Wireless Access

Hi,

I have two radius 1) Windows NPS 2) CPPM with two different domain

They both radius have different user groups.

Can use both radius for same ssid?

If user is not in Windows NPS will controller check in CPPM for authentication? or how that will work?

Thanks in advance.

You would use match rules in your server group to match the domain to the RADIUS server.

 

You could also proxy requests through ClearPass to your NPS server.

---

@cappalli wrote:
You would use match rules in your server group to match the domain to the RADIUS server.

---

Indeed, because if you don't, if the user is not known in the first server it will send a reject and after a reject it stops.

The server fal through option is only valid when the first server is not reachable, then it will try to reach the following.

 

EDIT: oops I meant fall through, fail through should do the trick

but following Aruba's recommendation

user guide 6.3 page 218 says:

"Aruba recommends that you use server selection based on domain matching whenever possible"

 

Yes, you can set the up so that if the user fails to authenticate on the first radius server in the radius group, it will fall through to the next one. I'm on mobile right now so I can't share a image. But it is possible

Its pretty simple.

 

Add the second radius server in respective ssid server group and select the "Fall through" checkbox.

---

@nik-mh wrote:

Its pretty simple.

 

Add the second radius server in respective ssid server group and select the "Fall through" checkbox.

---

I made the same mistake, it is fail through and not fall through