ProCurve 5300xl Specifications download pdf (Page 22)

ProCurve Identity Driven Management (IDM)

ProCurve IDM enables the ProCurve 5300xl Switch Series to adapt to each user individually. The

switch behaves appropriately according to each user’s particular access rights, no matter where

or when they access the network or what device they are utilizing.

Without ProCurve IDM functionality, client traffic is routed by the switch to the RADIUS server

through a standard RADIUS protocol. The RADIUS server then accesses the user database to

find valid users and create a match. When the traffic has been validated, the RADIUS server

allows access by passing authentication information back to the switch, at which point the user

is placed on the network.

When IDM functionality is added to the equation, these processes are not interfered or altered.

An IDM Agent runs co-resident with the RADIUS server and takes action when a user

authenticates to the network through the server. The IDM Agent is able to restrict network

access and/or add authorization parameters to the RADIUS reply, which is routed to the switch

to specify the access rights of the user. These parameters are sent as RADIUS attributes and

the switch then applies them to the client access port for the duration of the connection. With

ProCurve IDM solution, ProCurve 5300xl Switch Series can dynamically apply VLAN, QoS and

bandwidth rate-limit policies to the users based on location, time and system.

The figure below illustrates the typical IDM user experience. After the network administrator

establishes the appropriate users, groups and access rules, the network is able to dynamically

and automatically configure itself on a per-user, per-session basis. When a ‘guest’ logs in from

the lobby, they receive Internet-only access. When an ‘employee’ logs in, they have access to

the corporate server as well as the Internet. If a user is designated as higher priority, their

traffic is tagged with appropriate priority bits.

Figure 4. IDM user experience

TACACS+ Authentication

The ProCurve 5300xl Switch Series supports TACACS+ as an authentication means for switch

telnet or console port access. The switches support two levels of access: if the user/password

combination listed on the TACACS+ server is given a privilege level of 15 the user has Manager

access (read/write) to the switch. A privilege level of 14 or lower will restrict the user to

Operator status (read only).

Backup TACACS+ servers can be configured providing multiple TACACS+ server access in case

the primary TACACS+ server is unavailable for any reason.

1 2 ... 17 18 19 20 21 22 23 24 25 26 27 ... 35 36

No comments

ProCurve 5300xl Specifications Page 22