Wireless Access

Reply
Frequent Contributor II

Windows & CCPM radius for single SSID

Hi,

I have two radius 1) Windows NPS 2) CPPM with two different domain

They both radius have different user groups.

Can use both radius for same ssid?

If user is not in Windows NPS will controller check in CPPM for authentication? or how that will work?

Thanks in advance.

Guru Elite

Re: Windows

You would use match rules in your server group to match the domain to the RADIUS server.

 

You could also proxy requests through ClearPass to your NPS server.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: Windows


cappalli wrote:
You would use match rules in your server group to match the domain to the RADIUS server.

Indeed, because if you don't, if the user is not known in the first server it will send a reject and after a reject it stops.

The server fal through option is only valid when the first server is not reachable, then it will try to reach the following.

 

EDIT: oops I meant fall through, fail through should do the trick

but following Aruba's recommendation

user guide 6.3 page 218 says:

"Aruba recommends that you use server selection based on domain matching whenever possible"

 

Thomas
ACMX#370 ACCP

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Aruba Employee

Re: Windows & CCPM radius for single SSID

Yes, you can set the up so that if the user fails to authenticate on the first radius server in the radius group, it will fall through to the next one. I'm on mobile right now so I can't share a image. But it is possible
Frequent Contributor II

Re: Windows & CCPM radius for single SSID

Its pretty simple.

 

Add the second radius server in respective ssid server group and select the "Fall through" checkbox.

Frequent Contributor I

Re: Windows & CCPM radius for single SSID


nik-mh wrote:

Its pretty simple.

 

Add the second radius server in respective ssid server group and select the "Fall through" checkbox.


I made the same mistake, it is fail through and not fall through

Thomas
ACMX#370 ACCP

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: