Users Guide

Creating Role Assignment Rules

This section describes the rules for determining the role that is assigned for each authenticated

client.

NOTE: When Enforce Machine Authentication is enabled, both the device and the user must

be authenticated for the role assignment rule to apply.

To create role assignment rules for the user role:

1. Click New in the Role Assignment Rules section of the window. The default user role is the

newly created user role.

2. Select the attribute from the Attribute drop-down list that the rule it matches against. The

list of supported attributes includes RADIUS attributes (see "List of Supported VSA" on page

118), DHCP-Option, 802.1X-Authentication-Type, and MAC-Address.

3. Select the operator from the Operator drop-down list. The following types of operators are

supported:

l contains— To check if the attribute contains the operand value.

l Is the role— To check if the role is same as the operand value.

l equals— To check if the attribute is equal to the operand value.

l not-equals— To check if the attribute is not equal to the operand value.

l starts-with— To check if the attribute the starts with the operand value.

l ends-with— To check if the attribute ends with the operand value.

4. Enter the string to match in the String text box.

5. Select the appropriate role from the Role drop-down list.

6. Click OK.

Figure 107 - Creating Role Assignment Rules

MAC-Address Attribute

The first three octets in a MAC address are known as Organizationally Unique Identifier (OUI),

and are purchased from the Institute of Electrical and Electronics Engineers, Incorporated (IEEE)

Dell PowerConnect W-Series Instant Access Point 6.2.0.0-3.2.0.0 | User Guide 147 | Role Derivation