Occasional Contributor I

WPA2-PSK SSID with MAC-Auth and DUR

Hi Everyone,


I got a problem trying to assign dynamic VLANs to a WPA2-PSK SSID via Clearpass Downloadable User Roles.


To sum up the issue: Device is successfully authenticated via Clearpass MAC Service and DUR is presented to the Controller.

"Show user" shows the correct DUR for my client. 

"show rights downloaded-user-roles" show the correct VLAN for the specified DUR.


The client just gets the VLAN that is assigned in the VAP Profile though.

If a return "Aruba-User-VLAN" in addition to the DUR, the assignment is working.


Is there anything missing or is the VLAN assignment via DUR just not working this way?


Appreciate any help on this topic.


With best regards,


Contributor II

Re: WPA2-PSK SSID with MAC-Auth and DUR

Are you using Standard or Advanced Role Configuration Mode for your DUR enforcement profile?

Occasional Contributor I

Betreff: WPA2-PSK SSID with MAC-Auth and DUR

I am using Standard DURs.

That's the DUR currently used


ip access-list session allowall
    any any any permit 
user-role cppmrole
    vlan 30
    reauthentication-interval 0
    access-list session allowall
The show rights output looks like this:
Derived Role = 'role_download_controller_role_clients-3014-4'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Number of users referencing it = 3
Assigned VLAN = 30
Periodic reauthentication: Disabled
DPI Classification: Enabled
Youtube education: Disabled
Web Content Classification: Enabled
IP-Classification Enforcement: Enabled
ACL Number = 90/0
Openflow: Enabled
Max Sessions = 65535
Search Airheads
Showing results for 
Search instead for 
Did you mean: