Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software

201

202

203

204

205

206

207

208

209

210

3-87

Designing Access Controls

Choose RADIUS Servers

2. Are you concerned with minimizing traffic on WAN links? (And is this

concern more important than simplifying management? See step 1.)

WAN links can be relatively slow and costly—both reasons to minimize

traffic. The more distributed the architecture, the less access control

traffic that must travel between sites.

• To eliminate all or most access control related traffic, choose multi-

site autonomous or possibly (if you have selected the general option)

multi-site fully distributed.

Table 3-68. RADIUS Server Locations (Eliminating Inter-Site Traffic)

• To reduce access control related traffic but centralize credentials,

choose multi-site distributed AAA with centralized policies.

Access Control

Component

Combination

Access Control

Architecture

RADIUS Server

Devices

RADIUS Server

Location

Credential

Repository

Credential

Repository

Location

General Multi-site fully

distributed

Software servers

or NAC 800s

One or more at

each site

Directory service Each site (all sites

in the same

domain or tree)

General Multi-site

autonomous

Software servers

or NAC 800s

One or more at

each site

Directory service Each site (each its

own domain or

tree)

Integrated server Multi-site

autonomous

AP 530s or

Wireless Edge

Services Modules

One or more at

each site

Directory service Each site (each its

own domain or

tree)

Integrated server/

proxy

Multi-site

autonomous

• AP 530s or

Wireless Edge

Services

Modules

• Software

servers or NAC

800s

One or more at

each site

Directory service Each site (each its

own domain or

tree)

Turnkey server Multi-site

autonomous

Software servers

or NAC 800s

One or more at

each site

Software servers

or NAC 800s

Each site

Integrated server/

proxy with turnkey

server

Multi-site

autonomous

• AP 530s or

Wireless Edge

Services

Modules

• Software

servers or NAC

800s

One or more at

each site

Software servers

or NAC 800s

Each site

Fully integrated Multi-site

autonomous

AP 530s or

Wireless Edge

Services Modules

One or more at

each site

AP 530s or

Wireless Edge

Services Modules

PEPs at each site