Table of Contents
Advertisement
You can configure the BSC to support enterprise guest access by defining local user
accounts and assigning them to the BSC's default guest role. Configuring guest access in
this way enables you to set the following limitations on guests who access your enterprise
network:
•
when the guest user account is activated and expired
•
the network bandwidth the guest can use
•
the network services the guest can access (only DNS and HTTP/S by default)
See "Local BSC User Authentication" on page 5-2 for information about configuring local
user accounts.
Role Inheritance
Everyone in an organization shares certain access privileges. For example, all employees
likely have access to cafeteria facilities but only a few have the key code that unlocks the
computer room.
Role inheritance allows you to map these access privileges to your unique organizational
structure. Commonly held privileges constitute the base role X. When defining a more
restrictive role Y, you can specify the base role as a default set of privileges that is
available (i.e., inherited from role X) if none of the policies in role Y match the requested
service, destination, or direction of traffic.
Use of role inheritance provides two significant advantages:
BlueSecure™ Controller Setup and Administration Guide
Managed Side
Bluesocket BSC
WG-2100 Wireless Gat eway
User with Engineering
Role Assigned
Figure 8-1: Role-based Authorization for a Registered User
Managed Side
Bluesocket BSC
WG -2100 Wireless Gateway
User with Guest
Role Assigned
Figure 8-2: Role-based Authorization for an Unregistered User
Protected Side
Finance
Power
Reset
= Access Blocked
Enterprise Network
Protected Side
Finance
Power
Reset
= Access Blocked
Enterprise Network
Role Inheritance
Internet
HTTP, HTTPS,
POP3,
and SMTP
Firewall
Internet
HTTP, HTTPS,
and POP3
Firewall
8-3
Advertisement
Table of Contents
