Wireless Access

Contributor II

Missing Configuration

Hi, Im trying to know why a role is been derivated to my users even if I dont have any server grup role derivation rule or user rules.


In the nps we are sending the Vendor-specific value for two different users group.



1.- Vendor-Specific: Internal

2.- Vendor-Specific: VIP


On the cntroler we don´t have any rule to derivate this but for some reason our users are getting respectively Internal or VIP.


And They are not getting the 802.1X Authentication Default Role on the aaa profile they still getting Internal or VIP  this roles are not used in an  aaa profile.




Windows Server 2008



Thanks in advance. 

Guru Elite

Re: Missing Configuration

Turn on user debugging and find out why.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Employee

Re: Missing Configuration

If you send back Aruba-User-Role, you don't need a server derivation rule.  The controller will automatically use the value of the VSA as the role (assuming the value exists as a role).  Are you using the Aruba-User-Role VSA?

Contributor II

Re: Missing Configuration

I don't know if we are ussing Aruba-User-Role VSA,  I'm taking control of a deployed base then I'm getting knowledge of it.


Let Me check and when i got the answer I'll post it.




Contributor II

Re: Missing Configuration

Ok, I will turn on the debugging and will post the output.


Search Airheads
Showing results for 
Search instead for 
Did you mean: