beautypg.com

Configuring auto-allow ouis – HP Identity Driven Manager Software Series User Manual

Page 118

background image

3-54

Using Identity Driven Manager
Configuring Auto-Allow OUIs

Configuring Auto-Allow OUIs

In addition to traditional authentication methods, such as 802.1X, Mac-Auth, and
Web-Auth, IDM also provides Auto-Allow OUI, automatic authentication for static
devices based on their MAC address prefix. This feature can result in a significant
savings of time, since it means you no longer have to individually register or configure
each of your printers, IP phones, and similar devices. You can simply set up an auto-
allow group corresponding to the MAC address prefix associated with the device,
and they will automatically be allowed in the network with the appropriate access
rights.

Networks typically include several static devices like printers, which

must be

registered before being allowed network access. The Auto-Allow Organizationally
Unique Identifier (OUI) feature is used to easily add common MAC address prefixes
of static devices. Simply create an Access Policy Group and add the OUI prefix.

For example, to allow all HP printers with MAC addresses beginning with 00-24-A8
access to the network, you would:

1. Create an IDM Access Policy Group and add the OUI (MAC address prefix) to

this Access Policy Group.

2. Optionally, create an Access Policy rule for this group to provide access controls,

such as assigning the devices to a specific VLAN used for printers.

Regardless of whether the Active Directory accepts or rejects access to the
network, IDM checks the MAC address in the incoming RADIUS request packet
against the OUIs configured under all the Access Policy Groups in a Domain. If
IDM finds a matching OUI in an Access Policy Group, the device is assigned to
the group and assigned its attributes.

Auto-allow will authenticate devices which match the MAC-prefix whether you
are using SNAC registration or Active Directory for authenticating your con-
necting devices.

An overview of the operation of Auto-Allow OUI feature is shown in the
following figure: