Dell Powerconnect W-ClearPass Hardware Appliances W-ClearPass Policy Manager 6
Dell Powerconnect W-ClearPass Hardware Appliances Manual
View all Dell Powerconnect W-ClearPass Hardware Appliances manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell Powerconnect W-ClearPass Hardware Appliances manual content summary:
- Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 1
Dell Networking W-ClearPass Policy Manager 6.0 User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 2
DELL™ logo, and PowerConnect™ are trademarks of Dell Inc. All rights reserved. Specifications in this manual are subject to change without notice. Originated in the USA. All other trademarks are the property of behalf of those vendors. 2 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 3
Passwords to Factory Default 16 Generating Support Key for Technical Support 16 Policy Manager Dashboard 19 Monitoring 49 Services Paradigm 49 Viewing Existing Services 52 Adding and Removing Services 52 Links to Use Cases and Configuration Instructions 53 Manager 6.0 | User Guide 3 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 4
89 Start Here Page 90 Policy Manager Service Types 92 Services 101 Adding Services 102 Modifying Services 104 Reordering Services 106 Authentication and Authorization 109 Architecture and -AUTH 126 CHAP and EAP-MD5 127 4 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 5
Agent Windows System Health Validator - NAP Agent Windows System Health Validator - OnGuard Agent Adding and Modifying Posture Servers Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 127 129 140 141 145 147 148 153 153 154 154 155 155 156 158 159 159 160 161 163 164 166 167 169 169 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 6
Configuring Audit Servers 204 Built-In Audit Servers 205 Adding Auditing to a Policy Manager Service 205 Modifying Built-In Audit Servers 206 Custom Audit Servers 207 NESSUS Audit Server 207 Users 245 Export Users 246 6 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 7
Subscriber System Tab Multiple Active Directory Domains Services Control Tab Service Parameters Tab System Monitoring Tab Network Servers Export a Single SNMP Trap Server Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 246 246 246 247 247 247 248 250 251 252 252 253 254 256 257 258 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 8
Dictionaries 301 Import RADIUS Dictionary 302 Posture Dictionaries 302 TACACS+ Services 303 Fingerprints 304 Attributes 305 Add Attribute 306 Import Attributes 307 315 Upgrade the Image on a Single Policy Manager Appliance 316 8 Dell Networking W-ClearPass Policy Manager 6.0 | User - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 9
timezone Network Commands ip nslookup ping reset traceroute Service commands Show Commands all-timezones date dns domain hostname ip license timezone version System commands boot-image gen-support-key Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 316 317 317 319 320 320 320 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 10
GPL 357 Lighthttpd License 362 Apache License 362 OpenSSL License 365 OpenLDAP License 371 gSOAP Public License 372 10 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 11
Networking W-ClearPass Policy Manager provides device registration, device profiling, endpoint health assessments, and comprehensive reporting to automatically enforce user and endpoint access policies as devices connect to the network. Dell Networking W-ClearPass Policy Manager 6.0 | User - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 12
12 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 13
: Table 1: Device Ports Key Port Description A Serial Configures the ClearPass Policy Manager appliance initially, via hardwired terminal. B - Management eth0 (gigabit Ethernet) C - Data requests redirected to the management port. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 13 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 14
the following steps to set up the Policy Manager appliance: 1. Connect and power on Using the null modem cable provided, connect a serial port on the appliance to a terminal, then connect power and switch on. The appliance immediately becomes available for configuration. Use the following parameters - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 15
use this password for cluster administration and management of the appliance. 5. Change the system date/time Do you want to [y|n]: y Please select the date time configuration options. 1) Set date time manually 2) Set date time by configuring NTP servers Enter the option or press any | User Guide 15 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 16
gen- support-key for details. 2. Connect to the Policy Manager appliance via the front serial port (using any terminal program). See "Server Port Configuration " on page 14 for details. 3. Reboot the system. See the restart command. 16 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 17
to generate a password recovery key, as well). 6. Once the password recovery key is generated, email the key to Dell technical support. A unique password can now be generated by Dell technical support to log into the support shell. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 17 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 18
18 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 19
a row drills down into the Access Tracker and shows requests sorted by timestamp with the latest request showing first. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 19 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 20
Access Points, Computer, VOIP phone, Datacenter Appliance, Printer, Physical Security, Game Console, with each bar representing an Policy Manager service requests were categorized into. Clicking on a the requests that were categorized into that specific service. This shows a table of last few system - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 21
Services from here. l Manage Services links to the Services page under Configuration menu. Shows a list of configured services health status of the system. Green indicates healthy and red indicates connectivity problems or high CPU or memory utilization. The status also shows red when Guide 21 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 22
22 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 23
Monitoring > Access Tracker. Click on Edit to change the Access Tracker display parameters. Figure 2: Fig: Access Tracker (Edit Mode) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 23 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 24
use the simple filter controls. The filter controls enable you to filter by Protocol Type, User, Service Name, MAC Address, or Status. Note that this filter is applied on top of the display TACACS+ All TACACS+ transactions 24 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 25
on the type of device. The Disconnect (or Terminate Section) action is supported by all devices. Some devices support setting a session timeout, changing the VLAN for the session, applying an ACL the Access Tracker session details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 25 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 26
configured date for which Accounting data is to be displayed. Valid number of days is 1 day to a week. 26 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 27
logins. Click on any row to display the corresponding Accounting Record Details. Figure 4: RADIUS Accounting Record Details (Summary tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 27 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 28
Figure 5: RADIUS Accounting Record Details (Auth Sessions tab) 28 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 29
Figure 6: RADIUS Accounting Record Details (Utilization tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 29 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 30
End Timestamp Start and end time of the session Status Current connection status of the session Username Username associated with this record Termination The reason for termination of this session Cause Service Type The value of the standard RADIUS attribute ServiceType 30 Dell Networking - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 31
method - For example, Ethernet, 802.11 Wireless, etc. Calling Station ID In most use cases supported by Policy Manager this is the MAC address of the client Called Station ID MAC Address of the a "session" in Policy Manager. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 31 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 32
Figure 8: TACACS+ Accounting Record Details (Request tab) 32 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 33
Figure 9: TACACS+ Accounting Record Details (Auth Sessions tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 33 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 34
Privilege level of administrator: 1 (lowest) to 15 (highest). Authentication Method Identifies the authentication method used for the access. 34 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 35
Authentication Service Identifies the authentication service used level of the administrator executing the command), service (shell), etc. OnGuard Activity The OnGuard (via SNMP) on the switch port to which the endpoint is connected. This feature only works with wired Ethernet switches. Note that, - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 36
port. l In order to specify the IP address of the endpoint to bounce, the DHCP snooper service on Policy Manager must receive DHCP packets from the endpoint. Refer to your network device documentation to find by, Enabled Reason, Info URL. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 37
that you selected. Click on the Change Selection link to change the selection criteria used to list the devices. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 37 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 38
the selected server, provides load statistics, including CPU, memory, swap memory, physical disk space, and swap disk space: 38 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 39
, and Main Memory. Use Select Process to select the process for which you want to see the usage statistics. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 39 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 40
Figure 16: Figure Process Monitor Graphs Audit Viewer The Audit Viewer display provides a dynamic report of Actions, filterable by Action, Name and Category (of policy component), and User, at: Monitoring > Audit Viewer. 40 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 41
Details (Old Data tab) For Modify Actions, a popup with three tabs displays, comparing the old data and the new. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 41 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 42
Figure 19: Audit Row Details (Old Data tab) Figure 20: Audit Row Details (New Data tab) 42 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 43
for which to display accounting data. Filter Select the filter by which to constrain the display of accounting data. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 43 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 44
Manager comes pre-configured with the following data filters: l All Requests - Shows all requests (without any rows filtered) 44 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 45
To add a filter, configure its name and description in the Filter tab and its rules in the Rules tab. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 45 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 46
. For users who need to utilize this, however, we recommend contacting Support. l Select Attributes - This option is selected by default and enables the NOTE: We recommend that users who choose this method contact Support. Support can assist you with entering the correct information in this - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 47
namespace (Type) Operator A subset of string data type operators (EQUALS, NOT_EQUALS, LESS_THAN, LESS_THAN_OR_EQUALS, GREATER_THAN, GREATER_THAN_OR_EQUALS, CONTAINS, NOT_CONTAINS, EXISTS, NOT_EXISTS) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 47 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 48
Container Description Value The value of the attribute 48 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 49
of existing network infrastructure, identity stores, health/posture services and client technologies within the Services Paradigm" on page 49 n "Viewing Existing Services " on page 52 n "Adding and Removing Services " on page 52 n "Links to Use Cases and Configuration Instructions User Guide 49 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 50
MAC address of the device is present in the authentication source. Some Services (for example, TACACS+) contain internal authentication methods; in such cases, Policy per service An Authentication Source is the identity repository against which Policy Manager verifies identity. It supports these - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 51
supports the following authorization source types: l Microsoft Active Directory l any LDAP compliant directory l RSA or other RADIUS-based token servers l SQL database, including the local user store. C - Role Mapping Policy Zero or one per service per service An service per service ( service - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 52
Drill down to view details for an individual service. In the Services page, click the name of a Service to display its details. Figure 30: Details for an individual service Adding and Removing Services You can add to the list of services by working from a copy, importing from another configuration - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 53
Figure 31: Disable/Enable toggle for a Policy Manager Service Links to Use Cases and Configuration Instructions For each of a Service's policy components that you can configure, the following table Authentication Sources " on page 127 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 53 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 54
Posture Server Audit Server Enforcement Policy and Profiles Illustrative Use Cases Configuration Instructions l "TACACS+ Use Case" on page 83 uses the local Policy > Policy Simulation. The following types of simulations are supported: 54 Dell Networking W-ClearPass Policy Manager 6.0 | User - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 55
allows you to specify a set of attributes in the RADIUS or Connection namespace and test which configured service the request will be categorized into. The request attributes that you specify (check box on left) Policy Simulation. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 55 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 56
and description (freeform). Type Service Categorization. l Input (Simulation to service rules creation are loaded in the Attributes editor. l Returns (Results tab): Service Name Service (Role Mapping Policy is implicitly selected, because there is only one such policy associated with a service - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 57
Service), Authentication Source (optional), User Name (optional), Roles, Dynamic Roles (optional), System Posture Status, and Date/Time (optional). l Input (Attributes tab): Use the Rules Editor to create a request with the attributes you want to test. Connection Policy Manager 6.0 | User Guide 57 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 58
to "Generic LDAP or Active Directory " on page 129for more information. l Input (Simulation tab): Select Service, Authentication Source, User Name, and Date/Time. l Input (Attributes tab): Use the Rules Editor to the Simulation tab. 58 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 59
(Results Tab) Import and Exporting Simulations Import Simulations Navigate to Configuration > Policy Simulation and select the Import Simulations link. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 59 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 60
normal Save As dialog, in which to enter the name of the XML file to contain the export. 60 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 61
view of all endpoints accessing the network. In addition to the these, Profile also collects and stores the following: l IP Address l Hostname l MAC Vendor l Timestamp when the device was first Profile. l DHCP l ClearPass Onboard Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 61 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 62
Profile via the Profile API. Because the information collected is definitive, Profile can directly classify these devices into their Category, Family, and Name without having to rely Series controller through IF-MAP interface (future) 62 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 63
devices is used to discover neighbour devices connected to switch/controller configured in CPPM l is used to discover and profile neighbour devices connected to switch/controller configured in CPPM l ARPtable Server Configuration > Service Parameters tab > ClearPass network services option > Device - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 64
The following additional settings have been introduced for Profile support: l Read ARP Table Info - Enable this setting if this is a Layer 3 device, and you want to use one node per zone. Figure 37: Configuration > Profile Settings 64 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 65
the Network Device to which an endpoint is connected. Post profile configurations are configured under Service. The administrator can select a set of categories one of the fields (category, family, and name). Figure 38: Services > Edit > Profiler tab settings Fingerprint Dictionaries CPPM uses a set - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 66
also search for endpoint profiles based on category, family, name, etc. Refer to Endpoint Profiler for more information. 66 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 67
image illustrates the flow of control for this Service. Figure 39: Flow of Control, Basic 802.1X Configuration Use Case Configuring the Service Follow the steps below to configure this basic 802.1X service: 1. Create the Service Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 67 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 68
of navigational instructions (left Service that supports 802.1X wireless requests. Table 22: 802.1X - Create Service Navigation and Settings Navigation Settings Create a new Service: l Services > l Add Service (link) > Name the Service and select a pre-configured Service Type: l Service Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 69
Source and Authorization Source are one and the same. Table 24: 802.1X - Configure Authorization Navigation and Settings Navigation Settings l Configure Service level authorization source. In this use case there is nothing to configure. Click the Next button. l Upon completion, click Next (to - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 70
you are finished working in the Mapping Rules tab, click the Save button (in the Mapping Rules tab) 70 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 71
Mapping Policy to the Service: l Back in ). Currently, Policy Manager supports the following posture server of type Microsoft NPS to the 802.1X service: Table 26: Posture Navigation and Settings Navigation Configure connection settings: l Primary/ Backup Server (tabs): Enter connection information - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 72
to the Service: l Back instructions about how to build such an Enforcement Policy, refer to "Configuring Enforcement Policies " on page 229. 7. Save the Service. Click Save. The Service now appears at the bottom of the Services list. 72 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 73
Chapter 8 Web Based Authentication Use Case This Service supports known Guests with inadequate 802.1X supplicants or posture agents. The following figure illustrates the overall flow of control for this Policy Manager Service. Figure 40: Flow-of-Control of Web-Based Authentication for Guests - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 74
-based Service. Table 28: Service Navigation and Settings Navigation Settings Create a new Service: l Services > l Add Service > Name the Service and select a preconfigured Service Type: l Service (tab " representing the username 74 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 75
Next to open the Posture Plugins tab Select a Validator: l Posture Plugins (tab) > l Enable Windows Health System Validator > l Configure (button) > Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 75 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 76
When finished working in the Rules tab, click the Next button. Add the new Posture Policy to the Service: Back in Posture (tab) > Internal Policies (selector): IPP_ UNIVERSAL_XP, then click the Add button The status is not available. 76 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 77
Setting Add a new Enforcement Policy: l Enforcement (tab) > l Enforcement Policy (selector): SNMP_POLICY l Upon completion, click Save. 6. Save the Service. Click Save. The Service now appears at the bottom of the Services list. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 77 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 78
78 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 79
Use Case This Service supports Network Devices, such as printers or handhelds. The following image illustrates the overall flow of control for this Policy Manager Service. In this service, an audit is posture and role(s) for the device Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 79 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 80
Policy Manager for MAC-based Network Device access. 1. Create a MAC Authentication Service. Table 32: MAC Authentication Service Navigation and Settings Navigation Settings Create a new Service: l Services > l Add Service (link) > 80 Dell Networking W-ClearPass Policy Manager 6.0 | User - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 81
select any type of authentication/authorization source for a MAC Authentication service. Only a Static Host list of type MAC Address List for more information. You can also select any other supported type of authentication source. Table 33: Authentication Method Navigation Manager 6.0 | User Guide 81 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 82
NESSUS) and Posture (NESSUS), then resets the connection (or the switch reauthenticates after a short session tab, click Save. Unlike the 802.1X Service, which uses the same Enforcement Policy (but uses Save the Service. Click Save. The Service now appears at the bottom of the Services list. 82 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 83
Chapter 10 TACACS+ Use Case This Service supports Administrator connections to Network Access Devices via TACACS+. The following image illustrates the overall flow of control for this Policy Manager Service. Figure 42: Administrator connections to Network Access Devices via TACACS+ Configuring the - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 84
2. Set up the Authentication a. Method: The Policy Manager TACACS+ service authenticates TACACS+ requests internally. b. Source: For purposes of this use case, Network Access Devices authentication data will be stored in the Active Directory. Table 37: Active Directory Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 85
4. Save the Service. Click Save. The Service now appears at the bottom of the Services list. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 85 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 86
86 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 87
Port Use Case This Service supports all three types of connections on a single port. The following figure illustrates both the overall flow of control for this hybrid service, in which complementary switch and Policy Manager configurations allow all three types of connections on a single port: Dell - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 88
Figure 43: Flow of the Multiple Protocol Per Port Case 88 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 89
Service Types" on page 92 l "Services " on page 101 n "Adding Services " on page 102 n "Modifying Services " on page 104 n "Reordering Services Services Service for Service-Rule match l The matching Service Service Service from using Service creation Wizard. l Top-Down Approach - Start with the Service - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 90
page, you can create a new service by clicking on any of the pre-configured Policy Manager Service Types. Each of the service types is listed in a graphical : Figure 44: Start Here page After you select a service type, the associated service wizard is displayed with a clickable diagram that shows on - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 91
Figure 45: Service Wizard with Clickable Flow The rest of the service configuration flow is as described in Policy Manager Service Types. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 91 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 92
service type for a description of the different tabs. For wireless clients connecting service of service can be service click service select the Authorization check box on the Service tab. Policy Manager fetches role mapping attributes from the authorization sources associated with service service - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 93
end hosts are defined as those clients that are found in the authentication source(s) associated with this service. Performing audit on a client is an asynchronous task, which means the audit can be performed only the following ways: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 93 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 94
for a service. Optionally configure service click on the Authorization tab. This tab is service select the Authorization check box on the Service tab. Policy Manager fetches role mapping attributes from the authorization sources associated with service service with this service click on the - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 95
end hosts are defined as those clients that are found in the authentication source(s) associated with this service. Performing audit on a client is an asynchronous task, which means the audit can be performed RADIUS CoA Action link. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 95 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 96
out with legend below) For clients connecting through an Ethernet LAN, with authentication via IEEE 802.1X. 802.1X Wired MAC Authentication Except for the service rules shown above, configuration for the the authorization sources. 96 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 97
in the authentication source (s) associated with this service. Performing audit on a client is an page 92 service type for a description of the other tabs. Web-based authentication service for guests service rule (Connection:Protocol EQUALS WebAuth) that categorizes request into this type of service - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 98
service rule (Connection:Protocol EQUALS WebAuth) that categorizes request into this type of service. There is also an external service This type of service is the same as regular 802.1X Wireless Service, except that posture type of service is the same as regular 802.1X Wired Service, except that - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 99
trying to access the network. NOTE: Authentication, Posture, and Audit tabs are not available for this service type. Role mapping rules can be created based on the RADIUS attributes that are returned by the proxy to the proxy targets. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 99 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 100
is associated with this service type. Rules can be added to filter the request based on the Date and Connection namespaces. See "Rules Editing and Namespaces" on page 341 for more information. TACACS+ users can be authenticated against any of the supported User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 101
you can edit their settings. Figure 46: Service Listing Page The Services page includes the following fields. Table 40: Services page Label Description Add Service Add a service Import Import previously exported services Services Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 101 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 102
icon allows you to toggle the status of a Service between Enabled and Disabled. Note that when a service is in Monitor Mode, an [m] indicator is service using the Add Service option. Click on Add Service in the upper-right corner to add a new service. Figure 47: Add Service Page The Add Service - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 103
this service. l Authentication: The Authentication method to be used for this service. l Connection: Originator supported namespace. See "Namespaces" on page 341 for an exhaustive list of namespaces and their descriptions. To create new Services, you can copy or import other Services Guide 103 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 104
server configuration steps. For this type of service you can perform audit Always, When posture in the authentication source(s) associated with this service. Performing audit on a client is an Services Navigate to the Configuration > Services page to view available services. You can use these service - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 105
service is enabled or disabled. NOTE: You can disable a service Service service currently being modified. TACACS+ Service, for example, allows for authorization configuration.RADIUS Service Service Rule table. The following fields are available. Table 43: Service Service type. When working with service - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 106
service. l Connection: Originator address (Src-IP-Address, Src-Port), Destination address (Dest-IP-Address, Dest-Port), and Protocol l Device: Filter the service is only available when the request type is RADIUS. l Any other supported namespace. See "Namespaces" on page 341 for an exhaustive list of - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 107
Figure 51: Reordering Services Table 44: Reordering Services Label Description Move Up/Move Down Select a service from the list and move it up or down Save Save the reorder operation Cancel Cancel the reorder operation Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 107 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 108
108 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 109
service type. l Authentication Source. In Policy Manager, an authentication source is the identity store (Active Directory, LDAP directory, SQL DB, token server) against which users and devices are authenticated. Policy Manager first tests whether the connecting configured for the Service. The flow - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 110
Service, you can add or modify authentication method or source, by opening the Service (Configuration > Services , then select), then opening the Authentication tab. l For a new Service of the context of a particular Service, you can open an authentication method - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 111
45: Authentication Features at the Service Level Configurable Component Sequence of Authentication Method is only configurable for some service types. Refer to "Policy Manager Service Types" on page 92 for and Modifying Authentication Methods Policy Manager supports specific EAP and non-EAP, tunneled - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 112
Table 46: Policy Manager Supported Authentication Methods EAP Non-EAP Tunneled Services page (Configuration > Service), you can configure authentication for a new service (as part of the flow of the Add Service wizard), or modify an existing authentication method directly Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 113
details. Figure 55: PAP General Tab Table 47: PAP General Tab Parameter Description Name/Description Freeform label and description. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 113 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 114
Encryption Scheme Description In this context, always PAP. Select the PAP authentication encryption scheme. Supported schemes are: Clear, Crypt, MD5 and SHA1. MSCHAP The MSCHAP method contains one tab and defines session details. 114 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 115
The EAP-GTC method contains one tab. General Tab The General tab labels the method and defines session details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 115 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 116
EAP-TLS method contains one tab. General Tab The General tab labels the method and defines session details. 116 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 117
or Compare CN or SAN. l To perform a binary comparison of the stored (in the client record in Active Directory or another LDAP-compliant directory) and Optional or Required if the certificate should be verified by the Online Certificate Status Protocol (OCSP). Select None to not verify the - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 118
Manager within the session timeout interval. Session Timeout How long (in hours) to retain cached EAP-TTLS sessions. 118 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 119
The EAP-PEAP method contains two tabs: General Tab The General tab labels the method and defines session details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 119 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 120
support. When EAPoUDP support is enabled Policy Manager does not expect user authentication to happen within the protected tunnel. Microsoft NAP Enable while Policy Manager establishes the protected PEAP tunnel with a Microsoft NAP- 120 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 121
Parameter Support Description enabled client. When enabled, Policy Manager prompts the client for Microsoft Statement of Health (SoH) credentials. Enforce : General Tab The General tab labels the method and defines session details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 121 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 122
(identity matching) upon presenting Policy Manager with a client certificate: l To skip the certificate comparison, choose Do not compare. 122 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 123
Alternate Name (SAN), or Compare CN or SAN. l To perform a binary comparison of the stored (in the end-host record in Active Directory or another LDAP-compliant directory) and presented certificates, tab enables/disables PAC types: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 123 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 124
Specify the Machine PAC Expire Time (the time until the PAC expires and must be replaced, by automatic or manual provisioning) in hours, days, weeks, months, or years. This can be a long-lived PAC (specified in and authenticated modes: 124 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 125
authenticated provisioning modes are enabled, and the end-host sends a cipher suite that supports server authentication, Policy Manager picks the authenticated provisioning mode. l Otherwise, if the Manager rejects end-host Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 125 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 126
requests of unknown clients. If this is not enabled, Policy Manager automatically rejects a request whose MAC address is 126 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 127
Service as authentication methods. Adding and Modifying Authentication Sources Policy Manager supports the following Authentication Sources: Table 57: Policy Manager Supported directory service Policy Kerberos service Policy store) containing user records. Open Data Base Connectivity store) - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 128
stores), connection between the client and server computers is secure and can be trusted. From the Services page (Configuration > Service), you can configure authentication source for a new service (as part of the flow of the Add Service wizard), or modify an existing authentication source directly - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 129
Directory authentication sources contain three tabs: General Tab The General tab labels the authentication source and defines session details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 129 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 130
or Active Directory. Use for Authorization This check box instructs Policy Manager to fetch role mapping attributes (or authorization "," additional authorization sources can be specified at the Service level. Policy Manager fetches role mapping attributes regardless Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 131
the server priority of the backup servers. This is the order in which Policy Manager attempts to connect to the backup servers if the primary server is unreachable. Primary Tab The Primary tab defines the settings the Bind DN field. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 131 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 132
is displayed at the top of the LDAP Browser. NOTE: This is also one way to test the connectivity to your LDAP or AD directory. If the values entered for the primary server attributes are correct, you certificate can be retrieved. 132 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 133
the filter, you can specify an alias name. l Enabled As: Specify whether value is to be used directly as a role or attribute in an Enforcement Policy. This bypasses the step of having to assign a role in the available directories. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 133 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 134
:Name}$)) %{Host:Name} is populated by Policy Manager with name of the connecting host (if available). dNSHostName, operatingSystem and operatingSystemServicePack attributes are fetched with this to a more readable name: groupName) 134 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 135
Browse Tab) Table 62: AD/LDAP Configure Filter Popup (Browse Tab) Navigation Description Find Node / Go Go directly to a given node by entering its Distinguished Name (DN) and clicking on the Go button. AD/LDAP in the filter query. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 135 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 136
Tab) Parameter Description Find Node / Go directly to a given node by entering its Distinguished a node of interest, inspecting the attributes, and then manually entering the attribute name by clicking on Click to add... the browser, or it can be manually populated. To aid in populating the value - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 137
understand how to find a user or device connecting to the network in LDAP or Active Directory. Directory, an attribute called sAMAccountName stores the user ID. The attributes user ID of the user connecting to the network. Step 4 this attribute can be used directly in Enforcement Policies (See "Configuring - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 138
the attribute name. Enabled As: Click here to enable this attribute value to be used directly as a role in an Enforcement Policy. This bypasses the step of having to assign tabs, respectively. From this tab, you can also manually edit the filter query and attributes to be fetched. 138 Dell - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 139
Integer rather than a String, then the list of Operator values will populate with values that are specific to Integers. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 139 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 140
to the list of authorization sources. Click Remove to remove it from the list. NOTE: As described in "Services," additional authorization sources can be specified at the Service level. Policy Manager fetches role mapping attributes regardless of which 140 Dell Networking W-ClearPass Policy Manager - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 141
servers. This is the order in which Policy Manager attempts to connect to the backup servers. Primary Tab The Primary tab defines the Service Principal The identity of the service principal as configured in the Kerberos server. Name Service Principal Password for the service | User Guide 141 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 142
Generic SQL DB. Use for Authorization This check box instructs Policy Manager to fetch role mapping attributes (or authorization : As described in "Services," additional authorization sources can be specified at the Service level. Policy Manager fetches W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 143
Description connection details This is the order in which Policy Manager attempts to connect to the backup servers. Cache Timeout Policy Manager caches attributes the ODBC driver (Postgres or MSSQL in this release) to connect to database. Attributes Tab The Attributes tab defines the SQL DB - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 144
Configure Filter popup defines a filter query and the related attributes to be fetched from the SQL DB store. Figure 85: Generic SQL DB Filter Configure Popup Table 71: Generic SQL DB Configure Filter Popup user or device record in DB 144 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 145
, Integer, Boolean, etc. Enabled As: Specify whether this value is to be used directly as a role or attribute in an Enforcement Policy. This bypasses the step of having to context, Token Server Use for Authorization This check box instructs Policy Manager to fetch role mapping attributes (or - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 146
Services," additional authorization sources can be specified at the Service tab appears, you can specify connection details for a backup server in which Policy Manager attempts to connect to the backup servers. Primary connections. The default port is 1812. Secret RADIUS shared secret to connect - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 147
of the configuration. General Tab The General Tab labels the authentication source. Figure 89: Static Host List (General Tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 147 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 148
Tab The General tab labels the authentication source and defines session details, authorization sources, and backup server details. 148 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 149
instructs Service level. Policy Manager fetches role mapping attributes regardless of which authentication source the user or device was authenticated against. Backup Servers To add a backup server, click Add Backup. When the Backup 1 tab appears, you can specify connection to connect to the - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 150
: Indicates whether an attribute has been enabled as a role. Add More Filters Brings up the filter creation popup. 150 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 151
query and the related attributes to be fetched from the SQL DB store. Figure 94: HTTP Filter Configure Popup Table 79: HTTP Configure , Integer, Boolean, etc. Enabled As: Specify whether value is to be used directly as a role or attribute in an Enforcement Policy. This bypasses the step of having - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 152
152 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 153
source can be mapped directly to a role. ("Adding and Modifying Authentication Sources " on page 127) l Associated directly with a user 159 and "Adding and Modifying Guest Users " on page 161). l Associated directly with a static host list, again through role mapping ("Adding and Modifying Static - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 154
Service invokes its Role Mapping Policy, resulting in assignment of a role(s) to the client. This role becomes the identity component of Enforcement Policy decisions. NOTE: A service Policy can be configured for each service. Policy Manager ships with the an Policy Manager Service invokes its Role - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 155
From the Services page (Configuration > Service), you can configure role mapping for a new service (as part of the flow of the Add Service wizard), or modify an existing role mapping policy directly (from a match for a given request). Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 155 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 156
(Mapping Rules Tab) When you select Add Rule or Edit Rule, Policy Manager displays the Rules Editor popup. 156 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 157
attributes that have been configured to fetched are shown in the attributes dropdown. l Certificate l Connection l Date l Device l Endpoint l GuestUser l Host l LocalUser l Onboard l TACACS , attribute or a time/date widget. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 157 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 158
from the menu (Configuration > Identity > Roles > Add Roles). In either case, roles exist independently of an individual Service and can be accessed globally through the Role Mapping Policy of any Service. When you click Add Roles from any of these locations, Policy Manager displays the Add New Role - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 159
database ([Local User Repository], [Guest User Repository]) supports storage of user records, when a particular class of or contractor records can be stored in the local user repository. NOTE: To authenticate local users from a particular Service, include [Local User Repository 6.0 | User Guide 159 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 160
listing page, click Export Users. l To import local users, in the Local Users listing page, click Import Users. 160 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 161
Users listing: l To add a guest user or device, click Add User. This opens the Add New Guest User popup. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 161 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 162
(Guest User only) Freeform labels and password. Click Auto Generate to auto-generate a password for the guest user. 162 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 163
includes the device name, owner, status, whether the device is expired, and the expiry time. Figure 107: Onboard Devices Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 163 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 164
on its check box, and then click the Authentication Records button. This opens the Endpoint Authentication Details popup. 164 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 165
Figure 110: Endpoint Authentication Details To manually add an endpoint, click Add Endpoint to display the Add Endpoint popup. Figure 111: Add Endpoint Table 86: listing page, click on the name to display the Edit Endpoint popup. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 165 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 166
be invoked the following ways: l In Service and Role-mapping rules as a component. l For non-responsive services on the network (for example, printers or sources. A static host list often functions, in the context of the Service, as a white list or a black list. Therefore, they are configured - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 167
. l To import Static Host Lists, in the Static Host Lists listing page, click the Import Static Host Lists link Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 167 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 168
168 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 169
Service. Posture Architecture and Flow Policy Manager supports three different types of posture checking: l Posture Policy. Policy Manager supports Posture Tokens. Policy Manager supports the Microsoft NPS Server for rules map clients to roles. Policy Manager supports two types of Audit Servers: NMAP - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 170
firewall configuration l Patch level of different software components l Peer to Peer application checks l Services to be running or not running l Processes to be running or not running Each configured access to the remediation servers. 170 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 171
system token provides the health posture component for input to the Enforcement Policy. A Service can also be configured without any Posture policy. Configuring Posture The following image displays how action on non-compliant Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 171 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 172
Modifying Posture Policies Policy Manager supports pre-configured posture plugins, absent Registry Keys, Services and processes, for present/absent Services, and product-/version system versions and service packs. n absent Registry Keys and Services, and product-/version-/update and service packs. 172 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 173
for a new service (as part of the flow of the Add Service wizard), or modify an existing posture policy or server directly (Configuration > Windows Server 2008, Microsoft Windows Server 2008 R2, and Linux OSes supported by ClearPass Linux NAP Agent. l OnGuard Agent - Use this 6.0 | User Guide 173 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 174
Server 2008 R2, Microsoft Windows Server 2003, Apple Mac OS X 10.5 or above, and Linux OSes supported by ClearPass Linux NAP Agent. Host Operating System Select Linux, Windows or Mac OS X. Note that Mac Tab) - Windows OnGuard Agent 174 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 175
Plugins Tab) - Mac OS X OnGuard Agent Refer to the following sections for plugin-specific configuration instructions: l "ClearPass Windows Universal System Health Validator - NAP Agent " on page 176 l "Windows or severely restricted. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 175 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 176
the Posture Plugins tab of the Posture configuration. Figure 124: ClearPass Windows Universal System Health Validator - NAP Agent 176 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 177
189 l "Virtual Machines" on page 190 l "Network Connections" on page 190 Services The Services page provides a set of widgets for specifying specific services to be explicitly running or stopped. Figure 125: Services Page Table 90: Services Page Parameter Description Auto Enable to allow auto - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 178
the text box adjacent to this button, then click Insert. Delete To remove a service from the list of available services, select it and click Delete. Processes The Processes page provides a set of widgets the Process page detail. 178 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 179
messages. When you save your Process details, the key information appears in the Processes to be present page list. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 179 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 180
the Display name Enter a user friendly name for the process. This is displayed in end-user facing messages. 180 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 181
present or Registry keys to be absent lists. Click Add for either condition to display the Registry page detail. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 181 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 182
configure the Antivirus application information. Figure 133: Antivirus Page (Overview - Before) When enabled, the Antivirus detail page appears. 182 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 183
of anti-virus status. l Check the Display Update URL check box to show the origination URL of the update. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 183 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 184
AntiSpyware detail page appears. Figure 138: AntiSpyware Page (Detail 1) Click Add to specify product, and version check information. 184 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 185
are the same for antivirus and antispyware products. Refer to the previous AntiVirusconfiguration instructions Firewall In the Firewall page, you can specify that a Firewall application must be , the Firewall detail page appears. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 185 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 186
stopped. When you select a peer to peer network, all applications that make use of that network are stopped. 186 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 187
Peer to Peer Page Parameter Description Auto Remediation Enable to allow auto remediation for service checks (Automatically stop peer to peer applications based on the entries in Applications 147: Patch Management Page (Detail 1) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 187 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 188
from the list l Product version is at least - Enter version number l Status check type - No check, Enabled, Disabled 188 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 189
USB Devices page provides configuration to control USB mass storage devices attached to an endpoint. Figure 151: USB Devices Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 189 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 190
Description Enable to allow auto remediation for virtual machines connected to the endpoint. Enable to allow user notifications are running on Host. Network Connections The Network Connections page provides configuration to control network connections based on connection type. 190 Dell Networking - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 191
User Notification Enable to allow user notifications for hotfixes check policy violations. Network Connection Types Click the >> or - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 192
connection exists or to disable all bridge network connections. Remediation Action for Internet Connection Sharing If Allow Internet Connection auto remediation configuration, the dissolvable OnGuard Agent does not support this feature. ClearPass Linux Universal System Health Validator User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 193
name in the text box adjacent to this button, then click Insert. To remove a service from the list of selectable services, select it and click Delete. The last option, located on the bottom of the list checks have been turned on. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 193 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 194
. Figure 158: Antivirus Check view When you save your Antivirus configuration, it appears in the Antivirus page list. 194 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 195
page). The dissolvable agent version of the ClearPass Linux Universal System Health Validator supports all the features supported by the "ClearPass Linux Universal System Health Validator - NAP Agent" on page the Posture configuration. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 195 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 196
Antivirus detail page appears. Figure 162: Antivirus Page (Detail 1) Click Add to specify product and version check information. 196 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 197
elements are the same for anti-virus and antispyware products. Refer to the anti-virus configuration instructions above. l In the Firewall page, you can specify that a Firewall application must be on security application types. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 197 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 198
restrict access based on the absence of the selected security application types. Figure 165: Windows Security Health Validator 198 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 199
System Health Validator - OnGuard Agent This validator checks for current Windows Service Packs. The OnGuard Agent also supports legacy Windows operating systems such as Windows 2000 and Windows Server 2003 Posture Servers. The Posture Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 199 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 200
the Services page (Configuration > Service), you can configure a posture server for a new service (as part of the flow of the Add Service wizard), or modify an existing posture server directly (Configuration from the drop-down list. 200 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 201
is configured, Policy Manager will attempt to connect to the backup server after this timeout. For the backup server to be invoked on primary server failover, check the Enable to use backup when primary does not respond check box. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 201 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 202
202 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 203
not be able to send posture credentials or identify themselves.) A Policy Manager Service can trigger an audit by sending a client ID to a pre-configured Audit global level. Only one audit server may be associated with a Service. The flow-ofcontrol of the audit process occurs as follows: Dell Networking - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 204
(version 2.X) and NMAP servers. For enterprises with existing audit server infrastructure, or otherwise preferring external audit servers, Policy Manager supports these servers externally. This section contains the following topics: l "Built-In Audit Servers" on page 205 l "Custom Audit Servers - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 205
in the case of 802.1X and MAC authentication requests. Policy Manager has a built-in DHCP snooping service that can examine DHCP request and response packets to derive the IP address of the endhost. For this to of the end-host. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 205 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 206
hosts are those end-hosts that are not found in any of the authentication sources associated with this service. n For all end-hosts. For both known and unknown end-hosts. Reauthenticate client Check the select the downloaded file. 206 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 207
infrastructure, or otherwise preferring custom audit servers, Policy Manager supports NESSUS (2.x and 3.x) (and NMAP scans using the l To configure an audit server for a new service (as part of the flow of the Add Service wizard), navigate to Configuration > Posture > Audit Servers | User Guide 207 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 208
Posture status if evaluation does not return a condition/action match. Select a status from the drop-down list. The Primary Server and Backup Server tabs specify connection information for the NESSUS audit server. 208 Dell Networking W-ClearPass Policy Manager 6.0 | User - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 209
that allow determination of Role(s) through post-audit rules. The Audit tab labels the Server and defines configuration details. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 209 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 210
return a condition/action match. Select a status from the drop-down list. The NMAP Options tab specifies scan configuration. 210 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 211
the UDP Scan check box. NMAP option -sU. Service Scan Detect Host Operating System Port Range/ Host Timeout/ In Progress Timeout To enable, check the Service Scan check box. NMAP option -sV. To enable Configuration page displays. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 211 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 212
remember selections as you select other plugins from other plugin families. n When finished, click the Selected Plugins tab. 212 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 213
Figure 180: Nessus Scan Profile Configuration (Profile Tab) l The Selected Plugins tab displays all selected plugins, plus any dependencies. To display a synopsis of any listed plugin, click on its row. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 213 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 214
: Nessus Scan Profile Configuration (Selected Plugins Tab) Figure 183: Nessus Scan Profile Configuration (Selected Plugins Tab) - Vulnerability Level 214 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 215
way of example of how plugins use this information, consider a plugin that must access a particular service, in order to determine some aspect of the client's status; in such cases, login information Server Configurations (Rules Tab) Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 215 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 216
includes the names of the roles configured in Policy Manager. Save To commit a Condition/Action pairing, click Save. 216 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 217
NAD). Policy Manager sends these attributes by evaluating an Enfocement Policy associated with the service. The evaluation of Enforcement Policy results in one or more Enforcement Profiles; each of where the request originated. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 217 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 218
be referenced in an enforcement policy that is associated with a Service to be evaluate, From the Enforcement Policies page (Configuration > of the Add Enforcement Policy wizard), or modify an existing Enforcement Profile directly (Configuration > Enforcement > Profiles, then click on its name in - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 219
. From the Enforcement Profile page, when you click Add Enforcement Profile, Policy Manager displays the Add Enforcement Profile page: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 219 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 220
for "Disconnect" (Terminate Session) actions for the different supported vendor devices; there is no need to create profiles service & command authorization. l SNMP Based Enforcement - Generic SNMP based enforcement profile with SNMP dictionaries for VLAN steering and Reset Connection 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 221
marked in the dictionary with the OUT or INOUT qualifier. The following figures illustrate rules for several sample profiles: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 221 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 222
; F - Figure 190: RADIUS Enforcement Profile (Attributes Tab) Figure 191: RADIUS Enforcement Profile (Attributes Tab) - Generic RADIUS Enforcement Profile 222 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 223
down that contains all the authorization attributes. You can use these directly to assign dynamic values in the profile. Refer to figure the CoA template attributes supported a specific template. Interface Description Select RADIUS CoA Template The supported template types are: | User Guide 223 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 224
dictionary attributes supported by Policy Connection (after the settings are applied) Reset Connection is a primitive that does different actions based on the capabilities of the network device. For devices that support service attributes. 224 Dell Networking W-ClearPass Policy Manager 6.0 | User - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 225
to your network device documentation for definitions of the different privilege levels. Selected Services To add supported services, click Add. To remove a service, select it and click Remove. Policy Manager supports ARAP,eTIPS:HTTP (Policy Manager administrative interface login), PIX shell, Shell - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 226
in the Commands field. Commands Commands Contains a list of the commands recognized for the specified Service Type: To add a command, click Add. In the Configure Tacacs Command Authorization popup, enter users of Insight application. 226 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 227
Device Enter the device on which the CLI commands are executed. Typically, this is the edge device on which the user/endpoint connected (%{Connection:NAD-IP-Address}). Command Multiple commands (separated by a new line) that are executed on the target device. Dell Networking W-ClearPass Policy - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 228
Enforcement Profiles This figure illustrates rules for the two sample profiles: A- ClearPass Entity Update Enforcement, B-Session Restrictions Enforcement 228 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 229
be associated with each Service. From the Services page (Configuration > Service), you can configure enforcement policy for a new service (as part of the flow of the Add Service wizard), or modify Add Enforcement Policy wizard page: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 229 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 230
the Rules tab, click New Rule to display the Rules Editor: Figure 201: Add Enforcement Policy (Rules Tab) 230 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 231
to Network Access Device. If a rule matches and there are multiple enforcement profiles, the enforcement profile disambiguation rules apply. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 231 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 232
232 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 233
"Adding and Modifying Proxy Targets " on page 240 Adding and Modifying Devices To connect with Policy Manager using the supported protocols, a NAD must belong to the global list of devices in the Policy the images that follow. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 233 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 234
) of the device. RADIUS/TACACS+ Enter and confirm a Shared Secret for each of the two supported request protocols. Shared Secret Vendor Optionally, specify the dictionary to be loaded for this device. NOTE: to dismiss the popup. 234 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 235
when demonstrating static IP-based device profiling because this does not require any trap configuration on the network device. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 235 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 236
Manager uses this access method to log into the device CLI. Port SSH or Telnet TCP port number. 236 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 237
Groups Policy Manager groups devices into Device Groups, which function as a component in Service and Role Mapping rules. Device Groups can also be associated with Enforcement Profiles; Policy Configuration > Network > Device Groups. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 237 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 238
Figure 208: Device Groups Page To add a Device Group, click Add Device Group. Complete the fields in the Add New Device Group popup: 238 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 239
Figure 209: Add New Device Group Popup Table 131: Add New Device Group popup Container Description Name/ Description/ Specify identity of the device. Format Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 239 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 240
, one or more of the following SNMP MIBs must be supported by the device: RFC-1213 MIB, IF-MIB, BRIDGE- first Service in priority order that contains a Service Rule for RADIUS proxy Services and appending used in configuring RADIUS proxy Services. (Refer to "Policy Manager Service Types" on page 92 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 241
You can also add a new proxy target from the Services page (Configuration > Service (as part of the flow of the Add Service wizard for a RADIUS Proxy Service Type). Figure 211: Add Proxy Target Popup Table 132 for this port is 1813. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 241 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 242
the left), and then click Delete. Commit the deletion by selecting Yes. Dismiss the popup by selecting No. 242 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 243
Trust List " on page 298 l "Revocation Lists " on page 299 l "RADIUS Dictionaries " on page 301 l "Posture Dictionaries " on page 302 l "TACACS+ Services " on page 303 l "Fingerprints " on page 304 l "Attributes " on page 305 l "OnGuard Settings " on page 308 l "Guest Portal " on page 310 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 244
XML file. Deletes a selected User. Select the Add User link in the upper right portion of the page. 244 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 245
Users Select the Import Users link in the upper right portion of the page. Figure 214: Import (Admin) Users Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 245 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 246
Privileges Import Admin Privileges Select the Import Admin Privileges link on the upper right side of the page. 246 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 247
page 252 l "Make Subscriber " on page 252 l "Upload Nessus Plugins " on page 253 l "Cluster-Wide Parameters " on page 254 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 247 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 248
row provides the following interfaces for configuration: l "System Tab " on page 260 l "Services Control Tab " on page 264 l "Service Parameters Tab " on page 264 l "System Monitoring Tab " on page 272 l "Network the Date &Time tab. 248 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 249
set time zone on the subscriber, select the specific server and set time zone from the server-specific page. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 249 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 250
. NOTE: Changing this password also changes the password for the CLI user - 'appadmin'. Figure 220: Change Cluster Password 250 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 251
all nodes in a cluster. These runtime states include: l Roles and Postures of connected entities l Connection status of all endpoints running OnGuard l Endpoint details gathered by OnGuard Agent CPPM Figure 221: Policy Manager Zones Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 251 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 252
Targets Table 140: NetEvents targets Container Description Target URL HTTP URL for the service that support POST and requires Authentication using Username / Password. NOTE: For an external Insight occur only on this master 252 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 253
node. The Policy Manager appliance defaults to a Publisher node unless it is made a Subscriber node. Cluster commands can be used to change the Server Manager > Server Configuration page, and click on the Upload Nessus Plugins link. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 253 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 254
> Server Manager > Server Configuration page, and click on the Cluster-Wide Parameters link. Figure 225: Cluster-Wide Parameters 254 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 255
to store the role mapping and posture results derived by the policy engine during policy evaluation. This result can then be used in subsequent evaluation of policies associated with a service, if cleaned up from the endpoints table. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 255 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 256
appexternal" password For this connection to the database, enter the password for the "appexternal" username. Collect Logs When you need to review performance or troubleshoot issues in detail, The Collect Logs dialog box appears. 256 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 257
caution, and use this only when you want to debug a problem. System performance can be severely impacted. n Diagnostic dumps from Policy Manager services 5. Enter the time period of the information you want to compressed with GZip. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 257 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 258
can also be performed using the "backup" CLI command Figure 227: Backup Popup Figure 228: Post-Backup Popup 258 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 259
File is on server. Browse to select name of backup file (shown only when Upload file to server radio Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 259 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 260
click on a server name in the table. The Server Configuration form opens by default on the System tab. 260 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 261
Tab Table 146: Server Configuration System tab Container Description Hostname Hostname of Policy Manager appliance. It is not necessary to enter the fully qualified domain name here. Policy for data interface Default Gateway Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 261 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 262
- Click on this button to disassociate this Policy Manager appliance from an Active Directory domain. NOTE: For most use cases, if you have multiple nodes in the cluster, you must join each node to the same Active Directory domain. 262 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 263
join the domain User Name User ID of the domain administrator account Password Password of the domain administrator account Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 263 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 264
Server Service Parameter Description Machine Authentication Cache Timeout This specifies the time (in seconds) for which machine authentication entries are cached by Policy Manager Authentication Thread Pool Size This specifies the number of threads to use for LDAP/AD and SQL connections - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 265
Service Parameter Description primary server again. External Posture Server Thread Pool Size This specifies the number of threads to use for posture servers. External Posture Server Primary Retry Interval Once a primary posture server is down, Policy Manager connects connects to to connect - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 266
Connection Count Maximum number of Local DB DB connections opened AD/LDAP Authentication Source Connection Count Maximum number of AD/LDAP connections opened SQL DB Authentication Source Connection Count Maximum number of SQL DB 266 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 267
across cluster Accounting Whether PACs generated by this server are valid across the cluster or not Log Accounting Interim-Update Packets Store the Interim-Update packets in session logs. Figure 235: TACACS+ Service Parameters Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 267 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 268
service parameters for PHP configuration as well as if all your http traffic flows through a proxy server. Policy Manager relies on an http connection take some action. Socket Timeout Maximum time for any socket connections. Enable zlib output compression Setting to compress the output files. - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 269
address. Any DHCP message received in this time period will refresh the MAC to IP binding. Typically, audit service will request for a MAC to IP mapping as soon the RADIUS request is received, but the client may that the client got Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 269 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 270
to wait before processing link-up traps. If a MAC notification trap arrives in this time, SNMP service will not try to poll the switch for MAC addresses behind a port for link-up processing IP Address polling for device information. 270 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 271
device to which the client is connected. Figure 238: System Monitor Service Parameters Table 153: Services Parameters tab - System monitor service Service Parameter Description Free Disk Space . 5 Min CPU load average Threshold Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 271 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 272
Tab Table 154: System Monitoring tab details Service Parameter Description System Location/System Contact Policy Manager appliance location and contact information SNMP Configuration: Version and keep the communication private) 272 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 273
Service Parameter Description SNMP Configuration: SNMP v3: Authentication Protocol Authentication protocol (MD5 or SHA) and key SNMP Configuration: SNMP v3: internet. Navigate to the Network Interfaces tab and click Create Tunnel. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 273 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 274
dismiss changes. Creating VLAN Navigate to the Network Interfaces tab and click Create VLAN. Figure 242: Creating VLAN 274 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 275
the VLAN. Create/Cancel Commit or dismiss changes. Your network infrastructure must support tagged 802.1Q packets on the physical interface selected.VLAN ID 1 is interface for configuration: Figure 243: Log Configuration (Services Level tab) Dell Networking W-ClearPass Policy Manager 6.0 | User - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 276
to configure logs. All nodes in the cluster appear in the drop down list. Select Service Specify the service for which to configure logs. Module Log Level Settings Enable this options to set the Configuration (System Level tab) 276 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 277
level is based on the default log level specified on the Service Log Configuration tab. Restore Click Save to save changes or folder drop-down list. Currently supported folder types are listed below: l Backup files - Database backup files backed up manually (tar.gz format) l Log | User Guide 277 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 278
number of purchased licenses for Policy Manager, OnGuard,Guest, and Onboard. Figure 246: Licensing Page - License Summary tab 278 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 279
. 2. Click the Applications tab. Figure 249: Licensing Page - Applications tab 3. Click Activate in the Activation Status column. 4. Click OK. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 279 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 280
page 282 l "Export all SNMP Trap Servers " on page 282 l "Export a Single SNMP Trap Server " on page 283 280 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 281
> External Servers > SNMP Trap Receivers and select the Add SNMP Trap Server link. Figure 252: Add SNMP Trap Server Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 281 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 282
select the Export SNMP Trap Server link. This link exports all configured SNMP Trap Receivers. Click Export Trap 282 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 283
. Export Opens the Export popup. Delete To delete a Syslog Target, select it (check box at left) and click Delete. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 283 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 284
165: Import from file Container Description Select File Browse to the Syslog Target configuration file to be imported. 284 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 285
" on page 286 l "Import Syslog Filter " on page 288 l "Export Syslog Filter " on page 289 l "Export " on page 289 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 285 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 286
add a Syslog Filter, navigate to Administration > External Servers > Syslog Filters > Add Syslog Filter. Refer to the following image. 286 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 287
for the custom SQL by clicking the link below the text entry field. NOTE: We recommend that users who choose the Custom SQL method contact Support. Support can assist you with entering the correct information in this template. Dell Networking W-ClearPass Policy Manager 6.0 | User - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 288
from the Selected Columns list. Import Syslog Filter Navigate to Administration > External Servers > Syslog Filters > Import Syslog Filter. 288 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 289
Setup The Policy Manager Messaging Setup menu at Administration > Server Manager > Messaging Setup provides the following interface for configuration: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 289 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 290
messages, enter the credentials here. Default from address All emails sent out will have this from address in the message. Use SSL Use secure SSL connection for communications with the server. Port This is TCP the port number that the SNMP server listens on - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 291
Providers tab) Table 171: Messaging Setup (Mobile Service Providers tab) Container Description Add Add a mobile service provider Provider Name Name of the provider Mail Address > External Servers > Endpoint Context Servers. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 291 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 292
supported for the following vendors: l Airwatch l JAMF l MaaS360 l MobileIron l SOTI These mobile device management platforms run on MDM servers. These servers provision mobile devices to configure connectivity settings, enforce security policies, restore lost data, and other administrative services - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 293
" on page 296 l "Export Server Certificate " on page 298 l "Import Server Certificate " on page 298 Figure 264: Server Certificates Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 293 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 294
: Create Self-Signed Certificate After you click Submit, you will be prompted to install the self-signed certificate 294 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 295
. This field is optional. Private Key Password Specify and verify password. This field is required. Verify Private Key Password Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 295 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 296
Click on the Install button to install the certificate on the selected server. NOTE: All services are restarted; you must relogin into the UI to continue. Create Certificate Signing Request Navigate as part of the enrollment process. 296 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 297
is required. Verify Private Key Password Key Length Select length for the generated private key: 512, 1024 , or 2048. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 297 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 298
Certificate; to delete a certificate, select the check box to the left of the certificate and then click Delete. 298 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 299
List. To delete a revocation list, select the check box to the left of the list and then click Delete. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 299 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 300
specified in the list. Or select Periodically update to check periodically and at the specified frequency (in days). 300 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 301
import the file back into Policy Manager. Enable/Disable Enable or disable this dictionary. Enabling a dictionary makes it appear in the Policy Manager rules editors (Service rules, Role mapping rules, etc.). Dell Networking W-ClearPass Policy Manager 6.0 | User - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 302
, sorted by Vendor Name, Vendor ID, Application Name, or Application ID, navigate to: Administration > Dictionaries > Posture. Fig: Posture 302 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 303
new TACACS+ service dictionary, click on the Import Dictionary link. To add or modify attributes in an existing service dictionary, select the dictionary, export it, make edits to the XML file, and import it back into Policy Manager. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 303 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 304
data types, click on a service row. For example, click on shell service to see all shell service attributes and their data type. Figure 279: Fig: Shell Service Dictionary Attributes Fingerprints The Device for more information.) 304 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 305
with role-based device policies for enabling appropriate network access. The Attributes page provides the following interfaces for configuration: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 305 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 306
. Add Attribute To add a new Attribute dictionary, select Add Attribute in the upper right portion of the page. 306 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 307
in the following table. Click Add when you are done. To modify attributes in an existing service dictionary, select the attribute, make any necessary changes, and then click Save. Table 187: an XML viewer. Figure 284: Import from file Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 307 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 308
is saved, agent deployment packages are created for Microsoft Windows and MAC OS X operating systems and placed at a fixed URL on the Policy Manager appliance. This URL can then be published to the user community. The agent deployment packages can also be downloaded to another location. 308 Dell - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 309
certificate check Enable to also perform client certificate based authentication. OnGuard extracts the client certificate from the logged in user's certificate store and presents this in the TLS echange with Policy Manager. Agent action when an update is available This setting determines what - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 310
different service rules for different portals. l SharedSecret: Secret shared with a Wireless Controller (for example, Xirrus Wireless Controller) when Policy Manager is configured as an external captive portal on the network device. 310 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 311
consisting of images, style sheets, scripts, etc. These are hosted on the Policy Manager appliance and can be referenced by prefixing the _eTIPS_GUEST_PORTAL_RESOURCE_ to the patch component. For example, if template. Note that the Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 311 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 312
, including Fingerprint l Software upgrades for the ClearPass family of products l Patch binaries, including Onboard, Guest Plugins and Skins 312 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 313
stored on ClearPass's webservice server. The ClearPass Policy Manager server periodically communicates with the webservice to inquire about available updates. You can download and install these updates directly to import the latest Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 313 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 314
support or other means) into this server. When logged in as appadmin, the Upgrade and Patch binaries imported can be installed manually update from the webservice server. If the download fails because of connectivity issues or a checksum mismatch, a Retry button will appear. Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 315
configuration, and database write operations are allowed only on this master node. The Policy Manager appliance defaults to a Publisher node unless it is made a Subscriber node. A Policy Manager Publisher can be made a Subscriber. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 315 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 316
entered, or if the appliance cannot communicate with the webservice, click Import Updates to upload the upgrade image that you received from Support (or through other case, the subscriber comes up with an empty database. Fix the problem by adding the subscriber back into the cluster from the CLI. - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 317
Cluster Commands" on page 319 l "Configure Commands" on page 322 l "Network Commands" on page 324 l "Service commands" on page 327 l "Show Commands" on page 328 l "System commands" on page 330 l " cluster list cluster make-publisher Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 317 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 318
333 network ip network nslookup network ping network traceroute network reset quit See "Miscellaneous Commands" on page 333 318 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 319
service activate service deactivate service list service restart service start service status service stop show date show dns show domain show all-timezones show hostname show ip showlicense show timezone show version system boot-image system gen-support ClearPass Policy Manager 6.0 | User Guide 319 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 320
node a publisher. Syntax cluster make-publisher Example [appadmin]# cluster make-publisher * WARNING: Executing this command will promote the * 320 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 321
the new cluster password. Syntax cluster set-cluster-passwd Returns [appadmin]# cluster set-cluster-passwd cluster set-cluster-passwd Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 321 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 322
time with specified NTP server. -d Required. Syntax: yyyy-mm-dd -t Optional. Syntax: hh:mm:ss -z Optional. Syntax: To view the list of supported timezone values, enter: show all-timezones. 322 Dell Networking W-ClearPass Policy Manager 6.0 | User - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 323
Network interface type: mgmt or data l Server ip address. netmask Netmask address. gateway Gateway address. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 323 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 324
]# configure timezone configure timezone * WARNING: When the command is completed Policy Manager services * * are restarted to reflect the changes. * Continue? [y|Y]: y Network specified. Syntax network ip del 324 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 325
.com Example 2 [appadmin]# nslookup -q SRV arubanetworks.com ping Tests reachability of the network host. Syntax network ping [-i ] [-t] Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 325 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 326
: Traceroute Commands Flag/Parameter Description Name of network host. Example [appadmin]# network traceroute sun.us.arubanetworks.com 326 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 327
Policy Manager service. Syntax service Where , status, or stop. service-name Choose a service: tips-policy-server, tips service [ tips-dbwrite-server ] DB replication service [ tips-repl-server ] System monitor service [ tips-sysmon-server ] Example 3 [appadmin]# service - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 328
show dns Example [appadmin]# show dns show dns DNS Information Primary DNS : 192.168.5.3 Secondary DNS : 328 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 329
> DNS Information Primary DNS : 192.168.5.3 Secondary DNS : Tertiary DNS : license Displays the license key. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 329 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 330
Policy Manager command line interface includes the following system commands: l "boot-image" on page 330 l "gen-support-key" on page 331 l "install-license" on page 331 l "restart" on page 331 l "shutdown" [-l] [-a ] Where: 330 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 331
image gen-support-key Generates the support key for the system. Syntax system gen-support-key Example [appadmin]# system gen-support-key system gen-support-key Support key=' restart Example [appadmin]# system restart system restart Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 331 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 332
patches installed on the system. Example [appadmin]# system update upgrade Upgrades the system. Syntax system upgrade Where: 332 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 333
page 339 l "restore" on page 338 ad auth Authenticate the user agains AD. Syntax ad auth --username= Where: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 333 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 334
is a member of the AD domain. Syntax ad testjoin Example [appadmin]# ad testjoin alias Creates or removes aliases. 334 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 335
.gz Continue? [y|Y]: y dump certchain Dumps certificate chain of any SSL secured server. Syntax dump certchain Where: Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 335 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 336
: Table 215: Dump Servercert Commands Flag/Parameter Description Specifies the hostname and SSL port number. 336 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 337
list of supported commands Join host to the domain Remove host from the domain Network troubleshooting commands Exit the shell Restore Policy Manager database Control Policy Manager services Show ]# krb auth [email protected] Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 337 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 338
database. -l Optional. If it exists in the backup, restore log database. -i Optional. Ignore version mismatch errors and proceed. 338 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 339
on restore.) Example [appadmin]# restore user@hostname:/tmp/tips-backup.tgz -l -i -c -s quit Exits shell. Syntax quit Example [appadmin]# quit Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 339 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 340
340 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 341
Interface (UI) you use the same editing interface to create different types of objects: l Service rules l Role mapping policies l Internal user policies l Enforcement policies l Enforcement profiles l the posture namespace; when you Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 341 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 342
:Juniper. RADIUS namespace appears in the following editing contexts: n Service rules: All RADIUS namespace attributes that can appear in a request and Activity Reports l Authorization Namespaces - Policy Manager supports a number of types of authorization sources. Authorization sources | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 343
ones supported for the integer data type (See section for more details. Date namespace appears in the following editing contexts: n Service rules n Role mapping policies n Enforcement policies n Filter rules for Access Tracker and Activity Reports l Connection Namespace - The connection namespace - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 344
Client-IP-Address IP address of the client (if known) Connection namespace appears in the following editing contexts: n Service rules n Role mapping policies l Authentication Namespace - The authentication (See EAP-FAST in 344 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 345
associated with the subject (user or machine, in this case). Not all of these fields are populated in a certificate. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 345 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 346
only if you have prepopulated the values for these attributes when a guest user is configured in Policy Manager. 346 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 347
, Insight, Edge. Variables Variables are populated with the connection-specific values. Variable names (prefixed with % and enclosed runtime rule evaluation. The following built-in variables are supported in Policy Manager: Table 223: Policy Manager Variables Policy Manager 6.0 | User Guide 347 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 348
RADIUS:Airespace:Airespace-Wlan-Id} in rules or filters. Operators The rules editing interface in Policy Manager supports a rich set of operators. The type of operators presented in the UI is based on the , and all string data types 348 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 349
if the run-time value of the attribute matches a set of configured string values. E.g., RADIUS:IETF:Service-Type BELONGS_TO Login-User,Framed-User, Authenticate-Only For integer data type, true if the run-time value configured value. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 349 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 350
a static host list or a network device group, depending on the attribute). E.g., RADIUS:IETF:Calling-Station-Id BELONGS_TO_GROUP Printers. 350 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 351
EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. GNU LGPL Version 2, - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 352
the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it that what they have is not the original version, so that any problems introduced by others will not reflect on the original authors' reputations. 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 353
the files modified to carry prominent notices stating that you changed the files and the date of any change. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 353 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 354
the work is itself a library. The threshold for this to be true is not precisely defined by law. 354 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 355
of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. 6. As an exception to the Sections above, you may also compile or link is void, and will Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 355 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 356
the Library by all those who receive copies directly or indirectly through you, then the only way , but may differ in detail to address new problems or concerns. Each version is given a distinguishing version exceptions for this. Our decision will be guided by the two goals of preserving the free - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 357
YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 358
, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened along with the Program. 358 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 359
, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 359 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 360
the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 361
version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number make exceptions for this. Our decision will be guided by the two goals of preserving the free SERVICING, REPAIR OR CORRECTION. Dell Networking W-ClearPass Policy Manager 6.0 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 362
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR Version 2.0, January 2004 362 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 363
the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, Dell Networking W-ClearPass Policy - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 364
to use the trade names, trademarks, service marks, or product names of the Licensor Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any charge a fee for, acceptance of support, warranty, indemnity, or other liability - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 365
* the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 365 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 366
product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" * 366 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 367
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, * Hudson ([email protected]). * Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 367 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 368
holder is Tim Hudson ([email protected]). * * Copyright remains Eric Young's, and as such any Copyright notices in 368 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 369
. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or * Eric Young ([email protected])" Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 369 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 370
OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR OF * SUCH DAMAGE. * 370 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 371
THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR remain with copyright holders. Dell Networking W-ClearPass Policy Manager 6.0 | User Guide 371 - Dell Powerconnect W-ClearPass Hardware Appliances | W-ClearPass Policy Manager 6 - Page 372
SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR OF SUCH DAMAGE." 372 Dell Networking W-ClearPass Policy Manager 6.0 | User Guide
Dell Networking
W-ClearPass
Policy Manager 6.0
User Guide