Filter
Top Products
Configuring Rights
the Client Status tab under the Status button, and click Refresh User Rights Now. You can also
refresh rights for individual clients, if appropriate.
Configuring Access Rights–An Overview
To configure rights in the 700wl Series system, you first need to decide how you want to control access to
the resources on your network.
Step 1. Create Identity Profiles to define who should have access to network resources. You can use
Identity Profiles to group sets of users that should have a common set of access rights. You can
also use Identity Profiles to assign access rights to network devices such as Access Points.
For example, do you want your engineers to have a different set of access rights from your
accounting staff? Should instructors have different access rights than students? Do you have
visitors for whom you might want to provide limited access? You can create Identity Profiles for
each type of user that should have specific types of access, and then define which users belong to
each Identity Profile.
You can add users to the 700wl Series system built-in database and then assign those users to
Identity Profiles through the Rights Manager, or you can define Identity Profiles that will match
users based on group or domain information retrieved when the user is authenticated.
a. Add users to the built-in database if you don’t plan to have them authenticated by an external
authentication service. You can then assigned them to Identity Profiles as appropriate.
b. Add network equipment (such as Access Points) to the built-in database so they can be assigned
a set of access rights — for example, to allow the device to be managed over the network.
Step 2. Create Connection Profiles to differentiate between physical locations where clients can access the
system, or to differentiate between clients on different VLANs, or both. You can also use
Connection Profiles to differentiate between access during different time periods.
a. Create Locations that include the Access Controllers and/or Access Controller ports that
provide connectivity for any specific physical locations that you want to differentiate in
terms of authentication or access rights.
For example, do you want users to get different access rights when they are in building A
than they get when they are in building B? Do you want students to get different access
while they are in the library from those they get in a science lab? Do you want clients
connecting from your corporate visitors center to be authenticated differently from clients
connecting from your manufacturing floor? You can use Locations to define Connection
Profiles that are unique to a specific physical location—a building, a department, a floor, a
conference room.
Note: Due to Access Point coverage overlap, Locations may not behave quite as expected
if your Access Points are in close proximity. For example, if you have one Access Point
connected to a port defined as Location Marketing, and a nearby Access Point defined as
Location Engineering, a single, stationary user may be connected through the Marketing
Location in one instance, and through the Engineering Location the next time. Such a user
could even —roam“ between the two Locations seemingly at random without ever physically
moving.
Note: If your Access Controllers have not yet been installed on your network, you will not
be able to use them to create Locations. However, you can still create the Connection
Profiles you need with the Everywhere default location, and add Locations to the
HP ProCurve Secure Access 700wl Series Management and Configuration Guide 4-5