advertisement
▼
Scroll to page 2
of
690
The following figure displays the TACACS+ Service Dictionary Attributes pop-up:
Figure 527: TACACS+ Service Dictionary Attributes Pop-up
Fingerprints Dictionary
The Device Fingerprints page shows a listing of all the device fingerprints recognized by the Profile module.
These fingerprints are updated from the Aruba ClearPass Update Portal (see
for more information). To view the contents of the fingerprints dictionary, navigate to
Administration > Dictionaries > Fingerprints. The following figure displays the Device Fingerprints page.
Figure 528: Device Fingerprints Page
ClearPass Policy Manager 6.5 | User Guide Administration | 553
advertisement
Related manuals
advertisement
Table of contents
- 17 About ClearPass Policy Manager
- 17 About the ClearPass Access Management System
- 17 About This Guide
- 17 Getting Started
- 18 ClearPass Access Management System Overview
- 18 Key Features
- 19 Advanced Policy Management
- 20 ClearPass Specifications
- 24 Accessing Configuration Information
- 24 Introduction
- 25 Start Here
- 25 Services
- 25 Authentication and Authorization
- 26 Identity
- 26 Posture
- 26 Enforcement
- 26 Network
- 26 Policy Simulation
- 27 Profile Settings
- 27 Importing and Exporting Information
- 27 Importing Information Into ClearPass
- 28 Exporting Information Into ClearPass
- 29 Monitoring
- 29 Live Monitoring: Access Tracker
- 30 Editing the Access Tracker
- 31 Viewing Access Tracker Session Details
- 38 Live Monitoring: Accounting
- 38 Modifying the Accounting Table
- 39 RADIUS Accounting Details
- 46 TACACS+ Accounting Details
- 48 Live Monitoring: OnGuard Activity
- 54 Live Monitoring: Analysis and Trending
- 55 Live Monitoring: Endpoint Profiler
- 56 Live Monitoring: System Monitor
- 57 System Monitor Tab
- 57 Process Monitor Tab
- 59 Network Tab
- 60 ClearPass Tab
- 61 Audit Viewer
- 63 Event Viewer
- 63 Creating an Event Viewer Report Using Default Values
- 63 Creating an Event Viewer Report Using Custom Values
- 64 Viewing Report Details
- 65 Data Filters
- 66 Adding a Filter
- 68 Blacklisted Users
- 71 Services
- 71 Services Architecture and Flow
- 71 Creating Service Templates
- 71 Service Templates Provided
- 75 Services Supported for High Capacity Guest Mode
- 76 Viewing the List of Services
- 77 Viewing Existing Services
- 78 Adding and Removing Services
- 80 Reordering Services
- 82 802.1X Wired, 802.1X Wireless, and Aruba 802.1X Wireless
- 85 Aruba VPN Access with Posture Checks
- 87 Aruba Auto Sign-On
- 89 Certificate/Two-factor Authentication for ClearPass Application Login
- 91 ClearPass Admin Access
- 92 ClearPass Admin SSO Login (SAML SP Service)
- 93 ClearPass Identity Provider (SAML IdP Service)
- 94 Device Mac Authentication
- 95 EDUROAM Service
- 98 Encrypted Wireless Access via 802.1X Public PEAP method
- 99 Guest Access Web Login
- 100 Guest Access
- 101 Guest MAC Authentication
- 103 Guest Social Media Authentication
- 105 OAuth2 API User Access
- 105 Onboard
- 107 User Authentication with MAC Caching
- 110 Policy Manager Service Types
- 110 Aruba 802.1X Wireless
- 121 802.1X Wireless
- 122 802.1X Wired
- 122 MAC Authentication
- 123 Web-based Authentication
- 124 Web-based Health Check Only
- 125 Web-based Open Network Access
- 126 802.1X Wireless - Identity Only
- 126 802.1X Wired - Identity Only
- 126 RADIUS Enforcement (Generic)
- 127 RADIUS Proxy
- 128 RADIUS Authorization
- 129 TACACS+ Enforcement
- 129 Aruba Application Authentication
- 130 Aruba Application Authorization
- 130 Cisco Web Authentication Proxy
- 133 Authentication and Authorization
- 133 Supported Authentication Methods
- 133 Authentication and Authorization Architecture and Flow
- 135 Configuring Authentication Components
- 137 Adding and Modifying Authentication Methods
- 138 Authorize Authentication Method
- 139 CHAP and EAP-MD5
- 139 EAP-FAST
- 144 EAP-GTC
- 146 EAP-MSCHAPv2
- 146 EAP-PEAP
- 149 EAP-PEAP-Public
- 152 EAP-PWD
- 153 EAP-TLS
- 155 EAP-TTLS
- 158 MAC-AUTH
- 158 MSCHAP
- 159 PAP
- 161 Adding and Modifying Authentication Sources
- 162 Generic LDAP and Active Directory
- 175 Generic SQL DB
- 180 HTTP
- 185 Kerberos
- 188 Okta
- 193 RADIUS Server
- 196 Static Host List
- 198 Token Server
- 203 Configuring Identity Settings
- 203 Configuring Single Sign-On
- 203 SAML Service Provider (SP) Configuration
- 204 Identity Provider (IdP) Configuration
- 204 Managing Local Users
- 205 Adding a Local User
- 206 Modifying a Local User Account
- 207 Importing and Exporting Local Users
- 207 Setting Password Policy for Local Users
- 208 Adding and Modifying Static Host Lists
- 210 Adding and Modifying Endpoints
- 210 Viewing List of Authentication Endpoints
- 211 Viewing Endpoint Authentication Details
- 211 Triggering Actions Performed on Endpoints
- 212 Updating Device Fingerprints From a Hosted Portal
- 214 Manually Adding an Endpoint
- 214 Modifying an Endpoint
- 217 Configuring a Role and Role Mapping Policy
- 217 Identity Roles Architecture and Workflow
- 219 Adding and Modifying Roles
- 219 Adding and Modifying Role Mapping Policies
- 223 Posture
- 223 Posture Methods
- 223 Posture Architecture and Flow
- 225 Configuring Posture Policy Agents and Hosts
- 226 NAP Agent
- 228 OnGuard Agent (Persistent or Dissolvable)
- 231 Configuring Posture Policy Plug-ins
- 232 Configuring NAP Agent Plugins
- 233 Configuring OnGuard Agent Plugins
- 275 Configuring Posture Policy Rules
- 276 Configuring Posture for Services
- 278 Configuring Posture Servers
- 279 Posture Server Tab
- 280 Primary Server and Backup Server Tabs
- 281 Summary Tab
- 281 Configuring Audit Servers
- 281 Audit Service Flow Control
- 282 Built-In Audit Servers
- 285 Custom Audit Servers
- 293 Post-Audit Rules
- 297 Configuring Enforcement
- 297 Configuring Enforcement Policies
- 299 Configuring Enforcement Profiles
- 301 Agent Enforcement
- 305 Aruba Downloadable Role Enforcement
- 315 Aruba RADIUS Enforcement
- 317 Cisco Downloadable ACL Enforcement
- 319 Cisco Web Authentication Enforcement
- 321 ClearPass Entity Update Enforcement
- 323 CLI Based Enforcement
- 325 Filter ID Based Enforcement
- 327 Generic Application Enforcement
- 329 HTTP Based Enforcement
- 330 RADIUS Based Enforcement
- 332 RADIUS Change of Authorization (CoA)
- 334 Session Notification Enforcement
- 336 Session Restrictions Enforcement
- 338 SNMP Based Enforcement
- 339 TACACS+ Based Enforcement
- 341 VLAN Enforcement
- 345 Configuring Policy Simulation
- 345 Active Directory Authentication Simulation
- 346 Adding an Active Directory Simulation
- 346 Viewing the Simulation Results
- 347 Application Authentication Simulation
- 347 Simulation Tab
- 347 Attributes Tab
- 348 Results tab
- 348 Audit Simulation
- 349 Results Tab
- 350 Chained Simulation
- 350 Simulation Tab
- 350 Attributes Tab
- 352 Results Tab
- 352 Enforcement Policy Simulation
- 353 Simulation Tab
- 355 Attributes tab
- 355 Results Tab
- 356 RADIUS Authentication Simulation
- 356 Adding a RADIUS Authentication Simulation
- 358 Setting the Attributes to Be Tested
- 360 Viewing the Simulation Results
- 361 Role Mapping Simulation
- 361 Simulation Tab
- 362 Attributes Tab
- 363 Results Tab
- 363 Service Categorization Simulation
- 364 Simulation Tab
- 364 Attributes Tab
- 365 Results Tab
- 365 Import and Export Simulations
- 367 ClearPass Policy Manager Profile
- 367 ClearPass Profile Overview
- 367 Introduction
- 367 Enabling Endpoint Classification
- 368 Configuring CoA for an Endpoint-Connected Device
- 369 How Profile Classifies Endpoints
- 370 Fingerprint Dictionaries
- 371 Viewing Live Endpoint Information for a Specific Device
- 372 About the Device Profile
- 372 Endpoint Information Collectors
- 372 DHCP Collector
- 373 ClearPass Onboard Collector
- 373 HTTP User-Agent Strings Collector
- 373 MAC OUI Collector
- 373 ActiveSync Plugin Collector
- 374 CPPM OnGuard Agent
- 374 SNMP Collector
- 376 Subnet Scan Collector
- 377 SNMP Configuration for Wired Network Profiling
- 379 Network Access Devices
- 379 Introduction
- 379 Adding and Modifying Devices
- 380 Adding a Device
- 386 Additional Tasks
- 386 Adding and Modifying Device Groups
- 389 Adding and Modifying Proxy Targets
- 389 Adding a Proxy Target
- 391 Administration
- 392 ClearPass Portal
- 393 Admin Users
- 393 Adding an Admin User
- 394 Importing and Exporting Admin Users
- 394 Setting Password Policy for Admin Users
- 395 Admin Privileges
- 396 Creating Custom Administrator Privileges
- 396 Administrator Privilege XML File Structure
- 397 Administrator Privileges and IDs
- 400 Sample Administrator Privilege XML File
- 401 Server Configuration
- 402 Edit Server Configuration Settings
- 434 Set Date & Time
- 436 Change Cluster Password
- 437 Policy Manager Zones
- 438 NetEvents Targets
- 439 Virtual IP Settings
- 440 Clear Machine Authentication Cache
- 441 Make Subscriber
- 442 Cluster-Wide Parameters
- 454 Collect Logs
- 455 Backup
- 456 Restore
- 458 Cleanup
- 459 Shutdown/Reboot
- 460 Drop Subscriber
- 460 Log Configuration
- 460 Service Log Configuration
- 462 System Level
- 463 Local Shared Folders
- 463 License Management
- 463 Licensing Main Page
- 464 Adding an Application License
- 465 Activating a Server License
- 466 Activating an Application License
- 467 Updating a Server License
- 468 Updating an Application License
- 469 SNMP Trap Receivers
- 470 SNMP Trap Receivers Main Page
- 470 Adding an SNMP Trap Server
- 471 Importing an SNMP Trap Server
- 472 Exporting All SNMP Trap Servers
- 472 Exporting an SNMP Trap Server
- 473 Deleting an SNMP Trap Server
- 473 Syslog Targets
- 474 Syslog Targets Main Page
- 474 Adding a Syslog Target
- 475 Importing a Syslog Target
- 476 Exporting All Syslog Target
- 477 Exporting a Syslog Target
- 478 Deleting a Syslog Target
- 478 Syslog Export Filters
- 479 Syslog Export Filters Main Page
- 480 Adding a Syslog Export Filter
- 487 Importing a Syslog Filter
- 488 Exporting All Syslog Filter
- 489 Exporting a Syslog Filter
- 490 Deleting a Syslog Filter
- 490 Messaging Setup
- 492 Endpoint Context Servers
- 492 Introduction
- 492 Endpoint Context Servers Page
- 493 Adding an Endpoint Context Server
- 494 Importing an Endpoint Context Server
- 495 Exporting All Endpoint Context Servers
- 496 Modifying an Endpoint Context Server
- 501 Polling an Endpoint Context Server
- 501 Deleting an Endpoint Context Server
- 501 Configuring Endpoint Context Server Actions
- 501 Filtering an Endpoint Context Server Action Report
- 501 Configuring Endpoint Context Server Actions
- 505 Adding machine-os and host-type Endpoint Attributes
- 507 Adding Vendor-Specific Endpoint Context Servers
- 507 Adding an AirWatch Endpoint Context Server
- 510 Adding an AirWave Endpoint Context Server
- 511 Adding an Aruba Activate Endpoint Context Server
- 513 Adding a ClearPass Cloud Proxy Endpoint Context Server
- 515 Adding a Google Admin Console Endpoint Context Server
- 517 Adding a Generic HTTP Endpoint Context Server
- 518 Adding a JAMF Endpoint Context Server
- 519 Adding a MaaS360 Endpoint Context Server
- 522 Adding a MobileIron Endpoint Context Server
- 524 Adding a Palo Alto Networks Firewall Endpoint Context Server
- 525 Adding a Palo Alto Networks Panorama Endpoint Context Server
- 527 Adding an SAP Afaria Endpoint Context Server
- 529 Adding an SOTI Endpoint Context Server
- 530 Adding a XenMobile Endpoint Context Server
- 532 File Backup Servers
- 533 Server Certificate
- 533 Server Certificate Main Page
- 534 Server Certificate Type
- 536 Creating a Certificate Signing Request
- 539 Creating a Self-Signed Certificate
- 544 Exporting a Server Certificate
- 544 Importing a Server Certificate
- 545 Certificate Trust List
- 545 Certificate Trust List Main Page
- 546 Adding a Certificate
- 546 Viewing a Certificate Detail
- 546 Deleting a Certificate
- 547 Certificate Revocation Lists
- 547 Certificate Revocation Lists Main Page
- 547 Adding a Certificate Revocation List
- 548 Deleting a Certificate Revocation List
- 548 Using ClearPass Dictionaries
- 549 RADIUS Dictionary
- 550 Import RADIUS Dictionary
- 550 Posture Dictionary
- 552 TACACS+ Services Dictionary
- 553 Fingerprints Dictionary
- 554 Dictionary Attributes
- 554 Introduction
- 555 Adding a Dictionary Attribute
- 556 Modifying Dictionary Attributes
- 556 Importing Dictionary Attributes
- 557 Exporting All Dictionary Attributes
- 558 Exporting Selected Dictionary Attributes
- 558 Applications Dictionaries
- 558 Viewing an Application Dictionary
- 559 Deleting an Application Dictionary
- 559 OnGuard Settings
- 560 OnGuard Settings Main Page
- 562 Updating Policy Manager Software
- 563 Software Updates Main Page
- 564 Install Update Dialog Box
- 566 Reinstalling a Patch
- 566 Uninstalling a Skin, Translation, or Plugin
- 566 Updating Policy Manager Software
- 567 Software Updates Main Page
- 569 Install Update Dialog Box
- 570 Reinstalling a Patch
- 570 Uninstalling a Skin, Translation, or Plugin
- 571 Contact Support
- 571 Remote Assistance
- 571 Remote Assistance Process Flow
- 572 Adding a Remote Assistance Session
- 574 Documentation
- 577 Command Line Interface
- 577 Cluster Commands
- 577 cluster drop-subscriber
- 578 cluster list
- 578 cluster make-publisher
- 578 cluster make-subscriber
- 579 cluster reset-database
- 579 cluster set-cluster-passwd
- 580 cluster sync-local-passwd
- 580 Configure Commands
- 580 date
- 581 dns
- 581 fips-mode
- 582 hostname
- 582 ip
- 583 ip6
- 583 mtu
- 585 timezone
- 585 Network Commands
- 585 ip
- 587 ip6
- 588 nslookup
- 589 ping
- 589 ping6
- 590 reset
- 590 traceroute
- 590 traceroute6
- 591 Service Commands
- 591 service <action> <service-name>
- 593 Show Commands
- 593 all-timezones
- 593 date
- 593 dns
- 594 domain
- 594 fipsmode
- 594 hostname
- 594 ip
- 595 license
- 596 sysinfo
- 596 timezone
- 596 version
- 597 System Commands
- 597 apps-access-reset
- 597 boot-image
- 598 cleanup
- 599 gen-recovery-key
- 599 gen-support-key
- 599 install-license
- 599 morph-vm
- 600 refresh-license
- 600 reset-server-certificate
- 601 restart
- 601 shutdown
- 601 sso-reset
- 602 start-rasession
- 602 status-rasession
- 602 terminate-rasession
- 602 update
- 603 upgrade
- 605 Miscellaneous Commands
- 605 ad auth
- 605 ad netjoin
- 606 ad netleave
- 606 ad testjoin
- 606 alias
- 607 backup
- 607 dump certchain
- 608 dump logs
- 608 dump servercert
- 609 exit
- 609 help
- 609 krb auth
- 610 krb list
- 610 ldapsearch
- 610 quit
- 611 restore
- 611 system start-rasession
- 612 system terminate-rasession
- 612 system status-rasession
- 613 Rules Editing and Namespaces
- 613 Namespaces
- 614 Application Namespace
- 615 Audit Namespaces
- 615 Authentication Namespaces
- 617 Authorization Namespaces
- 618 Certificate Namespaces
- 619 Connection Namespaces
- 620 Date Namespaces
- 620 Device Namespaces
- 621 Endpoint Namespaces
- 621 Guest User Namespaces
- 621 Host Namespaces
- 621 Local User Namespaces
- 622 Posture Namespaces
- 622 RADIUS Namespaces
- 623 Tacacs Namespaces
- 623 Tips Namespaces
- 623 Variables
- 624 Operators
- 629 SNMP Private MIB, SNMP Traps, System Events, Error Codes
- 629 ClearPass SNMP Private MIB
- 629 Introduction
- 629 System MIB Entries
- 630 RADIUS Server MIB Entries
- 631 Policy Server MIB Entries
- 632 Web Authentication Server MIB Entries
- 633 TACACS+ Server MIB Entries
- 634 Network Traffic MIB Entries
- 634 ClearPass SNMP Traps and OIDs
- 635 Introduction
- 635 ClearPass SNMP Traps
- 636 SNMP Trap Details
- 637 SNMP Daemon Traps
- 637 SNMP Daemon Trap Events
- 637 Network Interface up and Down Events
- 637 Network Interface Status Traps
- 638 CPPM Processes Stop and Start Events
- 638 Disk Space Threshold Traps
- 638 Disk Utilization Threshold Exceed Events
- 638 Process Status Traps
- 646 CPU Load Average Exceed Events for 1, 5, and 15 Minute Thresholds
- 646 CPU Load Average Traps
- 647 Important System Events
- 647 Admin UI Events
- 647 Admin Server Events
- 648 Async Service Events
- 648 ClearPass/Domain Controller Events
- 648 ClearPass System Configuration Events
- 648 ClearPass Update Events
- 649 Cluster Events
- 649 Command Line Events
- 649 DB Replication Services Events
- 649 Licensing Events
- 649 Policy Server Events
- 650 RADIUS/TACACS+ Server Events
- 650 SNMP Events
- 650 Support Shell Events
- 650 System Auxiliary Service Events
- 650 System Monitor Events
- 651 Service Names
- 651 Error Codes
- 655 Use Cases
- 655 802.1X Wireless Use Case
- 656 Configuring a Service
- 657 Creating a New Role Mapping Policy
- 661 Web Based Authentication Use Case
- 661 Configuring a Service
- 668 MAC Authentication Use Case
- 668 Configuring the Service
- 671 TACACS+ Use Case
- 671 Configuring the Service
- 672 Single Port Use Case
- 673 OnGuard Dissolvable Agent
- 673 Introduction
- 673 Native Agents Only Mode
- 674 Configuring Workflow in Native Agents Only Mode
- 675 End-to-end flow in Native Agents Only Mode
- 679 Native Agents with Java Fallback Mode
- 679 Configuring Native Agents with Java Fallback Mode
- 680 End-to-end flow in Native Agents with Java Fallback Mode
- 680 Configuring Web Agent Flow - Java Only Mode
- 680 Configuring Web Agent Flow in ClearPass Policy Manager
- 681 Configuring Web Agent Flow in ClearPass Guest
- 683 Native Dissolvable Agent - Supported Browsers
- 686 Supported Browsers and Java Versions