Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
The goal here is to differentiate the user ID and send it to different auth server to authenticate user credentials.
For example, if the user ID is "test@aruba", the internal database is used for authentication. If the user ID does not have"@aruba", the IAS is used for authentication.
This can be done by configuring the authentication server with the "match-authstring" rule on the server-group profile.
To configure the authentication server with the "match-authstring" rule, follow these steps:
User name in Internal-db (controller): test@aruba
User name in IAS: test
On the controller, in CLI config mode, issue these commands:
aaa server-group "authservers" auth-server Internal match-authstring contains "@aruba" auth-server IAS
Now, if "test@aruba" is used, authentication is done by the internal database, and with user "test" authentication is done by IAS.