Dell PowerConnect W-Airwave Configuration Manual

Also see for PowerConnect W-Airwave: User guide User guide Manual Manual Quick start guide

Contents

AirWave Wireless Management Suite | Configuration Guide Aruba Configuration Reference | 149Security > Server GroupsServer Groups Page OverviewThe Server > Server Groups page displays all server groups currently configured, and the profiles andfolders that are used by each server group, to include the following:z AAAz Captive Portal Authz Management Authz Stateful 802.1X Authz TACACS Accountingz VPN Authz FolderThe list of servers in a server group is an ordered list. By default, the first server in the list is always usedunless it is unavailable, in which case the next server in the list is used. You can configure the order ofservers in the server group. In the WebUI, use the up or down arrows to order the servers (the top server isthe first server in the list). In the CLI, use the position parameter to specify the relative order of servers inthe list (the lowest value denotes the first server in the list).The first available server in the list is used for authentication. If the server responds with an authenticationfailure, there is no further processing for the user or client for which the authentication request failed. Youcan optionally enable fail-through authentication for the server group so that if the first server in the listreturns an authentication deny, the controller attempts authentication with the next server in the orderedlist. The controller attempts authentication with each server in the list until either there is a successfulauthentication or the list of servers in the group is exhausted. This feature is useful in environments wherethere are multiple, independent authentication servers; users may fail authentication on one server but canbe authenticated on another server.Before enabling fail-through authentication, note the following:z This feature is not supported for 802.1x authentication with a server group that consists of external EAPcompliant RADIUS servers. You can, however, use fail-through authentication when the 802.1xauthentication is terminated on the controller (AAA FastConnect).z Enabling this feature for a large server group list may cause excess processing load on the controller.Aruba recommends that you use server selection based on domain matching whenever possible.z Certain servers, such as the RSA RADIUS server, lock out the controller if there are multipleauthentication failures. Therefore you should not enable fail-through authentication with these servers.When fail-through authentication is enabled, users that fail authentication on the first server in the serverlist should be authenticated with the second server.Supported ServersArubaOS supports the following external authentication servers:z RADIUS (Remote Authentication Dial-In User Service)z LDAP (Lightweight Directory Access Protocol)z TACACS+ (Terminal Access Controller Access Control System)Additionally, you can use the controller’s internal database to authenticate users. You create entries in thedatabase for users and their passwords and default role.You can create groups of servers for specific types of authentication. For example, you can specify one ormore RADIUS servers to be used for 802.1x authentication. The list of servers in a server group is anordered list. This means that the first server in the list is always used unless it is unavailable, in which casethe next server in the list is used. You can configure servers of different types in one group — for example,you can include the internal database as a backup to a RADIUS server.Server names are unique. You can configure the same server in multiple server groups. You must configurethe server before you can add it to a server group.