Wireless Access

Contributor II

Missing Configuration

Hi, Im trying to know why a role is been derivated to my users even if I dont have any server grup role derivation rule or user rules.


In the nps we are sending the Vendor-specific value for two different users group.



1.- Vendor-Specific: Internal

2.- Vendor-Specific: VIP


On the cntroler we don´t have any rule to derivate this but for some reason our users are getting respectively Internal or VIP.


And They are not getting the 802.1X Authentication Default Role on the aaa profile they still getting Internal or VIP  this roles are not used in an  aaa profile.




Windows Server 2008



Thanks in advance. 

Guru Elite

Re: Missing Configuration

Turn on user debugging and find out why.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee

Re: Missing Configuration

If you send back Aruba-User-Role, you don't need a server derivation rule.  The controller will automatically use the value of the VSA as the role (assuming the value exists as a role).  Are you using the Aruba-User-Role VSA?

Contributor II

Re: Missing Configuration

I don't know if we are ussing Aruba-User-Role VSA,  I'm taking control of a deployed base then I'm getting knowledge of it.


Let Me check and when i got the answer I'll post it.




Contributor II

Re: Missing Configuration

Ok, I will turn on the debugging and will post the output.


Search Airheads
Showing results for 
Search instead for 
Did you mean: