Issue with Downloadable User Roles on 8.3 Mobility Controller (from CPPM)
10-25-2018 10:14 PM
Hello. I need some assitance with enabling DURs from CPPM to Aruba OS 8.3 Mobility Controllers as part of a PoC. I have trawled throught docmentation but cant find reference to the error message I am getting in the mobility controller logs:
Oct 26 12:38:10 authmgr: <124867> <5945> <WARN> |authmgr| Authentication type 802.1x not supported for role download
Oct 26 12:38:10 authmgr: <124867> <5945> <WARN> |authmgr| Authentication type 8021x-User not supported for role download
Oct 26 12:38:14 authmgr: <522125> <5945> <WARN> |authmgr| Could not create/find bandwidth-contract for user, return code (-11).
CPPM is seeing the authentcation request and passing the correct role to the controller:
AE DUR Allow LAN
|System Posture Status:|
|Audit Posture Status:|
But the error message seems to indcate the mobility controller is misconfigured and I suspect it is not attempting to download it and is getting allocated the default role (authenticated)
Steps to date (FYI controllers configured as managed network group from Mobility Master)
1) On controller - Created WLAN SSID on controller (WPA2-Enterprise, default role authenticated)
2) On controller - Adjusted WLAN SSID AAA profile to allow (ticked) Download Role from CPPM:
3) On controller - Configured CPPM credentials: into the CPPM servers
4) On CPPM - Configured CPPM credentials with Aruba User Role Download Admin Privileges profile
5) On CPPM - Configured CPPM credentials with Aruba User Role Download Admin Privileges profile
6) On CPPM - Configured role, mapping, profile and enforcement as part of Aruba Downloadable Role Enforcement process.
Have looked throught the controller specifically for missing download config for 802.1x and 8021x-User as mentioned in the logs but cant find specific instance.
Any suggestions where to look, what to try or specifically what is wrong greatfully accepted (with appreciation)