Filter
Top Products
Configuring Rights
Series system is matched to a row in the table based on its Identity Profile and Connection Profile, and
receives access rights as specified by the Access Policy for that row.
The 700wl Series system looks for a matching row starting at the top of the table, and stops at the first
match. Thus, the order of rows in the table is important.
In a newly-installed system (or after a Factory Reset) the Rights Assignment Table will have only four
rows, as shown in
Figure 4-1.
Figure 4-2. Rights Assignment Table Matching Example
The following examples are based on the Rights Assignment Table shown in Figure 4-2. The first example
describes how a normal user (identified by a username and password) gets access rights to the system.
Step 1. A client connects to the 700wl Series system and initially is identified only by its MAC address.
This initiates a search of the Rights Assignment Table to match this client to a row in the table,
and to assign access rights to the client based on the Access Policy specified by the matching row.
Step 2. Assuming this MAC address is unknown to the 700wl Series system, the client does not match
the Identity Profiles in the first four rows. It falls through to the bottom rows of the table, where it
automatically matches the “Any” Identity Profile. If the client accessed the 700wl Series system
through a physical location that matches the Connection Profile “Accounting,” it will match on
row 5. If the client connected through any other Location, it matches on row 6. In either case the
unknown client receives rights based on the “Unauthenticated” Access Policy. This Access Policy
provides only the access necessary to log on to the system.
Step 3. Given the rights defined by the “Unauthenticated” Access Policy, when the client attempts to
access any web page, she is instead redirected to the 700wl Series system Logon page. The user
can enter a username and password, or select the “Logon as a Guest” option. The logon name
and password will be passed on for authentication based on the Authentication profile associated
with the Connection Profile. This means that an unknown client that matches on row 5 might be
authenticated differently from a client that matches row 6. (Authentication is discussed in more
detail in
“Authentication in the 700wl Series System” on page 5-1.)
If the user enters a logon name and password that is authenticated successfully by the
Authentication Policy, the 700wl Series system searches the Rights Assignment Table again using
HP ProCurve Secure Access 700wl Series Management and Configuration Guide 4-7