This article explains the configuration of “dhcp-option” and “dot1x-authentication-type” based role derivation on Aruba Instant APs
IAP has supported role derivation for a long time, but only via radius attributes. However, with 220.127.116.11-3.1, we can now derive user roles based on “dhcp-option” as well as “dot1x-authentication type”.
When configuring role derivation rules based on radius attributes, DHCP option, and dot1x-authentication-type, the matching rule that appears first in the rule list takes precedence.
Environment : This article applies to all the IAPs running a minimum OS version of 18.104.22.168-3.1.x.x.
Creating the roles:
Creating Role derivation rules: