About remote AAA with RADIUS

Remote AAA provides the following for your Aruba switch:

  • Authentication using remote RADIUS AAA servers. For added security, two-factor authentication may be used. In two-factor authentication, X.509 certificate-based authentication is combined with RADIUS authentication.

  • Command authorization is not supported by RADIUS servers, however, user-defined local user groups can be configured with command-authorization rules, providing locally configured per-command authorization for members of such groups. See User-defined user groups .

    In the switch default state (without user-defined local groups), basic role-based authorization is available with the three built-in roles (administrators, operators, auditors).

  • Transmission of locally collected accounting information to remote RADIUS servers.

NOTE:

For switches that support multiple management modules such as the Aruba 8400, all AAA functionality discussed only applies to the active management module. See also AAA on switches with multiple management modules in the High Availability Guide.