Users Guide

268 | Authentication Servers Dell Networking W-Series ArubaOS 6.4.x| User Guide

l The server is selected if the client/user information exactly matches a specified string.

You can configure multiple match rules for the same server. The controller compares the client/user

information with the match rules configured for each server, starting with the first server in the server group. If

a match is found, the controller sends the authentication request to the server with the matching rule. If no

match is found before the end of the server list is reached, an error is returned, and no authentication request

for the client/user is sent.

Figure 42 depicts a network consisting of several subdomains in corpnet.com. The server radius-1 provides

802.1x machine authentication to PC clients in xyz.corpnet.com, sales.corpnet.com, and hq.corpnet.com. The

server radius-2 provides authentication for users in abc.corpnet.com.

Figure 42 Domain-Based Server Selection Example

You configure the following rules for servers in the corp-serv server group:

l radius-1 is selected if the client information starts with “host.”

l radius-2 is selected if the client information contains “abc.corpnet.com.”

Using the WebUI

1. Navigate to the Configuration > Security > Authentication > Servers page.

2. Under the Servers tab, select Server Group to display the Server Group list.

3. Enter corp-serv for the new server group and click Add.

4. Under the Servers tab, select corp-serv to configure the server group.

5. Under Servers, click New to add the radius-1 server to the group. Select radius-1 from the drop-down list.

a. For Match Type, select Authstring.

b. For Operator, select starts-with.

c. For Match String, enter host/.

d. Click Add Rule >>.

e. Scroll to the right and click Add Server.

6. Under Servers, click New to add the radius-2 server to the group. Select radius-2 from the drop-down list.

a. For Match Type, select Authstring.

b. For Operator, select contains.