A SERVICE OF

logo

Open as PDF
next previous
4
CONFIGURING RIGHTS
This chapter describes how network access rights are assigned to clients through the 700wl Series system,
and explains how to configure access control policies. The topics covered in this chapter include:
Access Rights in the 700wl Series System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
The Rights Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
Configuring Access Rights—An Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
The Rights Assignment Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Identity Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Users in the Built-In Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16
Network Equipment in the Built-in Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20
Retrieving MAC Addresses from an LDAP Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
Connection Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35
Time Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
Access Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39
Allowed Traffic Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62
Redirected Traffic Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66
HTTP Proxy Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-75
Example—Modifying the “Guest Access” Access Policy . . . . . . . . . . . . . . . . . . . . . . . . . 4-79
You can configure both Authentication Policies and Access Policies through the Rights Manager. This
chapter focuses on Access Policies as implemented through the Rights Assignment Table. Authentication
Policy configuration is discussed in
Chapter 5, “Configuring Authentication”.
Note:
You must have Policy Administrator or Super Administrator access to perform the functions
described in this chapter.
Access Rights in the 700wl Series System
The 700wl Series system allows network administrators to define highly flexible access control policies
that grant network access to a client based on who the client is, where they connect to the 700wl Series
system, and the time of day when they make the connection.
The 700wl Series system uses a client’s identity (user name or MAC address) to match the client to an
Identity Profile. It uses the client’s Location (Access Controller port through which it is connected), the
4-1