@cappalliwrote:
1) If you're seeing invalid role, then there something wrong with the contents of your DUR. Are you using Standard or Advanced mode?
2) Downloaded
3) User-roles are global. You lose role-based visibility and enforcement, simplified policy creation and overall flexibility. It is not recommended to run without user roles.
4) Downloadable user roles are not supported on the 2920. Local user roles are, however.
Hi Tim,
In reply to your answers:
1) I was not using DURs, but creating user-role on the switch myself (in the light of your answer under 4) this was the only way of doing it :-)) using command "
aaa authorization user-role name <ENFORCEMENT-PROFILE as created on CPPM>
vlan-id <VLAN-ID>
exit "
2) As role was created locally, than role type I am seeing is OK (Thanks)
3) (Thanks for explanation)
4) (Thanks for explanation)
In the light of you answer under 4), and my original problem where predefined role (denyall) was taking precedence when authentication request was made, would you be able to tell me (or, point me in the direction of material explaining it) how should I make role(s) I created getting applied before predefined one? Thanks.
Regards,
NesaM