Contributor I

2930F Downloadable User Role not working



I am having an issue getting the Downloadable user roles to work.  I have followed the Wired Policy Enforcement SolutionGuide and have tested on numerous switches but keep getting the same error.   

05204 dca: Failed to apply user role
DUR_HPE_ACCESS_POINT-3028-1_7Z4q to macAuth client C8B5ADxxxx on
port 5: user role is invalid.

05620 dca: macAuth client C8B5ADC8xxxx on port 5 assigned to
initial role as downloading failed for user role


I have checked the read-only account required and as I am using the Self-signed Cert on Clearpass for testing tried by Certifcates available within the trusted with no luck.  


What am I doing wrong?



Guru Elite

Re: 2930F Downloadable User Role not working

Self-signed certificates cannot be used.

Also, are you using Standard or Advanced mode in ClearPass?

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: 2930F Downloadable User Role not working

Thanks,  I have tried both the advanced and now on 6.7 the standard as per the updated document.   


If you think the error is due to the self signed certificate I will take a look at changing this.


Many Thanks Again

Occasional Contributor II

Re: 2930F Downloadable User Role not working

I have run into a couple issues with this and found the following:


- When creating the ACL, do NOT put blank lines between the entries


- The Policy Name has a character length limitation. Try reducing it to 8 characters or less. I am not sure what the upper limit is. 


I dont recall either of these issues on earlier versions of code. Seems to be with CPPM 6.7 and/or 16.05 

Occasional Contributor I

Re: 2930F Downloadable User Role not working

Hi Tim I noticed your response saying that self signed certs can't be used. I thought you could use the https cert from the CPPM on the switch for DUR, not that secure but as I am trying to do a PoC seemed like the quickest way to go. I am sure I seen it in one of the online videos in the clearpass workshop. 

Couldl you confirm please?


Thank you

Search Airheads
Showing results for 
Search instead for 
Did you mean: