What is the command to force an instant role change?

Aruba Employee
Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS versions.


Normally, a new user-role for an authenticated user is not applied to the user while the user is authenticated and is connected to the network, unless it is forced to authenticate again.


For example, a captive-portal user is falling into the default user-role "guest". When we change the default-role for captive-portal to "default-vpn-role", this change will not be applied to this user unless it reauthenticates. 

But, there is way to change the user-role instantly without having the user to reauthenticate. This is done by issuing the "aaa user add <users IP address> role <rolename>" command. 

This user-role is applied to the user instantly and it stays until the next authentication.




Version history
Revision #:
1 of 1
Last update:
‎07-10-2014 06:51 AM
Updated by:
Labels (1)

How do we enforce role change for a client which has not yet acquired an IP?


(WLC_0002) #show station-table

Station Entry
MAC Name Role Age(d:h:m) Auth AP name Essid Phy Remote Profile
------------ ------ ---- ---------- ---- ------- ----- --- ------ -------

00:19:be:30:95:a9 denyall 00:00:08 No OAP-0003 CMS g-HT No CMS-aaa_prof

Search Airheads
Showing results for 
Search instead for 
Did you mean: