Filter
Top Products
Introduction
• RADIUS servers
• Kerberos services
• XML-RPC-based services
• The Rights Manager’s built-in database. This is the default authentication service. You can populate it
with user names and passwords through the Rights Manager.
User Authentication is discussed in detail in Chapter 5, Configuring Authentication.
Client Access Rights
At any given time a certain set of rights is in effect for each client attached to an Access Controller. These
rights are based on a number of factors, including client authentication, client identity, location of the
connection, VLAN tags, and the time and day. The Rights Manager manages the criteria for each client
connection.
• The Rights Manager uses Access Policies to define what network resources a user can access at any given
time. Access Policies are defined for a group, and an individual user’s rights are determined by the
groups to which he or she belongs.
• The Rights Manager uses Identity Profiles and Connection Profiles to define which users can access the
network at any given time, what sorts of logon and authentication mechanisms may be used, and
what type of security is required.
• A client is matched to an Identity Profile based on who they are. They are matched to a Connection
Profile based on when and where they connect to the network. The Rights Manager uses the Identity
Profile and Connection Profile to match the client with the appropriate Access Policy. This in done in
the Rights Assignment Table.
Chapter 4, Configuring Rights describes this process in detail.
Wireless Data Privacy and VPN Protocols
The 700wl Series system’s VPN component enables strong encryption of data between a client and the
Access Controller. This provides additional security for data sent over the airwaves, replacing the
relatively insecure Wired Equivalent Privacy (WEP) of a wireless network.
The 700wl Series system offers four choices for encrypting data between a client and the Access
Controller: PPTP, L2TP/IPSec, tunnel mode IPSec, and SSH. It also supports a variety of authentication
and encryption algorithms related to these choices. It supports a number of client software packages that
handle the client side of the security method. In most cases, the 700wl Series system accepts the
authentication performed by the security protocol and provides user access rights as soon as the secure
connection has been set up.
Once a secure connection has been set up, clients can roam between access points and the 700wl Series
system will maintain each session transparently to the client.
Roaming Support
One of the key features of the 700wl Series system is its support of layer 3 roaming—enabling clients to
move around physically between access points without having to reauthenticate or establish a new
session.
1-4 HP ProCurve Secure Access 700wl Series Management and Configuration Guide