Community Expert Day 1/17/14

Aruba Employee

Restricted login for guest management and monitoring in IAP



In previous versions, if the network administrator wanted to allow someone else to create/delete internal guest accounts, or to check the network status in the UI, he/she had to give the admin username and password, which also allowed full access to all settings and operations. 

Solution: Starting 4.0 in IAP we provide additional user accounts with different UI access privileges


Guest-management user: can view, modify, and delete internal guest user accounts
Read-only user: can view all network settings but not modify any of them or perform any maintenance operation such as upgrade or reboot


These additional user accounts:-

Are stored in IAP’s flash and can include at most one Read-only user and one Guest-management user
Are not affected by whether IAP is managed by Aruba Central or an AMP in “manage mode”
Do not support authentication through external radius servers
Do not have access to the CLI




•Read-Only User can open the:
•Home page
•Maintenance page
•Support page
Guest-Management User sees a reduced UI which only allows management of Guest Users
in CLI:- 

mgmt-user admin admin

mgmt-user readonly 123123 read-only

mgmt-user guestmgmt 321321 guest-mgmt


“show mgmt-user” on Master can display the Admin/Read-Only/Guest-Mgmt users’ configuration. 


“show user portal” on Master can display the current Guest users configured by Guest-Mgmt management user. 



show summary” on Master can display the statistics of Guest users. 


Preethi Devarajan
Sr. Network Engineer
Customer Advocacy | Aruba Networks Inc.
Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: