Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Cannot apply role VLAN using machine and user authentication

This thread has been viewed 0 times

  • 1.  Cannot apply role VLAN using machine and user authentication

    Posted Nov 24, 2017 07:28 AM

    We are currently running version 6.4.2.7 on a variety of old and new controllers ie 3200's, 7030 etc.

    There is a requirement to create 1 SSID with 2 roles.

    Machine authenticaiton = Corporate network role

    Machine user authenticaiton = BYOD internet only role.

     

    The good news is that the roles do work, so the firewall policies apply as per the role.

    However we cant get the role to use the assigned VLAN.

    It defaults to the VAP vlan for the SSID.

     

    We have tried configuring the VLAN in the actual Role VLAN ID, as well as tried using Server rules with filter IDs without any luck.

     

    I know there was an issue with a version but that was a 6.3 issue.

    Anyone had the same issue ?

    Really need to get that VLAN applied to the one role.


    Cheers

    Thanks in advance

     

     

     

     



  • 2.  RE: Cannot apply role VLAN using machine and user authentication

    EMPLOYEE
    Posted Nov 24, 2017 07:35 AM

    If you have "Enforce Machine Authentication" enabled in the 802.1x profile, only when the user has passed machine and user authentication does it use a server derivation rule or a VSA from a radius server.  If the user only passes one or the other, those extra rules or roles are ignored, and the Enforce Machine Authentication User role or the Enforce Machine Authentication Machine role are enforced, instead.  Again, if you have Enforce Enabled, only when the user has passed both machine and user authentication are the roles, server derviation rules or VSAs from the radius server applied.