Manualshelf

Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
11121314151617181920
1-2 ProCurve Secure Access 700wl Series Management and Configuration Guide
Introduction
Figure 1-1 illustrates a 700wl Series system topology that is configured with redundant Access Control
Servers for failover.
Figure 1-1. 700wl Series topology
Access Controllers sit at or near the edge of the network, and enforce authentication and access policies.
As shown in Figure 1-1, Access Points are typically connected directly to Access Controller ports, but it
is also possible to connect APs or clients through devices such as switches or hubs. The Access
Controller xl Module (J8162A) uses ports on a 5300xl switch to pass wired and wireless traffic to and
from the network using authentication and rights administration policies from an Access Control Server
740wl. When a client is detected at an Access Controller port, the Access Controller must first
determines who the client is based on the Authentication Policy in force for that port at that time of day.
The 700wl Series system supports a variety of authentication methods, and can interface with an
organization’s existing authentication services (such as an LDAP service, RADIUS, Kerberos, 802.1X or
NT Domain Logon) or can handle authentication through its own built-in user database.
The Access Controller actually hands off the client authentication to the central Access Control Server,
which manages the authentication process and returns the appropriate Access Policy to the Access
Controller.
An Access Policy specifies the network addresses, services, and resources the client is permitted to
access. The Access Policy can also specify that client traffic for certain destinations be redirected to
alternate destinations. This capability is used by the 700wl Series system to redirect traffic from an
unknown client to a logon page. It can also be used to notify clients when they attempt to access non-
permitted resources, or to redirect a request to a permitted resource. Traffic to a destination that is
neither permitted nor redirected is dropped. An Access Policy may also specify other settings such as
bandwidth limitations, HTTP Proxy Servers (including filtering to impose HTTP access control), and
Access Controller
Access Control Server
Access Controller xl Module
Internet
Guest Guest Untrusted User Employee EmployeeUntrusted User
Redundant Access
Control Server