Security

I have two controllers and a clearpass server. I have my policy authenticating and authorizing correctly (or at least reporting it is). When I have the default role of the WLAN on the controller set to authenticated things work fine. WHen I set it to any other role we lose internet. I have the derivation method set to "use value returned from clearpass or other auth server". 

My questions:

Whats the best default role for a WLAN to have when using clearpass to manage authentication/authorization? 

Why isn't the clearpass policy not taking prescident over the aruba controller policy? 

Thanks in advance, I'm sure its a layer 8 issue :)

When CPPM is used, the default role should only serve as a fallback and really should just be configured for your guest role.

Do you have PEF licenses installed on your controller?

I think I have almost the same question, If I configure the WLAN for 'download role', but do not yet have ClearPass setup/functional, what happens? Does it break, or if ClearPass doesn't send a correct role does it just revert to the 'default' role? I am just about to start testing downloadable user roles, just curious how it's going to work.

I believe it will be either the default role or the initial role.

No we do not have PEF. 

Follow up question. would it be safe to then have authenticated as the role?