Controller Based WLANs

 View Only
last person joined: one year ago 

APs, Controllers, VIA
Back to Library

Authorization and Access for AP-Provisioning 

Apr 01, 2017 01:24 AM

Requirement:

WLAN administrator to facilitate only AP provisioning access for the users logging on to the Controller.



Solution:

Starting Aruba OS 8.0, WLAN administrator can provide AP provisioning level access for the users logging into the Controllers. With the provisioning level log on access, users would be able to provision the access points as needed as well as execute AP related commands that are useful to view the output and troubleshoot during the time of provisioning.

 

Following are the show commands supported for AP-Provisioning level of access.

 

  • show ap provisioning …
show whitelist-db cpsec/rap …
show ap database …
show ap radio-database …
show ap config …
show ap details…
show ap port status ..
show ap allowed-channels …
show ap provisioning …
show ap ap-group …
show ap image version

 

Following are the commands that can be executed when logged using AP-Provisioning level of access.

 

  • whitelist-db  cpsec/rap  add/delete/modify/revoke/purge …
write memory
read-bootinfo …
reprovision …
copy-provisioning-params …
clear provisioning-ap-list
provision-ap … (all sub-mode action commands)
apflash …
apboot
ap-regroup
ap-rename

 



Configuration:

Web UI Configuration:

 

Navigate to Configuration > System > Admin > Click on the add button under Management Users 

 

 

 

CLI Configuration:

 

(Mobility-MM) [mynode] (config) #mgmt-user Test
<rolename>              Role name from one of the following:
root - super user role
guest-provisioning - guest provisioning role
network-operations - Network operator role
read-only - Read only role
location-api-mgmt - Location API Management Role
nbapi-mgmt - NBAPI Management Role
ap-provisioning - ap provisioning role

(Mobility-MM) [mynode] (config) #
(Mobility-MM) [mynode] (config) #
(Mobility-MM) [mynode] (config) #mgmt-user Test ap-provisioning
Password:*******
Re-Type Password:*******
(Mobility-MM) ^[mynode] (config) #
(Mobility-MM) ^[mynode] (config) #
(Mobility-MM) ^[mynode] (config) #write memory

Saving Configuration...

Partial configuration for /mm/mynode
------------------------------------
Contents of : /flash/config/partial/7/p=sc=mynode.cfg

mgmt-user Test ap-provisioning 30e155df01d57ad96fc6ef4282089c95bce4e52677382bedd8

Configuration Saved.
(Mobility-MM) ^[mynode] (config) #


Verification

Executing "show mgmt-user" will help confirm the creation of user account and their level of access under the index "ROLE", as shown below

 

(Mobility-MM) [mynode] (config) #show mgmt-user

Management User Table
---------------------
USER    PASSWD  ROLE              STATUS   PATH
----    ------  ----              ------   ----
Test    *****   ap-provisioning   ACTIVE   /
admin   *****   root              ACTIVE   /
(Mobility-MM) [mynode] (config) #

 

 

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.