Configuring Role-Mapping Rules for Profiled Devices

After creating the Local Profiler Authorization Server, you can use device attributes from the Profiler in the role mapping rules for both MAC Authorization and 802.1X realms for policy enforcement.

To configure role-mapping rules:

1.Select Endpoint Policy > MAC Address Realms (for MAC Authorization realms) or Users > User Realms (for 802.1X realms)

2.Select the realm name.

3.Select the Local Profiler Authentication Server as Device Attributes Server.

4.Click the Role Mapping tab.

5.Click New Rule.

6.Set Rule based on to "Device Attribute" and click Update.

If a rule exists, then the Rule based on drop-down will not appear.

7.Enter a name for the rule (if creating a new one).

8.Create the new role mapping rules.

Select the attributes based on the new device attributes that are now available in the attributes drop-down field. When setting the attribute value, make sure the value you enter is an exact match for the value displayed in the Device Discovery Report table. Wildcards (* and ?) can be used in the attribute value.

If LADAP server is configured in profiler, select the LDAP attribute from the list or click Attributes to create new LDAP attributes.

9.Assign the roles and click Save Changes.

Role mapping rules in the MAC authorization realm apply to both MAC-RADIUS enforcements in an 802.1X environment and SNMP-based enforcement.