Re: VIA Client losing Connection Profile and Going back to the Default

Highlighted

Right,
If I clear the profile I point at the controller and login I get the xxx_via_IT profile, I close the client and reconnect I get default when I connect and login to the controller I still get default which has nothing configured.

I have included all the show commands.

(Kings_VPN) #show aaa authentication via auth-profile default

VIA Authentication Profile "default"
------------------------------------
Parameter Value
--------- -----
Default Role default-via-role
Server Group via_server_group
Description Default VIA Authenication Profile

(Kings_VPN) #show aaa server-group via_server_group

Fail Through:No

Auth Servers
------------
Name Server-Type trim-FQDN Match-Type Match-Op Match-Str
---- ----------- --------- ---------- -------- ---------
NDS1 Ldap No
NDS0 Ldap No

Role/VLAN derivation rules
---------------------------
Priority Attribute Operation Operand Type Action Value Validated
-------- --------- --------- ------- ---- ------ ----- ---------
1 groupMembership equals cn=vpn_users,ou=Services,o=xxx String set role xxx-via-role No
2 groupMembership equals cn=it_vpn_users,ou=Services,o=xxx String set role xxx-it-via No

(Kings_VPN) #show aaa authentication via connection-profile

VIA Connection Profile List
---------------------------
Name References Profile Status
---- ---------- --------------
xxx_via 1
xxx_via_IT 1
default 0

user-role xxx-via-role
via "xxx_via"
access-list session allowall

user-role xxx-it-via
via "xxx_via_IT"
access-list session allowall

Yes, but WHO are you logging in as when you connect and what role do they end up in?

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

Right I am logging in as me all the time and when I download the profile at the begin I get the xxx_via_IT one. After I connected and disconnect and loaded the client again I get asked to enter my username and password which I do, and I get the default one and won't let me change or use the xxx_via_IT one.

Hi Dude,
I found out now it keeps using the default role on the authentication profile and not going down to the ldap server to set the role based on the user.

I just confirmed that we do have a bug where the VIA connection using a non-default server-group in its auth-profile still derives role from the default server-group. This is scheduled to be fixed on ArubaOS 6.1.24 which is not out yet. You can either wait for that release or open a case for them to replicate your issue.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

Remote Networking