Filter
Top Products
Configuring Rights
• An Access Policy defines aspects of how a client interacts with the network. The Access Policy defines
what traffic is allowed to be passed into the network, and what traffic will be redirected to alternate
destinations. It can include HTTP proxy filters that specify what web sites are accessible or restricted.
It also defines how IP addressing is handled, and what type of encryption should be used, if any.
There are five predefined Access Policies: “Authenticated,” “Unauthenticated,” “Guest Access,”
“No Access,” and “Network Equipment.” By default, the “Unauthenticated” policy appears in the
last row of the Rights Assignment Table, as the policy associated with clients that fall though and
match only the “Any” Identity and Connection Profiles.
The Rights Manager
The configuration of network Authentication and Access Policies is done through the Rights Manager,
accessed by clicking the
Rights icon on the Navigation Toolbar.
Configuration within the Rights Manager may include any of the following:
• Creating new rows for the Rights Assignment Table
• Creating new Identity Profiles, or modifying ones you have already created
• Creating new Connection Profiles, or modifying ones you have already created
• Creating new Access Policies, or modifying existing policies
• Creating new Authentication Policies, or modifying existing policies (this is discussed in Chapter 5,
“Configuring Authentication”)
• Customizing the Logon page (and other associated pages) presented to users whose first network
access attempt is an HTTP request. (This is also discussed in
Chapter 5, “Configuring Authentication”)
As a part of defining the various profiles and policies, you can also define the following:
• Users (defined by a username and password or MAC address) and Network Equipment (defined by a
MAC address) to be included in the built-in database. These may then be associated with an Identity
Profile.
• Locations (defined as one or all ports on one or more Access Controllers). These may be used when
defining Connection Profiles. By default, the location Everywhere encompasses all ports on all connected
Access Controllers.
• Time Windows (defined as a range of hours, dates, or days of the week). These may be used when
defining Connection Profiles. The absence of a specific Time Window in a Connection Profile is taken
to mean no time restrictions are in force.
• Allowed Traffic Filters and Redirected Traffic Filters. These may be used when defining Access
Policies. These also include the special case of WINS and DNS filters, which are created through a
separate interface and result in matched Allowed and Redirected traffic filter pairs.
• HTTP Proxy Filters. These also may be used when defining Access Policies.
From the Rights Manager you can also export the current set of rights to your local system, and import a
set of stored rights from the local system.
Note: When you make a change to the rights configuration through the Rights Manager, clients are
affected only when they receive new rights–rights configuration changes do not automatically affect
connected clients. To have your changes take effect immediately for connected clients, you must go to
4-4 HP ProCurve Secure Access 700wl Series Management and Configuration Guide