Wireless Access

 View Only

  • 1.  Wired clients in logon role

    Posted Aug 18, 2020 04:57 AM

    New deployment of ArubaOS 8.6.x on 7010 Controller with VMM.

     

    Interfaces are trusted, but connected client gets logon role and cannot pass traffic. Is there an AAA Wired setting and where to apply it?



  • 2.  RE: Wired clients in logon role

    Posted Aug 18, 2020 06:19 AM

    In a typical setup you simply trust your wired interfaces and vlans. 

     

    If you see wired clients entering your user-table, check again if you trust both your interface and vlans. 'Show run' should look like this:

    interface gigabitethernet 0/0/0
trusted
trusted vlan 1-4094

     



  • 3.  RE: Wired clients in logon role

    Posted Aug 18, 2020 06:24 AM

    How is the user-role "logon" derived? What is the default-role in your aaa profile?

     

    MC Level # show user mac ##:##:##:##:##:##



  • 4.  RE: Wired clients in logon role

    Posted Aug 18, 2020 06:30 AM

    This is frommy running-config:

     

    interface gigabitethernet 0/0/0
description "GE0/0/0"
trusted
trusted vlan 301
ip access-group vlan 301 session "allowall"
switchport access vlan 301
!

    But wired clients still show "logon" as role in "show user-table"



  • 5.  RE: Wired clients in logon role

    Posted Aug 18, 2020 07:44 AM

    Why are you applying a session ACL to an interface?



  • 6.  RE: Wired clients in logon role

    Posted Aug 26, 2020 03:56 AM

    Just a wild stab at making it work.

    But what did work was to change the default AAA profile's initial role from logon to authenticated. But is that how it is supposed to be? I'd like to keep the default AAA default and then create a separate AAA profile for wired ports on the controller, but where do I apply it?



Related Content