Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

User Rules not updating user role

This thread has been viewed 3 times

  • 1.  User Rules not updating user role

    Posted Sep 23, 2016 06:37 AM

    Hi All. I have a VAP for an SSID (test_ssid) which has a User Derivation rule within the AAA profile which says:

    set role condition essid equals test_ssid and go to a role that we've setup.

    However, when a user connects to this SSID, they are still getting the logon role - and not matching this rule and subsequently getting the role correct. What is particularly odd, is that under User Rules, it is showing a Hit, but the clients aren't following the role assigned.

    I've checked it against VAPs/AAA/User Derivation on the same site and it is exactly the same.

    This is a bridged VAP also.

    Any ideas or suggestions?



  • 2.  RE: User Rules not updating user role

    Posted Sep 23, 2016 07:11 AM

    i've been doing some user debugging - this only happens on the bridged. Tunnel is fine. From what I can see in the logs:

     

    Sep 23 12:09:33 :522260:  <DBUG> |authmgr|  "VDR - Cur VLAN updated cc:20:e8:ce:70:3b mob 0 inform 1 remote 1 wired 0 defvlan 254 exportedvlan 0 curvlan 254.
    Sep 23 12:09:33 :522096:  <DBUG> |authmgr|  cc:20:e8:ce:70:3b: Sending STM new Role ACL : 2, and Vlan info: 254, action : 10, AP IP: 192.168.0.170, flags : 0 idle-timeout: 300
    Sep 23 12:09:33 :522242:  <DBUG> |authmgr|  MAC=cc:20:e8:ce:70:3b Station Created Update MMS: BSSID=24:de:c6:51:a2:9a ESSID=Fareham_Test254_Aruba VLAN=254 AP-name=Fareham
    Sep 23 12:09:33 :522301:  <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0xf946df20db20000e mac cc:20:e8:ce:70:3b name  role logon devtype  wired 0 authtype 0 subtype 0  encrypt-type 9 conn-port 0 fwd-mode 1
    Sep 23 12:09:40 :522145:  <DBUG> |authmgr|  handle_rap_bridge_user(): Entered. MAC:cc:20:e8:ce:70:3b, IP:172.25.254.170, apName:Fareham action:2 acl:logon.
    Sep 23 12:09:40 :522287:  <DBUG> |authmgr|  Auth GSM : MAC_USER publish for mac cc:20:e8:ce:70:3b bssid 24:de:c6:51:a2:9a vlan 254 type 1 data-ready 0
    Sep 23 12:09:40 :522157:  <INFO> |authmgr|  Update wireless bridge-mode user: username= MAC=cc:20:e8:ce:70:3b IP=172.25.254.170 AP=Fareham aclnum=2.
    Sep 23 12:09:40 :522063:  <DBUG> |authmgr|  AP-Bridge-Wireless User: mac:cc:20:e8:ce:70:3b dot1x:0, keytype:9(static-wpa2-aes)
    Sep 23 12:09:40 :522158:  <DBUG> |authmgr|  Role Derivation for user N/A-cc:20:e8:ce:70:3b- N/A Set AAA profile defaults.
    Sep 23 12:09:40 :522158:  <DBUG> |authmgr|  Role Derivation for user N/A-cc:20:e8:ce:70:3b- logon Unknown role event.

     

    It's defaulting to logon. If i change the initial role.... it works fine. Just not following this Rule.



  • 3.  RE: User Rules not updating user role

    EMPLOYEE
    Posted Sep 23, 2016 08:00 AM
    What rule?