Hi,
I'm preparing an Aruba 802.1x Service for a customer and meet the same issue.
The Role mapping rules classifies the Non-AD authenticated devices by categories and OS : Android, Ipad, Iphones...
My Enforcement policy places the devices in specific vlans (Customer's devices vs BYOD's devices) with specific roles (based on User's AD Groups).
It works fine for the Machine authenticated devices (Customer's domain machines) and for every already-profiled devices.
There is an issue for every new devices. They are not profiled, so they cannot be role mapped.
Could you please tell me how you finally did ?
Regards
Matthieu