User Roles for Wireless Clients
User Roles, defined and mapped within a RADIUS Server profile, control wireless client (end user) access to Wi-Fi networks that are configured to use that external RADIUS server for authentication. Each role is associated with an Access Control Policy that is applied when the user connects.
Feature Overview
Administrators can map user roles to a RADIUS Server profile, where each user role is already associated with an Access Control Policy. When a wireless client (end user) connects to a network utilizing that RADIUS Server profile and is assigned a matching role during authentication, the access point applies the Access Control Policy associated with that role.
- Dynamic, per‑user policies (instead of a single, per‑SSID policy in which every user on that SSID gets the same ACL treatment, regardless of who they are, what group they are in, and so on).
- Better scalability and simpler management in multi-role environments such as schools, hospitality, and enterprise.
Requirements
This feature has no special hardware or software requirements for feature enablement or usage.
Considerations
- You can configure either User Roles or a single Access Control Policy for a network utilizing an external RADIUS Server for authentication, not both. If both are configured, the user role mapping takes priority over the network's Access Control Policy when a matching role is assigned during authentication.
- Changes to User Role mappings are applied immediately in the system.
Limitations
- URL filtering options are not supported.
- Each user role can use either a VLAN ID or a VLAN pool, but not both.
Best Practices
- Use user role mapping when user-specific access control is required.
- Ensure each role is mapped to the correct Access Control Policy.
- Use clear and consistent names for roles and policies.
- Review role mappings regularly to keep access aligned with current needs.
Prerequisites
This feature has no prerequisites for enablement or usage.