Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
341342343344345346347348349350
4-53
Firewall
User Authentication
An ACL may contain as many or as few entries as you like. You can configure
these manually or use a third-party program such as HP ProCurve Identity
Driven Manager (IDM). (See “Using HP ProCurve IDM with RADIUS Servers”
on page 4-53.)
Rate Limits. Rate limits ensure that each user shares network resources,
and they prevent an infected endpoint from monopolizing all bandwidth. A
rate limit sent by the RADIUS server would supersede any rate limit in a
module firewall access control policy.
Using HP ProCurve IDM with RADIUS Servers
You can use HP ProCurve Identity Driven Manager (IDM), a plug-in to HP
ProCurve Manager Plus (PCM+), to further refine user access policies when
users log on through the TMS zl Module. You must use a RADIUS server that
IDM supports, such as Windows IAS or NPS. For more information, see the
ProCurve Manager Network Administrator’s Guide, version 2.3 or later.
Check Your Network Infrastructure to Ensure There
Are No Intermediate Proxy or NAT Devices
Before you begin using the user authentication feature, you should carefully
evaluate your network infrastructure and ensure that there are no intermedi-
ate infrastructure devices that NAT users’ traffic before it is sent onto the TMS
zl Module. For example, in Figure 4-32 two networks have been merged, using
a router that NATs users’ traffic from Network A before it is sent to Network B.