Controller-less WLANs

How to configure “dhcp-option” and “dot1x-authentication-type” based role derivation on Aruba Instant APs?

Aruba Employee
Aruba Employee

This article explains the configuration of “dhcp-option” and “dot1x-authentication-type” based role derivation on Aruba Instant APs


IAP has supported role derivation for a long time, but only via radius attributes. However, with, we can now derive user roles based on “dhcp-option” as well as “dot1x-authentication type”.

When configuring role derivation rules based on radius attributes, DHCP option, and dot1x-authentication-type, the matching rule that appears first in the rule list takes precedence.  



Environment : This article applies to all the IAPs running a minimum OS version of




Through CLI:

Creating the roles:


rtaImage (1).png


Creating Role derivation rules:


rtaImage (2).png

Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 02:45 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: