Aruba Instant & Cloud Wi-Fi

Reply
MVP
Posts: 751
Registered: ‎04-13-2009

IAP Role based access changes to Network Based

Instant version 6.2.0.0-3.2.0.2_37229 on IAP105

 

When I set the access type on an SSID to role based it's not saved as role based. It save the access settings as network based using the rules assigned in the role I configured.


I'll explain in images.


Here I set the access as role based, and clicked finish.

 

ccp access.JPG

 

The access type dioesn't update...

 

ccp info.JPG

 

Checking the access type when editing the SSID shows it as network based using the setting I configured in the role CCP.

ccp access 2.JPG

 

I've tried this on different SSIDs with different security types and I'm getting the same results. 

 

Anyone else getting this before I reset my instants and reconfigure?

 

Cheers

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: IAP Role based access changes to Network Based

not 100% sure, but i think i encountered the same thinking back about it. is it an issue for you? in principe it doesn't matter much if you don't change rules via clearpass or such.

MVP
Posts: 751
Registered: ‎04-13-2009

Re: IAP Role based access changes to Network Based

Yeah, it's a bit of a pain to be honest. 

 

I configured an SSID and assigned it to be role based access then attempted to edit the role from with the PEF menu. Obviously this didn't work as it was set to network based...

 

TAC suspect that it's a browser issue and that does make sense. I'll test it next week and report back.

 

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: IAP Role based access changes to Network Based

i tried this to confirm and the same happens for me (6.2 / 3.2 _ 37229), but i can edit the role fine in PEF > Roles menu, it even udates the situation then in network-based access at the network. in principe it is the same if you don't use the extra features in the role-based menu.

MVP
Posts: 751
Registered: ‎04-13-2009

Re: IAP Role based access changes to Network Based

That's interesting. What browser are you using? I only tested this on Chome Version 25.0.1364.152 m.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: IAP Role based access changes to Network Based

firefox, can't lookup the exact version right now, but probably one of the latest ones.

MVP
Posts: 751
Registered: ‎04-13-2009

Re: IAP Role based access changes to Network Based

OK, apparently this is by design.

 

From TAC:

Role based with adding access list in role:

 

  • When we configure a SSID with role based normally (i.e) with the acl “allow any to all destinations” then after saving the configuration it will change it to network based.
  • This is because we are just adding the ACL in the role and this will get applied to all the users who are connecting to that SSID
  • This is an expected behavior

--------------------------

 

This doesn't really make sense to me. If I assign an SSID to be role based I expect to be able to modify that role to change the access that users get when connected to that SSID.

 

I've put this forward as a "feature request".

 

Cheers

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: IAP Role based access changes to Network Based

thanks for the update, good to know.

jrwhitehead wrote:

If I assign an SSID to be role based I expect to be able to modify that role to change the access that users get when connected to that SSID.


i still don't fully get your remark here, you can change the role, well you can change the firewall rules and then those are applied on the network based settings.

MVP
Posts: 751
Registered: ‎04-13-2009

Re: IAP Role based access changes to Network Based

Gotcha. So, it is doing what it's supposed to but just not setting it as role based.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: IAP Role based access changes to Network Based

i guess so and as long as you don't use a pre auth role or machine auth there is nothing wrong with that. the only thing i wonder is if you can send a role with the radius reponse now and if that gets picked up correctly.

Search Airheads
Showing results for 
Search instead for 
Did you mean: