Manualshelf

User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000
221222223224225226227228229230
Dell Networking W-Series ArubaOS 6.4.x| User Guide Authentication Servers | 225
Chapter 9
Authentication Servers
The ArubaOS software allows you to use an external authentication server or the controller internal user
database to authenticate clients who need to access the wireless network.
This chapter describes the following topics:
l Understanding Authentication Server Best Practices and Exceptions on page 225
l Understanding Servers and Server Groups on page 225
l Configuring Authentication Servers on page 226
l Managing the Internal Database on page 235
l Configuring Server Groups on page 238
l Assigning Server Groups on page 244
l Configuring Authentication Timers on page 248
l Authentication Server Load Balancing on page 249
Understanding Authentication Server Best Practices and
Exceptions
l For an external authentication server to process requests from the Dell controller, you must configure the
server to recognize the controller. Refer to the vendor documentation for information on configuring the
authentication server.
l Instructions on how to configure Microsoft’s IAS and Active Directory can be viewed at:
Microsofts IAS:
technet2.microsoft.com/windowsserver/en/technologies/ias.mspx
Active Directory:
microsoft.com/en-us/server-cloud/windows-server/active-directory.aspx
Understanding Servers and Server Groups
ArubaOS supports the following external authentication servers:
l RADIUS (Remote Authentication Dial-In User Service)
l LDAP (Lightweight Directory Access Protocol)
l TACACS+ (Terminal Access Controller Access Control System)
l Windows (For stateful NTLM authentication)
Starting from ArubaOS 6.4, a maximum of 128 LDAP, RADIUS, and TACACS servers, each can be configured on the
controller.
Additionally, you can use the controller’s internal database to authenticate users. You create entries in the
database for users, their passwords, and their default role.
You can create groups of servers for specific types of authentication. For example, you can specify one or more
RADIUS servers to be used for 802.1x authentication. The list of servers in a server group is an ordered list.
This means that the first server in the list is always used unless it is unavailable, in which case the next server in