Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200
241242243244245246247248249250
Dell Networking W-Series ArubaOS 6.4.x| User Guide Authentication Servers | 249
Chapter 9
Authentication Servers
The ArubaOS software allows you to use an external authentication server or the controller internal user
database to authenticate clients who need to access the wireless network.
This chapter describes the following topics:
l Understanding Authentication Server Best Practices and Exceptions on page 249
l Understanding Servers and Server Groups on page 249
l Configuring Authentication Servers on page 250
l Managing the Internal Database on page 263
l Configuring Server Groups on page 266
l Assigning Server Groups on page 272
l Configuring Authentication Timers on page 276
l Authentication Server Load Balancing on page 278
Understanding Authentication Server Best Practices and
Exceptions
l For an external authentication server to process requests from the Dell controller, you must configure the
server to recognize the controller. Refer to the vendor documentation for information on configuring the
authentication server.
l To configure Microsoft’s IAS and Active Directory see the following links:
n technet2.microsoft.com/windowsserver/en/technologies/ias.mspx
n microsoft.com/en-us/server-cloud/windows-server/active-directory.aspx
Understanding Servers and Server Groups
ArubaOS supports the following external authentication servers:
l RADIUS (Remote Authentication Dial-In User Service)
l LDAP (Lightweight Directory Access Protocol)
l TACACS+ (Terminal Access Controller Access Control System)
l Windows (For stateful NTLM authentication)
Starting from ArubaOS 6.4, a maximum of 128 LDAP, RADIUS, and TACACS servers, each can be configured on the
controller.
Additionally, you can use the controller’s internal database to authenticate users. You create entries in the
database for users, their passwords, and their default role.
You can create groups of servers for specific types of authentication. For example, you can specify one or more
RADIUS servers to be used for 802.1x authentication. The list of servers in a server group is an ordered list.
This means that the first server in the list is always used unless it is unavailable, in which case the next server in
the list is used. You can configure servers of different types in one group. For example, you can include the
internal database as a backup to a RADIUS server.