permit
Permit all traffic.
priority
Specify the priority.
rate-limit
Configure rate limiting for all traffic.
redirect
Specify a redirect destination.
Usage
Switch(policy-user)# class ipv6 employeeIpv6Http action deny
Switch(policy-user)# class ipv4 http action redirect captive-portal
Switch(policy-user)# class ipv4 dnsDhcp action permit
User role configuration
aaa authorization user-role
Syntax
aaa authorization user-role [enable | disable| [initial-role <ROLE-STR>] |[name <ROLE>]]
Description
Configure user roles. A user role determines the client network privileges, the frequency of reauthentication,
applicable bandwidth contracts, along with other permissions. Every client is associated with a user role or the
client is blocked from access to the network.
Options
enable
Enable authorization using user roles.
disable
Disable authorization using user roles.
initial-role
The default initial role “denyall” is used when no other role applies. If a client connects to the switch and does
not have a user role associated, then the initial role is used. Any role can be configured as initial role using
this option. Can be configured at per port level. The per port initial role takes priority over global initial role.
The initial role may be assigned if:
• captive-portal profile is configured with a web address, but the Captive Portal VSA is sent from RADIUS
• captive-portal profile is configured to use the RADIUS VSA but no Captive Portal VSA is sent.
• captive-portal feature is disabled when the captive-portal profile is referenced in the applied user role to the
client.
• The user role feature is enabled with RADIUS authentication, but no user role VSA is returned.
• User role does not exist.
442 Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05
To Next Page
Loading...
