Wireless Access

Currently a client is using Bradford campus manager (AAA) to tell aruba which role to put clients in. They would like to change the AP's to bridge mode. 

Currently, the role assignement and associated role vlan assignment works correctly in tunnel mode. Once the AP's are switched to bridge mode, the client is given the correct role but the vlan assigment shows "vlan default". Below is the output from the same client on tunnel and bridge mode. Any thoughgts? 

TUNNELED FACULTY

Nov 1 18:04:24 :522036: <INFO> |authmgr| MAC=20:c9:d0:64:a9:d9 Station DN: BSSID=00:0b:86:7a:1a:00 ESSID=FACULTY VLAN=18 AP-name=AP-COLLEGE-1
Nov 1 18:04:24 :522004: <DBUG> |authmgr| MAC=20:c9:d0:64:a9:d9 ingress 0x10a6 (tunnel 38), u_encr 32, m_encr 32, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
Nov 1 18:04:24 :522004: <DBUG> |authmgr| station free: bssid=00:0b:86:7a:1a:00, valid=1, @=0x107ca404
Nov 1 18:04:33 :522035: <INFO> |authmgr| MAC=20:c9:d0:64:a9:d9 Station UP: BSSID=00:0b:86:7a:1a:00 ESSID=FACULTY VLAN=97 AP-name=AP-COLLEGE-1
Nov 1 18:04:33 :522004: <DBUG> |authmgr| MAC=20:c9:d0:64:a9:d9 ingress 0x10a6 (tunnel 38), u_encr 32, m_encr 32, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
Nov 1 18:04:33 :522004: <DBUG> |authmgr| station add: Created station with bssid=00:0b:86:7a:1a:00, valid=1, @=0x107ca404
Nov 1 18:04:33 :522004: <DBUG> |authmgr| MAC=20:c9:d0:64:a9:d9 IP=0.0.0.0: MAC auth start: entry-type=L2, bssid=00:0b:86:7a:1a:00, essid=FACULTY sg=CampusManagerGroup
Nov 1 18:04:33 :522035: <INFO> |authmgr| MAC=20:c9:d0:64:a9:d9 Station UP: BSSID=00:0b:86:7a:1a:00 ESSID=FACULTY VLAN=97 AP-name=AP-COLLEGE-1
Nov 1 18:04:33 :522004: <DBUG> |authmgr| MAC=20:c9:d0:64:a9:d9 ingress 0x10a6 (tunnel 38), u_encr 32, m_encr 32, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
Nov 1 18:04:33 :522004: <DBUG> |authmgr| station add: Found station with bssid=00:0b:86:7a:1a:00, valid=1, @=0x107ca404
Nov 1 18:04:33 :522038: <INFO> |authmgr| username=20:C9:D0:64:A9:D9 MAC=20:c9:d0:64:a9:d9 IP=0.0.0.0 Authentication result=Authentication Successful method=MAC server=CampusManager
Nov 1 18:04:33 :522004: <DBUG> |authmgr| MAC=20:c9:d0:64:a9:d9 IP=0.0.0.0: MAC auth success: entry-type=L2, bssid=00:0b:86:7a:1a:00
Nov 1 18:04:33 :522042: <INFO> |authmgr| MAC=20:c9:d0:64:a9:d9 Station authenticate(start): method=MAC, role=denyall//, VLAN=97/97/0/0/0, Derivation=10/0, Value Pair=1
Nov 1 18:04:33 :522016: <INFO> |authmgr| MAC=20:c9:d0:64:a9:d9 IP=0.0.0.0 Derived role 'CM-Faculty' from Aruba VSA
Nov 1 18:04:33 :522004: <DBUG> |authmgr| {L2} Update role from denyall to CM-Faculty for IP=0.0.0.0
Nov 1 18:04:33 :522004: <DBUG> |authmgr| download: ip=0.0.0.0 acl=49/0 role=CM-Faculty, Ubwm=0, Dbwm=0 tunl=0x10a6, PA=0, HA=1, RO=0, VPN=0
Nov 1 18:04:33 :522004: <DBUG> |authmgr| Station authenticate has l2 role :CM-Faculty default role denyall logon role logon
Nov 1 18:04:33 :522004: <DBUG> |authmgr| Valid Dot1xct, remote:0, assigned:18, default:97,current:97,termstate:0, wired:0,dot1x enabled:1, psk:1 static:0 bssid=00:0b:86:7a:1a:00
Nov 1 18:04:33 :522004: <DBUG> |authmgr| 20:c9:d0:64:a9:d9: Sending STM new vlan info: vlan 18, AP 00:0b:86:7a:1a:00
Nov 1 18:04:33 :522029: <INFO> |authmgr| MAC=20:c9:d0:64:a9:d9 Station authenticate: method=MAC, role=CM-Faculty//, VLAN=97/18/18/0/0, Derivation=7/6, Value Pair=1
Nov 1 18:04:33 :522008: <NOTI> |authmgr| User authenticated: Name=20:C9:D0:64:A9:D9 MAC=20:c9:d0:64:a9:d9 IP=172.18.200.26 method=MAC server=CampusManager role=CM-Faculty
Nov 1 18:04:33 :522004: <DBUG> |authmgr| {172.18.200.26} autTable ("20:C9:D0:64:A9:D9 Authenticated MAC CM-Faculty ")
Nov 1 18:04:33 :522004: <DBUG> |authmgr| {0.0.0.0} autTable ("20:C9:D0:64:A9:D9 Authenticated MAC CM-Faculty ")
Nov 1 18:04:33 :522004: <DBUG> |authmgr| MAC=20:c9:d0:64:a9:d9 def_vlan 97 derive vlan: 18 auth_type 2 auth_subtype 2

CONNECT BRIDGE

Nov 1 18:05:55 :522036: <INFO> |authmgr| MAC=20:c9:d0:64:a9:d9 Station DN: BSSID=00:0b:86:7a:1a:00 ESSID=FACULTY VLAN=18 AP-name=AP-COLLEGE-1
Nov 1 18:05:55 :522004: <DBUG> |authmgr| MAC=20:c9:d0:64:a9:d9 ingress 0x10a6 (tunnel 38), u_encr 32, m_encr 32, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
Nov 1 18:05:55 :522004: <DBUG> |authmgr| station free: bssid=00:0b:86:7a:1a:00, valid=1, @=0x107ca404
Nov 1 18:05:55 :522035: <INFO> |authmgr| MAC=20:c9:d0:64:a9:d9 Station UP: BSSID=00:0b:86:73:b6:28 ESSID=bridgetest VLAN=1 AP-name=test-bridged
Nov 1 18:05:55 :522004: <DBUG> |authmgr| MAC=20:c9:d0:64:a9:d9 ingress 0x0 (vlan 0), u_encr 1, m_encr 1, slotport 0x1040 , type: remote, FW mode: 1, AP IP: 192.168.90.245
Nov 1 18:05:55 :522004: <DBUG> |authmgr| AU1(2), HA1, TAP0, PARP0 OIP0 IIP0 INT0 WD0 FW0 DT1
Nov 1 18:05:55 :522004: <DBUG> |authmgr| MAC=20:c9:d0:64:a9:d9 IP=172.18.200.26 Send mobility delete message, flags=0x0
Nov 1 18:05:55 :522004: <DBUG> |authmgr| {172.18.200.26} datapath entry deleted
Nov 1 18:05:56 :522005: <INFO> |authmgr| MAC=20:c9:d0:64:a9:d9 IP=172.18.200.26 User entry deleted: reason=User Reconnect Cleanup
Nov 1 18:05:56 :522004: <DBUG> |authmgr| MAC=20:c9:d0:64:a9:d9 Send Station delete message to mobility
Nov 1 18:05:56 :522004: <DBUG> |authmgr| 20:c9:d0:64:a9:d9: station datapath entry deleted
Nov 1 18:05:56 :522004: <DBUG> |authmgr| station add: Created station with bssid=00:0b:86:73:b6:28, valid=1, @=0x107ac66c
Nov 1 18:05:56 :522004: <DBUG> |authmgr| MAC=20:c9:d0:64:a9:d9 IP=0.0.0.0: MAC auth start: entry-type=L2, bssid=00:0b:86:73:b6:28, essid=bridgetest sg=CampusManagerGroup
Nov 1 18:05:56 :522038: <INFO> |authmgr| username=20:C9:D0:64:A9:D9 MAC=20:c9:d0:64:a9:d9 IP=0.0.0.0 Authentication result=Authentication Successful method=MAC server=CampusManager
Nov 1 18:05:56 :522004: <DBUG> |authmgr| MAC=20:c9:d0:64:a9:d9 IP=0.0.0.0: MAC auth success: entry-type=L2, bssid=00:0b:86:73:b6:28
Nov 1 18:05:56 :522042: <INFO> |authmgr| MAC=20:c9:d0:64:a9:d9 Station authenticate(start): method=MAC, role=denyall//, VLAN=1/0/0/0/0, Derivation=10/0, Value Pair=1
Nov 1 18:05:56 :522016: <INFO> |authmgr| MAC=20:c9:d0:64:a9:d9 IP=0.0.0.0 Derived role 'CM-Faculty' from Aruba VSA
Nov 1 18:05:56 :522004: <DBUG> |authmgr| {L2} Update role from denyall to CM-Faculty for IP=0.0.0.0
Nov 1 18:05:56 :522004: <DBUG> |authmgr| station_authenticate : Sending SOS_USER_ACTION_SETACL for updation to RAP 192.168.90.245: IP=0.0.0.0, Role: CM-Faculty, ACL:49, authtype:2, ingress=4160
Nov 1 18:05:56 :522004: <DBUG> |authmgr| 20:c9:d0:64:a9:d9: Sending STM new Role ACL : 49, and Vlan info: 1, action : 10, AP IP: 192.168.90.245, flags : 0
Nov 1 18:05:56 :522004: <DBUG> |authmgr| Station authenticate has l2 role :CM-Faculty default role denyall logon role logon
Nov 1 18:05:56 :522004: <DBUG> |authmgr| No dot1xctx, remote:1, assigned:18, default:1,current:0,termstate:0, wired:0,dot1x enabled:1, psk:0 static:0 bssid=00:0b:86:73:b6:28
Nov 1 18:05:56 :522004: <DBUG> |authmgr| Vlan assignment is not needed during station authentication
Nov 1 18:05:56 :522029: <INFO> |authmgr| MAC=20:c9:d0:64:a9:d9 Station authenticate: method=MAC, role=CM-Faculty//, VLAN=1/0/0/0/0, Derivation=7/6, Value Pair=1
Nov 1 18:05:56 :522004: <DBUG> |authmgr| {0.0.0.0} autTable ("20:C9:D0:64:A9:D9 Authenticated MAC CM-Faculty ")

VLAN derivation is not supported in Bridged mode, unfortunately.

Is there any where that I can find that officially in writing? I need to relay this information to the client. Thanks

---

@jclingan wrote:

Is there any where that I can find that officially in writing? I need to relay this information to the client. Thanks

---

If you open a support case, they can give you an official statement about your specific deployment and specific version of code.

This is a forum where anyone can give advice.  Support can give you an official statement.

I' m currently on with support and they are searching for an official document. Thanks!