1095| Behavior and Defaults AOS-W 6.5.3.x| User Guide
Predefined Role Description
Can This Role be
Deleted? (Yes/No)
user-role guest
session-acl http-acl
session-acl https-acl
session-acl dhcp-acl
session-acl icmp-acl
session-acl dns-acl
ipv6 session-acl v6-http-acl
ipv6 session-acl v6-https-acl
ipv6 session-acl v6-dhcp-acl
ipv6 session-acl v6-icmp-acl
ipv6 session-acl v6-dns-acl
This is a default role for guest users. It permits
only HTTP, HTTPS, DHCP, ICMP, and DNS for the
guest user. To increase security, a "deny" rule for
internal network destinations could be added at
the beginning.
No
user-role guest-logon
captive-portal default
session-acl logon-control
session-acl captiveportal
This role is used as the pre-authentication role
for guest SSIDs. It allows control traffic such as
DNS, DHCP, and ICMP, and also enables captive
portal.
No
user-role <ssid>-guest-logon
captive-portal default
session-acl logon-control
session-acl captiveportal
This role is only generated when creating a new
WLAN using the WLAN Wizard. The WLAN Wizard
creates this role when captive portal is enabled.
This is the initial role that a guest will be placed in
prior to captive portal authentication. By using a
different guest logon role for each SSID, it is
possible to enable multiple captive portal profiles
with different customization.
Yes
user-role logon
session-acl logon-control
session-acl captiveportal
session-acl vpnlogon
ipv6 session-acl v6-logon-
control
This is a user role that is normally applied to a
user prior to authentication. This applies to wired
users and non-802.1X wireless users.
The role allows certain control protocols such as
DNS, DHCP, and ICMP, and also enables captive
portal and VPN termination/pass through. The
logon role should be edited to provide only the
required services to a pre-authenticated user.
For example, VPN pass through should be
disabled if it is not needed.
No
user-role <ssid>-logon
session-acl control
session-acl captiveportal
session-acl vpnlogon
This role is only generated when creating a new
WLAN using the WLAN Wizard. The WLAN Wizard
creates this role when captive portal is enabled
and a PEFNG license is installed. This is the initial
role that a client will be placed in prior to captive
portal authentication. By using a different logon
role for each SSID, it is possible to enable
multiple captive portal profiles with different
customization.
Yes
To Next Page
Loading...