Summary : How to enable RADIUS Fail-Open in Mobility Access Switch
When wired users try to access a network where AAA servers are unreachable, they will be unable to authenticate and will continue to stay in the configured initial role. As a result, a user may effectively be blocked off the network due to a restrictive initial-role. To overcome this problem, ArubaOS provides support for RADIUS Fail-open. This feature enables the IT administrators to provide an alternate user-role (unreachable-role) to the users for network connectivity during a AAA server outage. When AAA servers are unreachable, the RADIUS Fail-open feature assigns the unreachable-role to the users trying to authenticate. The users will stay in the unreachable-role until at least one of the AAA servers is back in service.
Feature Notes :
Configuration Steps :
Should this feature be available for WLAN users as well?
The concern is that skipping user authentication, the clients will have something like an "open" authentication connection.
Would it be advisable that when Authentication Servers are unavailable, users will have a redundant/backup connection to another WPA2/AES SSID using a passphrase?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.