Hi Thanks for the reply - I thought the default-role of authenticated was needed to allow access to the CP page? Anyway I tried changing the role from "authenticated" to the role I want, and I was not able to login successfully with the creds passed to me.
aaa authentication captive-portal "BPS-Guest-cp_prof"
default-role "authenticated" --->> Changed to default-role "BPS-Guest-Role" - did not work
I then changed it back, and looked at user roles as I was logging in. Output below, I can see that the authenticated user role is "authenticated", but am a bit perplexed as to where to change that since it didnt work in the CP profile??
(PS-94_Aruba_7240-1) # JUST CLICKED ON BPS-GUEST SSID
^
% Invalid input detected at '^' marker.
(PS-94_Aruba_7240-1) #show user-table ip 10.6.121.36
Name: , IP: 10.6.121.36, MAC: a0:d7:95:5e:2a:5d, Role: BPS-Guest-guest-logon, ACL: 70/0, Age: 00:00:05
Authentication: No, status: not started, method: , protocol: , server:
Role Derivation: AAA profile default role
VLAN Derivation: Default VLAN
Idle timeout (global): 300 seconds, Age: 00:00:00
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=0, mba=1, vpnflags=0, u_stm_ageout=1
Flags: innerip=0, outerip=0, vpn_outer_ind:0, download=1, wispr=0
IP User termcause: 26
phy_type: a-VHT-40, l3 reauth: 0, BW Contract: up:0 down:0, user-how: 14
Vlan default: 199, Assigned: 199, Current: 199 vlan-how: 1 DP assigned vlan:0
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0
SlotPort=0x20c5, Port=0x11dae (tunnel 7598)
Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role: n/a
Current Role name: BPS-Guest-guest-logon, role-how: 10, L2-role: BPS-Guest-guest-logon, L3-role: BPS-Guest-guest-logon
Essid: BPS-Guest, Bssid: 18:64:72:4a:e9:d2 AP name/group: PS187-BOCES-Rm24/PS187 Phy-type: a-VHT-40
RadAcct sessionID:n/a
RadAcct Traffic In 466/57747 Out 366/261999 (0:466/0:0:0:57747,0:366/0:0:3:65391)
Timers: L3 reauth 0, mac reauth 0 (Reason: ), dot1x reauth 0 (Reason: )
Profiles AAA:BPS-Guest-aaa-prof, dot1x:, mac:default CP:BPS-Guest-cp_prof def-role:'BPS-Guest-guest-logon' sip-role:'' via-auth-profile:''
ncfg flags udr 0, mac 1, dot1x 0, RADIUS interim accounting 0
IP Born: 1487876842 (Thu Feb 23 14:07:22 2017)
Core User Born: 1487876842 (Thu Feb 23 14:07:22 2017)
Upstream AP ID: 0, Downstream AP ID: 0
User Agent String: iPhone8,4/10.2.1 (14D27)
HTTP based device-id info - Index: 4, Device: iPhone
Overall device-id info - Index: 6, Device: iPhone
L3-Auth Session Timeout from Radius: 0
Mac-Auth Session Timeout Value from Radius: 0
Dot1x Session Timeout Value from Radius: 0
CoA Session Timeout Value from Radius: 0
Dot1x Session Term-Action Value from Radius: Default
Reauth-interval from role: 0
Number of reauthentication attempts: mac reauth 0, dot1x reauth 0
mac auth server: Clearpass-1, dot1x auth server: N/A
Address is from DHCP: yes
Per-user-log pointer 0x1130844 (id 21305), num logs 6
(PS-94_Aruba_7240-1) # ENTERED USER AND PASS
^
% Invalid input detected at '^' marker.
(PS-94_Aruba_7240-1) #show user-table ip 10.6.121.36
Name:
thom2544@gmail.com, IP: 10.6.121.36, MAC: a0:d7:95:5e:2a:5d, Role: authenticated, ACL: 71/0, Age: 00:00:06
Authentication: Yes, status: started, method: Web, protocol: PAP, server: Clearpass-1
Bandwidth = No Limit
Bandwidth = No Limit
Role Derivation: default for authentication type Web
VLAN Derivation: Default VLAN
Idle timeout (global): 300 seconds, Age: 00:00:00
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=1, mba=1, vpnflags=0, u_stm_ageout=1
Flags: innerip=0, outerip=0, vpn_outer_ind:0, download=1, wispr=0
IP User termcause: 26
phy_type: a-VHT-40, l3 reauth: 0, BW Contract: up:0 down:0, user-how: 14
Vlan default: 199, Assigned: 199, Current: 199 vlan-how: 1 DP assigned vlan:0
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0
SlotPort=0x20c5, Port=0x11dae (tunnel 7598)
Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role: n/a
Current Role name: authenticated, role-how: 1, L2-role: BPS-Guest-guest-logon, L3-role: authenticated
Essid: BPS-Guest, Bssid: 18:64:72:4a:e9:d2 AP name/group: PS187-BOCES-Rm24/PS187 Phy-type: a-VHT-40
RadAcct sessionID:thom2544A0D7955E2A5D-58AF346D
RadAcct Traffic In 20/3186 Out 16/7064 (0:20/0:0:0:3186,0:16/0:0:0:7064)
Timers: L3 reauth 0, mac reauth 0 (Reason: ), dot1x reauth 0 (Reason: )
Profiles AAA:BPS-Guest-aaa-prof, dot1x:, mac:default CP: def-role:'BPS-Guest-guest-logon' sip-role:'' via-auth-profile:''
ncfg flags udr 0, mac 1, dot1x 0, RADIUS interim accounting 0
IP Born: 1487876842 (Thu Feb 23 14:07:22 2017)
Core User Born: 1487876842 (Thu Feb 23 14:07:22 2017)
Upstream AP ID: 0, Downstream AP ID: 0
User Agent String: iPhone8,4/10.2.1 (14D27)
HTTP based device-id info - Index: 4, Device: iPhone
Overall device-id info - Index: 6, Device: iPhone
L3-Auth Session Timeout from Radius: 0
Mac-Auth Session Timeout Value from Radius: 0
Dot1x Session Timeout Value from Radius: 0
CoA Session Timeout Value from Radius: 0
Dot1x Session Term-Action Value from Radius: Default
Reauth-interval from role: 0
Number of reauthentication attempts: mac reauth 0, dot1x reauth 0
mac auth server: Clearpass-1, dot1x auth server: N/A
Address is from DHCP: yes
Per-user-log pointer 0x1130844 (id 21305), num logs 7
Tom Robinson
trobinson@aisbuffalo.comAlternative Information Systems
716-831-9929
716-491-9581