HP ProCurve Identity Driven Manager 3.0 User’s Guide
1-4About ProCurve Identity Driven ManagerIntroductionWhen using IDM, the authentication process proceeds as described in the first three steps, but fr
3-32Using Identity Driven ManagerConfiguring Access ProfilesThe changes are displayed in the Access Profiles list.NOTE: When modifying Access Profiles
3-33Using Identity Driven ManagerDefining Access Policy GroupsDefining Access Policy GroupsAn Access Policy Group (APG) contains rules that define the
3-34Using Identity Driven ManagerDefining Access Policy GroupsTo begin, expand the Realms node to display the Access Policy Group node in the IDM tree
3-35Using Identity Driven ManagerDefining Access Policy GroupsFigure 3-26. New Access Policy Group3. Type in a Name and Description for the Access Pol
3-36Using Identity Driven ManagerDefining Access Policy Groups 6. Repeat the process for each rule you want to apply to the APG.7. The Access rules ar
3-37Using Identity Driven ManagerDefining Access Policy GroupsIDM will verify that the rules in the APG are valid. If a rule includes a defined VLAN (
3-38Using Identity Driven ManagerDefining Access Policy GroupsFigure 3-28. Access Rule with Endpoint Integrity optionsSelect the Endpoint Integrity op
3-39Using Identity Driven ManagerDefining Access Policy GroupsModifying an Access Policy Group1. Click the Access Policy Group node in the IDM tree to
3-40Using Identity Driven ManagerConfiguring User AccessConfiguring User AccessThe process of configuring User access to network resources using IDM i
3-41Using Identity Driven ManagerConfiguring User AccessAdding Users to an Access Policy GroupTo assign a user to an access policy group:1. Expand the
1-5About ProCurve Identity Driven ManagerIntroductionWhat’s New in IDM 3.0ProCurve Identity Driven Manager version 3.0 includes the following new feat
3-42Using Identity Driven ManagerConfiguring User AccessChanging Access Policy Group AssignmentsTo re-assign users to a different APG:1. Click the acc
3-43Using Identity Driven ManagerConfiguring User AccessUsing Global RulesGlobal Rules can be used to provide an "exception process" to the
3-44Using Identity Driven ManagerConfiguring User Access Creating a Global Rule is similar to creating Access Rules for an Access Profile Group.To cre
3-45Using Identity Driven ManagerConfiguring User Access4. Set the Access Properties for the Global Rule. This is similar to the process used to defin
3-46Using Identity Driven ManagerDeploying Configurations to the AgentDeploying Configurations to the AgentAn option in the IDM Preferences allows you
3-47Using Identity Driven ManagerUsing Manual ConfigurationUsing Manual Configuration It is simplest to let the IDM Agent run and collect information
3-48Using Identity Driven ManagerUsing Manual Configuration3. Click Ok to save the Realm information and close the window. The new Realm appears in t
3-49Using Identity Driven ManagerAdding RADIUS ClientsAdding RADIUS ClientsYou can add and update RADIUS clients (ProCurve switches and manually added
3-50Using Identity Driven ManagerAdding RADIUS ClientsSelecting a single NAC800 Enforcement Server in a Management Server deploys the RADIUS settings
3-51Using Identity Driven ManagerAdding RADIUS Clients5. If duplicate IP addresses are found, select the action to take for duplicate IP addresses.Fig
1-6About ProCurve Identity Driven ManagerIntroductionIDM ArchitectureIn IDM, when a user attempts to connect to the network through an edge switch, th
3-52Using Identity Driven ManagerAdding RADIUS ClientsRADIUS clients being excluded from the wizard. If you discard rows 1 and 2, C1 will be excluded
3-53Using Identity Driven ManagerAdding RADIUS ClientsTo configure RADIUS parameters for a single client:a. In the RADIUS clients list on the left, se
3-54Using Identity Driven ManagerAdding RADIUS ClientsThe list of configuration changes can be cut and pasted to another location.8. Apply the selecte
3-55Using Identity Driven ManagerAdding RADIUS ClientsDeleting RADIUS ServersTo delete an existing RADIUS Server:NOTE: Before you can completely delet
3-56Using Identity Driven ManagerAdding RADIUS ClientsAdding New UsersYou can let the IDM Agent automatically learn about the users from the Active Di
3-57Using Identity Driven ManagerAdding RADIUS Clients3. If you want to restrict the user’s access to specific systems, click the Systems tab to confi
3-58Using Identity Driven ManagerAdding RADIUS ClientsModifying and Deleting UsersTo modify an existing User:1. Select the User in the User List and c
3-59Using Identity Driven ManagerUsing the User Import WizardUsing the User Import WizardThe IDM User Import Wizard lets you add users to IDM from ano
3-60Using Identity Driven ManagerUsing the User Import WizardImporting Users from Active DirectoryImporting users from Active Directory with the IDM I
3-61Using Identity Driven ManagerUsing the User Import WizardFigure 3-44. IDM User Import Wizard, Data Source3. Click the radio button to select the A
1-7About ProCurve Identity Driven ManagerIntroduction• A Decision Manager that receives the user data and checks it against user data in the local IDM
3-62Using Identity Driven ManagerUsing the User Import Wizard5. Select the scope of Active Directory groups that you want to import user data from. 6.
3-63Using Identity Driven ManagerUsing the User Import WizardFigure 3-47. IDM User Import Wizard, Add Users10. Click the Select checkbox to choose the
3-64Using Identity Driven ManagerUsing the User Import Wizard12. Click Next to continue to the Users and Groups Commitment window.Figure 3-48. IDM Use
3-65Using Identity Driven ManagerUsing the User Import WizardFigure 3-49. IDM User Import Wizard, LDAP Authenticationa. To use the SSL authentication
3-66Using Identity Driven ManagerUsing the User Import Wizardb. Select the LDAP Authentication type to be used with the imported user data:c. Click Ne
3-67Using Identity Driven ManagerUsing the User Import WizardFigure 3-50. IDM User Import Wizard, Simple AuthenticationTo set up Simple authentication
3-68Using Identity Driven ManagerUsing the User Import WizardFigure 3-51. IDM User Import Wizard, SASL Digest MD5 AuthenticationTo set up Digest MD5 a
3-69Using Identity Driven ManagerUsing the User Import WizardFigure 3-52. IDM User Import Wizard, SASL Kerberos V5 AuthenticationTo set up Kerberos V5
3-70Using Identity Driven ManagerUsing the User Import WizardFigure 3-53. IDM User Import Wizard, SASL External AuthenticationTo set up External authe
3-71Using Identity Driven ManagerUsing the User Import WizardImporting LDAP X509 User Certificates into a Keystore: If you are using a JKS Keystore, t
1-8About ProCurve Identity Driven ManagerTerminologyTerminologyAccess Policy GroupAn IDM access policy group consists of one or more rules that govern
3-72Using Identity Driven ManagerUsing the User Import Wizard2. In the Domain field, type the domain name.3. Optionally, in the Base DN field, type th
3-73Using Identity Driven ManagerUsing the User Import WizardKERBEROS_AUTH_MODULE=IDMKerberos // Kerberos authentication module name. If this entry is
3-74Using Identity Driven ManagerUsing the User Import WizardImporting Users from XML filesIf you select to import users from an XML File, the XML Dat
3-75Using Identity Driven ManagerUsing the User Import WizardXML User Import File ExampleXML files used to import user data to IDM should have the fol
3-76Using Identity Driven ManagerUsing the User Import Wizard
4-14Using the Secure Access WizardChapter ContentsOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4-2Using the Secure Access WizardOverviewOverviewThe Secure Access Wizard (SAW) feature in IDM is designed to simplify the initial setup of IDM by red
4-3Using the Secure Access WizardUsing Secure Access WizardUsing Secure Access WizardNOTE: The following section provides instructions on using the S
4-4Using the Secure Access WizardUsing Secure Access WizardWhen you first open the wizard, the Load Settings and Load template buttons are disabled. O
4-5Using the Secure Access WizardUsing Secure Access WizardTip: To begin, ProCurve recommends that you select only one or two devices, and then save t
1-9About ProCurve Identity Driven ManagerTerminologyEndpoint Integrity Also referred to as "Host Integrity," this refers to the use of appli
4-6Using the Secure Access WizardUsing Secure Access Wizard• The device is too old• The firmware is out of date• The device is not a ProCurve device•
4-7Using the Secure Access WizardUsing Secure Access WizardFigure 4-4. Secure Access Wizard, Authentication Method Selection example14. Click the chec
4-8Using the Secure Access WizardUsing Secure Access WizardFigure 4-5. Secure Access Wizard, Port Selection example16. To select ports from a list, cl
4-9Using the Secure Access WizardUsing Secure Access WizardFigure 4-6. Secure Access Wizard, Select PortsWhen the desired ports are selected, click OK
4-10Using the Secure Access WizardUsing Secure Access Wizard18. Click Next to continue. The next window display will vary based on the devices and aut
4-11Using the Secure Access WizardUsing Secure Access Wizard22. The 802.1X configuration window lets you select the authentication method to be applie
4-12Using the Secure Access WizardUsing Secure Access Wizardc. Click the Advanced Settings for Wired 802.1X to configure the advanced settings.Figure
4-13Using the Secure Access WizardUsing Secure Access WizardRe-auth period - The re-authentication timeout (in seconds, default 0), set to 0 to disabl
4-14Using the Secure Access WizardUsing Secure Access Wizarda. Click the radio button to select the RADIUS authentication protocol. Only one method ca
4-15Using the Secure Access WizardUsing Secure Access WizardDHCP address and mask - The base address and mask for the temporary pool used by DHCP (bas
1-10About ProCurve Identity Driven ManagerIDM SpecificationsIDM SpecificationsSupported DevicesProCurve Identity Driven Manager (IDM) supports authori
4-16Using the Secure Access WizardUsing Secure Access Wizarde. Click Next in the configuration window to continue to the Authentication Servers step.
4-17Using the Secure Access WizardUsing Secure Access WizardFigure 4-13. Secure Access Wizard, Advanced (wired) Mac-Auth settings c. Click the check b
4-18Using the Secure Access WizardUsing Secure Access WizardUnauth-vid - The VLAN to which the port is assigned when the user has not been authorized
4-19Using the Secure Access WizardUsing Secure Access WizardThe IP address will be validated. If it is invalid or a duplicated IP, a text message indi
4-20Using the Secure Access WizardUsing Secure Access WizardIf not using the same shared secret on all the devices, enter the Radius shared secret for
4-21Using the Secure Access WizardUsing Secure Access WizardThe data fields are the same for both the Save Settings, and Save Template dialog.Figure 4
4-22Using the Secure Access WizardUsing Secure Access WizardFigure 4-18. Secure Access Wizard, Configuration Preview display39. Review the access secu
4-23Using the Secure Access WizardUsing Secure Access WizardFigure 4-19. Secure Access Wizard, Applying Settings statusThis window displays the progre
4-24Using the Secure Access WizardUsing Secure Access Wizard
5-15Troubleshooting IDMChapter ContentsIDM Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1-11About ProCurve Identity Driven ManagerIDM Specifications• Microsoft Network Policy Server on Windows Server 2008 (32-bit)• Microsoft Internet Auth
5-2Troubleshooting IDMIDM EventsIDM Events The IDM Events window is used to view and manage IDM events generated by the IDM application or the IDM Age
5-3Troubleshooting IDMIDM EventsSortable columns of information are available for each event:You can sort the Events listing by Source, Severity, Stat
5-4Troubleshooting IDMIDM EventsSelect an event in the Events listing to display the Event Details at the bottom of the window. Figure 5-2. IDM Event
5-5Troubleshooting IDMIDM EventsThe Pause will toggle to the "Resume" icon. Click the resume button to restart the events display. The butto
5-6Troubleshooting IDMIDM Events3. To deactivate a setting in the current filter:a. If the Filtering pane is not displayed, click the + next to Filter
5-7Troubleshooting IDMIDM EventsViewing the Events ArchiveThe Archived Events window lists details for each event in the Archive Log, which contains e
5-8Troubleshooting IDMIDM EventsThe Archived Events window provides the following information for each event:You can select the date range for display
5-9Troubleshooting IDMIDM EventsSetting IDM Event PreferencesUse the IDM Event Preferences to set up archiving and automatic deletion of events from t
5-10Troubleshooting IDMIDM EventsFor example, Informational events is set to 60 percent. When the archive file reaches the archive storage limit and t
5-11Troubleshooting IDMIDM EventsFigure 5-6. RADIUS Server Activity LogThe Activity Log provides information similar to the IDM Events, except that th
1-12About ProCurve Identity Driven ManagerIDM SpecificationsIf you want to test the IDM 3.0 functionality using the 60-day trial provided with the PCM
5-12Troubleshooting IDMUsing Decision Manager TracingUsing Decision Manager TracingIDM provides a tracing tool (DMConfig.prp) and log file (DM-IDMDM.l
A-1AUsing ProCurve Network Access Controller with IDM About ProCurve Network Access Controller 800The ProCurve Network Access Controller 800 (ProCurve
A-2Using ProCurve Network Access Controller with IDMAbout ProCurve Network Access Controller 800Before You BeginFor information on installing the ProC
A-3Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysUsing the NAC Tab DisplaysOnce the ProCurve NAC appliance is installed o
A-4Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysSetting the ProCurve NAC GUI LoginIn addition to the "NAC" tab
A-5Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysUsing the NAC Home TabThe NAC Home tab launches the ProCurve NAC GUI wit
A-6Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysClick the NAC Monitor tab to launch the ProCurve NAC "System Monito
A-7Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysFigure A-5. ProCurve NAC 800 System Configuration (NAC Configuration) di
A-8Using ProCurve Network Access Controller with IDMUsing Local Authentication Directory on ProCurve NACUsing Local Authentication Directory on ProCur
A-9Using ProCurve Network Access Controller with IDMUsing Local Authentication Directory on ProCurve NACAdding Locally Authenticated UsersThe only dif
1-13About ProCurve Identity Driven ManagerLearning to Use ProCurve IDMLearning to Use ProCurve IDMThe following information is available for learning
A-10Using ProCurve Network Access Controller with IDMUsing Local Authentication Directory on ProCurve NACFigure A-7. User Properties, with Local Authe
B-1BIDM Technical ReferenceDevice Support for IDM FunctionalityDue to variations in hardware and software configuration of various ProCurve Devices, n
B-2IDM Technical ReferenceDevice Support for IDM FunctionalitySupport for Secure Access Wizard FeatureProCurve Device ACL's VLAN QoS BW MAC Web
B-3IDM Technical ReferenceBest PracticesBest PracticesAuthentication MethodsThe IDM application is designed to support RADIUS server implementation wi
B-4IDM Technical ReferenceBest PracticesHandling Unknown or Unauthorized usersIf a user is authenticated in RADIUS, but is unknown to IDM, IDM will no
B-5IDM Technical ReferenceBest Practices In this instance, if the user attempts to login in during the times specified for the Weekends, they will be
B-6IDM Technical ReferenceTypes of User EventsTypes of User EventsThe USER_FAILED_LOGIN event happens whenever RADIUS sends IDM a message of an unsucc
Index–1IndexNumerics802.1X configuration, SAW 4-11AAccess Attributes 3-24Access attributes 3-25Access Information 2-36Access Policyorder 3-3
Index–2HHolidays 3-17IIDM Agenttracing 5-12IDM authorization policy 3-46IDM model 3-3IDM Statistics 2-22Importfrom Active Directory 3-60I
Index–3Rules, evaluation 3-36SSASL Digest MD5 authentication 3-67Save Settings, SAW 4-21Save Template, SAW 4-21SAW 4-2Secure Access Wizard
Hewlett-Packard Company8000 Foothills Boulevard, m/s 5551Roseville, California 95747-5551http://www.procurve.com© Copyright 2004, 2005, 2007, 2009 Hew
1-14About ProCurve Identity Driven ManagerLearning to Use ProCurve IDM
ProCurve 5400zl Switches Installation and Getting Startd Guide Technology for better business outcomes To learn more, visit www.hp.com/go/pr
2-12Getting StartedChapter ContentsBefore You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2In
2-2Getting StartedBefore You BeginBefore You BeginIf you have not already done so, please review the list of supported devices and operating requireme
2-3Getting StartedBefore You Begin http://10.15.20.25:80402. Click the Download the Windows PCM/IDM agent link, and click Save to download the file.3.
2-4Getting StartedBefore You BeginFigure 2-2. Server InformationFor the Agent to communicate with the PCM server, these values MUST MATCH the values s
2-5Getting StartedBefore You BeginOnce installed the IDM Agent begins collecting User, Realm, and RADIUS data.On a Linux System or ProCurve Network Ac
2-6Getting StartedBefore You BeginIDM Configuration Process OverviewTo configure IDM to provide access control on your network, first let IDM run long
2-7Getting StartedBefore You BeginTable 2-1: IDM Deployment and Usage StrategiesAuthenticate Authorize Strategy DescriptionVLAN QoS Rate-LimitNetwork
2-8Getting StartedBefore You BeginUnderstanding the IDM ModelThe first thing to understand, is that IDM works within the general concept of ‘domains’
2-9Getting StartedIDM GUI OverviewIDM GUI OverviewTo use the IDM client, launch the PCM Client on your PC. Select the ProCurve Manager option from the
iContents1 About ProCurve Identity Driven ManagerIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2-10Getting StartedIDM GUI OverviewFigure 2-4. IDM DashboardThe IDM initial display provides a quick view of IDM status in the Dashboard tab, along wi
2-11Getting StartedIDM GUI OverviewIDM DashboardThe IDM Dashboard is a monitoring tool that provides a quick summary view of IDM users, RADIUS servers
2-12Getting StartedIDM GUI OverviewUsing the Navigation TreeThe navigation tree in the left pane of the IDM window provides access to IDM features usi
2-13Getting StartedIDM GUI OverviewFigure 2-7. Realm Dashboard tabRealm Dashboard: The Realm Dashboard is a monitoring tool that provides a quick summ
2-14Getting StartedIDM GUI OverviewThe Top Talkers pane displays input octets (bytes), output octets, or both. Use the drop-down list in this pane to
2-15Getting StartedIDM GUI OverviewThe following information is shown on the Realm Properties tab:Realm Global Rules tab: Click the Global Rules tab t
2-16Getting StartedIDM GUI OverviewAccess Policy Groups: Click the Access Policy Group node to display the Access Policy Groups tab with a list of cur
2-17Getting StartedIDM GUI OverviewRADIUS Servers: Clicking the RADIUS Servers node displays the RADIUS List tab, with status and configuration inform
2-18Getting StartedIDM GUI OverviewToolbars and MenusBecause IDM is a module within PCM, it uses the same Main Menu and Global toolbar functions. Indi
2-19Getting StartedUsing IDM as a Monitoring ToolUsing IDM as a Monitoring ToolWhether or not you configure and apply access and authorization paramet
iiContentsIDM Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-41Using Active Directory Synchroniz
2-20Getting StartedUsing IDM ReportsUsing IDM ReportsIDM provides reports designed to help you monitor and analyze usage patterns for network resource
2-21Getting StartedUsing IDM ReportsYou can save the report to a file, or print the report. To apply customized Report Header information for your com
2-22Getting StartedUsing IDM Reportsauthenticate the user has a endpoint integrity solution, the computer where the user logged in may be checked for
2-23Getting StartedUsing IDM ReportsTo display the User Report select a username in the Users tab of the Access Policy Group or RADIUS Server window,
2-24Getting StartedCreating Report PoliciesCreating Report PoliciesYou can also use the Policy Manager feature to schedule reports to be created at re
2-25Getting StartedCreating Report PoliciesFigure 2-17. Policy Manager, ActionsThe Manage Actions window displays the list of defined Actions.3. Click
2-26Getting StartedCreating Report Policies4. Select the Report Manager:Generate Report Action type from the pull-down menu. Figure 2-19. Policy Manag
2-27Getting StartedCreating Report PoliciesAt this point the other tabs displayed are:Type: Lets you select the Report type you want to generate. As s
2-28Getting StartedCreating Report PoliciesFigure 2-22. Report Manager Action: Report format selection• PDF Produce the report in .pdf format. To view
2-29Getting StartedCreating Report PoliciesFigure 2-23. Report Manager Action: Report Delivery methodE-mail is the default method. It will e-mail the
iiiContentsImporting Users from XML files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-744 Using the Secure Access WizardOverview
2-30Getting StartedCreating Report Policiese. In the Password field, type the password used to access the FTP site.f. Select the Filename conventions
2-31Getting StartedCreating Report PoliciesTo modify the IDM Session Cleanup Alert:1. Click the Policies icon in the global (PCM and IDM) toolbar at t
2-32Getting StartedCreating Report Policies4. Click the Schedule tab to review and edit the schedule parameters.Figure 2-27. IDM Session Cleanup Sched
2-33Getting StartedCreating Report Policies7. Click the radio button to select No end date, End by, or Maximum occurrences to identify when the schedu
2-34Getting StartedUser Session InformationUser Session InformationYou can use IDM to just monitor the network, and receive detailed information about
2-35Getting StartedUser Session InformationThe Session List provides a listing of recent sessions, including the following information: The User Prop
2-36Getting StartedUser Session InformationTo track the user’s login location information for the session, click the Location Information tab. The Loc
2-37Getting StartedUser Session InformationFinding a UserThe Find User feature lets you search for and display information about a user by name or MAC
2-38Getting StartedUser Session InformationUser ReportsTo review information for multiple sessions, run the User Report.1. Select a username in the Us
2-39Getting StartedUser Session InformationFigure 2-31. Report Wizard, Columns to Include4. Click the check boxes to select the data columns. If wire
ivContents
2-40Getting StartedUser Session InformationFigure 2-32. Show MitigationsTo show or delete mitigations:1. In the IDM Users tab, right-click a mitigated
2-41Getting StartedUser Session InformationIDM PreferencesThe IDM Preferences window is used to set up global attributes for session accounting and ar
2-42Getting StartedUser Session InformationClick to select the Disable automatic deploy to IDM agents option if you do not want to use automatic IDM c
2-43Getting StartedUser Session Information7. To ignore capability override warnings generated by switches that don't support certain capabilitie
2-44Getting StartedUser Session InformationFigure 2-34. Identity Management Preferences: User Directory Settings.1. Check the Enable automatic Active
2-45Getting StartedUser Session Information5. To Add a group to the "Groups to Synchronize" list, click Add or Remove Groups... to display t
2-46Getting StartedUser Session Information6. Select the Active Directory Groups you want to Synchronize to IDM, then click the >> button to mov
2-47Getting StartedUser Session Information Users deleted from Active Directory while synchronization is disabled are assigned to the default Access
2-48Getting StartedUser Session Information
3-13Using Identity Driven ManagerChapter ContentsIDM Configuration Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1-11 About ProCurve Identity Driven ManagerChapter ContentsIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3-2Using Identity Driven ManagerAdding RADIUS Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49Deleting RADIU
3-3Using Identity Driven ManagerIDM Configuration ModelIDM Configuration Model As described in the IDM model on page 2-8, everything relates to the to
3-4Using Identity Driven ManagerIDM Configuration Model2. Define "times" (optional) at which users will be allowed or denied access. This ca
3-5Using Identity Driven ManagerIDM Configuration Model2. Click the Configure Identity Management icon in the Realms window toolbar.The Identity Manag
3-6Using Identity Driven ManagerConfiguring LocationsConfiguring LocationsLocations in IDM identify the switch and/or ports on the switch and wireless
3-7Using Identity Driven ManagerConfiguring LocationsAdding a New LocationTo create a new location:1. Click the New Location icon in the toolbar to di
3-8Using Identity Driven ManagerConfiguring LocationsFigure 3-4. New Device window5. Use the Select Device Group drop-down list to select the Agent an
3-9Using Identity Driven ManagerConfiguring Locations7. Use the Port Selection to define the ports on the device that will be associated with the loca
3-10Using Identity Driven ManagerConfiguring LocationsFigure 3-5. Create a New Location, Wireless Devices12. Click Add Device... to display the Wirele
3-11Using Identity Driven ManagerConfiguring LocationsClick the check box to select the radio ports to be included in the location, and then click OK
1-2About ProCurve Identity Driven ManagerIntroductionIntroduction Network usage has skyrocketed with the expansion of the Internet, wireless, and conv
3-12Using Identity Driven ManagerConfiguring LocationsDeleting a LocationTo remove an existing Location:1. Click the Locations node in the Identity Ma
3-13Using Identity Driven ManagerConfiguring TimesConfiguring TimesTimes are used to define the hours and days when a user can connect to the network.
3-14Using Identity Driven ManagerConfiguring TimesFigure 3-8. Times PropertiesCreating a New TimeTo configure a Time:1. Click the Times node in the Id
3-15Using Identity Driven ManagerConfiguring TimesFigure 3-9. Create a New Time3. Define the properties for the new time. 4. Click Ok to save the new
3-16Using Identity Driven ManagerConfiguring TimesModifying a Time1. Click the Times node in the Identity Management Configuration navigation tree to
3-17Using Identity Driven ManagerConfiguring TimesDefining HolidaysTo add holidays for use when defining Times in IDM: 1. Click the Times node in the
3-18Using Identity Driven ManagerConfiguring Network ResourcesConfiguring Network ResourcesThe Network Resources in IDM are used to permit or deny tra
3-19Using Identity Driven ManagerConfiguring Network ResourcesThe Network Resources window lists the name and parameters for defined resources, includ
3-20Using Identity Driven ManagerConfiguring Network ResourcesAdding a Network ResourceTo define a Network Resource:1. Click the Network Resources nod
3-21Using Identity Driven ManagerConfiguring Network Resources* Valid Friendly port names supported in IDM include: ftp, syslog, ldap, http, imap4, im
1-3About ProCurve Identity Driven ManagerIntroductionWhy IDM?Today, access control using a RADIUS system and ProCurve devices (switches or wireless ac
3-22Using Identity Driven ManagerConfiguring Network ResourcesDeleting a Network ResourceTo delete a Network Resource:1. Click the Network Resources n
3-23Using Identity Driven ManagerConfiguring Access ProfilesConfiguring Access ProfilesIDM uses an Access Profile to set the VLAN, QoS, Bandwidth (rat
3-24Using Identity Driven ManagerConfiguring Access ProfilesClick the Access Profile node in the navigation tree, or double-click on a profile in the
3-25Using Identity Driven ManagerConfiguring Access Profiles3. Define the attributes for the Access Profile: NOTE: If you are assigning any VLAN other
3-26Using Identity Driven ManagerConfiguring Access Profiles4. If you want the IDM QoS attributes to override the switch attributes, use the QoS drop-
3-27Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-18. Network Resource Assignment Wizard, Allowed Network Resources9. To permit acc
3-28Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-19. Network Resource Assignment Wizard, Denied Network Resources10. To deny acces
3-29Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-20. Network Resource Assignment Wizard, Priority Assignment11. Set the priority (
3-30Using Identity Driven ManagerConfiguring Access Profiles13. Select the option to tell IDM what to do if there are no matches found in the network
3-31Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-23. Network Resource Assignment Wizard, Summary17. Click Finish to save the Netwo
Comments to this Manuals