Filter
Top Products
179 | AuthenticationServers DellPowerConnectW-SeriesArubaOS6.2 | User Guide
Using the WebUI
1. Navigate to the Configuration > Security > Authentication > Servers page.
2. Select LDAP Server to display the LDAP Server List.
3. Enter ldap-1 for the server name and click Add.
4. Enter ldap-2 for the server name and click Add.
5. Under the Servers tab, select ldap-1 to configure server parameters. Enter the IP address for the server. Select the
Mode checkbox to activate the authentication server. Click Apply.
6. Repeat step 5 on page 179 to configure ldap-2.
7. Display the Server Group list: Under the Servers tab, select Server Group.
8. Enter corp-serv as the new server group and click Add.
9. Select corp-serv, under the Server tab, to configure the server group.
10. Select Fail Through.
11. Under Servers, click New to add a server to the group. Select ldap-1 from the drop-down menu and click Add
Server.
12. Repeat step 11 on page 179 to add ldap-2 to the group.
13. Click Apply.
Using the CLI
(host)(config) #aaa authentication-server ldap ldap-1
host 10.1.1.234
(host)(config) #aaa authentication-server ldap ldap-2
host 10.2.2.234
(host)(config) #aaa server-group corp-serv
auth-server ldap-1 position 1
auth-server ldap-2 position 2
allow-fail-through
Configuring Dynamic Server Selection
The controller can dynamically select an authentication server from a server group based on the user information sent
by the client in an authentication request. For example, an authentication request can include client or user
information in one of the following formats:
l <domain>\<user> — for example, corpnet.com\darwin
l <user>@<domain> — for example, darwin@corpnet.com
l host/<pc-name>.<domain> — for example, host/darwin-g.finance.corpnet.com (this format is used with 802.1x
machine authentication in Windows environments)
When you configure a server in a server group, you can optionally associate the server with one or more match rules.
A match rule for a server can be one of the following:
l The server is selected if the client/user information
contains
a specified string.
l The server is selected if the client/user information
begins
with a specified string.
l The server is selected if the client/user information
exactly
matches a specified string.
You can configure multiple match rules for the same server. The controller compares the client/user information with
the match rules configured for each server, starting with the first server in the server group. If a match is found, the
controller sends the authentication request to the server with the matching rule. If no match is found before the end
of the server list is reached, an error is returned and no authentication request for the client/user is sent.