What is the allow-fail-through option used for?
Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
allow-fail-through: When this option is configured, an authentication failure with the first server in the group causes the controller to attempt authentication with the next server in the list. The controller attempts authentication with each server in the ordered list until either an authentication is successful or the list of servers in the group is exhausted.
For example, if the server-group "ArubaLab" has two servers configured, enabling allow-fail-through makes the controller check both the servers for authentication. This is especially helpful if one server is down.
aaa server-group "ArubaLab"
Note: If the databases for both the servers are identical, then there is no point in configuring 'allow-fail-through'. It can even delay authentication time if "allow-fail-through" is checked and all servers point to the same database.
fail-over: Fail-over is always enabled. Fail-over means is that if the first auth-server is not reachable (time-out), the second server will be checked. That is the difference between fail-over and fail-through