I've been dabbling with DURs on a 2930 switch runnnig 16.8.3
1st one worked just fine and I can drop a clie t device into . vlan called roaming with an allow all policy.
2nd one set up Per User Tunnelling Node link for a Chromecast deice tha tunneled data up to our ArubaOS 8 mobility controller.
I then went back to one supposedly for a dhcp fingerprinted AP to drop it into a VLAN with name VLAN_5
Unfortunately I end up with the following error message
"W 06/06/19 13:06:14 05204 dca: ST1-CMDR: Failed to apply user role to macAuth client 204C0340ED11 on port 2/13: user role is invalid."
How can I find out whats wrong with the DUR? Al I did was copy a working one and changed the word "roaming" to "local_5" ?
If I change DUR no (2) then the version number increases on the switch so I know its being downloaded.
Rgds
Alex
Profiles shown below
Downloadable profiles are shown below
1).
xb-as-2930-1# sh user-role download detail
Downloaded user roles are preceded by *
User Role Information
Name : *UoY_DUP_Roaming___090318-3120-26
Type : downloaded
Reauthentication Period (seconds) : 3600
Cached Reauth Period (seconds) : 0
Logoff Period (seconds) : 300
Untagged VLAN : roaming
Tagged VLAN :
Captive Portal Profile :
Policy : PERMIT-ALL_UoY_DUP_Roaming___090318-31...
Statements for policy "PERMIT-ALL_UoY_DUP_Roaming___090318-3120-26"
policy user "PERMIT-ALL_UoY_DUP_Roaming___090318-3120-26"
10 class ipv4 "IP-ANY-ANY_UoY_DUP_Roaming___090318-3120-26" action permit
exit
Statements for class IPv4 "IP-ANY-ANY_UoY_DUP_Roaming___090318-3120-26"
class ipv4 "IP-ANY-ANY_UoY_DUP_Roaming___090318-3120-26"
10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
Tunnelednode Server Redirect : Disabled
Secondary Role Name :
Device Attributes : Disabled
2).
User Role Information
Name : *ROLE_AOS_S_DUR__LOCAL5_DEVICES-3155-5
Type : downloaded
Reauthentication Period (seconds) : 28800
Cached Reauth Period (seconds) : 0
Logoff Period (seconds) : 300
Untagged VLAN : local_5
Tagged VLAN :
Captive Portal Profile :
Policy : PERMIT-ALL_ROLE_AOS_S_DUR__LOCAL5_DEVI...
Statements for policy "PERMIT-ALL_ROLE_AOS_S_DUR__LOCAL5_DEVICES-3155-5"
policy user "PERMIT-ALL_ROLE_AOS_S_DUR__LOCAL5_DEVICES-3155-5"
10 class ipv4 "IP-ANY-ANY_ROLE_AOS_S_DUR__LOCAL5_DEVICES-3155-5" action
permit
exit
Statements for class IPv4 "IP-ANY-ANY_ROLE_AOS_S_DUR__LOCAL5_DEVICES-3155-5"
class ipv4 "IP-ANY-ANY_ROLE_AOS_S_DUR__LOCAL5_DEVICES-3155-5"
10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
Tunnelednode Server Redirect : Disabled
Secondary Role Name :
Device Attributes : Disabled
3).
User Role Information
Name : *ROLE_AOS_S_DUR_T__AIRGROUP_DEVICES-31...
Type : downloaded
Reauthentication Period (seconds) : 3600
Cached Reauth Period (seconds) : 0
Logoff Period (seconds) : 300
Untagged VLAN :
Tagged VLAN :
Captive Portal Profile :
Policy :
Tunnelednode Server Redirect : Enabled
Secondary Role Name : airgroup_devices
Device Attributes : Disabled
xb-as-2930-1#