I spent several hours on the phone with Aruba tech support scratching their heads and really need some help. I have a RAP5 configured with a split-tunnel SSID and one wired port in bridge mode. The wired port requires MAC authentication, either through user derivation or MAC auth. The wired port connects to a network printer and is to be accessible from the corporate SSID. The RAP is providing DHCP to the bridge port without any issue and I am source NATing traffic from the wireless side to the wired side.
The issue I have is that the in all my tests I can not get an authenticated wireless device to be able to talk to the printer on the wired port. A basic ping is about all that works. If I look at the user-table and filter by the printers MAC, the printer shows that it's role is "logon" even though I have MAC auth enabled. I checked the usual suspects, making sure the MAC was in the internal DB (user/pass). I also disabled MAC auth and instead tried setting up user derivation, and assigned the authenticated role if there's a MAC match. This doesn't work either. The user-table output doesn't even show that MAC auth or user-derivation rules are being considered. The only way I can get the wireless devices to talk to the wired printer is to set the wired default role to authenticated.
Anyone have any thoughts? This is 5.0 code.