Configuring RADIUS Server Settings on AOS-S Switches

Aruba Central On-Premises allows you to configure RADIUS Remote Authentication Dial-In User Service is a networking protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service (Remote Authentication Dial-In User Service) server settings on switches.

To configure a RADIUS server, complete the following steps:

  1. In the Aruba Central On-Premises app Short form for application. It generally refers to the application that is downloaded and used on mobile devices. , select one of the following options:
    • To select a switch group in the filter, complete the following steps:
      1. Set the filter to a group containing at least one switch.

        The dashboard context for the group is displayed.

      2. Under Manage, click Devices > Switches.
      3. Click the AOS-S or Config icon to view the switch configuration dashboard.
    • To select a switch in the filter, complete the following steps:
      1. Set the filter to Global or a group containing at least one switch.
      2. Under Manage, click Devices > Switches.

        A list of switches is displayed in the List view.

      3. Click a switch under Device Name.

        The dashboard context for the switch is displayed.

      4. Under Manage, click Device.

        The tabs to configure the switch is displayed.

  2. Click Security >Authentication Servers> RADIUS Settings. The RADIUS server settings accordion is displayed.
  3. Click + to add a RADIUS server.

    The Add RADIUS Server pop-up window is displayed.

  4. Configure the following parameters.

    Table 1: RADIUS Parameters

    Name

    Description

    Value

    Dynamic Authorization

    Indicates whether the dynamic authorization is enabled.

    When enabled, the RADIUS server can dynamically terminate or change the authorization parameters used in an active client session on the switch.

    Toggle switch to the on or off position

    ClearPass Server

    Indicates whether the ClearPass server is enabled on the RADIUS server.

    Toggle switch to the on or off position

    Server IP

    The IP address of the RADIUS server.

     

    Port

    The destination port for authentication requests to the specified RADIUS server.

    Default: 1812

    Shared Key

    The encryption key for use during authentication sessions with the specified RADIUS server.

    You can enter up to a maximum of 32 characters including alphabets, numbers, and special characters.

    Confirm Shared Key

    Retype the shared key.

     

    Time Window

    Select Positive or Plus Minus from the drop-down menu.

    Default value is Positive.

    Window Size (Seconds)

    Enter the time in seconds.

    Default value is 300 seconds.

  5. Click Save.

Editing a RADIUS Server Settings

To edit a RADIUS server, point to the row and click the edit icon.

If you have only one RADIUS server with ClearPass enabled and Downloadable User Role is enabled, then you cannot disable ClearPass server for the RADIUS server.

Deleting a RADIUS Server Settings

To delete a RADIUS server, point to the row and click the delete icon.

If the Downloadable User Role option is enabled, then at least one RADIUS server must be configured with ClearPass server. Hence, you cannot delete the last RADIUS server on which ClearPass server is enabled.