Dell 6.2 Creating User Roles

Creating User Roles

This section describes how to c reate a new user role.When you create a user role, you specify o ne or more policies

for the role.

Table8 1 describes the differentparameters you can configure for the userrole.

Field Description

Firewall Policies

(required)

Oneor more pol icies thatdefine the privil egesof a wi relesscl ient in this role. There are three ways to

adda firew all policy to a user role:

lChoosefrom configured pol icies (see"Cre ating a Firewall Policy"on page297): S elect a policy

fromthe li stof configured polici esand cl ick the“Done” button to add the policy to the list of

policies in the user role. If thispol icy is tobe appl ied to thisuser role onl yfor specific AP groups,

youcan specify the applicable AP group.

lCreatea new pol icy from a configured policy: This option can be used to create a new policy that

isderi ved from an existing policy.

lCreatea new pol icy: The rules for the policy can be added as explained in "Creating a Firewall

Policy"on page 297.

Re-authentication

Interval(optional)

Time, in minutes, after which the client is required to reauthenticate. Enter a value between 0-4096.0

disablesreauthentication.

Default:0 (disabled)

Role VLANID

(optional)

Bydefault, a client is assigned a VLAN on the basis of the ingress VLANfor the client to the controller.

Youcan override this assignment and configure the VLAN ID that is tobe assigned to the user role. You

configurea VLAN by navigating to the Configuration > Network > VLANs page.

Bandwidth

Contract(optional)

Youcan assign a bandwi dthcontract to provide an upper limi tto upstream or downstream bandwidth

utilized by clients in this role. You can select the Per User option toappl ythe bandwi dthcontracts on a

per-userbasis instead of to all clients in the role.

Formore i nformation, see "BandwidthContracts" on page 303.

VPN Dialer

(optional)

Thisassigns a VPN di aler to a userrol e. For details aboutV PN dialer, see Virtual Private Networks on

page271.

Selecta di aler from the drop-down list and assign it to theuser role. Thisdi aler will be available for

download when a client logs in using captive portal and is assigned this role.

L2TPPool

(optional)

Thisassigns an L2TP pool to the user role. For more details about L2TP pools, see Virtual Private

Networkson page271.

Selectthe requir ed L2TPpool fromthe list to assign to the user role. The inner IP addresses of VPN

tunnelsusing L2TP w ill be assigned from this pool ofIP addresses for clients in this user role.

PPTP Pool

(optional)

Thisassigns a PPTP poolto the user role. For more detail sabout PP TP pools, see VirtualP rivate

Networkson page271.

Selectthe requir ed PPTP pool from the list to assign to theuser role. Thei nner IP addressesof VPN

tunnelsusing P PTP will be assignedfrom this pool ofIP addresses for clients in this user rol e.

CaptivePortal

Profile (optional)

Thisassigns a Captive Portal profile to this role. For more detail sabout Captive Portal profil es, see

CaptivePortal Authentication on page233.

MaxSessions Thisconfigures a maximum number of sessions per user in this role. The defaultis 65535. You can

configureany value between 0-65535.

Table81 :

UserRole Parameters

DellPowerConnect W- Series ArubaOS 6.2 | UserGuide Rolesand Policies | 302