Aruba Instant 8.7.0.0 Online Help Center Help Center
You are here: Home > Aruba Instant User Guide > Table of Contents > Configuring Authentication Parameters for Management Users

Configuring Authentication Parameters for Management Users

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  or TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. authentication servers can be configured to authenticate and authorize the management users of an Instant AP. The authentication servers determine if the user has access to administrative interface. The privilege level for different types of management users is defined on the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  or TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. server instead of the Instant AP. The Instant APs map the management users to the corresponding privilege level and provide access to the users based on the attributes returned by the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  or TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server.  server.

The following procedure describes how to configure authentication parameters for local admin, read-only, and guest management administrator account settings through the WebUI.

Table 1: Configuring Authentication Parameters for Management Users

New WebUI

Old WebUI

  1. Navigate to the Configuration > System page.
  2. Expand Admin.
  3. Configure the settings defined in the Authentication Parameters for Management Users table below.
  4. Click Save.
  1. Navigate to SystemAdmin.
  2. Configure the settings defined in the Authentication Parameters for Management Users table below.
  3. Click OK.

Table 2: Authentication Parameters for Management Users

Type of User

Authentication Options

Steps to Follow

Local

 

 

Internal

Select Internal if you want to specify a single set of user credentials. If using an internal authentication server:

  1. Specify the Username and Password.
  2. Retype the password to confirm.

Authentication

server

Select the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  or TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server.  authentication servers. You can also create a new server by selecting + from the Auth server 1 drop-down list.

Authentication server w/ fallback to internal— Select this option if you want to use both internal and external servers. When enabled, the authentication switches to Internal if there is no response from the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server (RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server timeout). To use this option, select the authentication servers and configure the user credentials for internal-server-based authentication.

Load balancing—If two servers are configured, users can use them in the primary or backup mode, or load balancing mode. To enable load balancing, select Enabled. For more information on load balancing, see Dynamic Load Balancing between Two Authentication Servers.

TACACS accounting—If a TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. server is selected, click the TACACS accountingtoggle switch to report management commands, if required.

View Only

 

 

Internal

Select Internal to specify a single set of user credentials.

If using an internal authentication server:

  1. Specify the Username and Password.
  2. Retype the password to confirm.

Authentication server

If a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  or TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. server is configured, select Authentication server for authentication.

Guest Registration Only

Internal

Select Internal to specify a single set of user credentials.

If using an internal authentication server:

  1. Specify the Username and Password.
  2. Retype the password to confirm.

Authentication server

If a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  or TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. server is configured, select Authentication server for authentication.

The following CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. snippet allows you to configure a local admin user:

(Instant AP)(config)# mgmt-user <username> [password]

The following CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. snippet allows you to configure guest management administrator credentials:

(Instant AP)(config)# mgmt-user <username> [password] guest-mgmt

The following CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. snippet allows you to configure a user with read-only privilege:

(Instant AP)(config)# mgmt-user <username> [password] read-only

The following CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. snippet allows you to configure management authentication settings:

(Instant AP)(config)# mgmt-auth-server <server1>

(Instant AP)(config)# mgmt-auth-server <server2>

(Instant AP)(config)# mgmt-auth-server-load-balancing

(Instant AP)(config)# mgmt-auth-server-local-backup

The following CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. snippet allows you to enable TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. accounting:

(Instant AP)(config)# mgmt-accounting command all

/*]]>*/