Specifications
Chapter 8: Roles and Role Elements
8-6
• Per user - Each user logged in with this role can transmit the entire bandwidth.
For example, if 1 Mbps is specified, then each user is allocated 1 Mbps
maximum, regardless of the number of users.
2. Priority - You can configure role- and network service-based traffic priorities. If the
BSC experiences network congestion, High priority traffic takes precedence over
other traffic.
If Override with per service setting? is marked, the BSC uses the priority setting
configured for the network service to enforce the policy, regardless of the setting in
the role. If the network service does not have a priority setting, the BSC uses the
priority setting in the role. See “Creating a Network Service” on page 8-14 to learn
about configuring network service-based priority settings.
3. DSCP Value - The BSC can use DSCP marking to mark or change the mark of
incoming/outgoing packet traffic. This allows other devices in the network that are
configured for Differentiated Services (DiffServ) to enforce a specific QoS level based
on the priority of the DSCP mark in each packet header. Unchanged means there is
either no DSCP marking or the BSC will not alter the marking value.
If the Override with per service setting? checkbox is marked, the BSC uses the DSCP
marking setting configured for the network service to enforce the policy, regardless of
the setting in the role. If the network service does not have a DSCP setting, the BSC
uses the DSCP setting in the role. See “Creating a Network Service” on page 8-14
for information about configuring network service-based DSCP settings.
Policies
1. Select Allow or Deny from the Action drop-down list to specify whether to allow or
deny access to the network service, destination, and network traffic direction listed in
this policy for the user(s) assigned to this role.
2. Select the specific network service or service group, and destination or destination
group from the Service and Destination drop-down lists to which to provide or deny
access using this policy. You can also select Any from the drop-down list to provide or
deny access to any service or destination.
To create a network service, destination, or group other than those available for
selection in the drop-down list, see “Creating Network Services and Services
Groups” on page 8-13 or “Creating Destinations and Destination Groups” on
page 8-10. Alternatively, you can select the Create… option from the drop-down list
to open up a window that enables you to create up a new network service or
destination. After you save the information, you are returned to the Create a Role
page where you can select the network service or destination from the drop-down list.
3. Select the direction of initiation of the network connection for which you will allow or
deny access from the Direction drop-down list. The direction is referenced from the
perspective of the BSC, which is on the managed side of the wireless network.
Outgoing means that network connections can only be made from the managed side
to services/destinations on the protected side. Incoming means the opposite. Both
ways allows for bi-directional traffic flow.
4. Select the schedule or schedule group, if any, that defines when this policy is in effect
from the Schedule drop-down list. Schedules are date and time periods. You can also
select Any (any period).
Alternatively, as with network services and destinations, you can select the Create…
option to define a new schedule or group. See “Creating Schedules and Schedule
Groups” on page 8-17 for information about configuring a schedule or group.
5. Select the user's logical location or location group, if any, for which this policy is in
effect from the Location drop-down list. The BSC uses VLANs to represent these
logical user locations. You can select Any for any logical location.