Configuring RADIUS Server Settings on AOS-S Switches

Aruba Central allows you to configure RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  (Remote Authentication Dial-In User Service) server settings on switches.

To configure a RADIUS server, complete the following steps:

  1. In the Aruba Central app, select one of the following options:
    • To select a switch group in the filter:
      1. Set the filter to a group containing at least one switch.
        The dashboard context for the group is displayed.
      2. Under Manage, click Devices > Switches.
      3. Click the AOS-S or Config icon to view the switch configuration dashboard.
    • To select a switch in the filter:
      1. Set the filter to Global or a group containing at least one switch.
      2. Under Manage, click Devices > Switches.
        A list of switches is displayed in the List view.
      3. Click a switch under Device Name.
        The dashboard context for the switch is displayed.
      4. Under Manage, click Device.
        The tabs to configure the switch is displayed.
  2. Click Security >Authentication Servers> RADIUS Settings. The RADIUS server settings accordion is displayed.
  3. Click + to add a RADIUS server. The Add RADIUS Server window is displayed.
  4. Configure the following parameters.

    Table 1: RADIUS Parameters




    Dynamic Authorization

    Indicates whether the dynamic authorization Dynamic authorization refers to the ability to make changes to a visitor account’s session while it is in progress. This might include disconnecting a session or updating some aspect of the authorization for the session. is enabled.

    When enabled, the RADIUS server can dynamically terminate or change the authorization parameters used in an active client session on the switch.

    Toggle switch to the on or off position

    ClearPass Server

    Indicates whether the ClearPass ClearPass is an access management system for creating and enforcing policies across a network to all devices and applications. The ClearPass integrated platform includes applications such as Policy Manager, Guest, Onboard, OnGuard, Insight, Profile, QuickConnect, and so on. server is enabled on the RADIUS server.

    Toggle switch to the on or off position

    Server IP

    The IP address of the RADIUS server.



    The destination port for authentication requests to the specified RADIUS server.

    Default: 1812

    Shared Key

    The encryption key for use during authentication sessions with the specified RADIUS server.

    You can enter up to a maximum of 32 characters including alphabets, numbers, and special characters.

    Confirm Shared Key

    Retype the shared key.


    Time Window

    Select Positive or Plus Minus from the drop-down menu.

    Default value is Positive.

    Window Size (Seconds)

    Enter the time in seconds.

    Default value is 300 seconds.

  5. Click Save.

Editing a RADIUS Server Settings

To edit a RADIUS server, point to the row and click the edit icon.

If you have only one RADIUS server with ClearPass enabled and Downloadable User Role is enabled, then you cannot disable ClearPass server for the RADIUS server.

Deleting a RADIUS Server Settings

To delete a RADIUS server, point to the row and click the delete icon.

If the Downloadable User Role option is enabled, then at least one RADIUS server must be configured with ClearPass server. Hence, you cannot delete the last RADIUS server on which ClearPass server is enabled.