Wireless Access

Reply
Contributor II

ArubaOS 8.x User-Role inhertitance

Hi guys,

 

I just facing a problem and I don't know if I'm wrong or maybe not. 

Here is what I want to achieve:

I want to have a User-Role with captive portal profile configured on the Managed Networks Group. In one group there are two controllers which guest users I want to redirect to a different captive portal (CPPM).
I tried to configure it (break the inheritance) and change the captive portal profle but it isn't permitted. 

So what will be the best way to achieve this? Do I have to configure 2 seperate user-roles and bind them to the aaa?

 

cheers

Network Engineer
ACCX | ACMP
Guru Elite

Re: ArubaOS 8.x User-Role inhertitance

Where is the captive portal authentication profile initially defined?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Contributor II

Re: ArubaOS 8.x User-Role inhertitance

the user role with the L3 profile is defined on the MD (top level hierarchy)

Network Engineer
ACCX | ACMP
Guru Elite

Re: ArubaOS 8.x User-Role inhertitance

Please see the ArubaOS 8 Fundamentals Guide here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/ArubaOS-8-Fundamentals-Guide/ta-p/428914

Screenshot 2018-06-19 at 06.05.23.png

Typically if you want a user role to be different in a different folder, you would use some type of derivation rule instead of overriding the User Role.  Meaning, instead of creating an exception lower down, you should create a user derivation rule higher up that accounts for what would be different in a lower folder.

 

Can you relate what you are trying to do, so we can come up with a solution?

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Guru Elite

Re: ArubaOS 8.x User-Role inhertitance

Please also note that it is not recommended that anything be placed in the managed node folder:

Screenshot 2018-06-19 at 06.28.56.png


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Contributor II

Re: ArubaOS 8.x User-Role inhertitance

here is what I want to do.

A customer has 2 Clearpass Servers in two different locations running in publisher - subscriber cluster. Clearpass is for AAA and Guest.


For a few locations it would be easier/better to reach the subscriber (guest login page) because its the "nearest" so they can connect "locally".

Now with 8.3 my idea was to build one user-role with a L3 CP profile (pointig to publisher) at the highest level so I can use this at all locations. At some specific locations I want to use the same user-role but break the inheritance and change the L3 CP profile to the one with the subscriber IP.

But as it's stated in the fundamentals guide it's not possible. I built a workaround with two user-roles and change the inital role at a certain point.

Thanks for the clarification.

Network Engineer
ACCX | ACMP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: