Manualshelf

Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
ProCurve Secure Access 700wl Series Management and Configuration Guide 4-5
Configuring Rights
Allowed Traffic Filters and Redirected Traffic Filters. These may be used when defining Access
Policies. These also include the special case of WINS and DNS filters, which are created through a
separate interface and result in matched Allowed and Redirected traffic filter pairs.
HTTP proxy servers and proxy filters. These also may be used when defining Access Policies.
From the Rights Manager you can also export the current set of rights to your local system, and import
a set of stored rights from the local system.
Note:
When you make a change to the rights configuration through the Rights Manager, clients are
affected only when they receive new rights—rights configuration changes do not automatically affect
connected clients. To have your changes take effect immediately for connected clients, you must go to
either the Rights Setup page or the Client Status tab under the Status button, and click Refresh User
Rights Now. You can also refresh rights for individual clients, if appropriate.
Configuring Access Rights—An Overview
To configure rights in the 700wl Series system, you first need to decide how you want to control access
to the resources on your network.
Step 1. Create Identity Profiles to define who should have access to network resources. You can use
Identity Profiles to group sets of users that should have a common set of access rights. You can
also use Identity Profiles to assign access rights to network devices such as Access Points.
For example, do you want your engineers to have a different set of access rights from your
accounting staff? Should instructors have different access rights than students? Do you have
visitors for whom you might want to provide limited access? You can create Identity Profiles for
each type of user that should have specific types of access, and then define which users belong to
each Identity Profile.
You can add users to the 700wl Series system built-in database and then assign those users to
Identity Profiles through the Rights Manager, or you can define Identity Profiles that will match
users based on group or domain information retrieved when the user is authenticated.
a. Add users to the built-in database if you don’t plan to have them authenticated by an
external authentication service. You can then assigned them to Identity Profiles as
appropriate.
b. Add network equipment (such as Access Points) to the built-in database so they can be assigned
a set of access rights — for example, to allow the device to be managed over the network.
Step 2. Create Connection Profiles to differentiate between physical locations where clients can access
the system, or to differentiate between clients on different VLANs, or both. You can also use
Connection Profiles to differentiate between access during different time periods.
a. Create Locations that include the Access Controllers and/or Access Controller ports that
provide connectivity for any specific physical locations that you want to differentiate in
terms of authentication or access rights.
For example, do you want users to get different access rights when they are in building A
than they get when they are in building B? Do you want students to get different access
while they are in the library from those they get in a science lab? Do you want clients
connecting from your corporate visitors center to be authenticated differently from clients
connecting from your manufacturing floor? You can use Locations to define Connection
Profiles that are unique to a specific physical location—a building, a department, a floor, a
conference room, a client’s device.