This article explains the configuration of “dhcp-option” and “dot1x-authentication-type” based role derivation on Aruba Instant APs
IAP has supported role derivation for a long time, but only via radius attributes. However, with 6.1.3.4-3.1, we can now derive user roles based on “dhcp-option” as well as “dot1x-authentication type”.When configuring role derivation rules based on radius attributes, DHCP option, and dot1x-authentication-type, the matching rule that appears first in the rule list takes precedence.
Environment : This article applies to all the IAPs running a minimum OS version of 6.1.3.4-3.1.x.x.
Through CLI:Creating the roles:
Creating Role derivation rules:
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.