AAA Traffic Management

From 9.0R3 release, the IPS Virtual appliances and the Physical Appliances allow the administrator to choose the communicating interface or the network for each authentication server.

This feature allows the AAA traffic across the following interfaces:

• Physical internal
• Physical external
• Physical management
• Virtual ports for physical interfaces
• VLAN ports
• Virtual ports on VLAN interfaces

This feature allows to connect to remote supported authentication servers through any interfaces based on the network topology.

The following Authentication server types are supported:

• LDAP
• Active Directory
• RADIUS

Configuring AAA Traffic Management Across Interfaces

1. Select Authentication > Auth Servers and configure service provider AAA configurations as needed.
2. Click Enable Auth Traffic Control. A new window appears.
3. Click Enable Traffic Decoupling to confirm. The page navigates to the Auth server page that displays the options to configure the AAA traffic interfaces.

   For external port, it enables the external port to respond to incoming RADIUS client requests on the external port as well as communicate with authentication servers through that port.

   

4. Select Global setting to use same interface across all supported authentication servers or select Auth Server Level to select the interface for a specific authentication server for the AAA traffic.

   

   

5. Select the required interface and port from the list.
   For Clusters, select applicable interfaces and associated ports.
6. Click Save.

AAA Server Configuration Task Summary

To integrate an authentication server:

1. Configure the authentication server. Select Authentication > Auth. Servers page and complete the authentication server configuration.
2. Create an authentication realm. Select Users > User Realms or Administrators > Admin Realms and select the authentication server when you complete the authentication realm configuration.