Hi all,
I have some problem about WLAN controller and 3th party AP. I connected AP to Aruba interface and config it as untrusted port then I connected PC with 802.1x authentication after passed authentication Aruba controller didn’t apply role from radius response its got the default role from stateful-dot1x configuration.
interface gigabitethernet 1/3
description "GE1/3"
trusted vlan 1-4092
switchport mode trunk
aaa authentication-server radius "IAS"
host "172.20.43.131"
key xxxxxx
aaa server-group "3th_AP"
auth-server IAS
set role condition Reply-Message contains "pidgroup" set-value pidgroup
aaa authentication stateful-dot1x
default-role "authenticated"
server-group "3th_AP"
enable
UNKNOWN ATTRIBUTE
Jun 25 03:13:08 :124004: <DBUG> |authmgr| NAS_IDENTIFIER_ID:
Jun 25 03:13:08 :124004: <DBUG> |authmgr| NAS_IP_ADDRESS
Jun 25 03:13:08 :124004: <DBUG> |authmgr| UNKNOWN ATTRIBUTE
Jun 25 03:13:08 :124004: <DBUG> |authmgr| USERNAME
Jun 25 03:13:08 :124004: <DBUG> |authmgr| CALLING_STATION_ID
Jun 25 03:13:08 :124004: <DBUG> |authmgr| CALLED_STATION_ID
Jun 25 03:13:08 :124004: <DBUG> |authmgr| UNKNOWN ATTRIBUTE
Jun 25 03:13:08 :124004: <DBUG> |authmgr| EAP_MESSAGE
Jun 25 03:13:08 :124004: <DBUG> |authmgr| UNKNOWN ATTRIBUTE
Jun 25 03:13:08 :124004: <DBUG> |authmgr| Forwarding to the Radius Server(172.20.43.131) len:0
Jun 25 03:13:08 :124004: <DBUG> |authmgr| Forwarding the Radius packet after stateful dot1x processing code:1/smac:00:24:a8:88:4b:8e/sport:32769/dport:1812
Jun 25 03:13:08 :124004: <DBUG> |authmgr| Received Valid Radius Reponse
Jun 25 03:13:08 :124004: <DBUG> |authmgr| EAP MESSAGE
Jun 25 03:13:08 :124004: <DBUG> |authmgr| Forwarding the Radius Response to AP:172.20.43.11 len:0
Jun 25 03:13:08 :124004: <DBUG> |authmgr| Forwarding the Radius packet after stateful dot1x processing code:11/smac:00:0c:29:b0:48:5c/sport:1812/dport:32769
Jun 25 03:13:08 :124004: <DBUG> |authmgr| UNKNOWN ATTRIBUTE
Jun 25 03:13:08 :124004: <DBUG> |authmgr| NAS_IDENTIFIER_ID:
Jun 25 03:13:08 :124004: <DBUG> |authmgr| NAS_IP_ADDRESS
Jun 25 03:13:08 :124004: <DBUG> |authmgr| UNKNOWN ATTRIBUTE
Jun 25 03:13:08 :124004: <DBUG> |authmgr| USERNAME
Jun 25 03:13:08 :124004: <DBUG> |authmgr| CALLING_STATION_ID
Jun 25 03:13:08 :124004: <DBUG> |authmgr| CALLED_STATION_ID
Jun 25 03:13:08 :124004: <DBUG> |authmgr| UNKNOWN ATTRIBUTE
Jun 25 03:13:08 :124004: <DBUG> |authmgr| EAP_MESSAGE
Jun 25 03:13:08 :124004: <DBUG> |authmgr| UNKNOWN ATTRIBUTE
Jun 25 03:13:08 :124004: <DBUG> |authmgr| Forwarding to the Radius Server(172.20.43.131) len:0
Jun 25 03:13:08 :124004: <DBUG> |authmgr| Forwarding the Radius packet after stateful dot1x processing code:1/smac:00:24:a8:88:4b:8e/sport:32769/dport:1812
Jun 25 03:13:08 :124004: <DBUG> |authmgr| Received Valid Radius Reponse
Jun 25 03:13:08 :124004: <DBUG> |authmgr| EAP MESSAGE
Jun 25 03:13:08 :124004: <DBUG> |authmgr| {L2} Authenticating Server is IAS
Jun 25 03:13:08 :199802: <ERRS> |authmgr| user.c, derive_role2:5623: {38:e7:d8:e7:6a:dc-??} Missing server group in attribute list, auth=Stateful-802.1x, utype=L2
Jun 25 03:13:08 :124004: <DBUG> |authmgr| Adding user: 1090e3b4 (38:e7:d8:e7:6a:dc:0.0.0.0:pid2) to ap group: ap group id: 0
Jun 25 03:13:08 :124004: <DBUG> |authmgr| Tx message to Sibyte. Opcode = 17, msglen = 188
Jun 25 03:13:08 :124004: <DBUG> |authmgr| MM: mac=38:e7:d8:e7:6a:dc, state=3, name=pid2, role=authenticated, dev_type=, ip=0.0.0.0
Jun 25 03:13:08 :124004: <DBUG> |authmgr| Forwarding the Radius Response to AP:172.20.43.11 len:0
Jun 25 03:13:08 :124004: <DBUG> |authmgr| Forwarding the Radius packet after stateful dot1x processing code:2/smac:00:0c:29:b0:48:5c/sport:1812/dport:32769
Jun 25 03:13:08 :124004: <DBUG> |authmgr| Tx message to Sibyte. Opcode = 21, msglen = 128
Jun 25 03:13:08 :124004: <DBUG> |authmgr| MAC: 38:e7:d8:e7:6a:dc, No L2 auth configured, L2 Deauthenticate skipped for station.
Jun 25 03:13:10 :124004: <DBUG> |authmgr| Create ipuser 0x0x1095b374 for user 0x0x1090e3b4
Jun 25 03:13:10 :124004: <DBUG> |authmgr| Called ip_user_new() for ip 10.20.20.254
Jun 25 03:13:10 :124004: <DBUG> |authmgr| sta_add_l3: mac 38:e7:d8:e7:6a:dc ip 10.20.20.254
Jun 25 03:13:10 :124004: <DBUG> |authmgr| Adding user: 1090e3b4 (38:e7:d8:e7:6a:dc:10.20.20.254:pid2) to ap group: ap group id: 0
have anyone get this issue before?
thanks in advance