ArubaOS and Controllers

Reply
d.p
Contributor I
Posts: 29
Registered: ‎08-29-2011

User role not being applied

Hello

I created a user role to allow certain devices to bypass captive portal on our guest network via their MAC address. However when I attempt to apply it to via AAA profiles > Guest network > User derivation rules and hit apply it never saves that rule. It just defaults back to 'None.'

Has anyone seen this before? If so what am I missing?
Aruba
Posts: 760
Registered: ‎05-31-2007

User role not being applied

I would recommend a 'show log all 20' on the command line OR look at the process logs on the WEBUI to determine if there is an error message etc.

Also, which version of AOS are you using ?
d.p
Contributor I
Posts: 29
Registered: ‎08-29-2011

Re: User role not being applied

Process log doesnt show anything and neither does the cli log for when I attempt to apply that rule to that network...

Showing two different Software versions on my partitions. Partition 0 is showing 6.1.1.0 and Partition 1 is showing 6.0.1.3

: Error sending the trap to SNMP agent
Jun 30 12:50:36 sapd: <404075> |AP 00:24:6c:cb:37:02@172.23.88.5 sa pd| AM 00:24:6c:33:70:20: ARM - decreasing power cov-index 14/0 tx-power 8 new_ rra 1/6
Jun 30 13:01:52 sapd: <404074> |AP 00:24:6c:cb:37:02@172.23.88.5 sa pd| AM 00:24:6c:33:70:20: ARM - increasing power cov-index 6/0 tx-power 6 new_r ra 1/7
Jun 30 13:07:47 sapd: <404074> |AP 00:24:6c:cb:37:02@172.23.88.5 sa pd| AM 00:24:6c:33:70:20: ARM - increasing power cov-index 7/0 tx-power 7 new_r ra 1/8
Jun 30 13:08:13 authmgr: Error sending the trap to SNMP agent
Jun 30 13:38:28 authmgr: Error sending the trap to SNMP agent
Jun 30 13:46:39 authmgr: Error sending the trap to SNMP agent
Jun 30 14:37:11 sapd: <404075> |AP 00:24:6c:cb:37:02@172.23.88.5 sa pd| AM 00:24:6c:33:70:20: ARM - decreasing power cov-index 15/0 tx-power 8 new_ rra 1/6
Jun 30 14:46:57 sapd: <404074> |AP 00:24:6c:cb:37:02@172.23.88.5 sa pd| AM 00:24:6c:33:70:20: ARM - increasing power cov-index 6/0 tx-power 6 new_r ra 1/7
Jun 30 14:53:23 sapd: <404074> |AP 00:24:6c:cb:37:02@172.23.88.5 sa pd| AM 00:24:6c:33:70:20: ARM - increasing power cov-index 7/0 tx-power 7 new_r ra 1/8
Jun 30 16:23:34 sapd: <404075> |AP 00:24:6c:cb:37:02@172.23.88.5 sa pd| AM 00:24:6c:33:70:20: ARM - decreasing power cov-index 15/0 tx-power 8 new_ rra 1/6
Jun 30 16:24:48 sapd: <404069> |AP 00:24:6c:cb:37:02@172.23.88.5 sa pd| AM 00:24:6c:33:70:20: ARM Channel Interference Trigger new 6-16 old 1-43 ne w_rra 6/6 TCI 10
Jun 30 16:32:59 sapd: <404074> |AP 00:24:6c:cb:37:02@172.23.88.5 sa pd| AM 00:24:6c:33:70:20: ARM - increasing power cov-index 6/0 tx-power 6 new_r ra 6/7
Jun 30 16:37:25 sapd: <404074> |AP 00:24:6c:cb:37:02@172.23.88.5 sa pd| AM 00:24:6c:33:70:20: ARM - increasing power cov-index 7/0 tx-power 7 new_r ra 6/8
Jun 30 16:47:19 sapd: <404075> |AP 00:24:6c:cb:36:f5@172.23.88.6 sa pd| AM 00:24:6c:33:6f:50: ARM - decreasing power cov-index 12/0 tx-power 8 new_ rra 1/7
Jun 30 16:51:27 sapd: <404074> |AP 00:24:6c:cb:36:f5@172.23.88.6 sa pd| AM 00:24:6c:33:6f:50: ARM - increasing power cov-index 7/0 tx-power 7 new_r ra 1/8
Jun 30 21:23:29 sapd: <404075> |AP 00:24:6c:cb:36:f5@172.23.88.6 sa pd| AM 00:24:6c:33:6f:50: ARM - decreasing power cov-index 12/0 tx-power 8 new_ rra 1/7
Jun 30 21:35:42 sapd: <404074> |AP 00:24:6c:cb:36:f5@172.23.88.6 sa pd| AM 00:24:6c:33:6f:50: ARM - increasing power cov-index 7/0 tx-power 7 new_r ra 1/8
Jun 30 23:41:05 sapd: <404075> |AP 00:24:6c:cb:36:f5@172.23.88.6 sa pd| AM 00:24:6c:33:6f:50: ARM - decreasing power cov-index 12/0 tx-power 8 new_ rra 1/7
Jun 30 23:59:01 sapd: <404074> |AP 00:24:6c:cb:36:f5@172.23.88.6 sa pd| AM 00:24:6c:33:6f:50: ARM - increasing power cov-index 7/0 tx-power 7 new_r ra 1/8
Aruba
Posts: 760
Registered: ‎05-31-2007

User role not being applied

Thanks for the output.

Guess I should have clarified ;-) You will want to look in the logs right after you execute the command on the WEBUI.... is that what you did below ?
d.p
Contributor I
Posts: 29
Registered: ‎08-29-2011

Re: User role not being applied


I would recommend a 'show log all 20' on the command line OR look at the process logs on the WEBUI to determine if there is an error message etc.

Also, which version of AOS are you using ?





Thanks for the output.

Guess I should have clarified ;-) You will want to look in the logs right after you execute the command on the WEBUI.... is that what you did below ?




Yes that is exactly what I did and nothing appeared. I just did it again to be sure and the same thing, nada in the logs when I hit apply.
Aruba
Posts: 760
Registered: ‎05-31-2007

Re: User role not being applied

I just did a quick test on my controller running 6.0.1.3... it applied OK.

When you click in the WEBUI to apply this rule, what is the output is you click on 'view commands' before hitting apply ?

It should look something like this:

!
aaa profile "AAAProfile-Demo"
user-derivation-rules Fingerprinting-Demo
!
d.p
Contributor I
Posts: 29
Registered: ‎08-29-2011

Re: User role not being applied


I just did a quick test on my controller running 6.0.1.3... it applied OK.

When you click in the WEBUI to apply this rule, what is the output is you click on 'view commands' before hitting apply ?

It should look something like this:

!
aaa profile "AAAProfile-Demo"
user-derivation-rules Fingerprinting-Demo
!




Absolutely nothing. Lol, our re-seller said it works for him as well but for whatever reason its not working on my controller.
Aruba
Posts: 760
Registered: ‎05-31-2007

User role not being applied

LOL indeed.

Perhaps a short term work around... use the CLI and see if you can 'force' the commands in.

Something like this:

Step #1 - enter commands via CLI

!
Config t
aaa profile "AAAProfile-Demo"
user-derivation-rules Fingerprinting-Demo
!

Step #2 - Verify it 'took'

Show run | include user-derivation
d.p
Contributor I
Posts: 29
Registered: ‎08-29-2011

Re: User role not being applied


LOL indeed.

Perhaps a short term work around... use the CLI and see if you can 'force' the commands in.

Something like this:

Step #1 - enter commands via CLI

!
Config t
aaa profile "AAAProfile-Demo"
user-derivation-rules Fingerprinting-Demo
!

Step #2 - Verify it 'took'

Show run | include user-derivation




Solid although that didn't work at first it did allow me to figure out the issue. You can't have a space in the role name, which I had originally. So I deleted the role and added a hyphen and it allowed me to apply it. But why can you not have a space but the gui will allow you to create a name with a space??

(aruba-ann) #  show running-config | include Mac-bypass
Building Configuration...
aaa derivation-rules user Mac-bypass
user-derivation-rules "Mac-bypass"


So one more thing, how do I make it so this rule will bypass the captive portal and allow the device with matching MAC wireless access? I see the hit count increase when my laptop attempts to connect to the guest network but I am still presented with the captive portal login.
Contributor I
Posts: 22
Registered: ‎11-09-2007

Re: User role not being applied

It is a linux box at the core. If you type a space it assumes that is the end of the entrys name, but a dash or underscore would accomplish your desired behavior. It is just the way linux works- and the web UI is just being parsed down into CLI commands. In the web UI configure page...in the bottom right... show commands text. Click it and you can see what every page is being parsed down to.
Search Airheads
Showing results for 
Search instead for 
Did you mean: