Port access role
Every device that connects to a port is associated with a role. Roles are associated with all clients, both authenticated and unauthenticated, and applied to each user session. By default, roles are enabled on a switch.
Following are a few examples of user role names and the access privileges that can be configured:
- Employee—Provide complete access to network resources.
- Contractor—Provide limited access to network resources.
- Guest—Provide only Internet browsing access.
Each user role determines the client network privileges, frequency of reauthentication, applicable bandwidth contracts, and other permissions.
Active user roles applied on clients are created only on Ternary Content-Addressable Memory (TCAM) resource availability of the switch.
A user role consists of the following optional parameters:
- Ingress user policy
- captive-portal-profile
- inactivity-timeout
The inactivity timeout period in seconds with a range of 300 to 4294967295 for the authenticated client for an implicit logoff.
- reauth-period
- vlan access
- vlan trunk
- auth-mode
Sets the configuration in user role to either device-mode or port-mode. The following are the attributes:
- poe-priority
- mtu
- vlan trunk allowed
-
trust-mode
Specifies the PoE priority for the interface.
Configures the MTU support for the client.
Specifies the list of tagged VLANs configured for the interface.
Configures the QoS trust mode for the client.
L3 (IPv4 and/or IPv6) ordered list of classes with actions.
Assigns a captive portal profile for this role.
Sets the reauthentication period in seconds or 0 to disable.
Sets the untagged VLAN ID.
Sets the tagged VLAN ID.