A role is a set of network access services that can be applied at various points in a policy-enabled network. A port takes on a user's role when the user authenticates. Roles are usually named for a type of user such as Student or Engineering. Often, role names will match the naming conventions that already exist in the organization. The role name should match filter ID values set up on the RADIUS servers.
A role can contain any number of services in Policy Manager.
A VNS can have up to two roles assigned to it. The default non-authenticated role will be used while the station is not authenticated but able to access the network. The default authenticated role will be assigned to a station if it completes authentication successfully but the authentication process did not explicitly assign a role to the station.
A role may also contain default access control (VLAN) and/or Class of Service (priority) characteristics that will be applied to traffic not identified specifically by the set of access services contained in the role. The set of services included in a role, along with any access control or class of service defaults, determine how all network traffic will be handled at any network point configured to use that role.
Roles don't need to be fully specified; unspecified attributes are retained by the user or inherited from Global Role definitions (see Configuring the Global Default Policy for more information).
Default Global Role definitions provide a placeholder for completion of incomplete roles for initial default assignment. If a role is defined as Default for a particular VNS, the role inherits incomplete attributes from Default Global Role definitions.