Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

191

192

193

194

195

196

197

198

199

200

Configuring User Roles

Every client in the Instant network is associated with a user role, which determines the client’s network privileges,

the frequency of reauthentication, and the applicable bandwidth contracts.

Instant allows you to configuration of up to 32 user roles. If the number of roles exceed 32, an error message is

displayed.

The user role configuration on an IAP involves the following procedures:

l Creating a User Role on page 191

l Assigning Bandwidth Contracts to User Roles on page 191

l Configuring Machine and User Authentication Roles on page 192

Creating a User Role

You can create a user role by using the Instant UI or CLI.

In the Instant UI

To create a user role:

1. Click the Security at the top right corner of Instant main window. The Security window is displayed.

2. Click Roles tab. The Roles tab contents are displayed.

3. Under Roles, click New.

4. Enter a name for the new role and click OK.

You can also create a user role when configuring wireless or wired network profiles. For more information, see

Configuring Access Rules for a WLAN SSID Profile on page 104 and Configuring Access Rules for a Wired Profile

on page 116

In the CLI

To configure user roles and access rules:

(Instant AP)(config)# wlan access-rule <access-rule-name>

(Instant AP)(Access Rule <Name>)# rule <dest> <mask> <match> <protocol> <start-port> <end-

port> {permit |deny | src-nat | dst-nat {<IP-address> <port> | <port>}}[<option1…option9>]

Assigning Bandwidth Contracts to User Roles

The administrators can manage bandwidth utilization by assigning maximum bandwidth rates, or bandwidth

contracts to user roles. The administrator can assign a bandwidth contract configured in Kbps to upstream (client to

the IAP) or downstream (IAP to clients) traffic for a user role. The bandwidth contract will not be applicable to the

user traffic on the bridged out (same subnet) destinations. For example, if clients are connected to an SSID, you can

restrict the upstream bandwidth rate allowed for each user to 512 Kbps.

By default, all users that belong to the same role share a configured bandwidth rate for upstream or downstream

traffic. The assigned bandwidth will be served and shared among all the users. You can also assign bandwidth per

user to provide every user a specific bandwidth within a range of 1 to 65535 Kbps. If there is no bandwidth contract

specified for a traffic direction, unlimited bandwidth is allowed.

In the earlier releases, bandwidth contract could be assigned per SSID. In the current release, the bandwidth

contract can also be assigned for each SSID user. If the bandwidth contract is assigned for an SSID in the Instant

6.2.1.0-3.4.0.0 image, and when the IAP is upgraded to 6.4.0.2-4.1 release version, the bandwidth configuration per

SSID will be treated as a per-user downstream bandwidth contract for that SSID.

Aruba Instant 6.4.0.2-4.1 | User Guide Roles and Policies | 191