Overview
Every client is associated with a user role. User roles associate a set of attributes for authenticated clients (clients
with authentication configuration) and unauthenticated clients, applied to each user session. User roles must be
enabled globally.
NOTE: Local user roles are only supported when running YA software.
Examples of user roles are:
• Employee = All access
• Contractor = Limited access to resources
• Guest = Browse Internet
Each user role determines the client network privileges, frequency of reauthentication, applicable bandwidth
contracts, and other permissions. There are a maximum of 32 administratively configurable user roles available
with one predefined and read-only user role called denyall.
A user role consists of optional parameters such as:
• Captive portal profileSpecifies the URL via:
◦ captive-portal profile
or
◦ Vendor Specific Attribute (VSA). RADIUS: HP HP-Captive-Portal-URL = <http://...>
• Ingress user policy
L3 (IPv4 and/or IPv6) ordered list of Classes with actions, with an implicit deny all for IPv4 and IPv6.
• Reauthentication period
The time that the session is valid for. The default is 0 unless the user role is overridden. The default means
that the reauthentication is disabled.
NOTE: Reauthentication period is required to override the default of 0.
• Untagged VLAN (either VLAN ID or VLAN-name)
VLAN precedence order behavior:
Chapter 23
Local user roles
436 Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05
To Next Page
Loading...
