?支持更多的終端、用戶?支持更多的終端、用戶和協(xié)–––––越來越多的智能終端開始連接網絡，不僅僅是Windows終802.1X日益發(fā)展的Cloud應用要求具備對單點登錄（SSO）能力的支?支持更加復雜的基于情境的授––––通常認證過程只能提供“是”或者“否”兩種結支持更多的場景識別并提供更加精細的網絡授?可視性和故障分析能力不?可視性和故障分析能力不–––無法對連接到網絡中的終端進行自動識別和信息?擴展性和可靠性不缺乏足夠的EAP不支持active-active?缺乏豐富的功–––僅提供有限的AAA,缺少便捷的訪客賬戶管理功On-On-On-On-管理802.1X終端設外置Raidus功認證服1234傳輸SELABSELAB遠程組遠程組園區(qū)WLAN測主用數備用數控制控制用S1500交換機模擬廣域遠程測服務器遠程組遠程組園區(qū)WLAN測主用數備用數控制控制用S1500交換機模擬廣域遠程測服務器 ADCPPMAMPAdminIPvlandefaulttotoac1(@datacentertoac2(@datacentertointernettocampustoremotetoinstanttototoserver-toAdminIPvlandefaulttotoac1(@datacentertoac2(@datacentertointernettocampustoremotetoinstanttototoserver-towan-towan-server1systeminstalledoninstalledonserver2systeminstalledoninstalledonClearPass服務器基本認ClearPass服務器基本認證主用數備用數控制控制用S1500交換機模擬廣域遠程測服務器 ADCPPMAMPCLEARPASS資源CLEARPASS資源和許可說CP-VA-CP-VA-CP-VA-CP-VA-CP-VA-CP-VA-VmwareESXiVmwareESXiVmwarePlayerVmwarePlayer是免費軟件，支持多CPU、多下載地址：CPPM測試機2Virtual40GBCPPM測試機2Virtual40GBdisk4GB2Gigabitvirtualswitchedports(only1neededifnotusingseparateportsfordataand2Virtual250GBdisk??4GB2Gigabitvirtualswitchedports(only1neededifnotusingseparateportsfordataand?8Virtual8GB2Gigabitvirtualswitchedports(only1neededifnotusingseparateportsfordataand??512GBdiskAtleast24GB2Gigabitvirtualswitchedports(only1neededifnotusingseparateportsfordataand1AuthenticatingDevice=11AuthenticatingDevice=1Totaledper7-UniqueMACTotalGuestsDevicesperdayAuthenticatingGuests1GuestTotalGuestsDevicesperdayAuthenticatingGuests1Guest1PolicyManager7-dayTotalUniqueHealthChecks1Onguard7-dayTotalUniqueHealthChecks1Onguard1PolicyManagerUniqueDevicesUniqueDevicesLicenseUsedCount30-dayaverageofLicenseUsedCount30-dayaverageofper-daytotaluniqueGuest30-dayaverageof7-daytotaluniquedeviceHealthChecksTotalOnboardedPolicy30-dayaverageof7-daytotaluniquedeviceStudent&StaffAllLaptops802.1X4,000SameStudent&StaffAllLaptops802.1X4,000Samestudents&staffeveryGuest1000DifferentguestsperStudent&StaffHealthChecks3,000laptops(outof4000)Samestudents&staffeveryday4,000personal4000LaptopsLicenseLicensePolicy4000LaptopsLicenseLicensePolicy1000Guestsper=7000Guestsper1000Guestsper=7000Guestsper7-LicenseLicensePolicy4,000+=(outof4000License(outof4000LicenseLicensePolicy4000StudentPersonalLicenseLicense4000StudentPersonalLicenseLicensePolicy11,000+= CP-HW-25KorCP-VA-LicenseLicense CP-HW-25KorCP-VA-LicenseLicensePolicyLicensingTabLicensingTabUpdates:Exceeding-Exceeding-UserscontinuetocanbeLOCKEDLicenseUserscontinuetocanbeLOCKEDLicenseEnforcementActionTaken30-dayaverageofper-daytotalGREATER_THANTotalFOR4outof6NoActiontaken.NotePolicyManagerlicenseTotalCount=UsedCount.CannotOnboardmorePolicy30-dayaverageof7-daytotalGREATER_THANTotalFOR4outof6CLEARPASS服務CLEARPASS服務器安ClearPass虛擬機ClearPass虛擬機資源配置CLEARPASSCLEARPASS多種策略–Role,VLAN,多種策略–Role,VLAN,ACL下發(fā)，CoAAD,LDAP,SQL,令牌服務器,EAPornon-EAPmethodforEAPornon-EAPmethodforclientauthentication.PolicyManagersupportsfourbroadclassesof???EAP,non-tunneled:EAP-TLSorEAP-MAC_AUTHmustbeusedexclusivelyinaMAC-basedAuthenticationService.WhentheMAC_AUTHmethodisselected,PolicyManager:(1)makesinternalcheckstoverifythattherequestisindeedaMACAuthenticationrequest(andnotaspoofedrequest)and(2)makessurethattheMACaddressofthedeviceispresentintheauthentication?AnAuthenticationSourceistheAnAuthenticationSourceistheidentityrepositorywhichPolicyManagerverifiesidentity.ItsupportstheseAuthenticationSourcetypes:MicrosoftActiveDirectoryRSAorotherRADIUS-basedtokenSQLdatabase,includingthelocaluserstore.StaticHostLists,inthecaseofMAC-basedAuthenticationofmanagedAnAuthorizationSourcecollectsAnAuthorizationSourcecollectsattributesforuseinRoleMappingRules.Youspecifytheattributesyouwanttocollectwhenyouconfiguretheauthenticationsource.PolicyManagersupportsthefollowingsourceMicrosoftActiveDirectoryRSAorotherRADIUS-basedtokenSQLdatabase,includingthelocaluseragainstwhichPolicyManagerverifiesidentity.ItsupportstheseAuthenticationSourcetypes:MicrosoftActiveDirectoryanyLDAPcompliantdirectorySQLdatabase,includingthelocaluserstore.StaticHostLists,inthecaseofMAC-basedAuthenticationofmanagedPolicyManagerevaluatesPolicyManagerevaluatesRequestsagainstRoleMappingPolicyrulestomatchClientstoRole(s).AllrulesareevaluatedandPolicyManagermayreturnmorethanoneRole.Ifnorulesmatch,theAnInternalPostureAnInternalPosturePolicytestsRequestsagainstinternalPosturerulestoassesshealth.Postureruleconditionscancontainattributespresentinvendor-specificposturePolicyManagertestsPostureTokens,Roles(andsystemtime)againstEnforcementPolicyrulestoreturnonePolicyManagertestsPostureTokens,Roles(andsystemtime)againstEnforcementPolicyrulestoreturnoneormorematchingEnforcementProfiles(thatdefinescopeofaccessfortheEnforcementPolicyProfilesEnforcementPolicyProfilescontainattributesthatdefineaclient’sscopeofaccessf