Understanding Default Management User Roles

The ArubaOS software includes predefined management user roles.

 

If you upgrade from a previous ArubaOS release, your existing configuration may have different management roles. The information in this section only describes the predefined management roles for this release.

Table 1: Predefined Management Roles

Predefined Role

Permissions

ap-provisioning

This role permits access only to AP provisioning commands and no access to other configuration commands on the Mobility Master.

guest-provisioning

This role permits access to configuring guest users in the managed device’s internal database only. This user only has access via the WebUI to create guest accounts; there is no CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. access.

Guest-provisioning tasks include creating or generating the user name and password for a guest account as well as configuring when the account expires.

location-api-mgmt

This role permits access to location API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. information and the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.; however, you cannot use any CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands. This role does not permit access to the WebUI.

Using a third-party location appliance, you can gather information about the location of 802.11 802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. stations.

To log in to the managed device using a third-party location appliance, enter:

http[s]://<ipaddress>[:port]/screens/wms/wms.login.

You are prompted to enter your username and password (for example, the username and password associated with the location API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. management role). Once authenticated, you can use an API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. call to request location information from the managed device, for example:

http[s]://<ipaddress>[:port]/screens/wms/wms.cgi?opcode=wlm-get-spot&campus-name=<campus id>&building-name<building id>&mac=<client1>,<client2>....

nbapi-mgmt

This role permits configuring a NBAPI management role.

network-operations

Monitoring > Network > All Access PointsMonitoring
> Network > All Wired Access Points

You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands:

DB:opcode=monitor-summary

DB:opcode=cr-load

DB:opcode=wlm-search&class=probes&start

DB:opcode=wlm-search&class=amii

DB:opcode=monitor-get-all-gps&status=any

show ap-group

show vlan status

Monitoring > Controller > Controller Summary

You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands:

show switches

show switches summary

Monitoring > Controller > Air Monitors

You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands:

show wlan-ap start*

Monitoring > Controller > Clients

You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands:

show ip mobile host

show ip mobile trail {<ipaddr> | <macaddr>}

<span class="CLI">show ap essid</span>

show esi servers

show esi ping

show esi parser stats

show private port status*

show vlan

show port stats

show spanning-tree interface fastethernet <slot/module/port>

show interface fastethernet <slot/module/port> counters

clear counters fastethernet <slot/module/port>

show snmp trap-queue <page>

Monitoring > Controller > Clients > Packet CaptureMonitoring
>Controller > Clients > LocateMonitoring
> Controller > Clients > Debug

You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands:

aaa user debug mac

Monitoring > Controller> Clients > Disconnect

You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands:

stm kick-off-sta <macaddr>

aaa user logout <ipaddr>

network-operations (continued)

Monitoring > Controller> Clients > Blacklist

You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands:

stm add-blacklist-client <macaddr>

aaa user delete {<ipaddr> | all | mac <macaddr> | name <username> | role <role>}

Monitoring > Controller > Blacklist Clients

You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands:

stm remove-blacklist-client <macaddr>

Monitoring > Controller > External Services Interface

You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands:

show esi groups

show esi servers

show esi ping

show esi parser stats

Monitoring > Controller > Ports

You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands:

show model-switch-internal*

show slots

show private port status*

show vlan

Monitoring > Controller> Inventory

You can view the reports created by executing the following command:

show keys

Monitoring > WLAN

You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands:

DB:opcode=get-permissions

DB:opcode=cr-load

show switches

show switches summary

Monitoring > Voice

You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands:

show ap association voip-only

show ap active voip-only

show voice call-counters

show voice client status

show voice call-quality

show voice call-density

show voice call-cdrs

show voice call-perf

root

This role permits access to all management functions (commands and operations) on the managed device.

read-only

This role permits access to CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. show commands or WebUI monitoring pages only.

standard

This role has root privileges but cannot make changes to the management users. The purpose of creating this role is to prevent changes to the local account from externally authenticated management user.