Reference Guide

ManualsBrandsDell ManualsAccess PlatformsW-3400

76 | aaa server-group Dell PowerConnect W-Series ArubaOS 6.1 CLI | Reference Guide

Usage Guidelines

You create a server group for a specific type of authentication or for accounting. The list of servers in a server

group is an ordered list, which means that the first server in the group is always used unless it is unavailable (in

which case, the next server in the list is used). You can configure servers of different types in a server group, for

example, you can include the internal database as a backup to a RADIUS server. You can add the same server to

multiple server groups. There is a predefined server group “internal” that contains the internal database.

Example

The following command configures a server group “corp-servers” with a RADIUS server as the main

authentication server and the internal database as the backup. The command also sets the client’s user role to the

value of the returned “Class” attribute.

aaa server-group corp-servers

auth-server radius1 position 1

auth-server internal position 2

set role condition Class value-of

Command History

This command was introduced in ArubaOS 3.0.

trim-fqdn This option causes the user information in an authentication request to

be edited before the request is sent to the server. Specifically, this

option:

removes the <domain>\ portion for user information in the

<domain>\<user> format

removes the @<domain> portion for user information in the

<user>@<domain> format

—

clone Name of an existing server group from which parameter values are

copied.

—

no Negates any configured parameter. —

set role|vlan Assigns the client a user role, VLAN ID or VLAN name based on

attributes returned for the client by the authentication server. Rules are

ordered: the first rule that matches the configured condition is applied.

VLAN IDs and VLAN names cannot be listed together.

—

condition Attribute returned by the authentication server. —

contains The rule is applied if and only if the attribute value contains the

specified string.

—

ends-with The rule is applied if and only if the attribute value ends with the

specified string.

—

equals The rule is applied if and only if the attribute value equals the specified

string.

—

not-equals The rule is applied if and only if the attribute value is not equal to the

specified string.

—

starts-with The rule is applied if and only if the attribute value begins with the

specified string.

—

set-value User role or VLAN applied to the client when the rule is matched. —

value-of Sets the user role or VLAN to the value of the attribute returned. The

user role or VLAN ID returned as the value of the attribute must already

be configured on the controller when the rule is applied.

—

Parameter Description Default