the Company that has defined attributes in the
dictionary, and Application is the name of the application for which the attributes have been defined. The same
vendor typically has different dictionaries for different applications.
Some examples of dictionaries in the posture namespace are:
l W-ClearPass:LinuxSHV
l Microsoft:SystemSHV
l Microsoft:WindowsSHV
l Trend:AV
Posture Namespace Editing Context
l Filter rules for Access Tracker and Activity Reports
l Internal posture policies actions - Attributes marked with the OUT qualifier
l Internal posture policies conditions - Attributes marked with the IN qualifier
l Policy simulation attributes
RADIUS Namespaces
Dictionaries in the RADIUS namespace come pre-packaged with the product. The administration interface does
provide a way to add dictionaries into the system (See RADIUS Dictionary on page 637 for more information).
RADIUS namespace has the notation RADIUS:Vendor, where Vendor is the name of the Company that has
defined attributes in the dictionary. Sometimes, the same vendor has multiple dictionaries, in which case the
"Vendor" portion has the name suffixed by the name of device or some other unique string.
IETF is a special vendor for the dictionary that holds the attributes defined in the RFC 2865 and other
associated RFCs. Policy Manager comes pre-packaged with a number of vendor dictionaries.
Some examples of dictionaries in the RADIUS namespace are:
l RADIUS:Aruba
l RADIUS:IETF
l RADIUS:Juniper
l RADIUS:Microsoft
RADIUS Namespace Editing Contexts
l Filter rules for Access Tracker and Activity Reports
l Policy simulation attributes
l Post-proxy attribute pruning rules