Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Configuring User Roles for IAP Clients
Every client in the HPE Aruba Networking Central network is associated with a user role, which determines the client’s network privileges, the frequency of re-authentication, and the applicable bandwidth contracts.
Creating a User Role
To create a user role, complete the following steps:
- In the WebUI, set the filter to a group containing at least one AP.
The dashboard context for the group is displayed.
- Under
A list of APs is displayed in the
view.
, click > . - Click the
The tabs to configure the APs are displayed.
icon. - Click .
- Click the
The Security page is displayed.
tab. - Click the accordion.
- In the pane, click .
- In the OK. window, enter a name for the new role in , and then click
- You can also create a user role when configuring wireless profile. For more information, see Configuring Wireless Network Profiles on IAPs.
- Before you delete a client role, ensure that it is not used in user and client access policies as part of the Cloud Authentication Cloud Authentication and Policy allows you to configure user and client access policies that provide a secured, cloud-based network access control (NAC). and Policy configuration. If you delete a client role associated with a user or client access policy, the policy will not work as expected.
Assigning Bandwidth Contracts to User Roles
The administrators can manage bandwidth utilization by assigning maximum bandwidth rates, or bandwidth contracts to user roles. The administrator can assign a bandwidth contract configured in Kbps to upstream (client to the IAP) or downstream (IAP to clients) traffic for a user role. The bandwidth contract will not be applicable to the user traffic on the bridged out (same subnet Subnet is the logical division of an IP network.) destinations. For example, if clients are connected to an SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., you can restrict the upstream bandwidth rate allowed for each user to 512 Kbps.
By default, all users that belong to the same role share a configured bandwidth rate for upstream or downstream traffic. The assigned bandwidth will be served and shared among all the users. You can also assign bandwidth per user to provide every user a specific bandwidth within a range of 1 to 65535 Kbps. If there is no bandwidth contract specified for a traffic direction, unlimited bandwidth is allowed.
To assign bandwidth contracts to a user role, complete the following steps:
- In the WebUI, set the filter to a group containing at least one AP.
The dashboard context for the group is displayed.
- Under
A list of APs is displayed in the
view.
, click > . - Click the
The tabs to configure the APs are displayed.
icon. - Click .
- Click the
The Security page is displayed.
tab. - Click the accordion.
- Creating a User Role or select an existing role.
- In the pane, click .
- In the window, select under .
- Specify the downstream and upstream rates in Kbps. If the assignment is specific for each user, select .
- Click WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID or wired profile. . Associate the user role to a
- You can also create a user role and assign bandwidth contracts while configuring an SSID.
- You can set the Bandwidth Contract on Security > Roles > Access Rule webUI page between 1-65535 kbps only. This is a limitation. However, as a workaround, you can set the maximum Bandwidth Contract between 1-2147482 kbps instead of 1-65535 kbps on Create a New Network > Access > Access Rules SSID profile page.