We have DUR (Downloadable User Roles) working great - however, upon a switch reboot, we're seeing these deauthentications for all ports.
Most of the ports seem to come up eventually (assuming after the device talks to create traffic to initiate the MAC Auth), although we have the odd one where the only solution is to reboot the device (not idea with remote devices).
W 02/13/20 09:44:52 05630 dca: AM1: Faulty line: aaa authorization user-role name cppm-dur-role-name-3064-2_7Z4q .
W 02/13/20 09:44:52 05619 dca: AM1: macAuth Deauthenticating client 001755EA579B on port D20, downloaded user role cppm-dur-role-nam... is not valid as CLI execution Error.
W 02/13/20 09:44:52 05619 dca: AM1: macAuth Deauthenticating client 30B5C203317E on port D19, downloaded user role cppm-dur-role-nam... is not valid as CLI execution Error.
Is this expected on a reboot?
Looks to me that there is an error in the Downloadable role content for this specific user.
Doesn't sound like expected or how it should work. If you can't find the issue with this specific role (or roles if there are multiple), please work with Aruba support.
Thanks Herman. The role is very simple (literally just a vlan id and a permit-all ACL). It works fine (no errors) through version iterations and users connecting etc - so I think the role itself is fine - this error only happens on boot.
I'll log a call.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.