Designing Access Controls

Integrating all Parts of the Network Design

Integrating all Parts of the Network

Design

After you have laid out the various segments in your network, you can optimize your design by integrating the segments into a unified whole.

Adding Access Control to an Existing Network

To guide you through all the steps of designing an access control solution, this guide discussed the design as if you didn’t have an existing network and existing equipment. However, you probably do have a network with a signifi- cant number of switches and perhaps services already in place; you will need to adapt that network to get the access control security you desire.

The design steps for adding access control to an existing network are quite similar to the steps for building a new network. However, rather than choose new switches and APs, as described in “Access Zones for Endpoints” on page 3-131, you would evaluate the capabilities of your existing equipment to find out which new functions (such as dynamic port reconfiguration) you need to add. For instance, you may be able to supplement an existing installation with 5400zl switches to provide those functions that your current equipment does not have. In other cases, you may be able to replace an existing switch with a 5400zl switch and keep the rest of your installation intact.

As was mentioned in the steps for “Choose RADIUS Servers” on page 3-78, “Add ProCurve IDM” on page 3-98, and “Select an EAP Method for 802.1X” on page 3-101, your network might already provide directory services and RADIUS services. Your guiding rule should be to use existing equipment and the options supported by existing equipment as long as there is no compelling reason to do otherwise.

For example, if your network already has an IAS server, there is no reason to change to an SBR server simply to choose EAP-TTLS instead of PEAP; the two methods are comparable. Similarly, if you already have a directory service, you should use the directory service as the credential store.

3-148

Page 263 Page 265
Page 264
Image 264
HP Access Control Client Software manual Integrating all Parts of the Network Design
Page 263 Page 265
Top Page Image Contents