Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
1-30
Overview
Deployment Options for Routing Mode—Threat Protection
Local User Authentication. You could also have all internal users authen-
ticate to the TMS zl Module (or to an external RADIUS server through the
module). You could then apply different access policies to the users based on
their identity.
VPN User Authentication. Another use for the module’s authentication
capability is to authenticate VPN users. The users log in with XAUTH or with
L2TP. The module then controls the remote user’s access according to the
user’s group. For both XAUTH and L2TP client authentication, the TMS zl
Module can authenticate users against its local list or against an external
RADIUS server.
Management User Authentication. Additionally, the TMS zl Module can
use an external RADIUS server to authenticate manager and operator users,
enabling you to have more than one manager account and operator account
for the TMS zl Module. Furthermore, using an external RADIUS server enables
you to easily track when a manager user logs in.
Deployment Location for Access Control with Authentication
When the TMS zl Module is controlling internal users (or guests who connect
internally), you should typically install it in a ProCurve 5400zl or 8200zl switch
in a core location. When the module controls remote users, install it in a
location where it can act as the VPN gateway. There are no rigid rules about
the deployment location. You must simply ensure that the module routes the
traffic that arrives from the users that you want to control.
Deployment Tasks for Access Control with Authentication
You must complete these tasks to deploy your TMS zl Module so that it
provides access control with authentication:
1. Do one of the following:
Perform the deployment tasks for internal threat protection, as shown
in “Deployment Tasks for Internal Threat Protection” on page 1-16.
Perform the deployment tasks for perimeter protection as shown in
“Deployment Tasks for Perimeter Threat Protection” on page 1-25
2. Configure authentication:
a. Create user groups.
b. Configure the credential repository in one of these ways:
Create accounts on the local database.