When authenticating users on AOS-switches there are two approaches:
If I am not going to use per-user tunneled-node, which imposes the switch to use role-based authorization, which approach shall I use? Which one is better? What are the upsides and downsides of each one?
Role based is almost always recommended, you do not need to do user-based tunneling to use user roles. We've added many attributes to user roles as well in ArubaOS-Switch 16.08. It's much easier to pass a user role back than multiple VSAs.
User roles can contain:
Port-mode (for APs)
However, either way will work.
Link to User role section in the Access Security Guide.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.