Security

Hello im searching for a information source about the main differences between downloadable User Roles and dacl. We have a mixed environment with 2530 and 2540 switches. The documantation for clearpass Captive Portal for both switches describes the use of Nas Filter Rules (dacl?).From my understanding the 2540 could also use DUR, wouldn't it be better then? Which possibilties do i miss whith my 2530 switches and dacl only?
regards Niklas

Downloadable user roles should always be preferred.

It gives you more flexibility. A user role can contain QoS, VLAN etc as well wheras the acl only provides rules.

User roles combine all access attributes for a user in a single object, so it is more flexible than and manageable than separate ACLs.

This video series has in the start a nice explanation on the concepts in the first episodes.

Also note that you can have local user roles on the 2530. The feature that you won't have versus the 2540 is that you can't download the role content from ClearPass but you can configure it on the switch itself and return the role name from ClearPass.

thank you, this clarifies it for me.