AOS-CX 10.10 Security Guide Help Center
Remote AAA with RADIUS
Remote AAA provides the following for your Aruba switch:
- Authentication using remote RADIUS AAA servers. For added security, two-factor authentication may be used. In two-factor authentication, X.509 certificate-based authentication is combined with RADIUS authentication.
- Command authorization is not supported by RADIUS servers, however, user-defined local user groups can be configured with command-authorization rules, providing locally configured per-command authorization for members of such groups. See User-defined user groups .
- Transmission of locally collected accounting information to remote RADIUS servers.
In the switch default state (without user-defined local groups), basic role-based authorization is available with the three built-in roles (administrators, operators, auditors).
For switches that support multiple management modules, all AAA functionality discussed only applies to the active management module. See also AAA on switches with multiple management modules in the High Availability Guide.
AOS-CX supports IPv4/IPv6 Radius over the VXLAN overlay network without additional configuration from the user.