EasyManua.ls Logo

ProCurve 2900 - Arbitrating Client-Specific Attributes

Default Icon
432 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Security Overview
Dynamic Configuration Arbiter
Note that the attribute profile assigned to a client is often a combination of
NIM-configured, RADIUS-assigned, and statically configured settings.
Precedence is always given to the temporarily applied NIM-configured
parameters over RADIUS-assigned and locally configured parameters.
For more information on Network Immunity Manager, go to the ProCurve Web
site at www.procurve.com, and click on Products and Solutions, then under
Network Management, click on ProCurve Network Immunity Manager 1.0.
Arbitrating Client-Specific Attributes
In previous releases, client-specific authentication parameters for 802.1X
Web, and MAC authentication are assigned to a port using different criteria.
A RADIUS-assigned parameter is always given highest priority and overrides
statically configured local passwords. 802.1X authentication parameters over-
ride Web or MAC authentication parameters.
Starting in release T.13.xx, DCA stores three levels of client-specific authen-
tication parameters and prioritizes them according to the following hierarchy
of precedence:
1. NIM access policy (applied through SNMP)
2. RADIUS-assigned
a. 802.1X authentication
b. Web or MAC authentication
3. Statically (local) configured
Client-specific configurations are applied on a per-parameter basis on a port.
In a client-specific profile, if DCA detects that a parameter has configured
values from two or more levels in the hierarchy of precedence described
above, DCA decides which parameters to add or remove, or whether to fail
the authentication attempt due to an inability to apply the parameters.
Also, you can assign NIM-configured parameters (for example, VLAN ID
assignment) to be activated in a client session when a threat to network
security is detected. When the NIM-configured parameters are later removed,
the parameter values in the client session return to the RADIUS-configured or
locally configured settings, depending on which are next in the hierarchy of
precedence.
In addition, DCA supports conflict resolution for QoS (port-based CoS prior-
ity) by determining whether to configure either strict or non-strict resolution
on a switch-wide basis.
1-14

Table of Contents

Related product manuals