Users Guide

Container Description

WebAuth Web authentication transactions (Dissolvable Agent, OnGuard)

Application All Dell application authentications (Insight, GuestConnect)

Viewing Session Details

To view details for a session, click on the row containing any entry. Policy Manager divides the view into multiple

tabs. Depending on the type of authentication - RADIUS, WebAuth, TACACS, Application - the view displays

different tabs.

l Summary - This tab shows a summary view of the transaction, including policies applied.

l Input - This tab shows protocol specific attributes that Policy Manager received in the transaction request; this

includes authentication and posture details (if available). It also shows Compute Attributes, which are attributes

that were derived from the request attributes. All of the attributes can be used in role mapping rules.

l Output - This tab shows the attributes that were sent to the network device and the (posture capable) endpoint.

l Alerts - This tab shows the reason for authentication or authorization failure.

l Accounting - This tab is only available for RADIUS sessions. This shows the RADIUS accounting details for the

session, including reauthentication details.

l Authorizations - This tab is only available for TACACS+ sessions. This shows the commands entered at the

network device, and the authorization status.

l RADIUS CoA - This tab is only available for RADIUS transactions for which a RADIUS Change of

Authorization command was sent to the network device by Policy Manager. The view shows the RADIUS CoA

actions sent to the network device in chronological order.

Table 6:

Session Details Popup Actions

Container Description

Change

Status

This button allows you to change the access control status of a session. This function is only available

for RADIUS and WebAuth.

l Agent - This type of control is available for a session where the endpoint has the OnGuard Agent

installed. Actions allowed are: Bounce, Send Message and tagging the status of the endpoint as

Disabled or Known.

l SNMP - This type of control is available for any session for which Policy Manager has the switch-

and port-level information associated with the MAC address of the endpoint. Policy Manager

bounces the switch port to which the endpoint is attached, via SNMP. Note that, for this type of

control, SNMP read and write community strings have to be configured for the network device;

furthermore, Policy Manager must be configured as an SNMP trap receiver to receive link

up/down traps.

l RADIUS CoA - This type of control is available for any session where access was previously

controlled by a RADIUS transaction. Note that the network device must be RADIUS CoA capable,

and RADIUS CoA must be enabled when you configure the network device in Policy Manager. The

actions available depend on the type of device. The Disconnect (or Terminate Section) action is

supported by all devices. Some devices support setting a session timeout, changing the VLAN for

the session, applying an ACL, etc.

Export Export this transaction and download as a compressed (.zip extension) file. The compressed file

contains the session-specific logs, the policy XML for the transaction, and a text file containing the

Access Tracker session details.

Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 25