we use server rules that flow from a NAC server for authentication. the rules look like this
filter-id equals aruba:version=1:policy=computer string set role computer
my question is : if the set role value "computer" is not a role available in the Aruba mobility master what is the default role? would it be guest?
If a role does not exist on a controller (or responding section in the MM device tree), for 802.1X authentication the 802.1X default role is applied, similar for MAC auth, and if no authentication happens (or auth fails and authentication fail-through is enabled) the initial role is applied. Each of these can be configured in the AAA profile:
Recommended is to return a role (or derive, as you do) during the authentication.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.