Hi Everyone,
I'm seen exact the same behaviour. There is no accounting when I'm using server-derived roles. Take a look "Radact N/A" and "role-how" below:
Name: 60672073db4c, IP: 172.17.35.161, MAC: 60:67:20:73:db:4c, Role: TestGuest-CP, ACL: 62/0, Age: 00:00:04
Authentication: Yes, status: started, method: MAC, protocol: PAP, server: FreeRadius
Bandwidth = No Limit
Bandwidth = No Limit
Role Derivation: Matched server rule
VLAN Derivation: MBA Server Rule Role Contained
Idle timeout (global): 300 seconds, Age: 00:00:00
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=0, mba=1, vpnflags=0, u_stm_ageout=1
Flags: innerip=0, outerip=0, vpn_outer_ind:0, download=1, wispr=0
IP User termcause: 0
phy_type: g-HT-20, l3 reauth: 0, BW Contract: up:0 down:0, user-how: 1
Vlan default: 35, Assigned: 35, Current: 35 vlan-how: 8 DP assigned vlan:0
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0
SlotPort=0x2100, Port=0x10025 (tunnel 37)
Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role: n/a
Current Role name: TestGuest-CP, role-how: 2, L2-role: TestGuest-CP, L3-role: TestGuest-CP
Essid: SOLIDEX-Guest, Bssid: 24:de:c6:cf:22:c1 AP name/group: Engines/SOLIDEX Phy-type: g-HT-20
RadAcct sessionID:n/a
RadAcct Traffic In 72/10723 Out 58/39111 (0:72/0:0:0:10723,0:58/0:0:0:39111)
Timers: L3 reauth 0, mac reauth 0 (Reason: ), dot1x reauth 0 (Reason: )
If I remove role derivation rule accounting starts as appropriate. Note "Radact xxxxx" and "role-how":
(Aruba3200) #show aaa state user 172.17.35.161
Name: 60672073db4c, IP: 172.17.35.161, MAC: 60:67:20:73:db:4c, Role: logon, ACL: 1/0, Age: 00:00:00
Authentication: Yes, status: started, method: MAC, protocol: PAP, server: FreeRadius
Bandwidth = No Limit
Bandwidth = No Limit
Role Derivation: default for authentication type MAC
VLAN Derivation: Default VLAN
Idle timeout (global): 300 seconds, Age: 00:00:00
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=0, mba=1, vpnflags=0, u_stm_ageout=1
Flags: innerip=0, outerip=0, vpn_outer_ind:0, download=1, wispr=0
IP User termcause: 0
phy_type: g-HT-20, l3 reauth: 0, BW Contract: up:0 down:0, user-how: 1
Vlan default: 35, Assigned: 35, Current: 35 vlan-how: 1 DP assigned vlan:0
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0
SlotPort=0x2100, Port=0x10016 (tunnel 22)
Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role: n/a
Current Role name: logon, role-how: 1, L2-role: logon, L3-role: logon
Essid: SOLIDEX-Guest, Bssid: 24:de:c6:cf:22:d1 AP name/group: Studiks/SOLIDEX Phy-type: g-HT-20
RadAcct sessionID:6067207360672073DB4C-02
RadAcct Traffic In 60/7056 Out 47/11287 (0:60/0:0:0:7056,0:47/0:0:0:11287)
Timers: L3 reauth 0, mac reauth 0 (Reason: ), dot1x reauth 0 (Reason: )
Profiles AAA:Test-Guest-AAA, dot1x:, mac:default CP: def-role:'logon' sip-role:'' via-auth-profile:''
ncfg flags udr 0, mac 1, dot1x 0, RADIUS interim accounting 1
IP Born: 1418317896 (Thu Dec 11 20:11:36 2014)
Core User Born: 1418317888 (Thu Dec 11 20:11:28 2014)
Upstream AP ID: 0, Downstream AP ID: 0
Device Type: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
L3-Auth Session Timeout from Radius: 0
Mac-Auth Session Timeout Value from Radius: 0
Dot1x Session Timeout Value from Radius: 0
CoA Session Timeout Value from Radius: 0
Dot1x Session Term-Action Value from Radius: Default
Reauth-interval from role: 0
Number of reauthentication attempts: mac reauth 0, dot1x reauth 0
Address is from DHCP: yes
Is it expected or this is bug? We are using SW 6.3.1.2.
Thanks!
/ Ruske