Commands to configure VLAN ID in user role
Local user roles allow user-based policy configuration local to an Aruba switch. Within the user role configuration, use the
tunneled-node-server-redirect
command to tunnel traffic to a Mobility Controller. When this command is processed, the tunnel is formed and applied to the secondary role (user role) that exists on the Mobility Controller.
switch(user-role)# vlan-id Usage: no vlan-id <VLAN_ID> Description: Set the untagged VLAN that users will be assigned to.
switch(user-role)$ tunneled-node-server-redirect Usage: no tunneled-node-server-redirect [secondary-role <ROLE_NAME>] Description: Configures traffic redirect to user-based tunnel. Secondary role is the new user role that will be applied to the tunneled traffic by the controller.
IMPORTANT:
The authenticated secondary-role specified with the redirect attribute should be configured and present on the Aruba Mobility Controller.
VLAN change for a current User-Based Tunneled client should be done by changing a user role with a new untagged VLAN and doing a port bounce (to refresh client IP).