beautypg.com

HP Identity Driven Manager Software Series User Manual

Page 97

background image

3-33

Using Identity Driven Manager

Configuring Access Profiles

2. Define the attributes for the Access Profile:

N o t e s :

If you are assigning any VLAN other than the default VLAN, ensure that the VLAN
is configured correctly on the all switches to which this access profile will be applied
before defining the access profile.

The VLAN that gets set for a user will override the statically configured VLAN, as
well as the auth-vid which may have been configured for that port. Note also that if
an unauth-vid is set and the user is rejected by IDM for any reason, the port is opened
and the VLAN is set to the unauth-vid.

Table 3-7.

New Access Profile parameters

Field/Section

Entry

Name

Type a name used to identify the Access Profile

Description

Type a brief description of the Access Profile

Untagged VLAN or
Tagged VLANs

Select the type of VLAN used for the access profile.
To select an untagged VLAN, check the Untagged VLAN check box and
select the VLAN that can be accessed from the list. Selecting a VLAN
from the list grants the user access to that network segment only.
To select a tagged VLAN, check the Tagged VLAN check box and click
Edit. When the VLAN Selection window appears, select the tagged
VLANs to be accessed from the Available VLANs list and click >> to select
them. When all tagged VLANS that can be accessed are displayed in the
Selected VLANs list, click OK to close the window and return to the
Identity Management Configuration window.
Keep the following in mind when selecting VLANs:
• The list of VLANs is derived from the VLANs that PCM discovers.

Therefore, you should run Discovery to populate the VLAN list before
creating a new Access Profile.

• Untagged VLANs and tagged VLANs are mutually exclusive, meaning

the customer cannot select the same VLAN for untagged and tagged.

• The VLAN set for a user overrides the statically configured VLAN, as

well as the auth-vid that may have been configured for that port.

• If an unauth-vid is set and the user is rejected by IDM for any reason,

the port is opened and the VLAN is set to the unauth-vid.

QoS

Select the Quality of Service, or “priority” given to outbound traffic under
this profile. Select the setting from the pull-down menu.

Ingress rate-limit
Egress rate-limit

Select the rate-limits applied for this profile. Use the up-down arrows to
increase or decrease the bandwidth setting. The default setting is 1000
Kbps (1 Mbps) AP1

Note: This is translated to a percentage of bandwidth at the switch.