About remote AAA with RADIUS

Remote AAA provides the following for your Aruba switch:

Authentication using remote RADIUS AAA servers. For added security, two-factor authentication may be used. In two-factor authentication, X.509 certificate-based authentication is combined with RADIUS authentication.
Command authorization is not supported by RADIUS servers, however, user-defined local user groups can be configured with command-authorization rules, providing locally configured per-command authorization for members of such groups. SeeUser-defined user groups.
In the switch default state (without user-defined local groups), basic role-based authorization is available with the three built-in roles (administrators,operators,auditors）.
Transmission of locally collected accounting information to remote RADIUS servers.

NOTE:

For switches that support multiple management modules such as the Aruba 8400, all AAA functionality discussed only applies to the active management module. See alsoAAA级开关与多个管理模块in theHigh Availability Guide.