Controllerless Networks

Hello,

I am trying to configure dynamic VLAN assignment for a WPA2 Enterprise SSID with local EAP termination on the Aruba Mobility controller. I created two different user-roles and assigned different VLAN's to the user-role.

• user-role employee1 - vlan 20
• user-role employee2 - vlan 30

I also created a vap which contains to VLAN assignments (vlan 20,30). The AAA profile has a 802.1x Authentication Default Role configured, which points to user-role employee1. The 802.1x Authentication Server Group points to Internal. 

Next I have created to user in the local database from the master controller. I connect with both users, but both users get the 802.1x Authentication Default Role (user-role employee1) assigned. I would like the second user to get user-role employee2 assigned. 

Can anybody help?

this isn't an Aruba Instant question it seems, for controller based networks please use "Unified Wired & Wireless Access"

not 100% sure this is possible, but if it is then i would first double check the settings.

i assume you created the two internal users with the two different roles?

did you create your server group yourself or do you use the default one for the internal server? does it have the Server Rule to set the role?

for double checking it myself be wise to just put up all relevant config here, perhaps we spot something you missed.

Dear Boneyard,

You are right. I have posted this question in the wrong forum. I saw it just after I posted the question. I already started a new threat in Unified Wired and Wireless Access. I tried to delete this threat, but I couldn't find where.

The question is already answered. I created two users and used server derivation to assign different VLAN's to the user, by checking the username.