You are here: Home > Configuring ArubaOS Features > Managed Devices > Configuring WAN Authentication Survivability

Configuring WAN Authentication Survivability

Enable WANWide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. survivability for managed devices on your network by navigating to the Configuration > Authentication> Advanced tab, then selecting the Survivability tab.

The survivability settings on this tab are described in Table 1.

 

For additional information on WANWide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. Authentication Survivability, including authentication workflows and supported client and authentication types see the WAN Authentication Survivability Overview.

Table 1: WAN Authentication Survivability for a Managed Device

Parameter

Description

Enable Auth-Survivability

This parameter controls whether to use the Survival Server when no other authentication servers in the server group are in-service.

This parameter also controls whether to store the user access credential in the Survival Server when it is authenticated by an external RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  or LDAPLightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. server in the server group. Authentication Survivability is enabled or disabled at each managed device. This parameter is disabled by default.

NOTE: Authentication Survivability will not activate if Authentication Server Dead Time is configured as 0. For more information on configuring Authentication Server Dead Time, see Configuring Authentication Timers.

Authentication Server Certificate

This parameter allows you to view the name of the server certificate used by the local Survival Server. The local Survival Server is provided with a default server certificate from ArubaOS. The customer server certificate must be imported into the managed device first, and then you can assign the server certificate to the local Survival Server.

Cache Lifetime (hrs)

This parameter specifies the lifetime in hours for the cached access credential in the local Survival Server. When the specified cache-lifetime expires, the cached access credential is deleted from the managed device.

Configured authentication servers are put into the out-of-service state when authentication requests time out. The managed device picks the next server from the server group when the previous server times out or fails.

When there are no more servers available from the server group, the local Survival Server processes the authentication request. When the client is authenticated with the local Survival Server, the previously stored Key Reply attributes are included in the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  response.

The Cache Lifetime range is from 1 to 168 hours. The default is 24 hours.

Certificate Type Select the certificate to be used for client authentication.
/*]]>*/