Controller Authentication to CPPM

Aruba Employee

To download roles from the CPPM server, the Mobility Controller requires to provide the CPPM server admin credentials starting from CPPM 6.4.3.

The controller authentication to ClearPass Policy Manager (CPPM) is enhanced to use a configurable username and password instead of a support password. The support password is vulnerable to attacks as the server
certificate presented by CPPM server is not validated.


To achieve this, a new CLI command is introduced in ArubaOS Using this command,


In the WebUI:

To configure controller authentication to CPPM:
1. Navigate to Configuration > Security> Authentication> Servers.
2. Under Radius Server, select the server name.
3. Enter the cppm_username and cppm_password parameters in the CPPM credentials field.
4. Click Apply.

In the CLI:

To configure controller authentication to CPPM:
(host) (config) #aaa authentication-server radius <radius_server_name>
(host) (RADIUS Server "<radius_server_name>") #cppm username <username> password <password>


To view status of controller authenticating to CPPM:

(host) #show aaa authentication-server radius <radius_server_name>
RADIUS Server "<radius_server_name>"
Parameter Value
--------- -----
Key ********
CPPM credentials Kevin/*********
called-station-id macaddr colon disable


Verified and tested in image version.

Version history
Revision #:
2 of 2
Last update:
‎06-02-2015 11:51 PM
Updated by:
Labels (1)

What benefit is there to doing this if we can simply return an Aruba user role via normal RADIUS request/response?

Search Airheads
Showing results for 
Search instead for 
Did you mean: