Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

ArubaOS 8.x User-Role inhertitance

This thread has been viewed 3 times

  • 1.  ArubaOS 8.x User-Role inhertitance

    Posted Jun 19, 2018 04:52 AM

    Hi guys,

     

    I just facing a problem and I don't know if I'm wrong or maybe not. 

    Here is what I want to achieve:

    I want to have a User-Role with captive portal profile configured on the Managed Networks Group. In one group there are two controllers which guest users I want to redirect to a different captive portal (CPPM).
    I tried to configure it (break the inheritance) and change the captive portal profle but it isn't permitted. 

    So what will be the best way to achieve this? Do I have to configure 2 seperate user-roles and bind them to the aaa?

     

    cheers



  • 2.  RE: ArubaOS 8.x User-Role inhertitance

    EMPLOYEE
    Posted Jun 19, 2018 06:32 AM

    Where is the captive portal authentication profile initially defined?



  • 3.  RE: ArubaOS 8.x User-Role inhertitance

    Posted Jun 19, 2018 06:51 AM

    the user role with the L3 profile is defined on the MD (top level hierarchy)



  • 4.  RE: ArubaOS 8.x User-Role inhertitance
    Best Answer

    EMPLOYEE
    Posted Jun 19, 2018 07:07 AM

    Please see the ArubaOS 8 Fundamentals Guide here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/ArubaOS-8-Fundamentals-Guide/ta-p/428914

    Screenshot 2018-06-19 at 06.05.23.png

    Typically if you want a user role to be different in a different folder, you would use some type of derivation rule instead of overriding the User Role.  Meaning, instead of creating an exception lower down, you should create a user derivation rule higher up that accounts for what would be different in a lower folder.

     

    Can you relate what you are trying to do, so we can come up with a solution?

     

     



  • 5.  RE: ArubaOS 8.x User-Role inhertitance
    Best Answer

    EMPLOYEE
    Posted Jun 19, 2018 07:30 AM

    Please also note that it is not recommended that anything be placed in the managed node folder:

    Screenshot 2018-06-19 at 06.28.56.png



  • 6.  RE: ArubaOS 8.x User-Role inhertitance
    Best Answer

    Posted Jun 20, 2018 05:13 AM

    here is what I want to do.

    A customer has 2 Clearpass Servers in two different locations running in publisher - subscriber cluster. Clearpass is for AAA and Guest.


    For a few locations it would be easier/better to reach the subscriber (guest login page) because its the "nearest" so they can connect "locally".

    Now with 8.3 my idea was to build one user-role with a L3 CP profile (pointig to publisher) at the highest level so I can use this at all locations. At some specific locations I want to use the same user-role but break the inheritance and change the L3 CP profile to the one with the subscriber IP.

    But as it's stated in the fundamentals guide it's not possible. I built a workaround with two user-roles and change the inital role at a certain point.

    Thanks for the clarification.