03-13-2015 09:39 AM
The NAS IP can be defined in two places:
1. In Authentication > Advanced. This has been called a 'global' configuration, but in a master-local setup, it's controller-specific. For the purpose of consistency, I'll continue to call this 'global'.
2. In Authentication > RADIUS server. This is specific to the RADIUS server.
I'm trying to figure out which one has precedence if both are set. The following post indicates that the server-specific IP overrides the global IP: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/NAS-or-NAD-IP-in-a-master-local-configuration/td-p/60514
However, our tests seem to indicate the opposite. We have a server-specific IP set, but when we change the global IP, the RADIUS server reports the new, changed IP under the Radius:IETF:NAS-IP-Address field.
We have two controllers in a master-local setup. We are using Clearpass and MS NPS servers for RADIUS authentication and authorization.
Can anyone corroborate this finding?
03-18-2015 10:52 PM
I don't know what ip address takes priority based on your combination of circumstances or your version of code. How about putting NO ip addresses anywhere, so that the switch ip is the source ip address...?
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base