Viewing Session Details - Dell Powerconnect W-ClearPass Hardware Appliances User Manual

Container
WebAuth
Application

Viewing Session Details

To view details for a session, click on the row containing any entry. Policy Manager divides the view into multiple
tabs. Depending on the type of authentication - RADIUS, WebAuth, TACACS, Application - the view displays
different tabs.
Summary - This tab shows a summary view of the transaction, including policies applied.
l
Input - This tab shows protocol specific attributes that Policy Manager received in the transaction request; this
l
includes authentication and posture details (if available). It also shows Compute Attributes, which are attributes
that were derived from the request attributes. All of the attributes can be used in role mapping rules.
Output - This tab shows the attributes that were sent to the network device and the (posture capable) endpoint.
l
Alerts - This tab shows the reason for authentication or authorization failure.
l
Accounting - This tab is only available for RADIUS sessions. This shows the RADIUS accounting details for the
l
session, including reauthentication details.
Authorizations - This tab is only available for TACACS+ sessions. This shows the commands entered at the
l
network device, and the authorization status.
RADIUS CoA - This tab is only available for RADIUS transactions for which a RADIUS Change of
l
Authorization command was sent to the network device by Policy Manager. The view shows the RADIUS CoA
actions sent to the network device in chronological order.
Table 6:
Session Details Popup Actions
Container Description
Change This button allows you to change the access control status of a session. This function is only available
Status for RADIUS and WebAuth.
l
l
l
Export Export this transaction and download as a compressed (.zip extension) file. The compressed file
contains the session-specific logs, the policy XML for the transaction, and a text file containing the
Access Tracker session details.
Dell Networking W-ClearPass Policy Manager 6.0 | User Guide
Description
Web authentication transactions (Dissolvable Agent, OnGuard)
All Dell application authentications (Insight, GuestConnect)
Agent - This type of control is available for a session where the endpoint has the OnGuard Agent
installed. Actions allowed are: Bounce, Send Message and tagging the status of the endpoint as
Disabled or Known.
SNMP - This type of control is available for any session for which Policy Manager has the switch-
and port-level information associated with the MAC address of the endpoint. Policy Manager
bounces the switch port to which the endpoint is attached, via SNMP. Note that, for this type of
control, SNMP read and write community strings have to be configured for the network device;
furthermore, Policy Manager must be configured as an SNMP trap receiver to receive link
up/down traps.
RADIUS CoA - This type of control is available for any session where access was previously
controlled by a RADIUS transaction. Note that the network device must be RADIUS CoA capable,
and RADIUS CoA must be enabled when you configure the network device in Policy Manager. The
actions available depend on the type of device. The Disconnect (or Terminate Section) action is
supported by all devices. Some devices support setting a session timeout, changing the VLAN for
the session, applying an ACL, etc.
25