Filter
Top Products
DellPowerConnectW-SeriesArubaOS6.2 | User Guide Rolesand Policies | 296
Chapter 19
Roles and Policies
The client in a Dell user-centric network is associated with a
user role
, which determines the client’s network
privileges, how often it must re-authenticate, and which bandwidth contracts are applicable. A
policy
is a set of rules
that applies to traffic that passes through the Dell controller. You specify one or more policies for a user role.
Finally, you can assign a user role to clients before or after they authenticate to the system.
This chapter describes assigning and creating roles and policies using the ArubaOS CLI or WebUI. Roles and
policies can also be configured for WLANs associated with the “default” ap-group via the WLAN Wizard:
Configuration > Wizards > WLAN Wizard. Follow the steps in the workflow pane within the wizard and refer to
the help tab for assistance.
Topics in this chapter include:
l "Configuring Firewall Policies" on page 296
l "Creating a Firewall Policy" on page 297
l "Creating a Network Service Alias" on page 300
l "Creating an ACL White List" on page 300
l "Creating User Roles" on page 302
l "Assigning User Roles" on page 305
l "Understanding Global Firewall Parameters" on page 310
NOTE: This chapter describes configuring firewall policies and parameters that relate to IPv4 traffic. See IPv6 Support on page 128
for information about configuring IPv6 firewall policies and parameters.
Configuring Firewall Policies
A firewall policy identifies specific characteristics about a data packet passing through the Dell controller and takes
some action based on that identification. In a Dell controller, that action can be a firewall-type action such as
permitting or denying the packet, an administrative action such as logging the packet, or a quality of service (QoS)
action such as setting 802.1p bits or placing the packet into a priority queue. You can apply firewall policies to user
roles to give differential treatment to different users on the same network, or to physical ports to apply the same
policy to all traffic through the port.
Firewall policies differ from access control lists (ACLs) in the following ways:
l Firewall policies are
stateful
, meaning that they recognize flows in a network and keep track of the state of
sessions. For example, if a firewall policy permits telnet traffic from a client, the policy also recognizes that
inbound traffic associated with that session should be allowed.
l Firewall policies are
bi-directional
, meaning that they keep track of data connections traveling into or out of the
network. ACLs are normally applied to either traffic inbound to an interface or outbound from an interface.
l Firewall policies are
dynamic
, meaning that address information in the policy rules can change as the policies are
applied to users. For example, the alias
user
in a policy automatically applies to the IP address assigned to a
particular user. ACLs typically require static IP addresses in the rule.