i have a Lab running a 3600 and two AP105 with 6.4.x. Now i have created a AP Group with a SSID and that vap_prof uses the internal DB for Users with aaa_prof. So far so fine - If my user exist i become authenticated. Now i wanna configure a Rule set to a new "Role" and i've added the user in the local DB to this role but as the AAA Profile says in the SSID the user become authenticated the role never works. If i change the aaa_prof to my new Role it worked but not only for this user - for all instead. So i dunno currently how to get the interal DB Role running with a AAA profile. Do someone running this scenario ? I've only tested this with Server derivation Rule and a extern Radius which assign the rolename.
Thanks for Feedback
In your AAA profile, make sure you are using the default server group and that the default server group has the "set role condition..." rule attached to it. The "set role condition role value-of" is the rule that says, return the role that the internal user has defined. If you are using a server group without that rule present for authentication, it will only return the default role for that AAA profile.
aaa server-group "default"
set role condition role value-of
Thanks for Feedback. I was using a different profile because i used a wizard before :-) So there was no Rule inside and that was the fault.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.