Cisco Cisco Clean Access 3.5
C H A P T E R
5-1
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
5
User Management: User Roles
This chapter describes the following topics:
•
•
•
For details on configuring authentication servers, see
For details on creating and configuring the web user login page, see
For details on configuring traffic policies for user roles, see
Overview
This chapter describes the user role concept in Cisco Clean Access. It describes how user roles are
assigned and how to create and configure them. It also describes how to create local users that are
authenticated internally by the CAM (used primarily for testing).
assigned and how to create and configure them. It also describes how to create local users that are
authenticated internally by the CAM (used primarily for testing).
Create User Roles
Roles are integral to the functioning of Cisco Clean Access and can be thought of in the following ways:
•
As a classification scheme for users that persists for the duration of a user session.
•
As a mechanism that determines traffic policies, bandwidth restrictions, session duration, Clean
Access vulnerability assessment, and other policies within Cisco Clean Access for particular groups
of users.
Access vulnerability assessment, and other policies within Cisco Clean Access for particular groups
of users.
In general, roles should be set up to reflect the shared needs of distinct groups of users in your network.
Before creating roles, you should consider how you want to allocate privileges in your network, apply
traffic control policies, or group types of client devices. Roles can frequently be based on existing groups
within your organization (for example, students/faculty/staff, or engineering/sales/HR). Roles can also
be assigned to groups of client machines (for example, gaming boxes). As shown in
Before creating roles, you should consider how you want to allocate privileges in your network, apply
traffic control policies, or group types of client devices. Roles can frequently be based on existing groups
within your organization (for example, students/faculty/staff, or engineering/sales/HR). Roles can also
be assigned to groups of client machines (for example, gaming boxes). As shown in
, roles
aggregate a variety of user policies including:
•
Traffic policies
•
Bandwidth policies