Hp Identity Driven Manager Software Series Uživatelský manuál Strana 1

HP ProCurve Identity Driven Manager 3.0 User’s Guide

1-4About ProCurve Identity Driven ManagerIntroductionWhen using IDM, the authentication process proceeds as described in the first three steps, but fr

3-32Using Identity Driven ManagerConfiguring Access ProfilesThe changes are displayed in the Access Profiles list.NOTE: When modifying Access Profiles

3-33Using Identity Driven ManagerDefining Access Policy GroupsDefining Access Policy GroupsAn Access Policy Group (APG) contains rules that define the

3-34Using Identity Driven ManagerDefining Access Policy GroupsTo begin, expand the Realms node to display the Access Policy Group node in the IDM tree

3-35Using Identity Driven ManagerDefining Access Policy GroupsFigure 3-26. New Access Policy Group3. Type in a Name and Description for the Access Pol

3-36Using Identity Driven ManagerDefining Access Policy Groups 6. Repeat the process for each rule you want to apply to the APG.7. The Access rules ar

3-37Using Identity Driven ManagerDefining Access Policy GroupsIDM will verify that the rules in the APG are valid. If a rule includes a defined VLAN (

3-38Using Identity Driven ManagerDefining Access Policy GroupsFigure 3-28. Access Rule with Endpoint Integrity optionsSelect the Endpoint Integrity op

3-39Using Identity Driven ManagerDefining Access Policy GroupsModifying an Access Policy Group1. Click the Access Policy Group node in the IDM tree to

3-40Using Identity Driven ManagerConfiguring User AccessConfiguring User AccessThe process of configuring User access to network resources using IDM i

3-41Using Identity Driven ManagerConfiguring User AccessAdding Users to an Access Policy GroupTo assign a user to an access policy group:1. Expand the

1-5About ProCurve Identity Driven ManagerIntroductionWhat’s New in IDM 3.0ProCurve Identity Driven Manager version 3.0 includes the following new feat

3-42Using Identity Driven ManagerConfiguring User AccessChanging Access Policy Group AssignmentsTo re-assign users to a different APG:1. Click the acc

3-43Using Identity Driven ManagerConfiguring User AccessUsing Global RulesGlobal Rules can be used to provide an "exception process" to the

3-44Using Identity Driven ManagerConfiguring User Access Creating a Global Rule is similar to creating Access Rules for an Access Profile Group.To cre

3-45Using Identity Driven ManagerConfiguring User Access4. Set the Access Properties for the Global Rule. This is similar to the process used to defin

3-46Using Identity Driven ManagerDeploying Configurations to the AgentDeploying Configurations to the AgentAn option in the IDM Preferences allows you

3-47Using Identity Driven ManagerUsing Manual ConfigurationUsing Manual Configuration It is simplest to let the IDM Agent run and collect information

3-48Using Identity Driven ManagerUsing Manual Configuration3. Click Ok to save the Realm information and close the window. The new Realm appears in t

3-49Using Identity Driven ManagerAdding RADIUS ClientsAdding RADIUS ClientsYou can add and update RADIUS clients (ProCurve switches and manually added

3-50Using Identity Driven ManagerAdding RADIUS ClientsSelecting a single NAC800 Enforcement Server in a Management Server deploys the RADIUS settings

3-51Using Identity Driven ManagerAdding RADIUS Clients5. If duplicate IP addresses are found, select the action to take for duplicate IP addresses.Fig

1-6About ProCurve Identity Driven ManagerIntroductionIDM ArchitectureIn IDM, when a user attempts to connect to the network through an edge switch, th

3-52Using Identity Driven ManagerAdding RADIUS ClientsRADIUS clients being excluded from the wizard. If you discard rows 1 and 2, C1 will be excluded

3-53Using Identity Driven ManagerAdding RADIUS ClientsTo configure RADIUS parameters for a single client:a. In the RADIUS clients list on the left, se

3-54Using Identity Driven ManagerAdding RADIUS ClientsThe list of configuration changes can be cut and pasted to another location.8. Apply the selecte

3-55Using Identity Driven ManagerAdding RADIUS ClientsDeleting RADIUS ServersTo delete an existing RADIUS Server:NOTE: Before you can completely delet

3-56Using Identity Driven ManagerAdding RADIUS ClientsAdding New UsersYou can let the IDM Agent automatically learn about the users from the Active Di

3-57Using Identity Driven ManagerAdding RADIUS Clients3. If you want to restrict the user’s access to specific systems, click the Systems tab to confi

3-58Using Identity Driven ManagerAdding RADIUS ClientsModifying and Deleting UsersTo modify an existing User:1. Select the User in the User List and c

3-59Using Identity Driven ManagerUsing the User Import WizardUsing the User Import WizardThe IDM User Import Wizard lets you add users to IDM from ano

3-60Using Identity Driven ManagerUsing the User Import WizardImporting Users from Active DirectoryImporting users from Active Directory with the IDM I

3-61Using Identity Driven ManagerUsing the User Import WizardFigure 3-44. IDM User Import Wizard, Data Source3. Click the radio button to select the A

1-7About ProCurve Identity Driven ManagerIntroduction• A Decision Manager that receives the user data and checks it against user data in the local IDM

3-62Using Identity Driven ManagerUsing the User Import Wizard5. Select the scope of Active Directory groups that you want to import user data from. 6.

3-63Using Identity Driven ManagerUsing the User Import WizardFigure 3-47. IDM User Import Wizard, Add Users10. Click the Select checkbox to choose the

3-64Using Identity Driven ManagerUsing the User Import Wizard12. Click Next to continue to the Users and Groups Commitment window.Figure 3-48. IDM Use

3-65Using Identity Driven ManagerUsing the User Import WizardFigure 3-49. IDM User Import Wizard, LDAP Authenticationa. To use the SSL authentication

3-66Using Identity Driven ManagerUsing the User Import Wizardb. Select the LDAP Authentication type to be used with the imported user data:c. Click Ne

3-67Using Identity Driven ManagerUsing the User Import WizardFigure 3-50. IDM User Import Wizard, Simple AuthenticationTo set up Simple authentication

3-68Using Identity Driven ManagerUsing the User Import WizardFigure 3-51. IDM User Import Wizard, SASL Digest MD5 AuthenticationTo set up Digest MD5 a

3-69Using Identity Driven ManagerUsing the User Import WizardFigure 3-52. IDM User Import Wizard, SASL Kerberos V5 AuthenticationTo set up Kerberos V5

3-70Using Identity Driven ManagerUsing the User Import WizardFigure 3-53. IDM User Import Wizard, SASL External AuthenticationTo set up External authe

3-71Using Identity Driven ManagerUsing the User Import WizardImporting LDAP X509 User Certificates into a Keystore: If you are using a JKS Keystore, t

1-8About ProCurve Identity Driven ManagerTerminologyTerminologyAccess Policy GroupAn IDM access policy group consists of one or more rules that govern

3-72Using Identity Driven ManagerUsing the User Import Wizard2. In the Domain field, type the domain name.3. Optionally, in the Base DN field, type th

3-73Using Identity Driven ManagerUsing the User Import WizardKERBEROS_AUTH_MODULE=IDMKerberos // Kerberos authentication module name. If this entry is

3-74Using Identity Driven ManagerUsing the User Import WizardImporting Users from XML filesIf you select to import users from an XML File, the XML Dat

3-75Using Identity Driven ManagerUsing the User Import WizardXML User Import File ExampleXML files used to import user data to IDM should have the fol

3-76Using Identity Driven ManagerUsing the User Import Wizard

4-14Using the Secure Access WizardChapter ContentsOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4-2Using the Secure Access WizardOverviewOverviewThe Secure Access Wizard (SAW) feature in IDM is designed to simplify the initial setup of IDM by red

4-3Using the Secure Access WizardUsing Secure Access WizardUsing Secure Access WizardNOTE: The following section provides instructions on using the S

4-4Using the Secure Access WizardUsing Secure Access WizardWhen you first open the wizard, the Load Settings and Load template buttons are disabled. O

4-5Using the Secure Access WizardUsing Secure Access WizardTip: To begin, ProCurve recommends that you select only one or two devices, and then save t

1-9About ProCurve Identity Driven ManagerTerminologyEndpoint Integrity Also referred to as "Host Integrity," this refers to the use of appli

4-6Using the Secure Access WizardUsing Secure Access Wizard• The device is too old• The firmware is out of date• The device is not a ProCurve device•

4-7Using the Secure Access WizardUsing Secure Access WizardFigure 4-4. Secure Access Wizard, Authentication Method Selection example14. Click the chec

4-8Using the Secure Access WizardUsing Secure Access WizardFigure 4-5. Secure Access Wizard, Port Selection example16. To select ports from a list, cl

4-9Using the Secure Access WizardUsing Secure Access WizardFigure 4-6. Secure Access Wizard, Select PortsWhen the desired ports are selected, click OK

4-10Using the Secure Access WizardUsing Secure Access Wizard18. Click Next to continue. The next window display will vary based on the devices and aut

4-11Using the Secure Access WizardUsing Secure Access Wizard22. The 802.1X configuration window lets you select the authentication method to be applie

4-12Using the Secure Access WizardUsing Secure Access Wizardc. Click the Advanced Settings for Wired 802.1X to configure the advanced settings.Figure

4-13Using the Secure Access WizardUsing Secure Access WizardRe-auth period - The re-authentication timeout (in seconds, default 0), set to 0 to disabl

4-14Using the Secure Access WizardUsing Secure Access Wizarda. Click the radio button to select the RADIUS authentication protocol. Only one method ca

4-15Using the Secure Access WizardUsing Secure Access WizardDHCP address and mask - The base address and mask for the temporary pool used by DHCP (bas

1-10About ProCurve Identity Driven ManagerIDM SpecificationsIDM SpecificationsSupported DevicesProCurve Identity Driven Manager (IDM) supports authori

4-16Using the Secure Access WizardUsing Secure Access Wizarde. Click Next in the configuration window to continue to the Authentication Servers step.

4-17Using the Secure Access WizardUsing Secure Access WizardFigure 4-13. Secure Access Wizard, Advanced (wired) Mac-Auth settings c. Click the check b

4-18Using the Secure Access WizardUsing Secure Access WizardUnauth-vid - The VLAN to which the port is assigned when the user has not been authorized

4-19Using the Secure Access WizardUsing Secure Access WizardThe IP address will be validated. If it is invalid or a duplicated IP, a text message indi

4-20Using the Secure Access WizardUsing Secure Access WizardIf not using the same shared secret on all the devices, enter the Radius shared secret for

4-21Using the Secure Access WizardUsing Secure Access WizardThe data fields are the same for both the Save Settings, and Save Template dialog.Figure 4

4-22Using the Secure Access WizardUsing Secure Access WizardFigure 4-18. Secure Access Wizard, Configuration Preview display39. Review the access secu

4-23Using the Secure Access WizardUsing Secure Access WizardFigure 4-19. Secure Access Wizard, Applying Settings statusThis window displays the progre

4-24Using the Secure Access WizardUsing Secure Access Wizard

5-15Troubleshooting IDMChapter ContentsIDM Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1-11About ProCurve Identity Driven ManagerIDM Specifications• Microsoft Network Policy Server on Windows Server 2008 (32-bit)• Microsoft Internet Auth

5-2Troubleshooting IDMIDM EventsIDM Events The IDM Events window is used to view and manage IDM events generated by the IDM application or the IDM Age

5-3Troubleshooting IDMIDM EventsSortable columns of information are available for each event:You can sort the Events listing by Source, Severity, Stat

5-4Troubleshooting IDMIDM EventsSelect an event in the Events listing to display the Event Details at the bottom of the window. Figure 5-2. IDM Event

5-5Troubleshooting IDMIDM EventsThe Pause will toggle to the "Resume" icon. Click the resume button to restart the events display. The butto

5-6Troubleshooting IDMIDM Events3. To deactivate a setting in the current filter:a. If the Filtering pane is not displayed, click the + next to Filter

5-7Troubleshooting IDMIDM EventsViewing the Events ArchiveThe Archived Events window lists details for each event in the Archive Log, which contains e

5-8Troubleshooting IDMIDM EventsThe Archived Events window provides the following information for each event:You can select the date range for display

5-9Troubleshooting IDMIDM EventsSetting IDM Event PreferencesUse the IDM Event Preferences to set up archiving and automatic deletion of events from t

5-10Troubleshooting IDMIDM EventsFor example, Informational events is set to 60 percent. When the archive file reaches the archive storage limit and t

5-11Troubleshooting IDMIDM EventsFigure 5-6. RADIUS Server Activity LogThe Activity Log provides information similar to the IDM Events, except that th

1-12About ProCurve Identity Driven ManagerIDM SpecificationsIf you want to test the IDM 3.0 functionality using the 60-day trial provided with the PCM

5-12Troubleshooting IDMUsing Decision Manager TracingUsing Decision Manager TracingIDM provides a tracing tool (DMConfig.prp) and log file (DM-IDMDM.l

A-1AUsing ProCurve Network Access Controller with IDM About ProCurve Network Access Controller 800The ProCurve Network Access Controller 800 (ProCurve

A-2Using ProCurve Network Access Controller with IDMAbout ProCurve Network Access Controller 800Before You BeginFor information on installing the ProC

A-3Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysUsing the NAC Tab DisplaysOnce the ProCurve NAC appliance is installed o

A-4Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysSetting the ProCurve NAC GUI LoginIn addition to the "NAC" tab

A-5Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysUsing the NAC Home TabThe NAC Home tab launches the ProCurve NAC GUI wit

A-6Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysClick the NAC Monitor tab to launch the ProCurve NAC "System Monito

A-7Using ProCurve Network Access Controller with IDMUsing the NAC Tab DisplaysFigure A-5. ProCurve NAC 800 System Configuration (NAC Configuration) di

A-8Using ProCurve Network Access Controller with IDMUsing Local Authentication Directory on ProCurve NACUsing Local Authentication Directory on ProCur

A-9Using ProCurve Network Access Controller with IDMUsing Local Authentication Directory on ProCurve NACAdding Locally Authenticated UsersThe only dif

1-13About ProCurve Identity Driven ManagerLearning to Use ProCurve IDMLearning to Use ProCurve IDMThe following information is available for learning

A-10Using ProCurve Network Access Controller with IDMUsing Local Authentication Directory on ProCurve NACFigure A-7. User Properties, with Local Authe

B-1BIDM Technical ReferenceDevice Support for IDM FunctionalityDue to variations in hardware and software configuration of various ProCurve Devices, n

B-2IDM Technical ReferenceDevice Support for IDM FunctionalitySupport for Secure Access Wizard FeatureProCurve Device ACL's VLAN QoS BW MAC Web

B-3IDM Technical ReferenceBest PracticesBest PracticesAuthentication MethodsThe IDM application is designed to support RADIUS server implementation wi

B-4IDM Technical ReferenceBest PracticesHandling Unknown or Unauthorized usersIf a user is authenticated in RADIUS, but is unknown to IDM, IDM will no

B-5IDM Technical ReferenceBest Practices In this instance, if the user attempts to login in during the times specified for the Weekends, they will be

B-6IDM Technical ReferenceTypes of User EventsTypes of User EventsThe USER_FAILED_LOGIN event happens whenever RADIUS sends IDM a message of an unsucc

Index–1IndexNumerics802.1X configuration, SAW 4-11AAccess Attributes 3-24Access attributes 3-25Access Information 2-36Access Policyorder 3-3

Index–2HHolidays 3-17IIDM Agenttracing 5-12IDM authorization policy 3-46IDM model 3-3IDM Statistics 2-22Importfrom Active Directory 3-60I

Index–3Rules, evaluation 3-36SSASL Digest MD5 authentication 3-67Save Settings, SAW 4-21Save Template, SAW 4-21SAW 4-2Secure Access Wizard

Hewlett-Packard Company8000 Foothills Boulevard, m/s 5551Roseville, California 95747-5551http://www.procurve.com© Copyright 2004, 2005, 2007, 2009 Hew

1-14About ProCurve Identity Driven ManagerLearning to Use ProCurve IDM

ProCurve 5400zl Switches Installation and Getting Startd Guide Technology for better business outcomes To learn more, visit www.hp.com/go/pr

2-12Getting StartedChapter ContentsBefore You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2In

2-2Getting StartedBefore You BeginBefore You BeginIf you have not already done so, please review the list of supported devices and operating requireme

2-3Getting StartedBefore You Begin http://10.15.20.25:80402. Click the Download the Windows PCM/IDM agent link, and click Save to download the file.3.

2-4Getting StartedBefore You BeginFigure 2-2. Server InformationFor the Agent to communicate with the PCM server, these values MUST MATCH the values s

2-5Getting StartedBefore You BeginOnce installed the IDM Agent begins collecting User, Realm, and RADIUS data.On a Linux System or ProCurve Network Ac

2-6Getting StartedBefore You BeginIDM Configuration Process OverviewTo configure IDM to provide access control on your network, first let IDM run long

2-7Getting StartedBefore You BeginTable 2-1: IDM Deployment and Usage StrategiesAuthenticate Authorize Strategy DescriptionVLAN QoS Rate-LimitNetwork

2-8Getting StartedBefore You BeginUnderstanding the IDM ModelThe first thing to understand, is that IDM works within the general concept of ‘domains’

2-9Getting StartedIDM GUI OverviewIDM GUI OverviewTo use the IDM client, launch the PCM Client on your PC. Select the ProCurve Manager option from the

iContents1 About ProCurve Identity Driven ManagerIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2-10Getting StartedIDM GUI OverviewFigure 2-4. IDM DashboardThe IDM initial display provides a quick view of IDM status in the Dashboard tab, along wi

2-11Getting StartedIDM GUI OverviewIDM DashboardThe IDM Dashboard is a monitoring tool that provides a quick summary view of IDM users, RADIUS servers

2-12Getting StartedIDM GUI OverviewUsing the Navigation TreeThe navigation tree in the left pane of the IDM window provides access to IDM features usi

2-13Getting StartedIDM GUI OverviewFigure 2-7. Realm Dashboard tabRealm Dashboard: The Realm Dashboard is a monitoring tool that provides a quick summ

2-14Getting StartedIDM GUI OverviewThe Top Talkers pane displays input octets (bytes), output octets, or both. Use the drop-down list in this pane to

2-15Getting StartedIDM GUI OverviewThe following information is shown on the Realm Properties tab:Realm Global Rules tab: Click the Global Rules tab t

2-16Getting StartedIDM GUI OverviewAccess Policy Groups: Click the Access Policy Group node to display the Access Policy Groups tab with a list of cur

2-17Getting StartedIDM GUI OverviewRADIUS Servers: Clicking the RADIUS Servers node displays the RADIUS List tab, with status and configuration inform

2-18Getting StartedIDM GUI OverviewToolbars and MenusBecause IDM is a module within PCM, it uses the same Main Menu and Global toolbar functions. Indi

2-19Getting StartedUsing IDM as a Monitoring ToolUsing IDM as a Monitoring ToolWhether or not you configure and apply access and authorization paramet

iiContentsIDM Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-41Using Active Directory Synchroniz

2-20Getting StartedUsing IDM ReportsUsing IDM ReportsIDM provides reports designed to help you monitor and analyze usage patterns for network resource

2-21Getting StartedUsing IDM ReportsYou can save the report to a file, or print the report. To apply customized Report Header information for your com

2-22Getting StartedUsing IDM Reportsauthenticate the user has a endpoint integrity solution, the computer where the user logged in may be checked for

2-23Getting StartedUsing IDM ReportsTo display the User Report select a username in the Users tab of the Access Policy Group or RADIUS Server window,

2-24Getting StartedCreating Report PoliciesCreating Report PoliciesYou can also use the Policy Manager feature to schedule reports to be created at re

2-25Getting StartedCreating Report PoliciesFigure 2-17. Policy Manager, ActionsThe Manage Actions window displays the list of defined Actions.3. Click

2-26Getting StartedCreating Report Policies4. Select the Report Manager:Generate Report Action type from the pull-down menu. Figure 2-19. Policy Manag

2-27Getting StartedCreating Report PoliciesAt this point the other tabs displayed are:Type: Lets you select the Report type you want to generate. As s

2-28Getting StartedCreating Report PoliciesFigure 2-22. Report Manager Action: Report format selection• PDF Produce the report in .pdf format. To view

2-29Getting StartedCreating Report PoliciesFigure 2-23. Report Manager Action: Report Delivery methodE-mail is the default method. It will e-mail the

iiiContentsImporting Users from XML files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-744 Using the Secure Access WizardOverview

2-30Getting StartedCreating Report Policiese. In the Password field, type the password used to access the FTP site.f. Select the Filename conventions

2-31Getting StartedCreating Report PoliciesTo modify the IDM Session Cleanup Alert:1. Click the Policies icon in the global (PCM and IDM) toolbar at t

2-32Getting StartedCreating Report Policies4. Click the Schedule tab to review and edit the schedule parameters.Figure 2-27. IDM Session Cleanup Sched

2-33Getting StartedCreating Report Policies7. Click the radio button to select No end date, End by, or Maximum occurrences to identify when the schedu

2-34Getting StartedUser Session InformationUser Session InformationYou can use IDM to just monitor the network, and receive detailed information about

2-35Getting StartedUser Session InformationThe Session List provides a listing of recent sessions, including the following information: The User Prop

2-36Getting StartedUser Session InformationTo track the user’s login location information for the session, click the Location Information tab. The Loc

2-37Getting StartedUser Session InformationFinding a UserThe Find User feature lets you search for and display information about a user by name or MAC

2-38Getting StartedUser Session InformationUser ReportsTo review information for multiple sessions, run the User Report.1. Select a username in the Us

2-39Getting StartedUser Session InformationFigure 2-31. Report Wizard, Columns to Include4. Click the check boxes to select the data columns. If wire

ivContents

2-40Getting StartedUser Session InformationFigure 2-32. Show MitigationsTo show or delete mitigations:1. In the IDM Users tab, right-click a mitigated

2-41Getting StartedUser Session InformationIDM PreferencesThe IDM Preferences window is used to set up global attributes for session accounting and ar

2-42Getting StartedUser Session InformationClick to select the Disable automatic deploy to IDM agents option if you do not want to use automatic IDM c

2-43Getting StartedUser Session Information7. To ignore capability override warnings generated by switches that don't support certain capabilitie

2-44Getting StartedUser Session InformationFigure 2-34. Identity Management Preferences: User Directory Settings.1. Check the Enable automatic Active

2-45Getting StartedUser Session Information5. To Add a group to the "Groups to Synchronize" list, click Add or Remove Groups... to display t

2-46Getting StartedUser Session Information6. Select the Active Directory Groups you want to Synchronize to IDM, then click the >> button to mov

2-47Getting StartedUser Session Information Users deleted from Active Directory while synchronization is disabled are assigned to the default Access

2-48Getting StartedUser Session Information

3-13Using Identity Driven ManagerChapter ContentsIDM Configuration Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1-11 About ProCurve Identity Driven ManagerChapter ContentsIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3-2Using Identity Driven ManagerAdding RADIUS Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49Deleting RADIU

3-3Using Identity Driven ManagerIDM Configuration ModelIDM Configuration Model As described in the IDM model on page 2-8, everything relates to the to

3-4Using Identity Driven ManagerIDM Configuration Model2. Define "times" (optional) at which users will be allowed or denied access. This ca

3-5Using Identity Driven ManagerIDM Configuration Model2. Click the Configure Identity Management icon in the Realms window toolbar.The Identity Manag

3-6Using Identity Driven ManagerConfiguring LocationsConfiguring LocationsLocations in IDM identify the switch and/or ports on the switch and wireless

3-7Using Identity Driven ManagerConfiguring LocationsAdding a New LocationTo create a new location:1. Click the New Location icon in the toolbar to di

3-8Using Identity Driven ManagerConfiguring LocationsFigure 3-4. New Device window5. Use the Select Device Group drop-down list to select the Agent an

3-9Using Identity Driven ManagerConfiguring Locations7. Use the Port Selection to define the ports on the device that will be associated with the loca

3-10Using Identity Driven ManagerConfiguring LocationsFigure 3-5. Create a New Location, Wireless Devices12. Click Add Device... to display the Wirele

3-11Using Identity Driven ManagerConfiguring LocationsClick the check box to select the radio ports to be included in the location, and then click OK

1-2About ProCurve Identity Driven ManagerIntroductionIntroduction Network usage has skyrocketed with the expansion of the Internet, wireless, and conv

3-12Using Identity Driven ManagerConfiguring LocationsDeleting a LocationTo remove an existing Location:1. Click the Locations node in the Identity Ma

3-13Using Identity Driven ManagerConfiguring TimesConfiguring TimesTimes are used to define the hours and days when a user can connect to the network.

3-14Using Identity Driven ManagerConfiguring TimesFigure 3-8. Times PropertiesCreating a New TimeTo configure a Time:1. Click the Times node in the Id

3-15Using Identity Driven ManagerConfiguring TimesFigure 3-9. Create a New Time3. Define the properties for the new time. 4. Click Ok to save the new

3-16Using Identity Driven ManagerConfiguring TimesModifying a Time1. Click the Times node in the Identity Management Configuration navigation tree to

3-17Using Identity Driven ManagerConfiguring TimesDefining HolidaysTo add holidays for use when defining Times in IDM: 1. Click the Times node in the

3-18Using Identity Driven ManagerConfiguring Network ResourcesConfiguring Network ResourcesThe Network Resources in IDM are used to permit or deny tra

3-19Using Identity Driven ManagerConfiguring Network ResourcesThe Network Resources window lists the name and parameters for defined resources, includ

3-20Using Identity Driven ManagerConfiguring Network ResourcesAdding a Network ResourceTo define a Network Resource:1. Click the Network Resources nod

3-21Using Identity Driven ManagerConfiguring Network Resources* Valid Friendly port names supported in IDM include: ftp, syslog, ldap, http, imap4, im

1-3About ProCurve Identity Driven ManagerIntroductionWhy IDM?Today, access control using a RADIUS system and ProCurve devices (switches or wireless ac

3-22Using Identity Driven ManagerConfiguring Network ResourcesDeleting a Network ResourceTo delete a Network Resource:1. Click the Network Resources n

3-23Using Identity Driven ManagerConfiguring Access ProfilesConfiguring Access ProfilesIDM uses an Access Profile to set the VLAN, QoS, Bandwidth (rat

3-24Using Identity Driven ManagerConfiguring Access ProfilesClick the Access Profile node in the navigation tree, or double-click on a profile in the

3-25Using Identity Driven ManagerConfiguring Access Profiles3. Define the attributes for the Access Profile: NOTE: If you are assigning any VLAN other

3-26Using Identity Driven ManagerConfiguring Access Profiles4. If you want the IDM QoS attributes to override the switch attributes, use the QoS drop-

3-27Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-18. Network Resource Assignment Wizard, Allowed Network Resources9. To permit acc

3-28Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-19. Network Resource Assignment Wizard, Denied Network Resources10. To deny acces

3-29Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-20. Network Resource Assignment Wizard, Priority Assignment11. Set the priority (

3-30Using Identity Driven ManagerConfiguring Access Profiles13. Select the option to tell IDM what to do if there are no matches found in the network

3-31Using Identity Driven ManagerConfiguring Access ProfilesFigure 3-23. Network Resource Assignment Wizard, Summary17. Click Finish to save the Netwo