02-22-2017 09:56 AM
While configuring a AAA profile,
The "initial role", "mac authentication default role", "dot1x authentication default role" could be mapped with one of the many default user roles viz:
However, I am failing to find the significance of each of these and its applicability.
Do we have some study documentation giving proper insight on these profiles and its applicability?
02-22-2017 10:01 AM
The "initial role" is what you want a user to get if they do not authenticate. If there is an Open SSID, a WEP SSID or a WPA/2-PSK SSID the initial role is what they get upon association. If the initial role is like an "allowall" role like authenticated, the user will simply be able to pass traffic without doing anything. If the initial role is "logon", which is a captive portal role, the user will be presented with the captive portal upon successful association.
The default 802.1x role is what a user gets if that user passes 802.1x authentication. This of course can be overridden with radius attributes returned from the server, or server derivation rules.
If mac authentication is enabled in the AAA profile, if the user passes mac authentication in combination with something else, the default mac authentication will be come the resulting user's role.
I hope that makes sense..
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
02-27-2017 02:05 AM
Did cjoseph answer your question? Or - was the question more related to the various User Roles themselves?
Some information regarding the topic of User Roles
-ACMX #316 :: ACCP-
Intelecom - Norway
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
02-27-2017 05:52 AM
For a listing of the default policies and roles and what is included as part of them; refer to the following section of the ArubaOS User Guide: Basic System Defaults
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX