Security

Reply
Contributor I

Which NAS IP takes priority?

The NAS IP can be defined in two places:

 

1. In Authentication > Advanced.  This has been called a 'global' configuration, but in a master-local setup, it's controller-specific.  For the purpose of consistency, I'll continue to call this 'global'.

 

2. In Authentication > RADIUS server.  This is specific to the RADIUS server.

 

I'm trying to figure out which one has precedence if both are set.  The following post indicates that the server-specific IP overrides the global IP: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/NAS-or-NAD-IP-in-a-master-local-configuration/td-p/60514

 

However, our tests seem to indicate the opposite.  We have a server-specific IP set, but when we change the global IP, the RADIUS server reports the new, changed IP under the Radius:IETF:NAS-IP-Address field.

 

We have two controllers in a master-local setup.  We are using Clearpass and MS NPS servers for RADIUS authentication and authorization. 

 

Can anyone corroborate this finding?

Guru Elite

Re: Which NAS IP takes priority?

I don't know what ip address takes priority based on your combination of circumstances or your version of code.  How about putting NO ip addresses anywhere, so that the switch ip is the source ip address...?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: