In HPE Aruba Networking (AOS-CX and ArubaOS-Switch) platforms that support Group Based Policy (GBP), roles are assigned using Group Role IDs (GRIDs), which determine the level of trust and policy association for devices and endpoints within the network.
According to the ArubaOS-CX Group Based Policy Configuration Guide, the GBP role IDs are categorized as follows:
Default GBP role (ID = 0):This is the system default role assigned to any endpoint or user that has not been explicitly assigned a specific policy role. It typically allows limited or basic access as defined by default policies.
Infrastructure GBP role (ID = 2):This role is reserved for infrastructure devices such as gateways, controllers, or core switches. It ensures that infrastructure traffic (such as control-plane or management communication) is allowed regardless of user-level GBP restrictions.
User-defined GBP role (ID range = 100–8191):These are custom roles configured by administrators for specific groups of users, devices, or applications. Administrators can define unique security and QoS policies tied to these IDs.
Extract from HPE Aruba Documentation:
“The GBP role IDs 0–99 are reserved by the system. Role ID 0 represents the default group role. Role ID 2 is reserved for infrastructure communication. User-defined roles must be configured within the range 100–8191.”
This configuration ensures consistent and predictable policy behavior across multi-tier Aruba environments, maintaining separation between user, system, and infrastructure traffic classes.
[References:• HPE Aruba Networking AOS-CX Group Based Policy Configuration Guide — Section: GBP Role and Role ID Definitions.• HPE Aruba Certified Switching Professional (ACSP) Official Study Guide — Group Based Policy Roles and Role ID Allocation Table.• HPE ArubaOS-CX System Configuration Fundamentals — Policy and Security Roles Overview., , ]
Submit