In this video, we build a wired enforcement with role-based traffic policies on AOS-CX Switch. Combined with the MAC Authentication from the previous video, this will make my VoIP phone automatically being placed in the Voice VLAN, and allowed only traffic to DHCP, DNS, and our PBX. My IP camera is first as an unknown device placed in a profiling role that just allows DHCP, then once profiled it receives a policy that only allows internet access, so no traffic is possible to the internal network. Workshop video overview, schedule, and discussion can be found on the Airheads Community: ⏰Timestamps: 00:00 Intro 01:00 Switch configuration (additional roles) 04:35 Create ClearPass Roles & Role Mapping 06:04 Create Enforcement Profiles and Policy 07:40 Verify the new policy