System Page

Use this page to manage port configurations, join an Active Directory domain, or set a server password. For more information on ClearPass port interfaces, see also Data and Management Port Interfaces

To configure the Server ConfigurationSystem page parameters:

1. Navigate to Administration > Server Manager > Server Configuration.

2. Select the Policy Manager server of interest. The Server Configuration page opens onto the System page (see Figure 1).

Figure 1  Server Configuration > System Page

3. Specify the Server Configuration > System page parameters as described in the following table, then click Save:

 

Table 1: Server Configuration > System Page Parameters

Parameter

Action/Description

Hostname

Specify the host name of the Policy Manager server. Although you do not need to enter the fully qualified domain name (FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet.) in this field, when you create a certificate signing request, the request uses the information in the hostname field as the common name (CN Common Name. CN is the primary name used to identify a certificate. ) by default. If the hostname field does not use a FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet., the common name field in CSR Certificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate. requests must be manually updated to include a proper FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet..

NOTE: Users should be aware that, when configuring a hostname that includes a period character ( . ), the substring before the first period character must be unique for each appliance. This is because a hostname field that includes a period character is interpreted to be a Fully Qualified Domain Name (FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet.), in which case the substring before the first period character is the hostname.

Examples of valid hostname configurations:

cppm1.arubanetworks.com

cppm2.arubanetworks.com

Examples of invalid hostname configurations:

cppm1.santaclara.arubanetworks.com

cppm1.bangalore.arubanetworks.com

FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet.

(Optional) Enter the Fully-Qualified Domain Name (FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet.) of the Policy Manager server.

Policy Manager Zone

To specify a Policy Manager zone, select a previously configured zone from the drop-down list, then click the Manage Policy Manager Zones link.

If you need to add a Policy Manager zone, click the Manage Policy Manager Zones link. For more information on adding zones, see Adding Policy Manager Zones.

Enable Performance Monitoring Display

To enable the ClearPass Policy Manager server to perform performance monitoring, select the Enable this server for performance monitoring display check box.

Insight Setting

To enable the Insight reporting tool on this node, select the Enable Insight check box.

NOTE:  

When you enable this check box for Insight on a node in a cluster, the [Insight Repository] configuration is updated automatically to point to the management IP address of that Policy Manager server.

When this check box is enabled for other servers in the cluster, they are added as backups for the same authentication source.

The order of the primary and backup servers in the [Insight Repository] is the same order in which the user enables Insight on the server.

Enable as Insight Primary Server

To specify the current server in the cluster as an Insight Primary server, select this check box.

NOTE: This option is available only when Insight Setting > Enable Insight is enabled.

Enable Ingress Events Processing

Check this check box to enable ingress events processing on this server.

For more information, see Enabling Ingress Events Processing.

Server Role in Zone

Use this option to specify the current Policy Manager server as the Primary or Secondary master Policy Manager server within a Policy Manager zone.

NOTE: If no Primary master server for a zone is configured, the Policy Manager server with the lowest UUID is designated as the Primary master server.

To do so, select Primary master or Secondary master from the drop-down list.

The Primary Policy Manager server in the zone distributes the scan requests to all the nodes in the zone, depending on the number of seed devices (Network Discovery) or the number of networks/subnets Subnet is the logical division of an IP network. (for subnet Subnet is the logical division of an IP network. scans) configured.

NOTE: If the Primary server goes down, the secondary server assumes the role of the Primary server.

Each scan configuration that is added is distributed by the master Policy Manager server to a different node in the zone.

If one scan configuration has multiple seed devices (Network Discovery), scan requests are distributed to other nodes in the zone based on the number of ARP Address Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device. entries received from the seed devices.

If one scan configuration has multiple subnets Subnet is the logical division of an IP network. configured (Subnet Subnet is the logical division of an IP network. Scan), scan requests are distributed to other nodes in the zone.

Span Port

If necessary, select a port for DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  spanning. On selecting a port, the Enable TCP/ARP Fingerprinting check box appears.

This field is optional.

NOTE: Starting wiith Policy Manager 6.10.2, the Policy Manager server no longer needs to have Device Insight integration disabled in order to define a span port on a Policy Manager server. In Policy Manager 6.10.0 and 6.10.1, when Device Insight Integration is enabled, the Span Port option is not available. (for more information, see Device Insight Integration Page).

Management Port

To configure the Management Port parameters, click Configure. The Configure Management Port dialog opens. For details, see Management Port Configuration.

Data/External Port

To configure the Data/External port, click Configure.

For details, see Data/External Port Configuration.

DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. Settings

To configure the DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. settings, click Configure.

For details, see DNS Settings Configuration.

AD Domains

Displays a list of the joined Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed. domains.

To join an active directory domain, click Join Domain.