Wireless Access

Reply
mom
Contributor II

User Role Policy Location -> correct use??

Hello all!

 

How do we use the location field under "Security > User Roles > Edit Role" correctly?
My idea is to force a ACL only if a user is connected to an specific AP GROUP.

If i enter the AP Group, after clicking "Apply", the name gets changed from upper to lowercase only and a controller specific digit is added after an slash.

role.JPGgroup.JPG

How do we use this field?

 

Thank you!

 

 

Best regards
Matthias
mom
Contributor II

Re: User Role Policy Location -> correct use??

Hello!

 

I diged out my aruba MBC documents, and there is the acl enforcement based on ap gorup location descibed like I posted above.

I've got runnig 7030 controllers with RAP-203r in my lab.
The SSID of my RAP VAP is set to split-tunnel and my split tunneling ACL ist tied to the user role as on the screen shot's above.

 

If I remove the AP Group out of the location field, the split tunnel acl got hits immediately after master controller and locals are synced.
The split tunnel traffic goes as expected to the gateway of the RAP.

 

If I set it back, the whole traffic breakes out at the controller again.

 

My LAB runs on 6.5.4.3, are there known issues with the acl location field at the role configuration?

 

As we get teached at MBC - this must run.

 

Thank you!

 

 

Best regards
Matthias
Occasional Contributor I

Re: User Role Policy Location -> correct use??

Hi Mom. I have the same problem. You resolve this problem? I can not find anything about the location field in the documentation.

mom
Contributor II

Re: User Role Policy Location -> correct use??

Hi!
The location could be used to deploy a acl if a Client/User is connected to a specific AP Group. Therefore the location must match the group exactly.
BUT it dont work in my 6.5.4.3 lab.

I checked my Mobility Boot Camp sources and talked to a aruba trainer i know.
It's exactly to use in this way.
They configure it like this in every MBC Course, and it works.
But they use a older 6.5.x code.

I think we are running in a BUG with this function in newer 6.5.x releases.

The last weeks I reseted the labs 6 times and build it ub again for training, but the location acl worked only one time.
And in the working constelation i dont saw the user behind the RAP with #show user-table, the User only showed up in airwave.
I dont know why...

I just tried to use the location for RAP user roles (like teached in MBC), maybe it work on cap groups or on a differnt code.

May I try a older version, or i call TAC....

Best regards
Matthias
Occasional Contributor I

Re: User Role Policy Location -> correct use??

Hi Mom.

 

I use the OS 6.4 in my lab and have the same problem. I test in both (CAP group and RAP Group) and the location change automatic (name and /number).

 

I'll try a few more times and I'll let you know.!

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: