Security

Reply
Aruba
Posts: 1,279
Registered: ‎08-29-2007

cp-redirect-address and 'aaa authentication-server internal use-local-switch' together

[ Edited ]

Hi,

 

I have a master-local setup and due to 'enforce machine auth' on the corporate connections, I'd like to enable
 'aaa authentication-server internal use-local-switch' in case of the master failing or becoming unavailable.

 

The APs will be split across both controllers which are co-located with same vlans and subnets etc.

 

If I have cp-redirect-address to point to controller A, what happens to guests terminating on controller B?  Will they bring up the captive portal on controller A, but still use the internal db on controller B?

 

Are these two commands mutually exclusive?

 

Thanks


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Guru Elite
Posts: 19,993
Registered: ‎03-29-2007

Re: cp-redirect-address and 'aaa authentication-server use-local-switch' together

Mutually exclusive.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Aruba
Posts: 1,279
Registered: ‎08-29-2007

Re: cp-redirect-address and 'aaa authentication-server use-local-switch' together

though so.  thanks for confirming.

 

So if I put all the APs on one controller, I could have the  'aaa authentication-server use-local-switch' enabled.  Guest usage is limited, so in the event of a failure, they'll just have to create another account.  Without a master backup, my main concern is a seamless failover for machine auth clients.

 

Thanks again Colin.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Aruba Employee
Posts: 148
Registered: ‎11-25-2009

Re: cp-redirect-address and 'aaa authentication-server use-local-switch' together

They have to backup the db from master and upload it on local. 

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Guru Elite
Posts: 19,993
Registered: ‎03-29-2007

Re: cp-redirect-address and 'aaa authentication-server use-local-switch' together


Michael_Clarke wrote:

though so.  thanks for confirming.

 

So if I put all the APs on one controller, I could have the  'aaa authentication-server use-local-switch' enabled.  Guest usage is limited, so in the event of a failure, they'll just have to create another account.  Without a master backup, my main concern is a seamless failover for machine auth clients.

 

Thanks again Colin.


If you are enforcing machine authentication on that local controller, upon failover, they would have to pass machine authentication once agan.  That is because the record of passing machine authentication would be lost on the down controller.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: