How to Create a Role

---

A role is a policy profile consisting of a set of network access services that you can apply at various access points in a policy-enabled network. A port takes on a user's role when the user authenticates.

Creating a role using the role tabs consists of creating a name for the role with the Create Role menu option, then defining its characteristics (default class of service, default access control, and/or services) using the role's right-panel tabs. You might also use this method if you are creating a role for which there is default class of service and/or access control, but no services.

If you want to change the characteristics of a role, you can select the role in the left panel and use the right panel to modify it.

Instructions on:

• Using the Role Tabs
• Modifying a Role
• Deleting a Role

Using the Role Tabs

Creating a role using the Role tab consists of creating a name for the role, then using the right panel to specify the characteristics of the role (default class of service, default access control, and/or services).

1. In the Policy tab left panel, select the Roles/Services > Roles tab.
2. Right-click the Roles tab, and select Create Role.
   The Create window opens.
3. Type the role name in the highlighted box.  The name can be up to 64 characters in length, and special characters are allowed, with the exception of colons (:) and semicolons (;).  Duplicate names are not allowed, regardless of case.  For example, if you already have a role Faculty and you attempt to name the new role Faculty or faculty, the Policy tab creates the role, but with the name New Role, or New Rolen (where n is the sequence number, if there is more than one New Role). You can then rename the new role. Press Enter after you've entered the name. (If you don't press Enter, the name remains New Role.)  
4. Select the role in the left panel, and the role opens in the right panel. Use the right panel to add a role description, enable TCI Overwrite, and set the role's default actions (including access control and class of service).
5. In the Services section in the right panel, select the Add/Remove Services button to add services to the role. This opens the role Add/Remove Services window.
   
   

   	NOTE:	The Policy tab checks for rule conflicts when more than one service is added. See Conflict Checking for more information.

6. To add a VLAN to the Role's Egress list, select the role and use the VLAN Egress tab in the right panel.
7. To configure MAC, IP, and VLAN to role mapping lists for the role, select the role and use the Mappings tab in the right panel.
8. Now that you have created the role, you can:
• Assign the role as the default role for a port
• Modify the role's characteristics
9. Enforce to write the new information to the devices.

Modifying a Role

Once you've created a role, you can change its characteristics by selecting the role in the Policy tab's left panel and using the associated tabs in the right panel.

Instructions on:

• Adding Services to Roles
• Modifying a Role's Default Class of Service
• Modifying a Role's Default Access Control
• Modifying a Role's Description
• Modifying a Role's Ports
• Removing Services from Roles

Adding Services to Roles

To add services to roles:

1. Select the left panel Roles/Services > Roles tab and expand the Roles tab. Select the role to which you want to add services in the left panel, then select the General tab in the right panel.
2. Select Add/Remove Services. This opens the Add/Remove Services window.
3. Make sure the role to which you wish to add services is displayed in the Role selection box.
4. In the Groups and Services panel, select the services and/or service groups you wish to add to the role, and select the Right Arrow button. To remove services, select them in the Selected Services panel and select the Left Arrow button.
   
   

   	NOTE:	The Policy tab checks for rule conflicts when more than one service is added. See Conflict Checking for more information.

5. If you wish, you can select another role, and add or remove services from it.
6. Select OK.
7. Enforce to write the new information to the devices.

Removing Services from a Role

1. Select the left panel Roles/Services > Roles tab and expand the Roles folder.  
2. Select the role from which you want to remove services, then select the General tab in the right panel.
3. Select Add/Remove Services. This opens the Add/Remove Services window.
4. Make sure the role from which you wish to remove services is displayed in the Role selection box.
5. In the Selected Services panel, select the services and/or service groups you wish to remove from the role, and select the Left Arrow button. To add services, select them in the Groups and Services panel and select the Right Arrow button.
6. If you wish, you can select another role, and remove services from or add services to it.
7. Select OK.
8. Enforce to write the new information to the devices.

Modifying a Role's Default Class of Service

Use the role's General tab to change its default class of service settings. Be sure to enforce to write the new information to the devices.

Modifying a Role's Default Access Control

Use the role's General tab to change its default access control. Be sure to enforce to write the new information to the devices.

Modifying a Role's Description

You can edit the description for the role on the role's General tab. Select OK to save the change to the database.

Modifying a Role's Ports

You can select a port and choose the default role on the Ports tab. You can also select PortView to open the PortView for the port or make changes to the port settings themselves.

1. In the Policy tab left panel, select a device in the Devices left-panel tab.
2. Select the port on which you want to set a default role.
3. Right-click the port and select Policy > Set Default Role.
4. Select the Assign/Replace Default Role checkbox. The drop-down list is available.
5. Select the default role for the port from the drop-down list.
6. Select OK.
7. Enforce to write the new information to the devices.

Mapping a Role to an HTTP Redirect Group

The HTTP Redirect action allows the role/rule to be mapped to an HTTP Redirect group index. The action widgets contain a menu to edit the group configuration.

Deleting a Role

1. In the Policy tab left panel, select a device in the Devices left-panel tab.
2. Select the port on which you want to delete the default role.
3. Right-click the port and select Policy > Set Default Role.
4. Select the Clear Default Role checkbox.
5. Select the default role for the port.
6. Select OK.
7. Enforce to write the new information to the devices.

---

Related Information

For information on related help topics:

• Traffic Classification Rules
• Assigning Default Roles to Ports
• Clearing Default Roles from Ports
• How to Make Selections on Add/Remove Windows
• How to Assign a Default Role to a Port
• Add/Remove Services Window
• General Tab (Role)