Manualshelf

Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
ProCurve Secure Access 700wl Series Management and Configuration Guide 4-7
Configuring Rights
Step 4.
Add rows to the Rights Assignment Table by combining the Identity Profiles, Connection Profiles
and Access Policies you’ve created. The order of these rows in the table is important, as
whenever the 700wl Series system looks for a match it searches the table row by row starting
from the top, and stops when it find the first match.
The Rights Assignment Table
The Rights Assignment Table is where Identity Profiles, Connection Profiles and Access Policies come
together to define the access rights granted to individual clients. Every client that connects to the 700wl
Series system is matched to a row in the table based on its Identity Profile, Connection Profile and
receives access rights as specified by the Access Policy for that row.
The 700wl Series system looks for a matching row starting at the top of the table, and stops at the first
match. Thus, the order of rows in the table is important.
The following example is based on the Rights Assignment Table shown in Figure 4-2.
Figure 4-2. Rights Assignment Table Matching Example
The first example describes how a normal user (identified by a username and password) gets access
rights to the system.
Step 1. A client connects to the 700wl Series system and is identified only by its MAC address. This
initiates a search of the Rights Assignment Table to match this client to a row in the table, and
to assign access rights to the client based on the Access Policy specified by the matching row.
Step 2. Assuming this MAC address is unknown to the 700wl Series system, the client does not match
the Identity Profiles in the first four rows. It falls through to the bottom rows of the table,
where it automatically matches the “Any” Identity Profile. If the client accessed the 700wl
Series system through a physical location that matches the Connection Profile “Accounting,” it
will match on row 5. If the client connected through any other Location, it matches on row 6. In
either case the unknown client receives rights based on the “Unauthenticated” Access Policy.
This Access Policy provides only the access necessary to log on to the system.
Step 3. Given the rights defined by the “Unauthenticated” Access Policy, when the client attempts to
access any web page, she is instead redirected to the 700wl Series system Logon page. The user
can enter a username and password, or select the “Logon as a Guest” option. The logon name