Understanding Wireless Authorization Profiles
Once the user is authenticated, Network Director looks for the authorization attributes assigned to the user. Authorization profiles specify the access permissions and authorization attributes for authenticated users or devices. Authorization attributes specify the network resources available to the user. The VLAN profile is a mandatory attribute in order to place the user in the appropriate VLAN. You can provide further access controls using an Authorization profile by specifying encryption types, linking a class-of-service (CoS) profile, specifying the days and times during which the user can access the network, and so on.
You can create Authorization profiles only for wireless devices. After you create a Authorization profile, you can link it to a WLAN profile or assign it to a controller or a cluster. Once you assign an Authorization profile to a controller or a cluster, the VLAN, CoS, and Filter settings that you have defined within that profile are applied on the WLC or the cluster. These settings can then be used for dynamic users who are authenticated through RADIUS or LDAP servers.