Dell Powerconnect W-ClearPass Hardware Appliances User Manual page 97

Service Type
Web-based
Authentication
Dell Networking W-ClearPass Policy Manager 6.0 | User Guide
Description/ Available Policy Components (in tabs)/ Service Rule (in Rules Editor)/
Service-specific policy components (called out with legend below)
NOTE: You cannot configure Posture for this type of service.
Audit can optionally be enabled for this type of service by checking the Audit End-hosts check
box on the Service tab.
You can perform audit For known end-hosts only or For unknown end hosts only or For all end
hosts. Known end hosts are defined as those clients that are found in the authentication source
(s) associated with this service. Performing audit on a client is an asynchronous task, which
means the audit can be performed only after the MAC authentication request has been
completed and the client has acquired an IP address through DHCP. Once the audit results are
available, there should be a way for Policy Manager to re-apply policies on the network device.
This can be accomplished in one of the following ways:
No Action: The audit will not apply policies on the network device after this audit.
l
Do SNMP bounce: This option will bounce the switch port or to force an 802.1X
l
reauthentication (both done via SNMP).Note: Bouncing the port triggers a new 802.1X/MAC
authentication request by the client. If the audit server already has the posture token and
attributes associated with this client in its cache, it returns the token and the attributes to
Policy Manager.
Trigger RADIUS CoA action: This option sends a RADIUS Change of Authorization command
l
to the network device by Policy Manager.
"802.1X Wireless " on page 92
Refer to the
Web-based authentication service for guests or agentless hosts, via the Dell built-in Portal. The
user is redirected to the Dell captive portal by the network device, or by a DNS server that is set
up to redirect traffic on a subnet to a specific URL. The web page collects username and
password, and also optionally collects health information (on Microsoft Windows 7, Vista,
Windows XP, Windows Server 2008, Windows 2000, Windows Server 2003, popular Linux
systems). There is an internal service rule ( Connection:Protocol EQUALS WebAuth ) that
categorizes request into this type of service. You can add other rules, if needed.
There is no authentication method associated with this type of service (Authentication methods
are only relevant for RADIUS requests). You can select any type of authentication source with
service type for a description of the other tabs.
97