Controller Based WLANs

AP Console Password Protection
Requirement:

We need some kind of systems to protect the third party users or un-authorized users to collect the highly sensitive information, like financial and banking institutions via AP Console.



Solution:

The ArubaOS AP console password feature helps protect systems that manage highly sensitive information, like financial and banking institutions, by requiring users to log in to the AP network with a password. The AP console password is enabled by default. Passwords must be 6 to 32 characters in length, and can include alphanumeric and special characters. If configured, you must enter this password to get AP console access. If not configured, the controller generates a default random password which can be viewed by executing the encrypt disable command followed by the show ap system-profile <profile-name> command.

 

The timeout feature is also supported as an added level of security. If there is no user input or activity during one timeout interval (default of 30 minutes), the user is logged out of the system. The timeout interval cannot be modified.



Configuration:

Setting an AP Console Password:


You can configure an AP console password using the controller WebUI or CLI.


In the WebUI
To set a password in the WebUI:
1. Navigate to Configuration > Advanced Services > All Profiles.
2. Expand the AP tab, then click on AP System.
3. Under the AP System list, select the AP system you want to modify.
4. On the Advanced tab, check the Console Enable checkbox.
5. In the AP Console Password field, enter the desired AP console password. Retype the password to confirm.
6. Click the AP Console Protection check box to enable the AP console password.

7. Click Apply, then Save Configuration to save your changes.

 

In the CLI
To set the AP console password in the CLI:
(host) (config) #ap system-profile <profile>
(host) (AP system profile “<profile>") #console-enable
(host) (AP system profile “<profile>”) #ap-console-password <ap-console-password>
(host) (AP system profile “<profile>”) #ap-console-protection


To disable the AP console password in the CLI:
(host) (config) #ap system-profile <profile>
(host) (AP system profile “<profile>”) #no ap-console-password



Verification

If the password is lost, and the AP is not connected to a controller, the console can be reset using the reset button on the AP or the factory_reset AP boot command. If it is already connected to a controller, the AP password can be changed under the AP Console Password field of the AP System profile in the WebUI, or using the ap-console-password parameter of the ap system-profile command in the CLI.

 

#ap system-profile default | include console

console-enable

ap-console-protection    enabled

ap-console-password      aruba@123

Version history
Revision #:
2 of 2
Last update:
‎10-18-2016 04:38 PM
Updated by:
 
Labels (1)
Contributors
Comments
ehsuzuki

Hi,

 

If there is a deployment of dozens of AP, do you know if there is a easy and secure way to assign different passwords to each AP and also be able to change them from time to time? 

 

regards

 

Eduardo

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.