Wireless Access

Reply
Occasional Contributor II
Posts: 16
Registered: ‎05-16-2014

User Rules not updating user role

[ Edited ]

Hi All. I have a VAP for an SSID (test_ssid) which has a User Derivation rule within the AAA profile which says:

set role condition essid equals test_ssid and go to a role that we've setup.

However, when a user connects to this SSID, they are still getting the logon role - and not matching this rule and subsequently getting the role correct. What is particularly odd, is that under User Rules, it is showing a Hit, but the clients aren't following the role assigned.

I've checked it against VAPs/AAA/User Derivation on the same site and it is exactly the same.

This is a bridged VAP also.

Any ideas or suggestions?

Occasional Contributor II
Posts: 16
Registered: ‎05-16-2014

Re: User Rules not updating user role

i've been doing some user debugging - this only happens on the bridged. Tunnel is fine. From what I can see in the logs:

 

Sep 23 12:09:33 :522260:  <DBUG> |authmgr|  "VDR - Cur VLAN updated cc:20:e8:ce:70:3b mob 0 inform 1 remote 1 wired 0 defvlan 254 exportedvlan 0 curvlan 254.
Sep 23 12:09:33 :522096:  <DBUG> |authmgr|  cc:20:e8:ce:70:3b: Sending STM new Role ACL : 2, and Vlan info: 254, action : 10, AP IP: 192.168.0.170, flags : 0 idle-timeout: 300
Sep 23 12:09:33 :522242:  <DBUG> |authmgr|  MAC=cc:20:e8:ce:70:3b Station Created Update MMS: BSSID=24:de:c6:51:a2:9a ESSID=Fareham_Test254_Aruba VLAN=254 AP-name=Fareham
Sep 23 12:09:33 :522301:  <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0xf946df20db20000e mac cc:20:e8:ce:70:3b name  role logon devtype  wired 0 authtype 0 subtype 0  encrypt-type 9 conn-port 0 fwd-mode 1
Sep 23 12:09:40 :522145:  <DBUG> |authmgr|  handle_rap_bridge_user(): Entered. MAC:cc:20:e8:ce:70:3b, IP:172.25.254.170, apName:Fareham action:2 acl:logon.
Sep 23 12:09:40 :522287:  <DBUG> |authmgr|  Auth GSM : MAC_USER publish for mac cc:20:e8:ce:70:3b bssid 24:de:c6:51:a2:9a vlan 254 type 1 data-ready 0
Sep 23 12:09:40 :522157:  <INFO> |authmgr|  Update wireless bridge-mode user: username= MAC=cc:20:e8:ce:70:3b IP=172.25.254.170 AP=Fareham aclnum=2.
Sep 23 12:09:40 :522063:  <DBUG> |authmgr|  AP-Bridge-Wireless User: mac:cc:20:e8:ce:70:3b dot1x:0, keytype:9(static-wpa2-aes)
Sep 23 12:09:40 :522158:  <DBUG> |authmgr|  Role Derivation for user N/A-cc:20:e8:ce:70:3b- N/A Set AAA profile defaults.
Sep 23 12:09:40 :522158:  <DBUG> |authmgr|  Role Derivation for user N/A-cc:20:e8:ce:70:3b- logon Unknown role event.

 

It's defaulting to logon. If i change the initial role.... it works fine. Just not following this Rule.

Guru Elite
Posts: 21,576
Registered: ‎03-29-2007

Re: User Rules not updating user role

What rule?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: