Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

User Role Policy Location -> correct use??

This thread has been viewed 7 times

  • 1.  User Role Policy Location -> correct use??

    Posted Nov 22, 2017 12:34 PM

    Hello all!

     

    How do we use the location field under "Security > User Roles > Edit Role" correctly?
    My idea is to force a ACL only if a user is connected to an specific AP GROUP.

    If i enter the AP Group, after clicking "Apply", the name gets changed from upper to lowercase only and a controller specific digit is added after an slash.

    role.JPGgroup.JPG

    How do we use this field?

     

    Thank you!

     

     



  • 2.  RE: User Role Policy Location -> correct use??

    Posted Nov 28, 2017 12:03 PM

    Hello!

     

    I diged out my aruba MBC documents, and there is the acl enforcement based on ap gorup location descibed like I posted above.

    I've got runnig 7030 controllers with RAP-203r in my lab.
    The SSID of my RAP VAP is set to split-tunnel and my split tunneling ACL ist tied to the user role as on the screen shot's above.

     

    If I remove the AP Group out of the location field, the split tunnel acl got hits immediately after master controller and locals are synced.
    The split tunnel traffic goes as expected to the gateway of the RAP.

     

    If I set it back, the whole traffic breakes out at the controller again.

     

    My LAB runs on 6.5.4.3, are there known issues with the acl location field at the role configuration?

     

    As we get teached at MBC - this must run.

     

    Thank you!

     

     



  • 3.  RE: User Role Policy Location -> correct use??

    Posted Dec 02, 2017 02:34 AM

    Hi Mom. I have the same problem. You resolve this problem? I can not find anything about the location field in the documentation.



  • 4.  RE: User Role Policy Location -> correct use??

    Posted Dec 02, 2017 03:08 AM
    Hi!
    The location could be used to deploy a acl if a Client/User is connected to a specific AP Group. Therefore the location must match the group exactly.
    BUT it dont work in my 6.5.4.3 lab.

    I checked my Mobility Boot Camp sources and talked to a aruba trainer i know.
    It's exactly to use in this way.
    They configure it like this in every MBC Course, and it works.
    But they use a older 6.5.x code.

    I think we are running in a BUG with this function in newer 6.5.x releases.

    The last weeks I reseted the labs 6 times and build it ub again for training, but the location acl worked only one time.
    And in the working constelation i dont saw the user behind the RAP with #show user-table, the User only showed up in airwave.
    I dont know why...

    I just tried to use the location for RAP user roles (like teached in MBC), maybe it work on cap groups or on a differnt code.

    May I try a older version, or i call TAC....



  • 5.  RE: User Role Policy Location -> correct use??

    Posted Dec 02, 2017 11:01 AM

    Hi Mom.

     

    I use the OS 6.4 in my lab and have the same problem. I test in both (CAP group and RAP Group) and the location change automatic (name and /number).

     

    I'll try a few more times and I'll let you know.!