Commands to configure VLAN ID in user role

Local user roles allow user-based policy configuration local to an Aruba switch. Within the user role configuration, use the tunneled-node-server-redirect command to tunnel traffic to a Mobility Controller. When this command is processed, the tunnel is formed and applied to the secondary role (user role) that exists on the Mobility Controller.

switch(user-role)# vlan-id
Usage: no vlan-id <VLAN_ID>

Description: Set the untagged VLAN that users will be assigned to.
switch(user-role)$ tunneled-node-server-redirect
Usage: no tunneled-node-server-redirect [secondary-role <ROLE_NAME>]

Description: Configures traffic redirect to user-based tunnel. Secondary role is the new user role that 
will be applied to the tunneled traffic by the controller.
IMPORTANT:
  • The authenticated secondary-role specified with the redirect attribute should be configured and present on the Aruba Mobility Controller.

  • VLAN change for a current User-Based Tunneled client should be done by changing a user role with a new untagged VLAN and doing a port bounce (to refresh client IP).