Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Policy Manager OnConnect Enforcement Service
This section provides the following information:
Configure an Enforcement Policy
802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. methods for device scans, VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. placement, and so on. allows enforcement in non-802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. environments without the need for an agent, such as OnGuard, on the endpoint. For related information, see:
is an enforcement model that allows you to use non-Enabling OnConnect Enforcement on a Network Device
When Policy Manager performs the following actions:
is enabled,Detects when a new endpoint connects to the network.
Scans the endpoint to identify the logged-in user and other device-specific information.
Triggers a Web-based authentication (WebAuth) for the device.
Performs SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. -based enforcement to change the network access profile for the device.
To add an OnConnect Enforcement service:
1. Navigate to > .The page opens.
2. To add the service, click .The dialog opens.
3. From the drop-down list, select (see Figure 1).
Figure 1 Specifying Policy Manager OnConnect Enforcement
4. Enter the name or label of the OnConnect Enforcement service.
5. Enter the values for any other parameters, including service rules, required for this service.
For a description of all the parameters in the Adding Services.
page, seeAfter you create the Policy Manager OnConnect Enforcement service, you must associate the service with an enforcement policy. WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. (Windows Management Instrumentation) configuration is used to retrieve the Loggedin User information. Whenever a domain-joined Windows client connects to an OnConnect-enabled port with the domain user logged in, Authorization attributes for this user are fetched from authorization sources to determine the role of the user; this information is then used in configuring policy enforcement. For details on configuring WMI Windows Management Instrumentation. WMI consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. credentials, see WMI Credentials Configuration.
To associate a Policy Manager OnConnect Enforcement service with an enforcement policy:
1. When finished with the parameter settings on the > page, click .The > page opens.
2. From the > > page, you can either select an existing enforcement policy or create a new one.
Figure 2 Selecting the Policy Manager OnConnect Enforcement Policy
3. From the drop-down list, select the appropriate OnConnect Enforcement policy.If you have not configured an OnConnect-type Enforcement policy, click to create a new enforcement policy to associate with this OnConnect service.
4. Specify the values for the remaining parameters as described in Table 1, then click .
Parameter |
Action/Description |
Use Cached Results |
Select this check box to use cached roles and posture attributes from previous sessions. |
Enforcement Policy |
From the drop-down list, select the preconfigured enforcement policy. This is a mandatory step. |
|
|
Description |
Displays additional information about the selected enforcement policy. |
Default Profile |
Displays a default profile applied by . |
Rules Evaluation Algorithm |
Shows first matched rule and return the role or select all matched rules and return a set of roles. |