203| Authentication Servers AOS-W 6.5.3.x| User Guide
Using the WebUI
1. Navigate to the Configuration > Security > Authentication > Servers page.
2. Select Server Group to display the Server Group list.
3. Enter the name of the new server group and click Add.
4. Select the name to configure the server group.
5. Under Servers, click Edit for a configured server or click New to add a server to the group.
n If editing a configured server, select Trim FQDN, scroll right, and click Update Server.
n If adding a new server, select a server from the drop-down list, then select Trim FQDN, scroll right, and
click Add Server.
6. Click Apply.
Using the CLI
(host)(config) #aaa server-group corp-serv
auth-server radius-2 match-authstring contains abc.corpnet.com trim-fqdn
Configuring Server-Derivation Rules
When you configure a server group, you can set the VLAN or role for clients based on attributes returned for
the client by the server during authentication. The server derivation rules apply to all servers in the group. The
user role or VLAN assigned through server derivation rules takes precedence over the default role and VLAN
configured for the authentication method.
The authentication servers must be configured to return the attributes for the clients during authentication. For
instructions on configuring the authentication attributes in a Windows environment using IAS, refer to the
documentation at http://technet2.microsoft.com/windowsserver/en/technologies/ias.mspx
The server rules are applied based on the first match principle. The first rule that is applicable for the server and
the attribute returned is applied to the client, and would be the only rule applied from the server rules. These
rules are applied uniformly across all servers in the server group.
Table 51 describes the server rule parameters you can configure.
To Next Page
Loading...