ArubaOS 8.6.0.0 Help Center
You are here: Home > Authentication Servers > Servers and Server Groups

Understanding Servers and Server Groups

Mobility Master supports the following external authentication servers:

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. 

LDAPLightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network.

TACACS+Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. 

Windows (For stateful NTLM authentication)

 

A maximum of 128 LDAPLightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network., RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. , and TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. servers, each can be configured on a managed device.

Additionally, you can use the internal database to authenticate users by creating entries for users, their passwords, and their default role.

You can create groups of servers for specific types of authentication. For example, you can specify one or more RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  servers to be used for 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication. The list of servers in a server group is an ordered list. This means that the first server in the list is always used unless it is unavailable, in which case the next server in the list is used. You can configure servers of different types in one group. For example, you can include the internal database as a backup to a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server.

Figure 1 represents a server group named “Radii” that consists of two RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  servers, Radius-1 and Radius-2. The server group is assigned to the server group for 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication.

Figure 1  Server Group

Click to view a larger size.

Server names are unique. You can configure the same server in multiple server groups. You must configure the server before you can add it to a server group.

 

If you use the internal database for user authentication, use the predefined “Internal” server group.

You can also include conditions for server-derived user roles or VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. in the server group configuration. The server derivation rules apply to all servers in the group.

/*]]>*/