User's Manual

240 | Authentication Servers Dell Networking W-Series ArubaOS 6.4.x| User Guide

You can configure multiple match rules for the same server. The controller compares the client/user

information with the match rules configured for each server, starting with the first server in the server group. If

a match is found, the controller sends the authentication request to the server with the matching rule. If no

match is found before the end of the server list is reached, an error is returned and no authentication request

for the client/user is sent.

For example, Figure 29 depicts a network consisting of several subdomains in corpnet.com. The server radius-1

provides 802.1x machine authentication to PC clients in xyz.corpnet.com, sales.corpnet.com, and

hq.corpnet.com. The server radius-2 provides authentication for users in abc.corpnet.com.

Figure 29 Domain-Based Server Selection Example

You configure the following rules for servers in the corp-serv server group:

l radius-1 is selected if the client information starts with “host.”

l radius-2 is selected if the client information contains “abc.corpnet.com.”

Using the WebUI

1. Navigate to the Configuration > Security > Authentication > Servers page.

2. Under the Servers tab, select Server Group to display the Server Group list.

3. Enter corp-serv for the new server group and click Add.

4. Under the Servers tab, select corp-serv to configure the server group.

5. Under Servers, click New to add the radius-1 server to the group. Select radius-1 from the drop-down list.

a. For Match Type, select Authstring.

b. For Operator, select starts-with.

c. For Match String, enter host/.

d. Click Add Rule >>.

e. Scroll to the right and click Add Server.

6. Under Servers, click New to add the radius-2 server to the group. Select radius-2 from the drop-down list.

a. For Match Type, select Authstring.

b. For Operator, select contains.

c. For Match String, enter abc.corpnet.com.