Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating a Policy Enforcer Connector for Third-Party Switches

    Access this page from Administration > Policy Enforcer > Connectors.

    • Have your ClearPass server information available. For example, IP address, Client ID, and Client Secret.
    • Once configured, you select the Third Party Switch as an Enforcement Point in your Secure Fabric.
    • Note that only one ClearPass identity server can be added for a given controller, but you can select it multiple times for different sites.
    • Note that you cannot delete a controller that is assigned to a site without disassociating the controller first.
    • Review the Policy Enforcer Connector Overview topic.

    To configure threat remediation for third-party devices, you must install and register the threat remediation plug-in with Policy Enforcer as follows:

    1. Access Administration > Policy Enforcer > Connectors.
    2. Click +.
    3. Complete the configuration using the information in Table 1.
    4. Click OK.

      Note: Once configured, you select the Third Party Switch as an Enforcement Point in your Secure Fabric.

    Table 1: Fields on the Policy Enforcement Connectors Page

    Field

    Description

    Connector for

    At this time only Third Party Switch is available.

    Name

    Enter a unique string that must begin with an alphanumeric character and can include underscores; no spaces allowed; 63-character maximum.

    Description

    Enter a description; maximum length is 1024 characters. You should make this description as useful as possible for all administrators.

    Identity Server Type

    Select a server type. (Note that only ClearPass supported at this time.)

    IP Address

    Enter the IP Address (IPv4 or IPv6) of the server.

    Port

    (Optional) Enter the port to be used. When this is left blank, port 443 is used as the default.

    Client ID

    Enter the Client ID created while setting up the ClearPass API client. See ClearPass Configuration for Third-Party Switches for details.

    Client Secret

    Enter the Client Secret string created while setting up the ClearPass API client. See ClearPass Configuration for Third-Party Switches for details.

    Warning: When the Access Token Lifetime expires, you must generate a new Client Secret in ClearPass and update it here too.

    Warning: Be sure the correct credentials are provided to the ClearPass server. If the initial connection fails, an error message is shown only at that time. Once that message disappears, the status of connectivity to the ClearPass server is not shown in Policy Enforcer. Note that the ClearPass server is only queried ondemand.

    Modified: 2017-07-24