Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-3200
271272273274275276277278279280
RADIUS TACACS+ LDAP Internal Database
User authentication Yes Yes Yes Yes
Management authentication Yes Yes Yes Yes
Accounting Yes Yes No No
Table 51: Server Types and Purposes
User Authentication
For information about assigning a server group for user authentication, refer to the Roles and Policies chapter
of the Dell Networking W-Series ArubaOS User Guide.
Management Authentication
Users who need to access the controller to monitor, manage, or configure the Dell user-centric network can be
authenticated with RADIUS, TACACS+, or LDAP servers or the internal database.
Only user record attributes are returned upon successful authentication. Therefore, to derive a
management role other than the default mgmt auth role, set the server derivation rule based on the user
attributes.
Using the WebUI
1. Navigate to the Configuration > Management > Administration page.
2. Under the Management Authentication Servers section, select the following:
l Enable checkbox
l Server Group
3. Click Apply.
Using the CLI
(host)(config) #aaa authentication mgmt
server-group <group>
enable
Accounting
You can configure accounting for RADIUS and TACACS+ server groups.
RADIUS or TACACS+ accounting is only supported when RADIUS or TACACS+ is used for authentication.
RADIUS Accounting
RADIUS accounting allows user activity and statistics to be reported from the controller to RADIUS servers:
1. The controller generates an Accounting Start packet when a user logs in. The code field of transmitted
RADIUS packet is set to 4 (Accounting-Request). Note that sensitive information, such as user passwords,
are not sent to the accounting server. The RADIUS server sends an acknowledgement of the packet.
Dell Networking W-Series ArubaOS 6.4.x | User Guide Authentication Servers | 273