Controller Based WLANs

During Dot1x authentication, does derivation gets honoured in intermediate default machine role and default user role.?

Environment : This articles applies to Aruba Mobility Controllers running ArubaOS and configured for Dot1x authentication on an SSID.

 

With the following image, lets understand how role is devired for a user doing dot1x authentication when machine authentication is enabled:

 



rtaImage.jpg




NOTE: Controller will worry about Machine auth only if “Machine-Authentication” is enabled under dot1x profile. If “Machine Authentication” is not enabled , only user authentication occurs and if it passes, it falls in dot1x-default-role rather or else the user would be denied access.

Coming to the actual question:

Role Based VLANs from the intermediate Machine Roles “Machine Authentication: Default Machine Role” and “User Authentication: Default User Role” will not be honored.

The only state where derivation of any type is honored for the client is when it passes both Machine-auth && user-dot1x auth.

 

Version history
Revision #:
1 of 1
Last update:
‎06-29-2014 06:00 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.