#switch settings (tested on switch type JL258A (2930f) )
-----------------------------------

#a role with only tagged vlan's and port-mode
aaa authorization user-role name "role1"
vlan-id-tagged 10,11,12
device
port-mode
exit
exit

#a role with an untagged vlan and a tagged one
aaa authorization user-role name "role2"
vlan-id 10
vlan-id-tagged 11
exit

#a untrusted role should also be assigned
aaa authorization user-role name "untrusted"
vlan-id 99
exit

aaa authorization user-role initial-role "untrusted"


#Radius Server settings
-------------------------------------------
make sure that the radius server sends back an "accept" and the following attribute:
Radius:Hewplett-Packard-Enterprise HPE-User-Role = <user-role-name>



#hints
---------------------------------------------
- commands: show user-role <user-role-name>
- multiple tagged vlans > supported since ArubaOS 16.08
- multiple vlan tagged name is not supported
- Maximum tagged VLANs that can be associated with a user role is 256. (tested with version: WC.16.10.0010)
- debug on switch: debug security port-access mac-based
- cool video from Herman Robers: https://www.youtube.com/watch?v=0RHGyWFNxjI&feature=youtu.be

computer2know :: thank you for your visit :: have a nice day :: © 2022