Creating Proxy AAA Servers

A proxy AAA server is used when APs send authentication/accounting messages to the controller and the controller forwards these messages to an external AAA server.

  1. Go to Services & Profiles > Authentication.
  2. Select the Proxy (SZ Authenticator) tab, and then select the zone for which you want to create the AAA server.
  3. Click Create.
    The Create Authentication Service page appears.
    Figure 94  Creating an Authentication Service


  4. Configure the following:
    1. Name: Type a name for the authentication service that you are adding.
    2. Friendly Name: Type an alternative name that is easy to remember.
    3. Description: Type a description for the authentication service.
    4. Service Protocol: If you select
      • RADIUS, see the RADIUS Service Options section for more information.
      • Active Directory, configure the following:
        1. Global Catalog: Select the Enable Global Catalog support if you the Active Directory server to provide a global list of all objects.
        2. Primary Server:
          • Encryption: Select the Enable TLS Encryption check box if you want to use the Transport Layer Security (TLS) protocol to secure communication with the server.
            NOTE
            You must also configure the Trusted CA certificates to support TLS encryption.
        3. IP Address: Type the IPv4 address of the AD server.
        4. Port: Type the port number of the AD server. The default port number (389) should not be changed unless you have configured the AD server to use a different port.
        5. Windows Domain Name: Type the Windows domain name assigned to the AD server (for example, domain.ruckuswireless.com).
      • LDAP, configure the following:
        1. Select the Enable TLS Encryption check box if you want to use the Transport Layer Security (TLS) protocol to secure communication with the server.
          NOTE
          You must also configure the Trusted CA certificates to support TLS encryption.
        2. IP Address: Type the IPv4 address of the LDAP server.
        3. Port: Type the port number of the LDAP server.
        4. Base DN: Type the base DN in LDAP format for all user accounts (for example, dc=ldap,dc=com).
        5. Admin DN: Type the admin DN in LDAP format (for example, cn=Admin;dc=<Your Domain>,dc=com).
        6. Admin Password: Type the administrator password for the LDAP server.
        7. Confirm Password: Retype the administrator password to confirm.
        8. Key Attribute: Type a key attribute to denote users (for example, default: uid)
        9. Search Filter: Type a search filter (for example, objectClass=Person).
    5. Advanced Options - Domain name: Type the whitelisted domain name that you want to add.
    6. User Traffic Profile Mapping:
      1. Type a Group Attribute Value.
      2. Select a User Role from the drop-down list.
      3. Click Add.
      The mapped user profile is listed.
  5. Click OK.

You have completed creating a Proxy AAA server.

NOTE
You can also edit, clone and delete an AAA server by selecting the options Configure, Clone and Delete respectively, from the Proxy (SZ Authenticator) tab.
Parent topic: Authentication