Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Configuring Management Users
Internal, RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. , TACACS Terminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server.
, or TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. authentication servers can be configured to authenticate and authorize management users of a
The following procedure describes how to configure authentication parameters for local admin, read-only, and guest management administrator account settings:
- Navigate to the > page.
- Expand .
- Configure the settings defined in the Authentication Parameters for Management Users table below.
- Click .
Type of User |
Authentication Options |
Steps to Follow |
---|---|---|
|
|
Select if you want to specify a single set of user credentials.The following procedure allows you to configure an internal authentication server:
|
Authentication Server |
Select if you want to use an authentication server to authenticate the management user.The following procedure configures an authentication server:
|
|
Authentication server w/fallback to Internal |
The following procedure configures an authentication server as a primary authentication method and internal authentication server as a backup authentication option:
The Instant AP will fall back to internal authentication in the following scenarios:
To configure the Instant AP to fall back to local authentication only when the authentication server response times out, configure the mgmt-auth-server-timout-local-backup command. Configuring this will stop the AP from falling back to internal authentication when the authentication request is rejected by the server or there is a mismatch in authentication server shared secret. For more information, see |
|
|
|
Select to specify a single set of user credentials.The following procedure allows you to configure an internal authentication server:
|
|
If a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. or TACACS Terminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. server is configured, select for authentication. |
|
|
|
Select to specify a single set of user credentials.The following procedure allows you to configure an internal authentication server:
|
|
If a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. or TACACS Terminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. server is configured, select for authentication. |
The following command allows you to configure a local admin user:
(Instant AP)(config)# mgmt-user <username> [password]
The following command allows you to configure guest management administrator credentials:
(Instant AP)(config)# mgmt-user <username> [password] guest-mgmt
The following command allows you to configure a user with read-only privilege:
(Instant AP)(config)# mgmt-user <username> [password] read-only
The following command allows you to configure management authentication settings:
(Instant AP)(config)# mgmt-auth-server <server1>
(Instant AP)(config)# mgmt-auth-server <server2>
(Instant AP)(config)# mgmt-auth-server-load-balancing
(Instant AP)(config)# mgmt-auth-server-local-backup
The following command allows you to enable TACACS Terminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. accounting:
(Instant AP)(config)# mgmt-accounting command all