RADIUS Services Support on Aruba Switches

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users that connect and use a network service. RADIUS is the transport for AAA services. The services can include the user profiles including storing user credentials, user access policies, and user activity statistics which can reside on the same server. Gateway devices that control network access, such as remote access servers, VPN servers, and network switches, can use the RADIUS protocol to communicate with a RADIUS server for:

  • Authentication — verifying user credentials regarding granted access to their networks.

  • Authorization — verifying user access policy on how much and what kind of resources are allowed for an authenticated user.

  • Accounting — keeping statistic information about the user activities for accounting purpose.

This chapter provides information used for configuring CoS (802.1p priority), rate-limiting, and ACL client services on a RADIUS server. For information on configuring client authentication capability on the switch, see RADIUS Authentication, Authorization, and Accounting.

RADIUS services supported on the switch

Service

Application

Standard RADIUS attribute

vendor-specific RADIUS attribute (VSA)

CoS (Priority)

per-user

59

40

Ingress Rate-Limiting

per-user

46

Egress Rate-Limiting

per-port2

48

ACLs

IPv6 and/or IPv4 ACEs(NAS-Filter-Rule)

per-user

92

61

NAS-Rules-IPv6 (sets IP mode to IPv4-only or IPv4 and IPv6)

per-user

63