Creating Non-Proxy Authentication AAA servers
A non-proxy AAA server is used when the APs connect to the external AAA server directly.
- Go to Services & Profiles > Authentication.
- Select the Non-Proxy (AP Authenticator) tab, and then select the zone for which you want to create the AAA server.
-
Click
Create.
The Create AAA Server page appears.Figure 93 Creating an AAA Server
-
Configure the following:
- General Options
- Name: Type a name for the AAA server that you are creating.
- Description: Type a short description of the AAA server.
- Type: Select the type of AAA server that you are creating. Options include RADIUS, Active Directory and LDAP.
- Backup RADIUS (appears if you clicked RADIUS above): Select the Enable Secondary Server check box if a secondary RADIUS server exists on the network.
- Global Catalog (appears if you clicked Active Directory above): Select the Enable Global Catalog support if you the Active Directory server to provide a global list of all objects.
- Primary Server
- If you selected RADIUS, configure the following options in the Primary Server section:
- IP Address: Type the IP address of the AAA server. Both IPv4 and IPv6 addressing formats are supported.
- Port: Type the port number of the AAA server. The default RADIUS server port number is 1812.
- Shared Secret: Type the AAA shared secret.
- Confirm Secret: Retype the shared secret to confirm.
If you have enabled Backup RADIUS to the Secondary Sever, you must provide similar information as in the primary server.
- If you selected Active Directory, configure the following options in the Primary Server section:
- IP Address: Type the IPv4 address of the AD server.
- Port: Type the port number of the AD server. The default port number (389) should not be changed unless you have configured the AD server to use a different port.
- Windows Domain Name: Type the Windows domain name assigned to the AD server (for example, domain.ruckuswireless.com).
- If you selected LDAP, configure the following options:
- IP Address: Type the IPv4 address of the LDAP server.
- Port: Type the port number of the LDAP server. Default is 389.
- Base Domain Name: Type the base DN in LDAP format for all user accounts (for example, dc=ldap,dc=com).
- Admin Domain Name: Type the admin DN in LDAP format (for example, cn=Admin;dc=<Your Domain>,dc=com).
- Admin Password: Type the administrator password for the LDAP server.
- Confirm Password: Retype the administrator password to confirm.
- Key Attribute: Type a key attribute to denote users (for example, default: uid)
- Search Filter: Type a search filter (for example, objectClass=Person).
- If you selected RADIUS, configure the following options in the Primary Server section:
- General Options
-
User Role Mapping
- Click Create, the Create User Traffic Profile Mapping form appears.
-
Configure the following:
-
Type a Group Attribute Value.
-
Select a User Role from the drop-down list. Refer, Creating a User Role
-
- Click Add.
- Click OK.
You have completed creating a Non-proxy AAA server.
NOTE
You can also edit, clone and delete an AAA server by selecting the options
Configure,
Clone and
Delete respectively, from the
Non-Proxy (AP Authenticator) tab.
Parent topic: Authentication