Security Overview
Dynamic Configuration Arbiter
For more information on IDM, visit the ProCurve Web site at
www.procurve.com, and click on Products and Solutions, then Identity Driven
Manager (under Network Management).
Dynamic Configuration Arbiter
Starting in software release T.13.xx, the Dynamic Configuration Arbiter (DCA)
is implemented to determine the client-specific parameters that are assigned
in an authentication session.
A client-specific authentication configuration is bound to the MAC address of
a client device and may include the following parameters:
■ Untagged client VLAN ID
■ Tagged VLAN IDs
■ Per-port CoS (802.1p) priority
DCA allows client-specific parameters configured in any of the following ways
to be applied and removed as needed in a specified hierarchy of precedence.
When multiple values for an individual configuration parameter exist, the
value applied to a client session is determined in the following order (from
highest to lowest priority) in which a value configured with a higher priority
overrides a value configured with a lower priority:
1. Attribute profiles applied through the Network Immunity network-man-
agement application using SNMP (see “Network Immunity Manager” on
page 1-13)
2. 802.1X authentication parameters (RADIUS-assigned)
3. Web- or MAC-authentication parameters (RADIUS-assigned)
4. Local, statically-configured parameters
Although RADIUS-assigned settings are never applied to ports for non-authen-
ticated clients, the Dynamic Configuration Arbiter allows you to configure and
assign client-specific port configurations to non-authenticated clients, pro-
vided that a client’s MAC address is known in the switch in the forwarding
database. DCA arbitrates the assignment of attributes on both authenticated
and non-authenticated ports.
DCA does not support the arbitration and assignment of client-specific
attributes on trunk ports.
1-12
To Next Page
Loading...
