How does Role based Vlan work in Aruba OS 6.3?

Aruba Employee
Aruba Employee

Environment : This article applies to Aruba OS 6.3


Answer :


From AOS to AOS, Role based vlan doesn't work in 802.1x authentication.

Pre AOS 6.3, where vlan mapped to the user-role does take effect and users are placed in the vlan mapped to the role. After upgrading to AOS 6.3, role based vlan are not honored in the 802.1x authentication.

Workaround : For 802.1x authentication, configure standard radius attribute in the authentication server and create a server rule in the controller to assign vlan. This doesn't work for default machine role and default user role as SDR will kick in only if the client passes both machine authentication and user authentication.

This workaround doesn't help when enforce machine is enabled in the controller or when a user entry existed, user entry was assigned to mac-auth derived role-based VLAN, and the client re-associated. A user was assigned to the default VLAN instead of the mac-auth derived role-based VLAN because mac-auth was skipped for the existing mac authenticated user-entry.

Starting from AOS, Role based vlan's are honored and users are placed in the vlan mapped to the user-role.

Version history
Revision #:
1 of 1
Last update:
‎09-19-2014 06:00 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: