Full config file attached.
CRA_IAP_Employee is the SSID I'm having issues with.
Default access role woudl be "CRA_IAP_Employee"
Access role I'm trying to apply is "CRA_Instant"
The SSID config tab for Access Rules , as viewed in the GUI, defaults to Network-based. Reading from prior posts this is expected and as-designed.
What I'm not sure of, is if I send a RADIUS request to change the role from default, will the config change to role based?
Here are the config portions that may be of interest (not in order shown in config file):
wlan ssid-profile CRA_IAP_Employee
enable
index 1
type employee
essid CRA_IAP_Employee
opmode wpa2-aes
max-authentication-failures 0
vlan 15
auth-server clearpasscra
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
wlan access-rule CRA_Instant
index 2
rule any any match any any any permit
wlan access-rule CRA_IAP_Employee
index 3
captive-portal external profile Employee
rule any any match any any any permit
rule 10.1.100.128 255.255.255.255 match tcp 443 443 permit
rule 10.1.100.128 255.255.255.255 match tcp 80 80 permit
rule 173.194.0.0 255.255.0.0 match tcp 443 443 permit
rule 74.125.0.0 255.255.0.0 match tcp 443 443 permit
rule 209.85.0.0 255.255.0.0 match tcp 443 443 permit
rule any any match any any any deny
wlan auth-server clearpasscra
ip 10.1.100.128
port 1812
acctport 1813
key 3ab42c4060d6db48e5882ecb4b2a0e696756c5120a1185ff
rfc3576
cppm-rfc3576-port 5999
wlan external-captive-portal Employee
server 10.1.100.128
port 443
url "/guest/landing.php/device_provisioning2.php"
auth-text ""
auto-whitelist-disable
https