Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
RADIUS Proxy Service
Configure the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. request that needs to be proxied to another RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server (that is, a proxy target). There are no default rules associated with this service type. You can add rules to handle any type of standard or vendor-specific RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. attributes. Typically, proxying is based on the realm or the domain of the user who is trying to access the network.
service for any kind ofTo configure a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Proxy service:
1. Navigate to > , then click the link.
The
page opens.2. From the tab, select from the drop down.
The
service configuration dialog opens:Figure 1 RADIUS Proxy Service Configuration Dialog
3. Specify the tab parameters as described in the following table:
Parameter |
Action/Description |
Type |
|
Name |
Enter the name of the service. |
Description |
Optionally, provide additional information that helps to identify the service. |
Monitor Mode |
Select this check box to monitor network access activity without enforcement. |
More Options |
Check these boxes to access the additional configuration tabs: Authorization Audit End-hosts Profile Endpoints |
|
|
Matches |
Select the match condition for this service: Matches ANY Matches ALL of the following conditions |
Type |
Select to select the service rule type. |
Name |
Select the name of the service rule from the drop-down list. |
Operator |
Select an appropriate operator from the list of operators for the data type of the attribute. |
Value |
Enter the value or select the value from the drop-down list. The value list depends on the and selected. |
4. Click .
Roles Tab
Use the
tab to associate a role-mapping policy with this service.Figure 2 RADIUS Proxy Roles Configuration Dialog
1. Specify the tab parameters as described in the following table:
Parameter |
Action/Description |
Role Mapping Policy |
Select a role mapping policy from the drop-down list. Policy Manager ships a number of preconfigured roles. A service can be configured without a role-mapping policy, but only one role-mapping policy can be configured for each service. For information on configuring role-mapping policies, see Configuring a Role and Role-Mapping Policy. |
|
|
Description |
When you select a Role Mapping Policy, Policy Manager populates the Description field. |
Default Role |
When you select a Role Mapping Policy, Policy Manager populates the Default Role field. The Default Roleis the role to which Policy Manager defaults when the role-mapping policy does not produce a match. |
Rules Evaluation Algorithm |
Shows the first matched rule. |
2. Click .
Proxy Targets Tab
In Policy Manager, a proxy target represents a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server (Policy Manager or a third party) that is the target of a proxied RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. request.
For example, when a branch office employee visits a main office and logs into the network, Policy Manager assigns the request to the first service in priority order that contains a service rule for RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. proxy services and appends the domain to the username.
Figure 3 Proxy Targets Configuration Dialog
1. Specify the parameters as described in the following table:
Parameter |
Action/Description |
Proxying Scheme |
Select one of the following proxying schemes: Load Balance: When you select , requests can be dispatched to the proxy targets randomly and load balanced. Failover: In mode, requests can be dispatched to the first proxy target in the ordered list of targets and subsequently to the other proxy targets if the prior requests failed. |
Proxy Targets |
From the drop down, select one or more proxy targets. |
|
|
Type |
Select . |
Name |
Select . |
Accounting Requests |
Note the configuration below when working with Policy Manager or a proxy target that sends back a Class attribute in Access-Accept. This is required for the Accounting Proxy to work properly. The Policy Manager Proxy/Proxy server should be configured to remove those Class attributes. To do so, select the check box and select the attribute from the drop-down. |
2. Click .
The
tab opens.Enforcement Tab
Use this tab to select an enforcement policy for a service.
Figure 4 Enforcement Configuration Dialog
1. Specify the parameters as described in the following table:
Parameter |
Action/Description |
Use Cached Results |
Select this check box to use cached roles and posture attributes from previous sessions. |
Enforcement Policy |
Select the preconfigured enforcement policy from the drop-down list. This is mandatory. If you do not have any preconfigured enforcement policies, click to create a new enforcement policy. |
|
|
Description |
Displays additional information about the selected enforcement policy. |
Default Profile |
Displays a default profile applied by Policy ManagerPolicy Manager. |
Rules Evaluation Algorithm |
Shows the first matched rule. |
2. Click .