Manualshelf

White Papers

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
30313233343536373839
Dell Networking W-
Series ClearPass Configuration Guide
36
EAP (PEAP) is used, uncheck Validate server certificate, use method Secured password (EAP-MSCHAP
v2) and uncheck Automatically use my Windows logon name and password.
When connecting to the network, Windows will ask for a username and password. Enter the credentials
that are located in the Local User database created within ClearPass for this example.
Once connected to the network, the OnGuard application will also ask for a username and password.
These credentials are the same credentials located in the Local User database.
Within the Dell Networking 7024P GUI, administrators can see the status of all authentications and can
see if a port is currently authorized. For the Port Access Log, navigate to Switching > Dot1x
Authentication > Monitoring Mode > Port Access Control History Log.
ClearPass has an extensive Access Tracker which logs all the steps corresponding to Authentication,
Authorization and Enforcement. It is very useful in identifying which service it’s identifying to
categorize the request, and what issues it has during the authentication. The Access Tracker can be
located by navigating to Monitoring > Live Monitoring > Access Tracker. There is also an OnGuard
Activity list located in Monitoring > Live Monitoring > OnGuard Activity to monitor all OnGuard
clients.
OnGuard Configuration Conclusion
Many of the settings in the above example are simplified for the purpose of providing a basic
configuration an administrator can build upon.
The default Web-based authentication service within ClearPass will successfully prevent unhealthy
clients from accessing the network. The example above will result in a client that is restricted from all
network access until the health issue is fixed.
Administrators can further design their network access capabilities to include a remediation VLAN or
Quarantine network. This will allow the PC to have minimal access to network resources and enable an
IT administrator remote access to remediate the system. Further configuration or a new service to
detect the quarantined state and place it in the remediation VLAN would be required. The client may
also be required to physically reconnect the device after waiting for 2-3 minutes before retrying the
authentication to allow any cached failure state to be cleared out.
Additional information on configuring VLANs with Dell switches can be found in their respective User’s
Configuration Guide. The Dell Networking 7024P used in the above example has the following chapters
with useful VLAN information: Configuring Port and System Security, and Configuring VLANs.
ClearPass provides VLAN attributes to the switch via the Enforcement Policy within the service.
Additional information on enforcement can be found in the Dell Networking W-ClearPass Policy
Manager User Guide. The Enforcement chapter in the user guide contains the applicable VLAN
information.