HP Identity Driven Manager Software Series User Manual
Page 97
3-33
Using Identity Driven Manager
Configuring Access Profiles
2. Define the attributes for the Access Profile:
N o t e s :
If you are assigning any VLAN other than the default VLAN, ensure that the VLAN
is configured correctly on the all switches to which this access profile will be applied
before defining the access profile.
The VLAN that gets set for a user will override the statically configured VLAN, as
well as the auth-vid which may have been configured for that port. Note also that if
an unauth-vid is set and the user is rejected by IDM for any reason, the port is opened
and the VLAN is set to the unauth-vid.
Table 3-7.
New Access Profile parameters
Field/Section
Entry
Name
Type a name used to identify the Access Profile
Description
Type a brief description of the Access Profile
Untagged VLAN or
Tagged VLANs
Select the type of VLAN used for the access profile.
To select an untagged VLAN, check the Untagged VLAN check box and
select the VLAN that can be accessed from the list. Selecting a VLAN
from the list grants the user access to that network segment only.
To select a tagged VLAN, check the Tagged VLAN check box and click
Edit. When the VLAN Selection window appears, select the tagged
VLANs to be accessed from the Available VLANs list and click >> to select
them. When all tagged VLANS that can be accessed are displayed in the
Selected VLANs list, click OK to close the window and return to the
Identity Management Configuration window.
Keep the following in mind when selecting VLANs:
• The list of VLANs is derived from the VLANs that PCM discovers.
Therefore, you should run Discovery to populate the VLAN list before
creating a new Access Profile.
• Untagged VLANs and tagged VLANs are mutually exclusive, meaning
the customer cannot select the same VLAN for untagged and tagged.
• The VLAN set for a user overrides the statically configured VLAN, as
well as the auth-vid that may have been configured for that port.
• If an unauth-vid is set and the user is rejected by IDM for any reason,
the port is opened and the VLAN is set to the unauth-vid.
QoS
Select the Quality of Service, or “priority” given to outbound traffic under
this profile. Select the setting from the pull-down menu.
Ingress rate-limit
Egress rate-limit
Select the rate-limits applied for this profile. Use the up-down arrows to
increase or decrease the bandwidth setting. The default setting is 1000
Kbps (1 Mbps) AP1
Note: This is translated to a percentage of bandwidth at the switch.