User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

231

232

233

234

235

236

237

238

239

240

In the following example, you create a server group "corp-serv" with two LDAP servers (ldap-1 and ldap-2), each

of which contains a subset of the usernames and passwords used in the network. When you enable fail-

through authentication, users that fail authentication on the first server in the server list will be authenticated

with the second server.

Using the WebUI

1. Navigate to the Configuration > Security > Authentication > Servers page.

2. Select LDAP Server to display the LDAP Server List.

3. Enter ldap-1 for the server name and click Add.

4. Enter ldap-2 for the server name and click Add.

5. Under the Servers tab, select ldap-1 to configure server parameters. Enter the IP address for the server.

Select the Mode checkbox to activate the authentication server. Click Apply.

6. Repeat step 5 on page 239 to configure ldap-2.

7. Display the Server Group list: Under the Servers tab, select Server Group.

8. Enter corp-serv as the new server group and click Add.

9. Select corp-serv, under the Server tab, to configure the server group.

10.Select Fail Through.

11.Under Servers, click New to add a server to the group. Select ldap-1 from the drop-down list and click Add

Server.

12.Repeat step 11 on page 239 to add ldap-2 to the group.

13.Click Apply.

Using the CLI

(host)(config) #aaa authentication-server ldap ldap-1

host 10.1.1.234

(host)(config) #aaa authentication-server ldap ldap-2

host 10.2.2.234

(host)(config) #aaa server-group corp-serv

auth-server ldap-1 position 1

auth-server ldap-2 position 2

allow-fail-through

Configuring Dynamic Server Selection

The controller can dynamically select an authentication server from a server group based on the user

information sent by the client in an authentication request. For example, an authentication request can include

client or user information in one of the following formats:

l <domain>\<user> : for example, corpnet.com\darwin

l <user>@<domain> : for example, darwin@corpnet.com

l host/<pc-name>.<domain> : for example, host/darwin-g.finance.corpnet.com (this format is used with

802.1x machine authentication in Windows environments)

When you configure a server in a server group, you can optionally associate the server with one or more match

rules. A match rule for a server can be one of the following:

l The server is selected if the client/user information contains a specified string.

l The server is selected if the client/user information begins with a specified string.

l The server is selected if the client/user information exactly matches a specified string.

Dell Networking W-Series ArubaOS 6.4.x | User Guide Authentication Servers | 239