HP Access Control Client Software manual Combining Access Control Zone Designs, Adjacent Zones

Designing Access Controls

Lay Out the Network

Table 3-117. VPN Capabilities of the ProCurve VPN Client

Combining Access Control Zone Designs

Network topology does not always match network geography. The sample diagrams of the different zones often show, for the sake of clarity, zones that are each geographically separate from the others. In fact, the separate seg- ments may be geographically adjacent or overlapping. In such cases, you may be able to combine different network functions on the same switch.

Adjacent Zones

Adjacent zones are zones that consist of separate access points; however, they are close enough that the device that provides the access points can be the same. ProCurve devices are perfectly capable of enforcing different access control methods on different ports, so adjacent zones should pose no problem.

For example, you may have a private office (private wired zone) that is separated by a wall from a public computer lab (public wired zone). A switch located between the two zones can serve both of them, as long as it has the port capacity and the ability to configure the ports in the different zones as necessary. Similarly, a switch might have some ports that connect to private office areas (private wired zone) and other ports that connect to wireless AP 420s in private meeting rooms (public wireless zone). The switch can enforce 802.1X on the private wired zone ports and Web-Auth on the AP 420 ports.

Overlapping Zones

In networks in which mobility has become commonplace and employees may rapidly change from wired to wireless access, different types of zones may exist in exactly the same physical space.

3-146