Users Guide

This section describes the profiles, pages, parameters and default settings for all Security components in Dell

Networking W Configuration, as follows:

l Campus APWhitelist

l "Security > Policies" on page 49

n "Security > Policies > Destinations" on page 49

n "Security > Policies > Services" on page 49

l Security RAPWhitelist

l "Security > Server Groups" on page 49

n "Security > Server Groups > Internal" on page 51

n "Security > Server Groups > LDAP" on page 50

n "Security > Server Groups > RADIUS" on page 51

n "Security > Server Groups > RFC 3576" on page 52

n "Security > Server Groups > TACACS" on page 51

n "Security > Server Groups > Windows" on page 52

n "Security > Server Groups > XML API" on page 51

l "Security > TACACS Accounting" on page 52

l "Security > Time Ranges" on page 52

l "Security > User Roles" on page 47

n "Security > User Roles > BW Contracts" on page 48

n "Security > User Roles > VPN Dialers" on page 48

l "Security > User Rules" on page 52

n Security >User Rules > AAA Alias

Security > User Roles

A client is assigned a user role by one of several methods. A user role assigned by one method may take precedence over

a user role assigned by a different method. The methods of assigning user roles are, from lowest to highest precedence:

1. The initial user role for unauthenticated clients is configured in the AAA profile for a virtual AP.

2. The user role can be derived from user attributes upon the client’s association with an AP (this is known as a user-

derived role). You can configure rules that assign a user role to clients that match a certain set of criteria. For

example, you can configure a rule to assign the role VoIP-Phone to any client that has a MAC address that starts with

bytes xx:yy:zz. User-derivation rules are executed before client authentication.

3. The user role can be the default user role configured for an authentication method, such as 802.1x or VPN. For each

authentication method, you can configure a default role for clients who are successfully authenticated using that

method.

4. The user role can be derived from attributes returned by the authentication server and certain client attributes (this is

known as a server-derived role). If the client is authenticated via an authentication server, the user role for the client

can be based on one or more attributes returned by the server during authentication, or on client attributes such as

SSID (even if the attribute is not returned by the server). Server-derivation rules are executed after client

authentication.

5. The user role can be derived from Dell Networking W Vendor-Specific Attributes (VSA) for RADIUS server

authentication. A role derived from aDell Networking W VSA takes precedence over any other user roles.

In the Dell Networking W user-centric network, the user role of a wireless client determines its privileges, including the

priority that every type of traffic to or from the client receives in the wireless network. Thus, QoS for voice applications

is configured when you configure firewall roles and policies.

Dell Networking W-AirWave 7.7 | Controller Configuration Controller Configuration Reference | 47