Hello,
I am trying to change the default role that IAPs are getting because i need to src-nat my RADIUS requests. I have found many articles that explain how to do this but the options dont exist.
I am connecting the IAP to a 7210 controller running 6.4.4.14.
I am following this guide:
http://community.arubanetworks.com/aruba/attachments/aruba/Aruba-VRDs/76/2/Aruba_Instant_VRD_2016.pdf
On page 135, figure 59 - It shows how to change the default role for the default-iap profile. This is not an option in my controller.
Here is another guide that shows how to do what i need to do:
http://www.arubanetworks.com/techdocs/Instant_40_Mobile/Advanced/Content/UG_files/IAP_VPN/VPN_Config.htm
At the end under "VPN Profile Configuration", the commands are not working for me and "default-role" is not an option:
(Master-Pref) (config) #aaa authentication vpn default-iap
(Master-Pref) (VPN Authentication Profile "default-iap") #default-role iap-role
^
% Invalid input detected at '^' marker.
(Master-Pref) (VPN Authentication Profile "default-iap") #?
cert-cn-lookup Check certificate common name against AAA server.
Default is enabled.
clone Copy data from another VPN Authentication Profile
export-route Whether to export server-returned VPN ip address as
a route to external world. Default is enabled.
max-authentication-fa.. Maximum auth failures before user is blacklisted.
Range: 1-10. Default: 0.
no Delete Command
pan-integration Require IP mapping at Palo Alto Networks firewalls
radius-accounting Configure server group for radius accounting
server-group Name of server group
user-idle-timeout User idle timeout value. Valid range is 30-15300
seconds in multiples of 30 seconds
#6.4