I am working a deployment where the customer is running Amigopood 3.9. Amigopod is joined to the domain and can authenticate users. The customer wants to allow employees in AD to logon to both their 802.1X network as well as their Guest network. Both currently work, however role assignment is not ideal at the moment.
The goal is to allow employees to use the Guest network, but be assigned a guest role within Aruba; while being assigned an employee role when on the corporate SSID.
My first question is whether the conditional role assignments should be done within the Active Directory definition (thus assigning an appropriate Amigopod Role that will present the Aruba VSA) or should a single static Amigopod Role be used to assign the appropriate Aruba-User-Role VSA based upon a conditional expression using the Aruba-Essid-Name attribute?
I've attempted various configurations, but just can't seem to get both to work. I can get roles assigned using the Aruba-Essid-Name condition, however, I can't seem to get multiple to work.
The user guides have an example of doing this with Aruba-User-Vlan; which I've tried to replicate unsuccessfully. Any thoughts or pointers are appreciated.