I just need your help.
My goal is to send an “Aruba-User-Role” of radius from CPPM to IAP.
I made sure that “monitor mode” is “Disable” on CPPM and “all” was sent in “Radius:Aruba:Aruba-User-Role” on “Output” of CPPM. However, IAP does not recognize “Radius:Aruba:Aruba-User-Role”.
I did not capture and verify the Radius packets.
Environment:
Service:
- Service “iap-web-onclick Guest Access” is set to “Web Login”.
- In “Web Login”, “Page Redirect” is set as “Anonymous – Do not require a username and password”.
- The name of the “anonymous user” is “anonymous”.
Policy:
- Since I created an “anonymous” user in “Guest User Repository” beforehand, “Role Name” is set to “[Guest]”.
Enforcement policy:
- Condition No1 was created from “Service Templates - Guest Access - Web Login”.
Enforcement policy:
- “Radius:IETF” is set to “anonymous”.
Here is the Output:
- “Radius:Aruba:Aruba-User-Role” output can be seen.
Configuring “Roles” on IAP:
- I added “all” to “Roles”.
- SSID is set to “iap-web-oneclick”.
Configuring “Access Rules” on IAP:
- By default, “Role” becomes “iap-web-oneclick” after passing web-oneclick.
- But I've set up “Radius:Aruba:Aruba-User-Role” to return “all”.
Status of the IAP “clients” after passing web-oneclick:
- The default role “iap-web-oneclick” is shown. I expect “all” here.