Creating Non-Proxy Authentication AAA servers

A non-proxy AAA server is used when the APs connect to the external AAA server directly.

  1. Go to Services & Profiles > Authentication.
  2. Select the Non-Proxy (AP Authenticator) tab, and then select the zone for which you want to create the AAA server.
  3. Click Create.
    The Create AAA Server page appears.
    Figure 93  Creating an AAA Server


  4. Configure the following:
    1. General Options
      • Name: Type a name for the AAA server that you are creating.
      • Description: Type a short description of the AAA server.
      • Type: Select the type of AAA server that you are creating. Options include RADIUS, Active Directory and LDAP.
      • Backup RADIUS (appears if you clicked RADIUS above): Select the Enable Secondary Server check box if a secondary RADIUS server exists on the network.
      • Global Catalog (appears if you clicked Active Directory above): Select the Enable Global Catalog support if you the Active Directory server to provide a global list of all objects.
    2. Primary Server
      • If you selected RADIUS, configure the following options in the Primary Server section:
        • IP Address: Type the IP address of the AAA server. Both IPv4 and IPv6 addressing formats are supported.
        • Port: Type the port number of the AAA server. The default RADIUS server port number is 1812.
        • Shared Secret: Type the AAA shared secret.
        • Confirm Secret: Retype the shared secret to confirm.

        If you have enabled Backup RADIUS to the Secondary Sever, you must provide similar information as in the primary server.

      • If you selected Active Directory, configure the following options in the Primary Server section:
        • IP Address: Type the IPv4 address of the AD server.
        • Port: Type the port number of the AD server. The default port number (389) should not be changed unless you have configured the AD server to use a different port.
        • Windows Domain Name: Type the Windows domain name assigned to the AD server (for example, domain.ruckuswireless.com).
      • If you selected LDAP, configure the following options:
        • IP Address: Type the IPv4 address of the LDAP server.
        • Port: Type the port number of the LDAP server. Default is 389.
        • Base Domain Name: Type the base DN in LDAP format for all user accounts (for example, dc=ldap,dc=com).
        • Admin Domain Name: Type the admin DN in LDAP format (for example, cn=Admin;dc=<Your Domain>,dc=com).
        • Admin Password: Type the administrator password for the LDAP server.
        • Confirm Password: Retype the administrator password to confirm.
        • Key Attribute: Type a key attribute to denote users (for example, default: uid)
        • Search Filter: Type a search filter (for example, objectClass=Person).
  5. User Role Mapping
    1. Click Create, the Create User Traffic Profile Mapping form appears.
    2. Configure the following:
      • Type a Group Attribute Value.

      • Select a User Role from the drop-down list. Refer, Creating a User Role

    3. Click Add.
    The mapped user profile is listed.
  6. Click OK.

You have completed creating a Non-proxy AAA server.

NOTE
You can also edit, clone and delete an AAA server by selecting the options Configure, Clone and Delete respectively, from the Non-Proxy (AP Authenticator) tab.