AOS-W 6.5.3.x | User Guide Roles and Policies | 375
Chapter 16
Roles and Policies
The client in an Alcatel-Lucent user-centric network is associated with a user role, which determines the client’s
network privileges, how often it must re-authenticate, and which bandwidth contracts are applicable. A policy is
a set of rules that applies to traffic that passes through the Alcatel-Lucent switch. You specify one or more
policies for a user role. Finally, you can assign a user role to clients before or after they authenticate to the
system.
This chapter describes assigning and creating roles and policies using the AOS-W CLI or WebUI. Roles and
policies can also be configured for WLANs associated with the “default” ap-group via the WLAN Wizard:
Configuration > Wizards > WLAN Wizard. Follow the steps in the workflow pane within the wizard and
refer to the help tab for assistance.
Topics in this chapter include:
n Configuring Firewall Policies on page 375
n Creating a Firewall Policy on page 376
n Creating a Network Service Alias on page 381
n Creating an ACL White List on page 382
n User Roles on page 385
n Assigning User Roles on page 387
n Understanding Global Firewall Parameters on page 393
n Using AppRF 2.0 on page 397
This chapter describes configuring firewall policies and parameters that relate to IPv4 traffic. See IPv6 Support on
page 130 for information about configuring IPv6 firewall policies and parameters.
Configuring Firewall Policies
A firewall policy identifies specific characteristics about a data packet passing through the Alcatel-Lucent switch
and takes some action based on that identification. In an Alcatel-Lucent switch, that action can be a firewall-
type action such as permitting or denying the packet, an administrative action such as logging the packet, or a
quality of service (QoS) action such as setting 802.1p bits or placing the packet into a priority queue. You can
apply firewall policies to user roles to give differential treatment to different users on the same network, or to
physical ports to apply the same policy to all traffic through the port.
Firewall policies differ from access control lists (ACLs) in the following ways:
n Firewall policies are stateful, meaning that they recognize flows in a network and keep track of the state of
sessions. For example, if a firewall policy permits telnet traffic from a client, the policy also recognizes that
inbound traffic associated with that session should be allowed.
n Firewall policies are bi-directional, meaning that they keep track of data connections traveling into or out of
the network. ACLs are normally applied to either traffic inbound to an interface or outbound from an
interface.
n Firewall policies are dynamic, meaning that address information in the policy rules can change as the policies
are applied to users. For example, the alias user in a policy automatically applies to the IP address assigned
to a particular user. ACLs typically require static IP addresses in the rule.
To Next Page
Loading...