07-21-2015 05:15 AM
i have a Lab running a 3600 and two AP105 with 6.4.x. Now i have created a AP Group with a SSID and that vap_prof uses the internal DB for Users with aaa_prof. So far so fine - If my user exist i become authenticated. Now i wanna configure a Rule set to a new "Role" and i've added the user in the local DB to this role but as the AAA Profile says in the SSID the user become authenticated the role never works. If i change the aaa_prof to my new Role it worked but not only for this user - for all instead. So i dunno currently how to get the interal DB Role running with a AAA profile. Do someone running this scenario ? I've only tested this with Server derivation Rule and a extern Radius which assign the rolename.
Thanks for Feedback
Solved! Go to Solution.
07-21-2015 05:21 AM
In your AAA profile, make sure you are using the default server group and that the default server group has the "set role condition..." rule attached to it. The "set role condition role value-of" is the rule that says, return the role that the internal user has defined. If you are using a server group without that rule present for authentication, it will only return the default role for that AAA profile.
aaa server-group "default" auth-server Internal set role condition role value-of
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.