On Internal DB, I configure :
aaa server-group "interne"
allow-fail-through
auth-server Internal
set role condition User-Name contains "ccil" set-value ccil-vlan4 : in fact, I will configure all users on Internal DB with different vlans
aaa profile "Entreprise_AAA"
initial-role "Entreprise_role"
authentication-dot1x "Entreprise_dot1x"
dot1x-default-role "ccil-vlan4"
dot1x-server-group "interne"
aaa authentication dot1x "Entreprise_dot1x"
machine-authentication enable
machine-authentication machine-default-role "Entreprise_role"
machine-authentication user-default-role "ccil-vlan4"
termination enable
termination eap-type eap-tls
termination eap-type eap-peap
termination inner-eap-type eap-gtc
termination inner-eap-type eap-mschapv2
Someone can explain me each role :
initial-role "Entreprise_role"
dot1x-default-role "ccil-vlan4"
machine-authentication machine-default-role "Entreprise_role"
machine-authentication user-default-role "ccil-vlan4"
With different vlan, I cannot understand where I have to configure the server derivation and how.
cCil