Depends on your Scenario.
When a user connects to an SSID, they are first placed in a Default Role. This role determines whether they can proceed with authentication (e.g., reach a captive portal, ClearPass, or an external authentication server).
You also have a, "so known role" called Post-Authentication Role, which can be pushed via Derivation (in example if you have Clearpass or any Radius Server pushing a VSA and doing Change of Authorization). In this case, if authentication succeeds, ClearPass or the Aruba controller can change the user role based on policy enforcement (such as: guest, employee, contractor or in your case "Corp_Emp_Role"). If authentication fails, the Default Role can apply restrictions (such as:, blocking access or redirecting to remediation or showing a splash screen with a message as a captive portal, etc).
------------------------------
Shpat | ACEP | ACMP | ACCP | ACDP |
-Just an Aruba enthusiast and contributor by cases-
------------------------------
Original Message:
Sent: Feb 12, 2025 10:56 AM
From: pabene
Subject: Default Role
I have a quick question regarding roles on the Mobility Conductor side. Is there a specific role that should be configured as the "Default Role" when configuring the WLAN? The role we have there now is "Corp_Emp_Role", which is the role users have when they are fully authenticated to the Corporate WLAN. Should the Default Role be something else, such as "guest"? Hope my question makes sense. Not sure TAC would be of any help with this question.
------------------------------
Peter
------------------------------