Configuring Roles

A role is a set of network access services that can be applied at various points in a policy-enabled network. Roles are usually named for a type of user such as Student or Engineering. Often, role names match the naming conventions that already exist in the organization. The role name should match filter ID values set up on the RADIUS servers.

The default non-authenticated role is used when the client is not authenticated but able to access the network. The default authenticated role is assigned to a client when it successfully authenticates but the authentication process did not explicitly assign a role to the client.

Note

Note

To configure default roles, go to Configure > Networks.

When the default action is sufficient, a role does not need additional rules. Rules are used only to provide unique treatment of packet types when a single role is applied.

ExtremeCloud IQ Controller is shipped with a default policy configuration that includes the following default roles:

The Enterprise User access policy is intended for admin users with full access.

The Quarantine access policy is used to restrict network access to end-systems that have failed assessment. The Quarantine policy role denies all traffic by default while permitting access to only required network resources such as basic network services (for example, ARP, DHCP, and DNS) and HTTP to redirect web traffic for assisted remediation.