Mappings Tab (Role)

This tab lets you view and configure four different mapping lists for the selected role:

MAC to Role Mapping - Lets you assign the role to an end user based on the user's MAC address.
IP to Role Mapping - Lets you assign the role to an end user based on the user's IP address.
Tagged Packet VLAN to Role Mapping - Lets you assign the role to network traffic based on the traffic's VLAN ID.
Authentication-Based VLAN to Role Mapping - Lets you assign the role to an end user during the authentication process, based on a VLAN Attribute.

To access this tab, select a role in the left panel's Roles tab and click the Mappings tab in the right panel. Any additions or changes you make to this tab must be enforced in order to take effect.

Click the graphic for more information.

MAC to Role Mapping
MAC to Role mapping lets you view and configure a list of MAC addresses to map to the selected role. Mapping a MAC address to a role provides a way to assign a role to an end station based on its source MAC address. This allows you to create a specific role for a group of end stations (such as IP phones), and assign it to them based on their MAC address and a MAC mask. When the end stations connect to the network, the policy-enabled device identifies the source MAC address and applies the mapped role.

MAC Address: The MAC addresses mapped to this role. Click Add to add a MAC address and mask to the list.

Mask: The mask associated with each MAC address. Masking a MAC address is only supported on Matrix N-Series Platinum devices. Using a mask provides an easy way to select end stations based on a portion of their MAC address. For example, you could select one MAC address, then use a mask based on the manufacturers ID portion of the MAC address to specify all your Siemens IP Phones.

Add: Opens the Add MAC Address window, where you can select a MAC address and a MAC mask.

Remove: Select a MAC address and click Remove to remove the MAC address from the list.

IP to Role Mapping
IP to Role mapping lets you view and configure a list of IP addresses to map to the selected role. Mapping an IP address to a role provides a way to assign a role to an end station based on its IP address. For example, in networks that haven't deployed authentication, this would allow you to map an individual IP address such as an administrator's laptop, to a specific role. When the end station connects to the network, the policy-enabled device identifies the IP address and applies the mapped role.

IP Address: The IP addresses mapped to this role. Click Add to add an IP address and mask to the list.

Mask: The mask associated with each IP address. Masking an IP address is only supported on Matrix N-Series Gold and Platinum devices.

Add: Opens the Add IP Address window, where you can select an IP address and an IP mask.

Remove: Select an IP address and click Remove to remove the IP address from the list.

Tagged Packet VLAN to Role Mapping
Tagged Packet VLAN to Role Mapping provides a way to let policy-enabled devices assign a role to network traffic, based on a VLAN ID. When a device receives network traffic that has been tagged with a VLAN ID (tagged packet) it uses the Tagged Packet VLAN to Role mapping list to determine what role to assign the traffic based on the VLAN ID. Use this table to view and configure the VLANs that will map to the selected role. For more information, see VLAN to Role Mapping in the Concepts Help topic.

NOTE: When configuring Tagged Packet VLAN to role mapping, you must also enable the TCI Overwrite attribute. TCI Overwrite allows the VLAN or class of service tag in a received packet to be overwritten by the VLAN (access control) and class of service characteristics defined in the mapped role. You can enable TCI Overwrite on a per-port basis in the port's General tab, or for an individual role in the role's General tab.

	NOTE:	When configuring Tagged Packet VLAN to role mapping, you must also enable the TCI Overwrite attribute. TCI Overwrite allows the VLAN or class of service tag in a received packet to be overwritten by the VLAN (access control) and class of service characteristics defined in the mapped role. You can enable TCI Overwrite on a per-port basis in the port's General tab, or for an individual role in the role's General tab.

VLAN: The VLAN ID and name of the VLANs mapped to this role. Click Add to add a VLAN to the list.

Add: Opens the VLANs Selection View, where you can choose a VLAN to map to the role.

Remove: Select a VLAN and click Remove to remove the VLAN from the list.

Authentication-Based VLAN to Role Mapping
Authentication-Based VLAN to Role Mapping provides a way to assign a role to a user during the authentication process, based on a VLAN Attribute. An end user connects to a policy-enabled device that supports 802.1X authentication using a RADIUS Server. During the authentication process, the RADIUS server returns a VLAN ID in its RADIUS VLAN Tunnel Attribute. The device uses the Authentication-Based VLAN to Role mapping list to determine what role to assign to the end user, based on the VLAN Tunnel Attribute. Use this table to view and configure the VLANs that will map to the selected role. For more information, see VLAN to Role Mapping in the Concepts Help topic.

NOTE: When configuring Authentication-Based VLAN to role mapping, you must enable RFC3580 VLAN Authorization on the device via the device Authentication tab.

	NOTE:	When configuring Authentication-Based VLAN to role mapping, you must enable RFC3580 VLAN Authorization on the device via the device Authentication tab.

VLAN: The VLAN ID and name of the VLANs mapped to this role. Click Add to add a VLAN to the list.

Add: Opens the VLANs Selection View, where you can choose a VLAN to map to the role.

Remove: Select a VLAN and click Remove to remove the VLAN from the list.

Related Information

For information on related concepts:

VLAN to Role Mapping