Management and Configuration Guide (Includes ACM xl) 2005-12
5-4 ProCurve Secure Access 700wl Series Management and Configuration Guide
Configuring Authentication
Wireless Data Privacy authentication methods may involve shared secrets or certificates, and the
Authentication Policy associated with the Connection Profile is not necessarily used (the Encryption
authentication may supersede it).
— When used for authentication, SSH uses the Authentication Policy associated with the Connection
Profile through which the user connected.
— L2TP and PPTP can be configured to use the Authentication Policy associated with the Connection
Profile through which the user connected, or it can use a shared secret. The shared secret is
configured in the Access Policy.
— Tunneled IPSec can be configured to use a shared secret or a public key certificate.
Because Wireless Data Privacy protocols are used for securing airwave traffic as well as for
authentication, specification of the acceptable protocols is included in the Access Policy associated
with an Identity Profile and Connection Profile pair, not the Authentication Policy. Thus, in order to
use Wireless Data Privacy logon, you must ensure that the Access Policy that specifies logon rights
(by default, the Unauthenticated Access Policy) is configured correctly to support the appropriate
types of Wireless Data Privacy logon. See “Creating or Editing an Access Policy” on page 4-39 for
details on how to configure Wireless Data Privacy logon.
The Rights Manager
The configuration of network Authentication Policies is done through the Rights module, accessed by
clicking the
Rights icon on the Navigation bar.
Many of the functions within the Rights module—specifically those associated with creating or
modifying access rights through the Rights Assignment table—are discussed in Chapter 4, “Configuring
Rights”. The following Rights module functions are discussed in this chapter:
• Configuring new Authentication Services (or modifying existing service configurations)
• Creating new Authentication Policies, or modifying existing policies
• Customizing the Logon page (and other associated pages) presented to users whose first network
access attempt is an HTTP request.
When you have configured your Authentication Policies and made any modifications to the Logon
pages, you can then use these in the specification of a Connection Profile. Creating or modifying
Connection Profiles is covered in Chapter 4, “Configuring Rights”.
Authentication Policies
An Authentication Policy is a named, ordered set of Authentication Services. The 700wl Series system
provides one predefined Authentication Policy configured to use the built-in Authentication Service.
You can include additional Authentication Services in this Authentication Policy, or you can create
additional Authentication Policies.
The 700wl Series system comes with a predefined Authentication Policy named “System Authentication
Policy.” The System Authentication Policy is automatically used with all Connection Profiles unless you
configure a Connection Profile to use a different Authentication Policy. If you create new
Authentication Policies, you can specify which one should be considered the preferred Authentication
Policy. The preferred Authentication Policy is used with any new Connection Profiles you create, but
does not affect existing Connection Profiles.