Configuring Client Roles for AOS-CX

You can assign network access to clients using client roles. The network admin can create configuration profiles (roles) and associate them to clients. Client roles allow you to create and manage roles and attributes for the network.

To create a client role, complete the following steps:

  1. In the Network Operations app, select one of the following options:
    • To select a switch group in the filter:
      1. Set the filter to a group.

        The dashboard context for the group is displayed.

      2. Under Manage, click Devices > Switches.
      3. Click the AOS-CX icon to view the switch configuration dashboard.
  2. Click Client Roles.
  3. Under Client Roles table, click the + add icon to create a new role.

    Configure the following parameters.

    >

    Table 1: Client Roles Parameters

    Name

    Description

    Value

    Name

    Name of the role.

    This is a mandatory parameter.

    This parameter supports letters, numbers, and special characters.

    VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. mode

    VLAN mode of the role.

    Access or Trunk

    Default value is Access.

    VLAN

    VLAN ID of the role.

    Default value is 1.

    Authentication mode

    Select either MD5Message Digest 5. The MD5 algorithm is a widely used hash function producing a 128-bit hash value from the data input. (Message Digest) or SHASecure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. (Secure Hash Algorithm) as the authentication mode to provide secured access to the user.

    Client-Mode or Device-Mode

    Default value is Client-Mode.

    Trust mode

    Trust mode for the role.

     

    None, DSCPDifferentiated Services Code Point. DSCP is a 6-bit packet header value used for traffic classification and priority assignment. , or COS

    Default value is None.

    Reauthentication period

    The time (in seconds) after which the switch enforces on a client to reauthenticate. The client remains authenticated while the reauthentication occurs.

    Default value is 30 seconds.

    PoEPower over Ethernet. PoE is a technology for wired Ethernet LANs to carry electric power required for the device in the data cables. The IEEE 802.3af PoE standard provides up to 15.4 W of power on each port. priority

    PoE priority configured on the port.

    Critical, High, or Low.

    Default value is Low.

    STPSpanning Tree Protocol. STP is a network protocol that builds a logical loop-free topology for Ethernet networks. admin edge port

    Enable or disable STP admin edge port for the role.

    By default STP admin edge port is enabled.

    User-based tunnel

    Enable or disable user-based tunneling for the role.

    NOTE:  

    • To enable user-based tunnel for a client role, user-based tunneling must be enabled in Dynamic Segmentation.
    • If User-based tunnel is enabled for a role and if User-based tunnel feature is disabled in the Dynamic Segmentation page, then User-based tunnel for the role is disabled automatically.

    Move the toggle switch to the on position to enable.

    By default, it is disabled.

    Gateway cluster

    Name of the gateway cluster zone.

    NOTE: By default, the cluster zone name is default. You cannot change the gateway cluster name.

     

    Gateway Role

    Name of the gateway role for the client role.

    This parameter supports letters, numbers, and special characters.

  4. Click Save.

You cannot edit client roles.

Deleting Client Roles

To delete a client role, point to the row for the role, and click the delete icon.