Wireless Access

last person joined: 14 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

role derivation

This thread has been viewed 7 times

  • 1.  role derivation

    Posted Feb 04, 2014 04:24 AM

    In the output of the "show aaa state user" there is an entry - "role-how: X" does anyone have a list of the possible numbers and what they map to?



  • 2.  RE: role derivation

    Posted Feb 04, 2014 04:33 AM
    I have notices its value 0 or 1 but don't know what does it stand for...
    Nice question to be asked, hope some expert will guide in it.


  • 3.  RE: role derivation
    Best Answer

    EMPLOYEE
    Posted Feb 04, 2014 04:51 AM

    The role-how and vlan-how represent how a user got his/her current VLAN and role.  They are not documented because they are meant to be used for debugging and not common use:

     


    Role-How
Code	 Description
0	 Default Logon Role
1	 Default for Authentication Type
2	 Derived from Server Rules
3	 Derived from User Rules
4	 Predefined Guest
5	 Inherited from Station
6	 Forced Role
7	 Aruba VSA
8	RFC 3576 Change of Authorization
9	 External Captive Portal
10	 Default from AAA Profile
11	 Assigned by ESI

Vlan-How
Code	 Description
1	 User Rule
2	 VLAN from Role
3	 Server Rule
4	 Aruba VSA
5	 MSFT Attributes
6	 VLAN from Derived Role

     



  • 4.  RE: role derivation

    Posted Feb 04, 2014 04:53 AM

    Thanks for the info - much appreciated.



  • 5.  RE: role derivation

    Posted Feb 04, 2014 05:06 AM
    Thanks CJ. Nice information.