I have successfully setup radius authentication for my AD users. However, users are being assigned a guest role instead of the logon role that is set in the AAA profile for the radius authentication. I cannot determine what is superseding the role.
User "show user-table ip <ip address of user>" to see how the user got that role. In your AAA profile, the default 802.1x role should determine your user's role.
Ok i see the following in the reply
Role Derivation: default for authentication type 802.1x
Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role: n/aCurrent Role name: guest, role-how: 1, L2-role: guest, L3-role: guest
My AAA profile is set for Logon. I have looked at the 802.1x seetings but do not see where to assign the role. I am using mschap for 802.1x.
default-dot1x is set to logon.
In the auth column I see 802.1x and the Profile column shows the radius profile i created, but I have verified that logon is the role i have set for that AAA profile. However, the user roles are still guest.
Okay. Do you have the policy enforcement firewall license installed?
We purchased and installed 1 PEF license before we realized we needed one for every ap. I removed the initial license.
Understood. If we want to have radius authenticated users and a guest wireless captive portal with limited bandwidth for the guest, do we have to have the PEF licenses? Or, will bandwidth limitations be set for authenticated users as well?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.