Filter
Top Products
Creating User Roles
This section describes how to create a new user role. When you create a user role, you specify one or more policies
for the role.
Table 81 describes the different parameters you can configure for the user role.
Field Description
Firewall Policies
(required)
One or more policies that define the privileges of a wireless client in this role. There are three ways to
add a firewall policy to a user role:
l Choose from configured policies (see "Creating a Firewall Policy" on page 297): Select a policy
from the list of configured policies and click the “Done” button to add the policy to the list of
policies in the user role. If this policy is to be applied to this user role only for specific AP groups,
you can specify the applicable AP group.
l Create a new policy from a configured policy: This option can be used to create a new policy that
is derived from an existing policy.
l Create a new policy: The rules for the policy can be added as explained in "Creating a Firewall
Policy" on page 297.
Re-authentication
Interval (optional)
Time, in minutes, after which the client is required to reauthenticate. Enter a value between 0-4096. 0
disables reauthentication.
Default: 0 (disabled)
Role VLAN ID
(optional)
By default, a client is assigned a VLAN on the basis of the ingress VLAN for the client to the controller.
You can override this assignment and configure the VLAN ID that is to be assigned to the user role. You
configure a VLAN by navigating to the Configuration > Network > VLANs page.
Bandwidth
Contract (optional)
You can assign a bandwidth contract to provide an upper limit to upstream or downstream bandwidth
utilized by clients in this role. You can select the Per User option to apply the bandwidth contracts on a
per-user basis instead of to all clients in the role.
For more information, see "Bandwidth Contracts" on page 303.
VPN Dialer
(optional)
This assigns a VPN dialer to a user role. For details about VPN dialer, see Virtual Private Networks on
page 271.
Select a dialer from the drop-down list and assign it to the user role. This dialer will be available for
download when a client logs in using captive portal and is assigned this role.
L2TP Pool
(optional)
This assigns an L2TP pool to the user role. For more details about L2TP pools, see Virtual Private
Networks on page 271.
Select the required L2TP pool from the list to assign to the user role. The inner IP addresses of VPN
tunnels using L2TP will be assigned from this pool of IP addresses for clients in this user role.
PPTP Pool
(optional)
This assigns a PPTP pool to the user role. For more details about PPTP pools, see Virtual Private
Networks on page 271.
Select the required PPTP pool from the list to assign to the user role. The inner IP addresses of VPN
tunnels using PPTP will be assigned from this pool of IP addresses for clients in this user role.
Captive Portal
Profile (optional)
This assigns a Captive Portal profile to this role. For more details about Captive Portal profiles, see
Captive Portal Authentication on page 233.
Max Sessions This configures a maximum number of sessions per user in this role. The default is 65535. You can
configure any value between 0-65535.
Table 81:
User Role Parameters
DellPowerConnectW-SeriesArubaOS6.2 | User Guide Rolesand Policies | 302