Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
351352353354355356357358359360
4-47
Firewall
User Authentication
User Authentication
Beyond firewalls, VPNs, and intrusion prevention and detection systems, the
TMS zl Module can enforce user authentication. Users are forced to authenti-
cate to the network before they can access any network resources. When they
are authenticated, they are authorized for the correct resources and services
according to their identity.
Users authenticate by entering their login credentials on a Web page (for
which you can customize the banner). This user authentication is verified by
one of the following authentication methods:
Local database
Remote Authentication Dial-In User Service (RADIUS) server
You can choose either method for authentication. You can also choose to use
both methods simultaneously. If you choose to use both methods, the TMS zl
Module will check both databases for the user credentials.
The sections below cover configuring authentication on the TMS zl Module:
For more background information on authentication to a RADIUS server,
see “RADIUS Authentication Concepts” on page 4-47.
To learn how to set up user authentication, see “Configure User Authen-
tication” on page 4-54.
RADIUS Authentication Concepts
The TMS zl Module can work with RADIUS servers to provide both authenti-
cation and authorization. RADIUS servers combine authentication and autho-
rization in one process. This is because the authentication packet which
enables a user to access the network also includes attribute-value pairs
(AVPs), which control the user’s access. This section will discuss authentica-
tion and authorization separately, although the RADIUS server will perform
both functions for the TMS zl Module.
The largest advantage of using a RADIUS server for authentication and
authorization is that it streamlines the process to more efficiently control a
user from the instant the user begins sending and receiving data. However,
combining authentication and authorization does have a disadvantage: you
must use RADIUS for both functions. Therefore, if your network includes a
legacy authentication server, you cannot add a RADIUS server just for autho-