8-36
Special Features
Identity Driven Management
Identity Driven Management
Identity-Driven Management (IDM) is integrated with 802.1X authentication
methods, and to successfully utilize IDM, the access point SSID slated to use
IDM must have one of the 802.1X security methods configured. IDM automat-
ically configures the edge of the network, based on the identity of the user.
IDM may restrict the network access by assigning VLAN, ACL, Rate Limiting,
and QoS.
Configuring an IDM solution on the Access Point 530 requires the implemen-
tation of the ProCurve Identity Driven Manager product and a supported
RADIUS server. For access to the ProCurve Manager Manual and the IDM
User’s Guide, please refer to
http://www.hp.com/rnd/support/manuals/ProCurve-
Manager.htm.
The Access Point 530 supports the following IDM features:
■ VLAN
■ Access Control List (ACL)
■ Rate Limiting
IDM on the Access Point 530 can be accomplished using either 802.1X authen-
tication or MAC authentication. The 802.1X authentication is more secure,
while MAC authentication can be used with stations that don’t have 802.1X
supplicant. Although it is possible to use MAC authentication along with
802.1X, there are known user and ACL assignment overrides that occur.
Essentially, both MAC and 802.1X can employ IDM individually; however, if
used simultaneously, 802.1X takes precedence.
IDM VLAN
A VLAN ID can be assigned to each station after successful authentication.
User VLAN IDs must be configured on the IDM server for each user authorized
to access the network. The access point assigns any unassigned user the
default VLAN ID of the associated WLAN (BSS/SSID) interface. For more
information on VLAN support, see
“Configuring VLAN Support” on page 5-57.
For IDM VLAN assignment, the following tunnel attributes are used:
■ Tunnel-Type=VLAN (13)
■ Tunnel-Medium-Type=802
■ Tunnel-Private-Group-ID=VLANID
To Next Page
Loading...
Need help?
General
