Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200

261

262

263

264

265

266

267

268

269

270

c. For Match String, enter abc.corpnet.com.

d. Click Add Rule >>.

e. Scroll to the right and click Add Server.

The last server you added to the server group (radius-2) automatically appears as the first server in the list. In this

example, the order of servers is not important. If you need to reorder the server list, scroll to the right and click the

up or down arrow for the appropriate server.

7. Click Apply.

Using the CLI

(host)(config) #aaa server-group corp-serv

auth-server radius-1 match-authstring starts-with host/ position 1

auth-server radius-2 match-authstring contains abc.corpnet.com position 2

Configuring Match FQDN Option

You can also use the “match FQDN” option for a server match rule. With a match FQDN rule, the server is

selected if the <domain> portion of the user information in the formats <domain>\<user> or

<user>@<domain> matches a specified string exactly. Note the following caveats when using a match FQDN

rule:

l This rule does not support client information in the host/<pc-name>.<domain> format, so it is not useful

for 802.1x machine authentication.

l The match FQDN option performs matches on only the <domain> portion of the user information sent in

an authentication request. The match-authstring option (described previously) allows you to match all or a

portion of the user information sent in an authentication request.

Using the WebUI

1. Navigate to the Configuration > Security > Authentication > Servers page.

2. Under the Servers tab, select Server Group to display the Server Group list.

3. Enter corp-serv for the new server group and click Add.

4. Under the Servers tab, select corp-serv to configure the server group.

5. Under Servers, click New to add the radius-1 server to the group. Select radius-1 from the drop-down list.

a. For Match Type, select FQDN.

b. For Match String, enter corpnet.com.

c. Click Add Rule >>.

d. Scroll to the right and click Add Server.

6. Click Apply.

Using the CLI

(host)(config) #aaa server-group corp-serv

auth-server radius-1 match-fqdn corpnet.com

Trimming Domain Information from Requests

Before the controller forwards an authentication request to a specified server, it can truncate the domain-

specific portion of the user information. This is useful when user entries on the authenticating server do not

include domain information. You can specify this option with any server match rule. This option is only

applicable when the user information is sent to the controller in the following formats:

l <domain>\<user> : the <domain>\ portion is truncated

Dell Networking W-Series ArubaOS 6.4.x | User Guide Authentication Servers | 269