No machine auth. Just basic WPA-2 Personal. Here is the snippet of config I think would be setting the Role:
wlan ssid-profile RED
index 0
type employee
essid RED
wpa-passphrase d4f4ce460e56ce7adaa288a43e9c4ffac5d784fafda7720c
opmode wpa2-psk-aes
max-authentication-failures 0
auth-server InternalServer
set-role Aruba-Essid-Name equals RED IG
rf-band all
captive-portal disable
However, the only Role that gets applied is the default Role that gets created when the ssid is created.
Then the next question: Can you only apply one Role-based access rule set per IAP. I have a BLUE ssid created that has a default BLUE Role-based rule set. BUT, when I apply the BLUE Role-based rule set to the BLUE ssid it appears to save but when I go back in and look at the Access tab it has the Access set to Network-Based with the rules I created for the BLUE Role???