Occasional Contributor II

2930F Downloadable User Role not working



I am having an issue getting the Downloadable user roles to work.  I have followed the Wired Policy Enforcement SolutionGuide and have tested on numerous switches but keep getting the same error.   

05204 dca: Failed to apply user role
DUR_HPE_ACCESS_POINT-3028-1_7Z4q to macAuth client C8B5ADxxxx on
port 5: user role is invalid.

05620 dca: macAuth client C8B5ADC8xxxx on port 5 assigned to
initial role as downloading failed for user role


I have checked the read-only account required and as I am using the Self-signed Cert on Clearpass for testing tried by Certifcates available within the trusted with no luck.  


What am I doing wrong?



Guru Elite

Re: 2930F Downloadable User Role not working

Self-signed certificates cannot be used.

Also, are you using Standard or Advanced mode in ClearPass?

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Occasional Contributor II

Re: 2930F Downloadable User Role not working

Thanks,  I have tried both the advanced and now on 6.7 the standard as per the updated document.   


If you think the error is due to the self signed certificate I will take a look at changing this.


Many Thanks Again

Occasional Contributor II

Re: 2930F Downloadable User Role not working

I have run into a couple issues with this and found the following:


- When creating the ACL, do NOT put blank lines between the entries


- The Policy Name has a character length limitation. Try reducing it to 8 characters or less. I am not sure what the upper limit is. 


I dont recall either of these issues on earlier versions of code. Seems to be with CPPM 6.7 and/or 16.05 

Search Airheads
Showing results for 
Search instead for 
Did you mean: