Moving an oui to another access policy group, Deleting an oui – HP Identity Driven Manager Software Series User Manual
Page 127
3-63
Using Identity Driven Manager
Configuring Auto-Allow OUIs
Moving an OUI to Another Access Policy Group
1. Navigate to the Auto-Allow OUIs tab for the Domains node or Access Policy
Groups node containing the OUI to be moved.
a. Select the Domain or Access Policy Group from the navigation tree.
b. Click the Auto-Allow OUIs tab.
2. On the Auto-Allow OUIs tab, click the Assign OUIs to Access Policy Group
button.
OR
Right-click the OUIs to be moved, select Assign OUIs to Access Policy
Group, and then select the Access Policy Group where the OUI will be
moved
N o t e :
While Auto-Allow OUIs can be more susceptible to MAC spoofing, the negative
impact can also be greatly minimized by appropriately limiting the capabilities of the
OUIs via IDM capabilities for QOS, rate limiting, VLAN assignment, locations and
ACLs. Since devices typically Auto-Allowed (such as printers and IP phones) are
often limited to particular VLANs with very restrictive ACLs, this provides a good
tradeoff between ease of management and security restrictions. It is important,
however, to remember to apply these limitations to minimize the impact of any
possible MAC spoofing of these types of devices.
Deleting an OUI
1. Navigate to the Auto-Allow OUIs tab for the Domains node or Access Policy
Groups node containing the OUI to be deleted.
a. Select the Domain or Access Policy Group from the navigation tree.
b. Click the Auto-Allow OUIs tab.
2. On the Auto-Allow OUIs tab, select the OUIs to be deleted. Use standard
Windows conventions (Shift+click or Ctrl+click) to select multiple OUIs.
3. Click the Delete OUI button to display the OUI deletion window.
4. Confirm that you want to delete the selected OUIs by clicking Yes.
N o t e :
You can also access the OUI deletion window by right-clicking the OUI and selecting
Delete OUI.
Deletion of an OUI will automatically delete the devices that were auto-allowed.