Configuring User Roles for IAP Clients

Every client in the HPE Aruba Networking Central network is associated with a user role, which determines the client’s network privileges, the frequency of re-authentication, and the applicable bandwidth contracts.

Creating a User Role

To create a user role, complete the following steps:

  1. In the WebUI, set the filter to a group containing at least one AP.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices > Access Points.

    A list of APs is displayed in the List view.

  3. Click the Config icon.

    The tabs to configure the APs are displayed.

  4. Click Show Advanced.
  5. Click the Security tab.

    The Security page is displayed.

  6. Click the Roles accordion.
  7. In the Roles pane, click +.
  8. In the Add Role window, enter a name for the new role in Roles, and then click OK.

Assigning Bandwidth Contracts to User Roles

The administrators can manage bandwidth utilization by assigning maximum bandwidth rates, or bandwidth contracts to user roles. The administrator can assign a bandwidth contract configured in Kbps to upstream (client to the IAP) or downstream (IAP to clients) traffic for a user role. The bandwidth contract will not be applicable to the user traffic on the bridged out (same subnet Subnet is the logical division of an IP network.) destinations. For example, if clients are connected to an SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., you can restrict the upstream bandwidth rate allowed for each user to 512 Kbps.

By default, all users that belong to the same role share a configured bandwidth rate for upstream or downstream traffic. The assigned bandwidth will be served and shared among all the users. You can also assign bandwidth per user to provide every user a specific bandwidth within a range of 1 to 65535 Kbps. If there is no bandwidth contract specified for a traffic direction, unlimited bandwidth is allowed.

To assign bandwidth contracts to a user role, complete the following steps:

  1. In the WebUI, set the filter to a group containing at least one AP.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices > Access Points.

    A list of APs is displayed in the List view.

  3. Click the Config icon.

    The tabs to configure the APs are displayed.

  4. Click Show Advanced.
  5. Click the Security tab.

    The Security page is displayed.

  6. Click the Roles accordion.
  7. Creating a User Role or select an existing role.
  8. In the Access Rules For Selected Roles pane, click +.
  9. In the Access Rule window, select Bandwidth Contract under Rule Type.
  10. Specify the downstream and upstream rates in Kbps. If the assignment is specific for each user, select Per User.
  11. Click Save. Associate the user role to a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID or wired profile.
  • You can also create a user role and assign bandwidth contracts while configuring an SSID.
  • You can set the Bandwidth Contract on Security > Roles > Access Rule webUI page between 1-65535 kbps only. This is a limitation. However, as a workaround, you can set the maximum Bandwidth Contract between 1-2147482 kbps instead of 1-65535 kbps on Create a New Network > Access > Access Rules SSID profile page.