Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
351352353354355356357358359360
4-53
Firewall
User Authentication
Rate Limits. Rate limits ensure that each user shares network resources,
and they prevent an infected endpoint from monopolizing all bandwidth. A
rate limit sent by the RADIUS server would supersede any rate limit in a
module firewall access control policy.
Using HP IDM with RADIUS Servers
You can use HP ProCurve Identity Driven Manager (IDM), a plug-in to HP
ProCurve Manager Plus (PCM+), to further refine user access policies when
users log in through the TMS zl Module. You must use a RADIUS server that
IDM supports:
Microsoft Network Policy Server (NPS)
Microsoft Internet Authentication Service (IAS)
FreeRADIUS on Linux platforms
For more information about IDM, see the HP ProCurve Manager Network
Administrator’s Guide, version 2.3 or later.
Check Your Network Infrastructure to Ensure There
Are No Intermediate Proxy or NAT Devices
Before you begin using the user authentication feature, you should carefully
evaluate your network infrastructure and ensure that there are no intermedi-
ate infrastructure devices that NAT users’ traffic before it is sent onto the TMS
zl Module. For example, in Figure 4-32 two networks have been merged, using
a router that NATs users’ traffic from Network A before it is sent to Network B.