Dell PowerConnect W-Airwave W-Airwave 7.2 Configuration Guide - Page 135

Before enabling fail-through authentication, note the following:  This feature is not supported for 802.1x authentication with a server group that consists of external EAP compliant RADIUS servers. You can, however, use fail-through authentication when the 802.1x authentication is terminated on the controller (AAA FastConnect).  Enabling this feature for a large server group list may cause excess processing load on the controller. Dell PowerConnect W recommends that you use server selection based on domain matching whenever possible.  Certain servers, such as the RSA RADIUS server, lock out the controller if there are multiple authentication failures. Therefore you should not enable fail-through authentication with these servers. When fail-through authentication is enabled, users that fail authentication on the first server in the server list should be authenticated with the second server. Supported Servers ArubaOS supports the following external authentication servers:  RADIUS (Remote Authentication Dial-In User Service)  LDAP (Lightweight Directory Access Protocol)  TACACS+ (Terminal Access Controller Access Control System) Additionally, you can use the controller's internal database to authenticate users. You create entries in the database for users and their passwords and default role. You can create groups of servers for specific types of authentication. For example, you can specify one or more RADIUS servers to be used for 802.1x authentication. The list of servers in a server group is an ordered list. This means that the first server in the list is always used unless it is unavailable, in which case the next server in the list is used. You can configure servers of different types in one group - for example, you can include the internal database as a backup to a RADIUS server. Server names are unique. You can configure the same server in multiple server groups. You must configure the server before you can add it to a server group. Adding a New Server Group The server group is assigned to the server group for 802.1x authentication. To create a new server group, click the Add button, or to edit an existing group, click the pencil icon next to that group. The Add New Server Group page appears, and contains the following fields, as described in Table 62: Table 62 Security > Server Groups > Add or Edit Server Group Field Descriptions Field Default Description General Settings Folder Top Name Other Settings Fail Through Blank No Set the folder with which the server is associated. The drop-down menu displays all folders available for association with the server group. Enter the name of the server group. Enable or disable a fail through server. When fail-through authentication is enabled, users that fail authentication on the first server in the server list should be authenticated with the second server. The controller attempts authentication with each server in the list until either there is a successful authentication or the list of servers in the group is exhausted. This feature is useful in environments where there are multiple, independent authentication servers; users may fail authentication on one server but can be authenticated on another server. Dell PowerConnect W AirWave 7.2 | Configuration Guide Dell PowerConnect W Configuration Reference | 135