Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
1-44
Overview
Firewall
The packets source and destination zones
A packet’s source zone is the zone of the TMS VLAN on which the TMS zl
Module receives the packet. This TMS VLAN might be the source device’s
own VLAN, or it might be the VLAN of the router that routed the traffic to
the module.
The destination zone is the zone of the TMS VLAN on which the packet is
forwarded (which the module determines using its routing table). Again,
this might be the destination device’s own VLAN, or the VLAN of the next
router on the way to the destination.
Unicast Policies Versus Multicast Policies
Unicast policies control traffic that originates from a single IP address and is
destined to a single IP address. For example, a request to a Web server is
unicast traffic. Most traditional traffic is unicast. A multicast policy applies to
traffic that is destined to a multicast address. Multicast addresses are between
224.0.0.0 and 239.255.255.255. Traffic destined to a multicast address is deliv-
ered to any endpoint that has joined the group for that address. Multicasting
is often used for applications such as video streaming as well as some routing
protocols.
User Group
You can create different sets of access policies for each user group that is
configured on the module—as well as a set of access policies that apply to all
users not assigned to a group.
When a user authenticates to your network through the TMS zl Module, the
module assigns the authenticated user’s IP address to the user group. (If the
user authenticated locally, the module can look up the users group locally.
Otherwise, the RADIUS server must send the name of the group in the Filter-
ID AVP of the Access-Accept message.)
The module then applies the set of access policies that are configured for that
group to traffic received from that source address. If no policy matches, then
the global access policies (None user group) are applied.
Traffic that does not come from authenticated users is filtered by the None
user group.
Note User groups apply only to unicast access policies.