Could it be that you have Role Assignment in your SSID configuration? It may be that there is a role assignment that for specific device types changes the role, that may happen in the middle of the session. I would make sure there are no VLAN Assignment Rules and no Role Assignment Rules to start with. Then just use the Aruba VSAs: Aruba-User-Role and Aruba-User-VLAN, which are both applied even if there are no assignment rules.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jan 03, 2025 01:25 PM
From: ricardoduarte
Subject: Clients are reverting to SSID role after some minutes
Hi there,
Currently facing an issue where some clients will receive a role from ClearPass (aruba-user-role VSA), apply it but after some minutes get into the SSID role.
There is no activity on ClearPass other than Accounting-Stop and Accounting-Start (with a new session-id) when this happens. No Access-Req is present.
- Client connects; ClearPass answers with aruba-usr-vsa = user-role; IAP shows role = user-role for the client
- Then, after some minutes, client role becomes equal to the SSID name
- Disconnecting the client (trashcan icon in client list) forces a new reauth and the role gets again equal to user-role
- But then again after some minutes ir reverts back to SSID name
Any idea what can be the issue here?
Thanks