Controller Based WLANs

Authorization and Access for AP-Provisioning
Requirement:

WLAN administrator to facilitate only AP provisioning access for the users logging on to the Controller.



Solution:

Starting Aruba OS 8.0, WLAN administrator can provide AP provisioning level access for the users logging into the Controllers. With the provisioning level log on access, users would be able to provision the access points as needed as well as execute AP related commands that are useful to view the output and troubleshoot during the time of provisioning.

 

Following are the show commands supported for AP-Provisioning level of access.

 

  • show ap provisioning …
    show whitelist-db cpsec/rap …
    show ap database …
    show ap radio-database …
    show ap config …
    show ap details…
    show ap port status ..
    show ap allowed-channels …
    show ap provisioning …
    show ap ap-group …
    show ap image version 

 

Following are the commands that can be executed when logged using AP-Provisioning level of access.

 

  • whitelist-db  cpsec/rap  add/delete/modify/revoke/purge …
    write memory
    read-bootinfo …
    reprovision …
    copy-provisioning-params …
    clear provisioning-ap-list
    provision-ap … (all sub-mode action commands)
    apflash …
    apboot
    ap-regroup
    ap-rename

 



Configuration:

Web UI Configuration:

 

Navigate to Configuration > System > Admin > Click on the add button under Management Users 

 

 

 

CLI Configuration:

 

(Mobility-MM) [mynode] (config) #mgmt-user Test
<rolename>              Role name from one of the following:
root - super user role
guest-provisioning - guest provisioning role
network-operations - Network operator role
read-only - Read only role
location-api-mgmt - Location API Management Role
nbapi-mgmt - NBAPI Management Role
ap-provisioning - ap provisioning role

(Mobility-MM) [mynode] (config) #
(Mobility-MM) [mynode] (config) #
(Mobility-MM) [mynode] (config) #mgmt-user Test ap-provisioning
Password:*******
Re-Type Password:*******
(Mobility-MM) ^[mynode] (config) #
(Mobility-MM) ^[mynode] (config) #
(Mobility-MM) ^[mynode] (config) #write memory

Saving Configuration...

Partial configuration for /mm/mynode
------------------------------------
Contents of : /flash/config/partial/7/p=sc=mynode.cfg

mgmt-user Test ap-provisioning 30e155df01d57ad96fc6ef4282089c95bce4e52677382bedd8

Configuration Saved.
(Mobility-MM) ^[mynode] (config) #


Verification

Executing "show mgmt-user" will help confirm the creation of user account and their level of access under the index "ROLE", as shown below

 

(Mobility-MM) [mynode] (config) #show mgmt-user

Management User Table
---------------------
USER    PASSWD  ROLE              STATUS   PATH
----    ------  ----              ------   ----
Test    *****   ap-provisioning   ACTIVE   /
admin   *****   root              ACTIVE   /
(Mobility-MM) [mynode] (config) #

 

 

Version History
Revision #:
2 of 2
Last update:
‎03-31-2017 10:24 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.