You are here: Home > CLI Commands > Just_CLI_Topics > aaa authentication mgmt

aaa authentication mgmt

aaa authentication mgmt

default-role {ap-provisioning|guest-provisioning|location-api-mgmt|nbapi-mgmt|network-operations|no-access|read-only|root|standard}

enable

mchapv2

no ...

server-group <group>

Description

This command configures authentication for administrative users.

Syntax

Parameter

Description

Range

Default

default-role

Select a predefined management role to assign to authenticated administrative users:

default

ap-provisioning

AP provisioning role.

guest-provisioning

Guest provisioning role.

location-api-mgmt

Location APIApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. management role.

nbapi-mgmt

NBAPI management role.

network-operations

Network operator role.

read-only

Read-only role.

root

Default role or superuser role.

standard

Standard role

enable

Enables authentication for administrative users.

enabled|
disabled

disabled

mchapv2

Enable MSCHAPv2.

enabled|
disabled

disabled

no

Negates any configured parameter.

server-group <group>

Name of the group of servers used to authenticate administrative users. See aaa server-group.

default

Usage Guidelines

If you enable authentication with this command, users configured with the mgmt-user command must be authenticated using the specified server-group.

You can configure the management authentication profile in the base operating system or with the PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license installed.

Example

The following example configures a management authentication profile that authenticates users against the internal database of the Mobility Master. Users who are successfully authenticated are assigned the read-only role.

(host) [mynode] (config) aaa authentication mgmt

default-role read-only

server-group internal

Command History

Release

Modification

ArubaOS 8.2.0.0

The standard parameter was added.

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Config mode on Mobility Master.

/*]]>*/