Security

Reply
Highlighted
Frequent Contributor I

Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

It's 2018 and Aruba still only lets you enter one single IP address for a RADIUS or LDAP server. Why is my question.

 

This is bad because it is very limiting. Businesses and corporations need to ensure there is redundancy. Using round-robin DNS is a very old form of redundancy and used quite a lot when it comes to authentication. Can't use it in Aruba though. You can only enter one single IP address for an authentication server. 

Highlighted
Moderator

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

Which product are you referring to? ArubaOS allows IP or FQDN.

Also keep in mind that some functions of RADIUS like Dynamic Authorization require configuration by IP.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Frequent Contributor I

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

We're on IAPs. It only allows us to configure an IP address. Won't even let you type in a hostname.

 

 

Highlighted
Moderator

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

Please submit a feature request. Most environments use IP address regardless.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Frequent Contributor I

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

Most environments != all environments though. With a lot of people moving things like RADIUS/LDAP to the cloud, it's less and less using just a single IP address.

Highlighted
Moderator

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

RADIUS Dynamic Authorization still requires an IP address. That is the main reason.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Frequent Contributor I

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

That doesn't explain LDAP though.

Highlighted
Moderator

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

I would recommend you discuss with your Aruba account team.


A side question. Do you really want APs talking directly to your LDAP infrastructure? A RADIUS server is always recommended.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Frequent Contributor I

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

Why would Aruba offer it and then not recommend it haha. That's backwards.

Highlighted
Moderator

Re: Why in this day and age does Aruba only allow you to enter an IP address for RADIUS/LDAP

We offer many things for flexibility. Doesn't mean it's a best practice.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: