Add Client Role Settings

About this task

To add a new wireless client role policy:

Procedure

  1. Select Add to create a new wireless client role policy, Edit to modify the attributes of a selected policy or Delete to remove obsolete policies from the list of those available.
    The Role Policy Roles screen displays with the Settings tab displayed by default.
    Click to expand in new window
    Wireless Client Roles - Add/Edit - Roles - Settings Tab
    GUID-365B507E-946F-4666-8802-6B9C824D4ED8-low.png
  2. If you are creating a new role, assign it a Role Name to help differentiate it from others that may have a similar configuration.
    The role policy name cannot exceed 64 characters. The name cannot be modified as part of the edit process.
  3. In the Role Precedence field, use the spinner control to set a numerical precedence value between 1 - 10,000.
    Precedence determines the order a role is applied. Roles with lower numbers are applied before those with higher numbers. While there‘s no default precedence for a role, two or more roles can share the same precedence.
  4. Use the Discovery Policy drop-down menu to specify the Bonjour Gateway.

    Bonjour provides a method to discover services on a LAN. Bonjour allows users to set up a network without any configuration. Services such as printers, scanners and file-sharing servers can be found using Bonjour. Bonjour only works within a single broadcast domain. However, with a special DNS configuration, it can be extended to find services across broadcast domains.

    Note

    Note

    The WiNG 7.1 release does not provide support for Bonjour feature on AP505 and AP510 model access points. This feature will be supported in future releases.
  5. In the Client Identity field, define the client type (Android etc.) used as matching criteria within the client role policy.
    Create new client identity types or edit existing ones as required.
  6. Refer to the Match Expressions field to create filter rules based on AP locations, SSIDs and RADIUS group memberships.
    AP Location Use the drop-down menu to specify the location of an access point matched in an RF domain or the access point‘s resident configuration. Select one of the following filter options:
    • Exact - The role is applied only to access points with the exact location string specified in the role.
    • Contains - The role is applied only to access points whose location contains the location string specified in the role.
    • Does Not Contain - The role is applied only to access points whose location does not contain the location string specified in the role.
    • Any - The role is applied to any access point location. This is the default setting.
    SSID Configuration Use the drop-down menu to define a wireless client filter option based on how the SSID is specified in a WLAN. Select one of the following options:
    • Exact - The role is applied only when the exact SSID string is specified in the role..
    • Contains - The role is applied only when the SSID contains the string specified in the role.
    • Does Not Contain - The role is applied when the SSID does not contain the string specified in the role.
    • Any - The role is applied to any SSID Location. This is the default setting.
    Group Configuration Use the drop-down menu to define a wireless client filter option based on how the RADIUS group name matches the provided expression. Select one of the following options:
    • Exact - The role is applied only when the exact RADIUS Group Name string is specified in the role..
    • Contains - The role is applied when the RADIUS Group Name contains the string specified in the role.
    • Does Not Contain - The role is applied when the RADIUS Group Name does not contain the string specified in the role.
    • Any - The role is applied to any RADIUS Group Name. This is the default setting.
    RADIUS User Use the drop-down menu to define a filter option based on how the RADIUS user name (1-255 characters in length) matches the provided expression. Select one of the following options:
    • Exact - The role is applied only when the exact RADIUS user string is specified in the role..
    • Contains - The role is applied when the RADIUS user starts with the string specified in the role.
    • Does Not Contain - The role is applied when the RADIUS user does not contain the string specified in the role.
    • Any - The role is applied to any RADIUS user name. This is the default setting.
  7. Use the Wireless Client Filter parameter to define a wireless client MAC address filter that is applied to each role.
    Select the Any radio button to use any MAC address. The default is Any.
  8. Refer to the Captive Portal Connection parameter to define when wireless clients are authenticated when making a captive portal authentication request.
    Secure guest access is referred to as captive portal. A captive portal is guest access policy for providing temporary and restrictive access to the wireless network. Existing captive portal policies can be applied to a WLAN to provide secure guest access.
  9. Select the Pre-Login check box to conduct captive portal client authentication before the client is logged.
    Select Post-Login to have the client share authentication credentials after it has logged into the network. Selecting Any (the default setting) makes no distinction on whether authentication is conducted before or after the client has logged in.
  10. Use the Authentication / Encryption field to set the authentication and encryption filters applied to this wireless client role.
    The options for both authentication and encryption are:
    Equals The role is applied only when the authentication and encryption type matches the exact method(s) specified by the radio button selections.
    Not Equals The role is applied only when the authentication and encryption type does not match the exact method(s) specified by the radio button selections.
    Any The role is applied to any type. This is the default setting for both authentication and encryption.
  11. Use the + (plus sign) to the left of the LDAP Attributes label to expand it.
    Set the following LDAP Attributes for the role policy: The following filter criteria apply to each LDAP attribute:
    Exact The role is applied only when the exact string is specified in the role.
    Contains The role is applied when the LDAP attribute contains the string specified in the role.
    Does Not Contain The role is applied when the LDAP attribute does not contain the string specified in the role.
    Any The role is applied to any LDAP attribute. This is the default setting.
    City Enter a 2-31 character name of the city filtered in the role.
    Company Enter a 2-31 character name of the organizational company filtered in the role.
    Country Enter a 2-31 character name of the country (co) filtered in the role.
    Department Enter a 2-31 character name of the organizational department filtered in the role.
    Email Enter a 2-31 character name of the Email address filtered in the role.
    Employee Id Enter a 2-31 character name of the employee ID filtered in the role.
    State Enter a 2-31 character name of the state filtered in the role.
    Title Enter a 2-31 character name of the job or organizational title filtered in the role.
    Member Of Provide a 64 character maximum description of the group membership in the role.
  12. Select OK to update the Settings screen.
    Select Reset to revert to the last saved configuration.

Results

Example

What to do next

9036512-00 Rev AA