How do I configure to use RADIUS and local-db auth servers to authenticate credentials when doing L3 (Captive Portal) authentication?

Aruba Employee
Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS versions.


The goal here is to differentiate the user ID and send it to different auth server to authenticate user credentials.


For example, if the user ID is "test@aruba", the internal database is used for authentication. If the user ID does not have"@aruba", the IAS is used for authentication.


This can be done by configuring the authentication server with the "match-authstring" rule on the server-group profile.


To configure the authentication server with the "match-authstring" rule, follow these steps:


User name in Internal-db (controller): test@aruba

User name in IAS: test


On the controller, in CLI config mode, issue these commands:


aaa server-group "authservers"  auth-server Internal match-authstring contains "@aruba"  auth-server IAS


Now, if "test@aruba" is used, authentication is done by the internal database, and with user "test" authentication is done by IAS.

Version history
Revision #:
1 of 1
Last update:
‎07-01-2014 01:31 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: