Reference Guide

ManualsBrandsDell ManualsTVs & monitorsW-620

74 | aaa profile Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide

Parameter Description Default

dot1x-server-group <group>

Name of the server group used for 802.1X authentication.

See "aaa server-group" on page 82.

—

enforce-dhcp

When you enable this option, clients must complete a

DHCP exchange to obtain an IP address. Best practices

are to enable this option, when you use the aaa derivation-

rules command to create a rule with the DHCP-Option rule

type. This parameter is disabled by default.

disabled

initial-role <role>

Role for unauthenticated users. logon

l2-auth-fail-through

To select different authentication method if one fails disabled

mac-default-role <role>

Configured role assigned to the user when the device is

MAC authenticated. If derivation rules are present, the role

assigned to the client through these rules take precedence

over the default role.

NOTE: This parameter requires the PEFNG license.

guest

mac-server-group group

Name of the server group used for MAC authentication.

See "aaa server-group" on page 82.

—

Negates any configured parameter. —

radius-accounting <group>

Name of the server group used for RADIUS accounting.

See "aaa server-group" on page 82.

—

radius-interim-accounting

By default, the RADIUS accounting feature sends only start

and stop messages to the RADIUS accounting server. Issue

the interim-radius-accounting command to allow the

controller to send Interim-Update messages with current

user statistics to the server at regular intervals.

disabled

rfc-3576-server <ip-addr>

IP address of a RADIUS server that can send user

disconnect and change-of-authorization messages, as

described in RFC 3576, “Dynamic Authorization Extensions

to Remote Dial In User Service (RADIUS)”. See "aaa rfc-

3576-server" on page 80.

NOTE: This parameter requires the PEFNG license.

—

sip-authentication-role <role>

Configured role assigned to a session initiation protocol

(SIP) client upon registration.

NOTE: This parameter requires the PEFNG license.

guest

user-derivation-rules <profile>

User attribute profile from which the user role or VLAN is

derived.

—

wired-to-wireless-roam

Keeps user authenticated when roaming from the wired

side of the network.

enabled

xml-api-server <ip-addr>

IP address of a configured XML API server. See "aaa xml-

api" on page 98.

NOTE: This parameter requires the PEFNG license.

—

Usage Guidelines

The AAA profile defines the user role for unauthenticated users, the default user role for MAC or 802.1X

authentication, and user derivation rules. The AAA profile contains the authentication profile and authentication