Environment : This article applies to Aruba OS 6.3
From AOS 22.214.171.124 to AOS 126.96.36.199, Role based vlan doesn't work in 802.1x authentication.
Pre AOS 6.3, where vlan mapped to the user-role does take effect and users are placed in the vlan mapped to the role. After upgrading to AOS 6.3, role based vlan are not honored in the 802.1x authentication.
Workaround : For 802.1x authentication, configure standard radius attribute in the authentication server and create a server rule in the controller to assign vlan. This doesn't work for default machine role and default user role as SDR will kick in only if the client passes both machine authentication and user authentication.
This workaround doesn't help when enforce machine is enabled in the controller or when a user entry existed, user entry was assigned to mac-auth derived role-based VLAN, and the client re-associated. A user was assigned to the default VLAN instead of the mac-auth derived role-based VLAN because mac-auth was skipped for the existing mac authenticated user-entry.
Starting from AOS 188.8.131.52, Role based vlan's are honored and users are placed in the vlan mapped to the user-role.