Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Missing Configuration

This thread has been viewed 1 times

  • 1.  Missing Configuration

    Posted Apr 17, 2013 05:27 PM

    Hi, Im trying to know why a role is been derivated to my users even if I dont have any server grup role derivation rule or user rules.

     

    In the nps we are sending the Vendor-specific value for two different users group.

     

    Groups 

    1.- Vendor-Specific: Internal

    2.- Vendor-Specific: VIP

     

    On the cntroler we don´t have any rule to derivate this but for some reason our users are getting respectively Internal or VIP.

     

    And They are not getting the 802.1X Authentication Default Role on the aaa profile they still getting Internal or VIP  this roles are not used in an  aaa profile.

     

     

    AOS: 6.1.3.1

    Windows Server 2008

     

     

    Thanks in advance. 



  • 2.  RE: Missing Configuration

    EMPLOYEE
    Posted Apr 17, 2013 05:32 PM

    Turn on user debugging and find out why.

     



  • 3.  RE: Missing Configuration

    Posted Apr 17, 2013 05:47 PM

    Ok, I will turn on the debugging and will post the output.

    Thanks



  • 4.  RE: Missing Configuration

    Posted Apr 17, 2013 05:34 PM

    If you send back Aruba-User-Role, you don't need a server derivation rule.  The controller will automatically use the value of the VSA as the role (assuming the value exists as a role).  Are you using the Aruba-User-Role VSA?



  • 5.  RE: Missing Configuration

    Posted Apr 17, 2013 05:46 PM

    I don't know if we are ussing Aruba-User-Role VSA,  I'm taking control of a deployed base then I'm getting knowledge of it.

     

    Let Me check and when i got the answer I'll post it.

     

    Thanks