User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

1041

1048 | Behavior and Defaults Dell Networking W-Series ArubaOS 6.4.x| User Guide

Predefined Role Description

ipv6 session-acl v6-https-acl

ipv6 session-acl v6-dhcp-acl

ipv6 session-acl v6-icmp-acl

ipv6 session-acl v6-dns-acl

user-role guest-logon

captive-portal default

session-acl logon-control

session-acl captiveportal

This role is used as the pre-authentication role for guest

SSIDs. It allows control traffic such as DNS, DHCP, and

ICMP, and also enables captive portal.

user-role <ssid>-guest-logon

captive-portal default

session-acl logon-control

session-acl captiveportal

This role is only generated when creating a new WLAN

using the WLAN Wizard. The WLAN Wizard creates this role

when captive portal is enabled. This is the initial role that a

guest will be placed in prior to captive portal authentication.

By using a different guest logon role for each SSID, it is

possible to enable multiple captive portal profiles with

different customization.

user-role stateful-dot1x This is an internal role used for Stateful 802.1x. It should not

be edited.

user-role authenticated

session-acl allowall

ipv6 session-acl v6-allowall

This is a default role that can be used for authenticated

users. It permits all IPv4 and IPv6 traffic for users who are

part of this role.

user-role logon

session-acl logon-control

session-acl captiveportal

session-acl vpnlogon

ipv6 session-acl v6-logon-control

This is a system role that is normally applied to a user prior

to authentication. This applies to wired users and non-

802.1x wireless users.

The role allows certain control protocols such as DNS,

DHCP, and ICMP, and also enables captive portal and VPN

termination/pass through. The logon role should be edited

to provide only the required services to a pre-authenticated

user. For example, VPN pass through should be disabled if it

is not needed.

user-role <ssid>-logon

session-acl control

session-acl captiveportal

session-acl vpnlogon

This role is only generated when creating a new WLAN

using the WLAN Wizard. The WLAN Wizard creates this role

when captive portal is enabled and a PEFNG license is

installed. This is the initial role that a client will be placed in

prior to captive portal authentication. By using a different

logon role for each SSID, it is possible to enable multiple

captive portal profiles with different customization.

user-role <ssid>-captiveportal-profile When utilizing the WLAN Wizard and you do not have a PEF

NG installed and you are configuring an Internal or Guest

WLAN with captive portal enabled, the controller creates an

implicit user role with the same name as the captive portal

profile, <ssid>-captiveportal-profile.

This implicit user role allows only DNS and DHCP traffic

between the client and network and directs all HTTP or

HTTPS requests to the captive portal. You cannot directly

modify the implicit user role or its rules. Upon

authentication, captive portal clients are allowed full access

to their assigned VLAN. Once the WLAN configuration is

pushed to the controller, the WLAN wizard will associate the

new role with the initial user role that you specify in the AAA

profile. This role will not be visible to the user in the WLAN

wizard.