Product and Software: This article applies to all Aruba controllers and ArubaOS 2.x.
Untrusted ports are ports that are configured to a network that is not trusted, which is separate from the internal trusted network. All users/L3 devices on the untrusted network get registered with the switch and are pushed to the logon role. This is common because untrusted ports allow for authentication and subsequent checking for ACLs against per-user firewall.
Configuring untrusted ports denies access to the trusted network, and permits only a certain application that is allowed in the logon role, but the switch does this operation only for users/devices registered under logon role.