what are user-how and vlan-how parameter in the output "show user mac

By AnandKumar Sukumar posted Jun 26, 2014 08:46 AM


What does user-how and vlan-how values in "show user mac <mac-addr> and show user ip <ip-addr> command points to.


This article applies to all aruba controller and OS versions


The output of the show user mac <mac-addr> and show user ip <ip-addr> commands include the following information.

(host) (config) show user mac 08-00-27-00-5C-15

Name: host/server.example.org, IP:, MAC: 08-00-27-00-5C-15, Role:visd_logon, ACL:67/0, Age: 00:00:09

Authentication: Yes, status: successful, method: 8021x-Machine, protocol: EAP-PEAP, server: Authserv1

Bandwidth = No Limit

Bandwidth = No Limit

Role Derivation: default for authentication type 8021x-Machine

VLAN Derivation: Matched user rule

Idle timeouts: 0, ICMP requests sent: 0, replies received: 0, Valid ARP: 0

Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0

Flags: internal=0, trusted_ap=0, l3auth=0, mba=0

Flags: innerip=0, outerip=0, guest=0, download=1, nodatapath=0, wispr=0

Auth fails: 0, phy_type: a-HT, reauth: 0, BW Contract: up:0 down:0, user-how: 1

Vlan default: 117, Assigned: 116, Current: 116 vlan-how: 1

The role-how and vlan-how parameters in the output of this command display a code that corresponds to the following values:


Role Derivation Code Description
0 Default logon role
1 Default user role for authentication type
2 Role derived from server rules
3 Role derived from user rules
4 Predefined Guest role
5 Role inherited from station
6 Forced fole
7 Role derived from Aruba vendor-specific attribute (VSA)
8 RFC 3576 (Change of Authorization) role
9 Role derived from external captive portal
10 Default role from AAA profile
11 Role assigned by an Extended Service Interface (ESI) server group

VLAN Derivation Code Description
1 VLAN derived from user rule
2 VLAN derived from user role
3 VLAN derived from server rule
4 VLAN derived from Aruba vendor-specific attribute (VSA)
5 VLAN derived from Microsoft Tunnel attributes (Tunnel-Type, Tunnel Medium Type, and Tunnel Private Group ID)
6 VLAN assigned from derived role


1 comment
1 view


Jan 30, 2015 11:06 PM

Vlan derivation code 1 and 2 are shown same