Filter
Top Products
4. Select the name to configure the server group.
5. Under Servers, click Edit for a configured server or click New to add a server to the group.
l If editing a configured server, select Trim FQDN, scroll right, and click Update Server.
l If adding a new server, select a server from the drop-down menu, then select Trim FQDN, scroll right, and
click Add Server.
6. Click Apply.
Using the CLI
(host)(config) #aaa server-group corp-serv
auth-server radius-2 match-authstring contains abc.corpnet.com trim-fqdn
Configuring Server-Derivation Rules
When you configure a server group, you can set the VLAN or role for clients based on attributes returned for the
client by the server during authentication. The server derivation rules apply to all servers in the group. The user role
or VLAN assigned through server derivation rules takes precedence over the default role and VLAN configured for the
authentication method.
NOTE: The authentication servers must be configured to return the attributes for the clients during authentication. For instructions on
configuring the authentication attributes in a Windows environment using IAS, refer to the documentation at
http://technet2.microsoft.com/windowsserver/en/technologies/ias.mspx.
The server rules are applied based on the first match principle. The first rule that is applicable for the server and the
attribute returned is applied to the client and would be the only rule applied from the server rules. These rules are
applied uniformly across all servers in the server group.
Table 55 describes the server rule parameters you can configure.
Parameter Description
Role or VLAN The server derivation rules can be for either user role or VLAN assignment. With Role
assignment, a client can be assigned a specific role based on the attributes returned. In
case of VLAN assignment, the client can be placed in a specific VLAN based on the
attributes returned.
Attribute This is the attribute returned by the authentication server that is examined for
Operation
and
Operand
match.
Operation This is the match method by which the string in
Operand
is matched with the attribute value
returned by the authentication server.
l contains – The rule is applied if and only if the attribute value contains the string in
parameter
Operand.
l starts-with – The rule is applied if and only if the attribute value returned starts with the
string in parameter
Operand.
l ends-with – The rule is applied if and only if the attribute value returned ends with the
string in parameter
Operand.
l equals – The rule is applied if and only if the attribute value returned equals the string
in parameter
Operand.
l not-equals – The rule is applied if and only if the attribute value returned is not equal to
the string in parameter
Operand.
l value-of – This is a special condition. What this implies is that the role or VLAN is set to
the value of the attribute returned. For this to be successful, the role and the VLAN ID
Table 55:
Server Rule Configuration Parameters
DellPowerConnectW-SeriesArubaOS6.2 | User Guide Authentication Servers | 182