Wireless Access

Occasional Contributor II

User Rules not updating user role

Hi All. I have a VAP for an SSID (test_ssid) which has a User Derivation rule within the AAA profile which says:

set role condition essid equals test_ssid and go to a role that we've setup.

However, when a user connects to this SSID, they are still getting the logon role - and not matching this rule and subsequently getting the role correct. What is particularly odd, is that under User Rules, it is showing a Hit, but the clients aren't following the role assigned.

I've checked it against VAPs/AAA/User Derivation on the same site and it is exactly the same.

This is a bridged VAP also.

Any ideas or suggestions?

Occasional Contributor II

Re: User Rules not updating user role

i've been doing some user debugging - this only happens on the bridged. Tunnel is fine. From what I can see in the logs:


Sep 23 12:09:33 :522260:  <DBUG> |authmgr|  "VDR - Cur VLAN updated cc:20:e8:ce:70:3b mob 0 inform 1 remote 1 wired 0 defvlan 254 exportedvlan 0 curvlan 254.
Sep 23 12:09:33 :522096:  <DBUG> |authmgr|  cc:20:e8:ce:70:3b: Sending STM new Role ACL : 2, and Vlan info: 254, action : 10, AP IP:, flags : 0 idle-timeout: 300
Sep 23 12:09:33 :522242:  <DBUG> |authmgr|  MAC=cc:20:e8:ce:70:3b Station Created Update MMS: BSSID=24:de:c6:51:a2:9a ESSID=Fareham_Test254_Aruba VLAN=254 AP-name=Fareham
Sep 23 12:09:33 :522301:  <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0xf946df20db20000e mac cc:20:e8:ce:70:3b name  role logon devtype  wired 0 authtype 0 subtype 0  encrypt-type 9 conn-port 0 fwd-mode 1
Sep 23 12:09:40 :522145:  <DBUG> |authmgr|  handle_rap_bridge_user(): Entered. MAC:cc:20:e8:ce:70:3b, IP:, apName:Fareham action:2 acl:logon.
Sep 23 12:09:40 :522287:  <DBUG> |authmgr|  Auth GSM : MAC_USER publish for mac cc:20:e8:ce:70:3b bssid 24:de:c6:51:a2:9a vlan 254 type 1 data-ready 0
Sep 23 12:09:40 :522157:  <INFO> |authmgr|  Update wireless bridge-mode user: username= MAC=cc:20:e8:ce:70:3b IP= AP=Fareham aclnum=2.
Sep 23 12:09:40 :522063:  <DBUG> |authmgr|  AP-Bridge-Wireless User: mac:cc:20:e8:ce:70:3b dot1x:0, keytype:9(static-wpa2-aes)
Sep 23 12:09:40 :522158:  <DBUG> |authmgr|  Role Derivation for user N/A-cc:20:e8:ce:70:3b- N/A Set AAA profile defaults.
Sep 23 12:09:40 :522158:  <DBUG> |authmgr|  Role Derivation for user N/A-cc:20:e8:ce:70:3b- logon Unknown role event.


It's defaulting to logon. If i change the initial role.... it works fine. Just not following this Rule.

Guru Elite

Re: User Rules not updating user role

What rule?
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: