This chapter describes the user role concept in Cisco Clean Access. It describes how user roles are
assigned and how to create and configure them. It also describes how to create local users that are
authenticated internally by the CAM (used primarily for testing).

Create User Roles

Roles are integral to the functioning of Cisco Clean Access and can be thought of in the following ways:

•

As a classification scheme for users that persists for the duration of a user session.

•

As a mechanism that determines traffic policies, bandwidth restrictions, session duration, Clean
Access vulnerability assessment, and other policies within Cisco Clean Access for particular groups
of users.

In general, roles should be set up to reflect the shared needs of distinct groups of users in your network.
Before creating roles, you should consider how you want to allocate privileges in your network, apply
traffic control policies, or group types of client devices. Roles can frequently be based on existing groups
within your organization (for example, students/faculty/staff, or engineering/sales/HR). Roles can also
be assigned to groups of client machines (for example, gaming boxes). As shown in

Figure 5-1

, roles

aggregate a variety of user policies including:

•

Traffic policies

•

Bandwidth policies