Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

User Authentication with internal DB is failed

This thread has been viewed 20 times
  • 1.  User Authentication with internal DB is failed

    Posted Jul 05, 2022 10:33 AM
    HI Team,

    User authentication with internal DB is failed I am getting this error user is stuck in denyall role. Please help me with how to fix this issue.

    (BBSR-WLC-01) *[mynode] #show user mac 6c:94:66:13:4c:c3
    This operation can take a while depending on number of users. Please be patient ....

    Name: , IP:, MAC: 6c:94:66:13:4c:c3, Age: 00:00:33
    Role: denyall (how: ROLE_DERIVATION_INITIAL_ROLE), ACL: 24/0
    Authentication: No, status: not started, method: , protocol: , server:
    VLAN Derivation: Default VLAN

    Sanjib Behera

  • 2.  RE: User Authentication with internal DB is failed

    Posted Jul 06, 2022 09:24 AM
    Could you share the configuration of the AAA profile assigned to that virtual-ap profile?

    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
    If my post was useful accept solution and/or give kudos

  • 3.  RE: User Authentication with internal DB is failed

    Posted Jul 07, 2022 02:27 AM
    Hi Dustin,

    I am sharing with you the AAA profile of this Virtual-ap.

    (BBSR-WLC-01) *[mynode] #show aaa profile Highradius-AP_aaa_prof

    AAA Profile "Highradius-AP_aaa_prof"
    Parameter Value
    --------- -----
    Initial role denyall
    MAC Authentication Profile Highradius-AP
    MAC Authentication Default Role authenticated
    MAC Authentication Server Group internal
    802.1X Authentication Profile Highradius-AP_dot1_aut
    802.1X Authentication Default Role guest
    802.1X Authentication Server Group N/A
    Download Role from CPPM Disabled
    Set username from dhcp option 12 Disabled
    L2 Authentication Fail Through Disabled
    Multiple Server Accounting Disabled
    User idle timeout N/A
    Max IPv4 for wireless user 2
    RADIUS Accounting Server Group N/A
    RADIUS Roaming Accounting Disabled
    RADIUS Interim Accounting Disabled
    RADIUS Acct-Session-Id In Access-Request Disabled
    XML API server N/A
    RFC 3576 server N/A
    User derivation rules N/A
    Wired to Wireless Roaming Enabled
    Reauthenticate wired user on VLAN change Disabled
    Device Type Classification Enabled
    Enforce DHCP Disabled
    PAN Firewall Integration Disabled
    Open SSID radius accounting Disabled
    Apply ageout mechanism on bridge mode wireless clients Disabled
    (BBSR-WLC-01) *[mynode] #

    Sanjib Behera