Manualshelf

Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
4-4 ProCurve Secure Access 700wl Series Management and Configuration Guide
Configuring Rights
automatically matches “Any.” The “Any” Connection Profile always appears in the last row of the
Rights Assignment Table.
Connection Profiles are used in two ways in the 700wl Series system:
The Connection Profile is also used to determine the method by which an unknown
(unauthenticated) client should be authenticated. This is discussed later in “Authentication in the
700wl Series System” on page 5-1.
As discussed previously they are used in conjunction with the Identity Profile to determine the
access rights granted to an authenticated client.
•An Access Policy defines aspects of how a client interacts with the network. The Access Policy
defines what traffic is allowed to be passed into the network, and what traffic will be redirected to
alternate destinations. It can include HTTP proxy servers and proxy filters that specify what web
sites are accessible or restricted. It also defines how IP addressing is handled, and what type of
encryption should be used, if any.
There are five predefined Access Policies: “Authenticated,” “Unauthenticated,” “Guest Access,”
“No Access,” and “Network Equipment.” By default, the “Unauthenticated” policy appears in the
last row of the Rights Assignment Table, as the policy associated with clients that fall though and
match only the “Any” Identity and Connection Profiles.
The Rights Manager
The configuration of network Authentication and Access Policies is done through the Rights Manager,
accessed by clicking the
Rights icon on the Navigation Toolbar.
Configuration within the Rights Manager may include any of the following:
Creating new rows for the Rights Assignment Table
•Creating new Identity Profiles, or modifying ones you have already created
Creating new Connection Profiles, or modifying ones you have already created
Creating new Access Policies, or modifying existing policies
Creating new Authentication Policies, or modifying existing policies (this is discussed in Chapter 5,
“Configuring Authentication”)
Customizing the Logon page (and other associated pages) presented to users whose first network
access attempt is an HTTP request. (This is also discussed in Chapter 5, “Configuring
Authentication”)
As a part of defining the various profiles and policies, you can also define the following:
Users (defined by a username and password or MAC address) and Network Equipment (defined by
a MAC address) to be included in the built-in database. These may then be associated with an
Identity Profile.
Locations (defined as one or all ports on anAccess Controller or the client’s MAC address). These
may be used when defining Connection Profiles. By default, the location Everywhere encompasses all
ports on all connected Access Controllers.
Time Windows (defined as a range of hours, dates, or days of the week). These may be used when
defining Connection Profiles. The absence of a specific Time Window in a Connection Profile is
taken to mean no time restrictions are in force.