Define wireless client roles to filter clients' network access based on matching policies. Matching policies (much like ACLs) are sequential collections of permit and deny conditions that apply to packets received from connected clients. When a packet is received from a client, the controller, service platform or access point compares the packet fields against applied matching policy rules to verify whether the packet has the required permissions to be forwarded. If a packet does not meet the specified criteria, the packet is dropped.
Additionally, wireless client connections are managed by granting or restricting access by specifying a range of IP or MAC addresses to include or exclude from connectivity. These MAC or IP access control mechanisms are configured as Firewall Rules to further refine client filter and matching criteria.
A Wireless Client Roles policy also enables LDAP service, allowing controllers and access points to retrieve user information from the LDAP server. This information is matched with the user-defined role filters to determine if a client matches the role or not, and should be allowed or denied access to the controller managed network.