What does user-how and vlan-how values in "show user mac <mac-addr> and show user ip <ip-addr> command points to.
This article applies to all aruba controller and OS versions
The output of the show user mac <mac-addr> and show user ip <ip-addr> commands include the following information.
(host) (config) show user mac 08-00-27-00-5C-15
Name: host/server.example.org, IP: 10.16.10.70, MAC: 08-00-27-00-5C-15, Role:visd_logon, ACL:67/0, Age: 00:00:09
Authentication: Yes, status: successful, method: 8021x-Machine, protocol: EAP-PEAP, server: Authserv1
Bandwidth = No Limit
Bandwidth = No Limit
Role Derivation: default for authentication type 8021x-Machine
VLAN Derivation: Matched user rule
Idle timeouts: 0, ICMP requests sent: 0, replies received: 0, Valid ARP: 0
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=0, mba=0
Flags: innerip=0, outerip=0, guest=0, download=1, nodatapath=0, wispr=0
Auth fails: 0, phy_type: a-HT, reauth: 0, BW Contract: up:0 down:0, user-how: 1
Vlan default: 117, Assigned: 116, Current: 116 vlan-how: 1
The role-how and vlan-how parameters in the output of this command display a code that corresponds to the following values:
Role Derivation Code |
Description |
0 |
Default logon role |
1 |
Default user role for authentication type |
2 |
Role derived from server rules |
3 |
Role derived from user rules |
4 |
Predefined Guest role |
5 |
Role inherited from station |
6 |
Forced fole |
7 |
Role derived from Aruba vendor-specific attribute (VSA) |
8 |
RFC 3576 (Change of Authorization) role |
9 |
Role derived from external captive portal |
10 |
Default role from AAA profile |
11 |
Role assigned by an Extended Service Interface (ESI) server group |
VLAN Derivation Code |
Description |
1 |
VLAN derived from user rule |
2 |
VLAN derived from user role |
3 |
VLAN derived from server rule |
4 |
VLAN derived from Aruba vendor-specific attribute (VSA) |
5 |
VLAN derived from Microsoft Tunnel attributes (Tunnel-Type, Tunnel Medium Type, and Tunnel Private Group ID) |
6 |
VLAN assigned from derived role |