Security

Reply
Frequent Contributor I

Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

It's 2018 and Aruba still only lets you enter one single IP address for a RADIUS or LDAP server. Why is my question.

 

This is bad because it is very limiting. Businesses and corporations need to ensure there is redundancy. Using round-robin DNS is a very old form of redundancy and used quite a lot when it comes to authentication. Can't use it in Aruba though. You can only enter one single IP address for an authentication server. 

Guru Elite

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

Which product are you referring to? ArubaOS allows IP or FQDN.

Also keep in mind that some functions of RADIUS like Dynamic Authorization require configuration by IP.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

We're on IAPs. It only allows us to configure an IP address. Won't even let you type in a hostname.

 

 

Guru Elite

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

Please submit a feature request. Most environments use IP address regardless.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

Most environments != all environments though. With a lot of people moving things like RADIUS/LDAP to the cloud, it's less and less using just a single IP address.

Guru Elite

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

RADIUS Dynamic Authorization still requires an IP address. That is the main reason.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

That doesn't explain LDAP though.

Guru Elite

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

I would recommend you discuss with your Aruba account team.


A side question. Do you really want APs talking directly to your LDAP infrastructure? A RADIUS server is always recommended.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

Why would Aruba offer it and then not recommend it haha. That's backwards.

Highlighted
Guru Elite

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

We offer many things for flexibility. Doesn't mean it's a best practice.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: