Wireless Access

Occasional Contributor II

Cannot apply role VLAN using machine and user authentication

We are currently running version on a variety of old and new controllers ie 3200's, 7030 etc.

There is a requirement to create 1 SSID with 2 roles.

Machine authenticaiton = Corporate network role

Machine user authenticaiton = BYOD internet only role.


The good news is that the roles do work, so the firewall policies apply as per the role.

However we cant get the role to use the assigned VLAN.

It defaults to the VAP vlan for the SSID.


We have tried configuring the VLAN in the actual Role VLAN ID, as well as tried using Server rules with filter IDs without any luck.


I know there was an issue with a version but that was a 6.3 issue.

Anyone had the same issue ?

Really need to get that VLAN applied to the one role.


Thanks in advance





Guru Elite

Re: Cannot apply role VLAN using machine and user authentication

If you have "Enforce Machine Authentication" enabled in the 802.1x profile, only when the user has passed machine and user authentication does it use a server derivation rule or a VSA from a radius server.  If the user only passes one or the other, those extra rules or roles are ignored, and the Enforce Machine Authentication User role or the Enforce Machine Authentication Machine role are enforced, instead.  Again, if you have Enforce Enabled, only when the user has passed both machine and user authentication are the roles, server derviation rules or VSAs from the radius server applied.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: