Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
User Roles
A client connecting to a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. that is broadcast by an access point (AP) is assigned a user role to define the client’s network privileges, the frequency of re-authentication, and the applicable bandwidth contracts. A client device is assigned a user role by several methods:
-
Initial user role: The initial user role or VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. assigned for the unauthenticated clients.
-
User-derived role: The user role can be derived from user attributes when a client connects to an AP. You can configure access rules for a user role and assign it to the clients when they match the criteria defined in the user role. For example, you can configure a rule to assign the role MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address that starts with xx:yy:zz. The user-derived roles are applied before client authentication.
to any client that has a -
Default user role: The default user role configured for an authentication method, such as 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. or VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.. You can configure a default role for the clients that successfully authenticate based on the specified authentication method in the SSID.
-
Server-derived role: The user role can be derived from attributes returned by the authentication server. If the client authenticates to an authentication server, the user role for the client can be based on one or more attributes returned by the server during authentication. Server-derived roles are assigned after clients complete the authentication.
-
VSA Vendor-Specific Attribute. VSA is a method for communicating vendor-specific information between NASs and RADIUS servers.-Derived Role: Many NAS Network Access Server. NAS provides network access to users, such as a wireless AP, network switch, or dial-in terminal server. vendors, including Aruba, use vendor-specific attributes to provide features that are not supported in standard RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. attributes. The Aruba VSAs allow deriving user roles and VLAN for the clients that authenticate to the RADIUS server. A role derived from a VSA takes precedence over other types of user roles.