04-19-2012 05:01 PM
We have a User Derivation Rule to assign a specific role to certain clients. After we upgraded to 188.8.131.52 the Derivation Rule is not working. The users are being placed in the initial role "logon" instead. I have verified that the mac of the devices are present in the Derivation rule with the correct role.
On code 184.108.40.206 it was working properly.
Has anyone encountered this, is it a bug?
Solved! Go to Solution.
04-19-2012 07:32 PM
Turn on user debugging to see why that user ends up in that role.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
06-12-2012 08:48 AM
After many many tests, with the help of our Aruba onsite support, we were finally able to figure out the issue. I had called TAC about this and they were not able to figure it out.
Turns out that on the new code, at least 220.127.116.11, they have set a limit of to how many lines a derivation rule can have. Don't know if that's by design or a flaw since it's not mentioned in the Release Notes that I can see.
So, if you're having this issue, check to see how many lines your derivation rule/s have. The max that you can have is 127.
07-12-2012 10:34 AM
These symptoms are likely covered under issues filed against S3500 and ArubaOS Mobility controller products.
There are built-in limits to the total of derivation rules, so the number of rules that will work is dependent on the complete
The issue was introduced in 18.104.22.168 software.
Currently, engineering are working on long term fixes for the issue.
In the meantime, there are a number of possible "workarounds" which may in fact, be advantageous in larger networks.
1) MAC based authentication using full, or OUI prefix, which can be used to derive.
- scripts are available to assist transition from the UDR configuration to the internal authentication database authentication
2) Use MAC OUI prefix UDR, thereby reducing the number of UDR rules required.
3) External authentication, using server derivation rules
Aruba Networks Technical Support can provide further details regarding the issue, assisting in positively identifying if this is indeed the cause of symptoms observed, or potential workarounds.
Aruba Networks Customer Advocacy
08-01-2012 05:00 PM
There was nothing in the release notes in regards the issue. TAC didn't know what the issue was either. By testing we ended up figuring what the issue was. We resolved the issue by just using the first 6 characters of the MAC.
09-17-2014 06:09 AM
my controller is running on 22.214.171.124 and we are having same issue.
we are couldn't able to add more than 127 entries. which code we can upgrade to resolove this issue
Thanks in advance for any help on this matter.