RADIUS Services Support on Aruba Switches
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users that connect and use a network service. RADIUS is the transport for AAA services. The services can include the user profiles including storing user credentials, user access policies, and user activity statistics which can reside on the same server. Gateway devices that control network access, such as remote access servers, VPN servers, and network switches, can use the RADIUS protocol to communicate with a RADIUS server for:
Authentication — verifying user credentials regarding granted access to their networks.
Authorization — verifying user access policy on how much and what kind of resources are allowed for an authenticated user.
Accounting — keeping statistic information about the user activities for accounting purpose.
This chapter provides information used for configuring CoS (802.1p priority), rate-limiting, and ACL client services on a RADIUS server. For information on configuring client authentication capability on the switch, see RADIUS Authentication, Authorization, and Accounting.
Service |
Application |
Standard RADIUS attribute |
vendor-specific RADIUS attribute (VSA) |
|---|---|---|---|
CoS (Priority) |
per-user |
59 |
40 |
Ingress Rate-Limiting |
per-user |
— |
46 |
Egress Rate-Limiting |
per-port2 |
— |
48 |
| ACLs | |||
IPv6 and/or IPv4 ACEs(NAS-Filter-Rule) |
per-user |
92 |
61 |
NAS-Rules-IPv6 (sets IP mode to IPv4-only or IPv4 and IPv6) |
per-user |
— |
63 |