If it isn't reported, and confirmed as a bug, there is little chance this behavior will be changed. As there seems to be a working solution by removing the profile, and re-adding, this may even be by design. To find out, and possibly get it addressed, you should report this to TAC.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jan 09, 2025 11:55 AM
From: davidrickard
Subject: AirGroup disallow-vlan and disallow-role
This is still a problem, I have just fallen foul of this bug in AOS 8.10.0.14, four years later.
Original Message:
Sent: Feb 12, 2021 05:18 PM
From: cscottrun
Subject: AirGroup disallow-vlan and disallow-role
Thank you cjoseph,
I did look through that document as well.
They show the GUI interface for adding the disallow VLAN or disallow role commands. In their example, they left the service blank, which shows "--" in the table. I'd like to know, does leaving service blank cause it disallow all services for that VLAN or role?
I do think there may be a bug here, because if you recreate their screenshot by not specifying a service name, it creates this config:
(AirGroup Profile Profile "TestProfile") #disallow-vlan 1 type users service "" [empty quotes where the service name/s would be]
...which then creates a situation where you cannot remove that line from the config through the CLI or the GUI without deleting the entire AirGroup profile:
(AirGroup Profile Profile "TestProfile") #no disallow-vlan 1 type users service ""
^
Error : Expecting string of length 1 to 256
------------------------------
Cory Scott
Original Message:
Sent: Feb 12, 2021 03:35 PM
From: Colin Joseph
Subject: AirGroup disallow-vlan and disallow-role
I think the Airgroup Service Deployment Guide on asp.arubanetworks.com here: https://asp.arubanetworks.com/downloads/documents/RmlsZTphYjE4MmJlYS0wNzFlLTExZWItODE2Zi1kM2IyZWU0NjNjZGY%3D will answer this and more questions better than the cli bank.
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
Original Message:
Sent: Feb 10, 2021 08:58 PM
From: Cory Scott
Subject: AirGroup disallow-vlan and disallow-role
Hello,
I have six managed controllers in three locations running 8.7.1.0. I'd like to turn on AirGroup for one particular SSID (one VLAN) that exists on all three controllers. I'm unclear on how best to limit the service to just the one SSID or VLAN.
The user guide says I can disallow AirGroup by VLAN or by Role, and the CLI guide shows the commands here.
But I'm unclear on how the disallow-vlan command works exactly.
airgroupprofile "My_AirGroup"
disallow-vlan 1 type users service __?_____
disallow-vlan 1 type servers service __?____
~or~
disallow-role "guest" type users service __?____
disallow-role "guest" type server service __?____
Do I need to include a disallow- line for every possible vlan/type/service or role/type/service combination where I don't want to run AirGroup? This seems like it could create a long list very quickly. I do not see a way to use a wildcard or "all" for the service name for disallow-vlan or disallow-role (would it work to enter the "allowall" service name here?). It seems problematic that if a new role or VLAN is created in the future, someone would need to remember to add it to this disallow list.
Is there a more efficient way to do this that I'm missing, to enable AirGroup for just one specific SSID, VLAN or Role?
Thank you!
------------------------------
Cory Scott
------------------------------