386| Roles and Policies AOS-W 6.5.3.x| User Guide
Field Description
Role name Name of the user role
Re-authentication
Interval (optional)
Time, in minutes, after which the client is required to reauthenticate. Enter a value
between 0-4096. 0 disables reauthentication.
Default: 0 (disabled)
Role VLAN ID
(optional)
By default, a client is assigned a VLAN on the basis of the ingress VLAN for the client to the
switch. You can override this assignment and configure the VLAN ID that is to be assigned
to the user role. You configure a VLAN by navigating to the Configuration > Network >
VLANs page.
Bandwidth Contract
(optional)
You can assign a bandwidth contract to provide an upper limit to upstream or downstream
bandwidth utilized by clients in this role. You can select the Per User option to apply the
bandwidth contracts on a per-user basis instead of to all clients in the role.
For more information, see Configuring Bandwidth Contracts for AppRF 2.0 on page 400.
VPN Dialer (optional) This assigns a VPN dialer to a user role. For details about VPN dialer, see Virtual Private
Networks on page 346.
Select a dialer from the drop-down list and assign it to the user role. This dialer will be
available for download when a client logs in using captive portal and is assigned this role.
L2TP Pool (optional) This assigns an L2TP pool to the user role. For more details about L2TP pools, see Virtual
Private Networks on page 346.
Select the required L2TP pool from the list to assign to the user role. The inner IP
addresses of VPN tunnels using L2TP will be assigned from this pool of IP addresses for
clients in this user role.
PPTP Pool (optional) This assigns a PPTP pool to the user role. For more details about PPTP pools, see Virtual
Private Networks on page 346.
Select the required PPTP pool from the list to assign to the user role. The inner IP
addresses of VPN tunnels using PPTP will be assigned from this pool of IP addresses for
clients in this user role.
Captive Portal Profile
(optional)
This assigns a Captive Portal profile to this role. For more details about Captive Portal
profiles, see Captive Portal Authentication on page 306.
Captive Portal Check
for Accounting
This setting is enabled by default. If disabled, RADIUS accounting is done for an authen-
ticated users irrespective of the captive-portal profile in the role of an authenticated user.
If enabled, accounting is not done as long as the user's role has a captive portal profile on
it. Accounting will start when Auth/XML-Add/CoA changes the role of an authenticated user
to a role which doesn't have captive portal profile.
Max Sessions This parameter configures the maximum number of sessions per user in this role. If the
sessions reach the maximum value, any additional sessions from this user that are
reaching the threshold are blocked till the session usage count for the user falls back
below the configured limit.
The default is 65535. You can configure any value between 0-65535.
Table 87: User Role Parameters
To a delete a user role in the WebUI:
1. Navigate to the Configuration > Security > Access Control > User Roles page.
2. Click the Delete button against the role you want to delete.
You cannot delete a user-role that is referenced to profile or server derived role. Deleting a server referenced role
will result in an error. Remove all references to the role and then perform the delete operation.
To Next Page
Loading...