Controllerless Networks

Reply
Highlighted
Occasional Contributor II

Error: Role 'authenticated' is Unknow and Assigned VLAN XX is not configured, using default VLAN 0

Hello,

We have an Aruba 7030 controller, using SSID with 802.1x and others SSIDS with captive portal provided by a Pfsense.

I have two doubts: One about the output of the command "show profile-errors" and the other an information present in the log about Assigned VLAN XX is not configured, using default VLAN 0.

The output of the show profile-errors command

Invalid Profiles
----------------
Profile Error
------- -----
aaa profile "default-dot1x" Error: Role 'authenticated' is Unknown
aaa profile "default-mac-auth" Error: Role 'authenticated' is Unknown
aaa authentication via connection-profile "default"

I already tried to edit, change any information in these profiles, but the message when saved is: "Error processing command 'aaa profile" default-dot1x "dot1x-server-group" default "': Error: Role 'authenticated' is Unknown."

I don't know if this is a problem or not. Does anyone know how to inform me?

The other situation, is the log that shows several outputs:

Mar 31 14:39:42 authmgr [4005]: <522028> <4632> <WARN> | authmgr | MAC = XXXXXXX Assigned VLAN XX is not configured, using default VLAN 0
Mar 31 14:39:44 authmgr [4005]: <522028> <4632> <WARN> | authmgr | MAC = XXXXXXX Assigned VLAN XY is not configured, using default VLAN 0
Mar 31 14:39:45 authmgr [4005]: <522028> <4632> <WARN> | authmgr | MAC = XXXXXXX Assigned VLAN XX is not configured, using default VLAN 0
Mar 31 14:39:47 authmgr [4005]: <522028> <4632> <WARN> | authmgr | MAC = XXXXXXX Assigned VLAN XY is not configured, using default VLAN 0

I also don't know if it's a problem that may be affecting something or not. Someone can help me with the information.

Thanks


Accepted Solutions
Highlighted

Re: Error: Role 'authenticated' is Unknow and Assigned VLAN XX is not configured, using default VLA

Good deal, glad to be able to help resolve this!

 


@AAS wrote:

Thanks Charlie, you help me a lot.

 

I added the vlans on the controller and it worked

 

 

Thankss


 


Charlie Clemmer
Aruba Customer Engineering

View solution in original post


All Replies
Highlighted
MVP Expert

Re: Error: Role 'authenticated' is Unknow and Assigned VLAN XX is not configured, using default VLA

Do you have PEF (Firewall licenses) installed ? in order to make changes to the roles you will need the PEF license

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
Occasional Contributor II

Re: Error: Role 'authenticated' is Unknow and Assigned VLAN XX is not configured, using default VLA

Disabled 


Policy Enforcement Firewall DISABLED
Auto Radio Resource Alloc ENABLED

this error does not cause any problem, right?

 

 

Highlighted

Re: Error: Role 'authenticated' is Unknow and Assigned VLAN XX is not configured, using default VLA

What AOS version are you running?

 

As mentioned, without a PEF license installed, you won't be able to edit user roles. Can you provide more information about your setup and what you're trying to accomplish? You mention using a pfsense firewall for captive portal in your original post. Is it trying to interact with the controller via RADIUS in any fashion?


Charlie Clemmer
Aruba Customer Engineering
Highlighted

Re: Error: Role 'authenticated' is Unknow and Assigned VLAN XX is not configured, using default VLA

One more thing, can you paste the output from "show rights" on your controller? That will list the user roles available in the current configuration.


Charlie Clemmer
Aruba Customer Engineering
Highlighted
Occasional Contributor II

Re: Error: Role 'authenticated' is Unknow and Assigned VLAN XX is not configured, using default VLA

Thanks for the answer

OS Version: 6.5.4.6

 

I have two SSIDs, one using XX with 802.1X (using radius on another server), I created a new AAA profile with the authentication server, works great, but in the default profile default-dot1x, I can't make any changes to remove the error. And i have another SSID XY Open via Captive portal provided by pfsense. Everything is working ok.

I don't know if the profile errors and the warnings of the vlans are causing some kind of problem that I don't know about.

 

#show rights

RoleTable
---------
Name ACL Bandwidth ACL List Type
---- --- --------- -------- ----
ap-role 7 Up: No Limit,Dn: No Limit System
cpbase 24 Up: No Limit,Dn: No Limit cpbase/ User
default-iap-user-role 11 Up: No Limit,Dn: No Limit allowall/ User
denyall 22 Up: No Limit,Dn: No Limit denyall/ User
guest 5 Up: No Limit,Dn: No Limit global-sacl/,apprf-guest-sacl/ User
guest-logon 10 Up: No Limit,Dn: No Limit User
logon 2 Up: No Limit,Dn: No Limit User
stateful-dot1x 8 Up: No Limit,Dn: No Limit global-sacl/,apprf-stateful-dot1x-sacl/ System
switch-logon 14 Up: No Limit,Dn: No Limit switch-logon-acl/ System
sys-ap-role 12 Up: No Limit,Dn: No Limit sys-control/,sys-ap-acl/ System (not editable)
sys-switch-role 13 Up: No Limit,Dn: No Limit sys-control/,sys-switch-acl/ System

 

 

thanks

 

Highlighted
Aruba Employee

Re: Error: Role 'authenticated' is Unknow and Assigned VLAN XX is not configured, using default VLA

Looks like you don't have PEF license ..You can confirm this by checking

show license. You will only see AP license.

 

If you want to use the firewall on the controller, you will need PEF licenses.

Highlighted
Occasional Contributor II

Re: Error: Role 'authenticated' is Unknow and Assigned VLAN XX is not configured, using default VLA

Yes I know, I don't want to use a firewall, my question is whether this profile error and the vlan warning, may be affecting something I don't know.

Highlighted

Re: Error: Role 'authenticated' is Unknow and Assigned VLAN XX is not configured, using default VLA

We would need to see more of the controller config to state with confidence whether the profile errors are causing issues, but I would assume they are at this point until proven otherwise.

 

Also understand that you don't want to use the controller as a firewall, but the PEF license controls whether user roles can be edited/created, which is related to your question.

 

Lastly, I don't normally suggest doing a code update just because you've run into an issue, but 6.5.4.6 is rather old code that was release before the 6.5.4 software train obtained the Conservative Release status. I would recommend upgrading to the latest (6.5.4.16) to ensure all identified fixes have been rolled in. I don't have the specific bug id, but I seem to remember an issue in earlier 6.5 code that wanted to change dot1x profiles when doing a PSK network, and I see those config remnants in my lab config. An upgrade and reconfiguration of the SSID(s) to remove the profile errors could help.


@AAS wrote:

Yes I know, I don't want to use a firewall, my question is whether this profile error and the vlan warning, may be affecting something I don't know.


 


Charlie Clemmer
Aruba Customer Engineering
Highlighted
Occasional Contributor II

Re: Error: Role 'authenticated' is Unknow and Assigned VLAN XX is not configured, using default VLA

Thanks cclemmer for your help.

 

Can I update version 6.5.4.6 directly to 6.5.4.16, or do I need to install some intermediary?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: