You are here: Home > CLI Commands > Just_CLI_Topics > aaa user add

aaa user add

aaa user add <ipaddr> [<nusers>] [authentication-method {dot1x|mac|stateful-dot1x|vpn|
 web}] [mac-addr <macaddr>] [name <username>] [profile <aaa_profile>] [role <role>]

Description

This command manually assigns a user role or other values to a specified client or device.

Syntax

Parameter

Description

<ipaddr>

IP address of the user to be added.

<nusers>

Number of users to create starting with <ipaddr>.

authentication-method

Authentication method for the user.

dot1x

802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication.

mac-addr

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication.

stateful-dot1x

Stateful 802.1X802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication.

vpn

VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. authentication.

web

Captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. authentication.

mac <macaddr>

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the user.

name <username>

Name for the user.

profile <aaa_profile>

AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile for the user.

role <role>

Role for the user.

Usage Guidelines

This command should only be used for troubleshooting issues with a specific client or device. This command allows you to manually assign a client or device to a role. For example, you can create a role debugging that includes a policy to mirror session packets to a specified destination for further examination, then use this command to assign the debugging role to a specific client. Use the aaa user delete command to remove the client or device from the role.

Note that issuing this command does not affect ongoing sessions that the client may already have. For example, if a client is in the employee role when you assign them to the debugging role, the client continues any sessions allowed with the employee role. Use the aaa user clear-sessions command to clear ongoing sessions.

Example

The following commands create a role that logs HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. traffic, then assign the role to a specific client:

(host) [mynode] (config) #ip access-list session log-https

(host) [mynode] (config-submode) #any any svc-https permit log

(host) [mynode] (config-submode) #user-role web-debug

(host) [mynode] (config-submode) #session-acl log-https

In enable mode:

(host) [mynode] (config) #aaa user add 10.1.1.236 role web-debug

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

All platforms

Base operating system.

Enable mode on Mobility Master.

/*]]>*/