Wireless Access

Reply
New Contributor

Device not receiving proper role

Hello,

 

We have some wireless printers that authenticate via MAC address but are not receiving the proper roles which I believe is causing them to constantly re-authenticate.  They have been added to the local-userdb and even if I attempt to manually add them with the proper role to the user-table, they still show as having a different role.

 

Here is an example:

 

7.18.3.40 00:02:78:21:ff:1b 00:02:78:21:FF:1B NASCA_Scanner 00:18:35 MAC US-MWN01-WAP007 Wireless gv-wlan-01/00:0b:86:0b:b0:a0/g gv-wlan-01-AAA
7.18.3.47 00:02:78:21:ff:11 00:02:78:21:FF:11 NASCA_Scanner 21:00:02 MAC US-MWN01-WAP018 Wireless gv-wlan-01/00:0b:86:0b:9d:60/g gv-wlan-01-AAA
7.18.3.67 00:1b:78:f7:2e:5a NASCA_Scanner_Logon 00:00:04 US-MWN01-WAP014 Wireless gv-wlan-01/00:0b:86:0b:a6:e0/g gv-wlan-01-AAA
7.18.3.65 00:1b:78:f7:2e:7f NASCA_Scanner_Logon 00:00:03 US-MWN01-WAP018 Wireless gv-wlan-01/00:0b:86:0b:9d:60/g gv-wlan-01-AAA

 

The first two devices have the proper role designation which is NASCA_Scanner.  The last two are not assigned the correct role which is the NASCA_Scanner_Logon.  Initially the devices land in the NASCA_Scanner_Logon role but should change to NASCA_Scanner after authentication.  All the other devices function correctly but there are about 5-6 that will not change the role association.  Nothing has changed from a configuration perspective aside from adding the devices to the local-userdb.

 

Here is the AAA profile designated:

 

aaa profile "gv-wlan-01-AAA"
initial-role "NASCA_Scanner_Logon"
authentication-mac "gv-wlan-01-MAC"
mac-default-role "NASCA_Scanner_Logon"
mac-server-group "internal"
authentication-dot1x "gv-wlan-01-PSK"

 

Here is the user-role for NASCA_Scanner_Logon:


user-role NASCA_Scanner_Logon
vlan 39
session-acl gv-dhcp-acl

 

Here is the user-role for NASCA_Scanner:

 

user-role NASCA_Scanner
vlan 39
session-acl gv-dhcp-acl
session-acl gv-dns-acl
session-acl icmp-acl
session-acl gv-citrix-NASCA-acl
session-acl gv-citrix-NASCA-Farm-acl
session-acl NASCA-Cirtix-Website
session-acl gv-NASCA-Printing
session-acl TEST-NASCA-LAPTOP
session-acl allowall

 

Thank you!

 

Jason

Guru Elite

Re: Device not receiving proper role

The local user database is sensitive to case and delimiters.  I would double-check those.

 

In addition, you need to disconnect a device in the client table in th GUI to get a fresh authentication if you make changes to the local user database.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Device not receiving proper role

Thanks Colin!

 

It was an issue with the password being lower case it seems.  Everything is now functioning as it should.  The majority of the devices worked right after the change since they hadn't associated with the controller yet and tried to authenticate.   One device I did have to disconnect through the GUI and allow it to re-authenticate.

 

Jason

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: