Product and Software: This article applies to all Aruba controllers and ArubaOS 3.3.2.
The controller provides multiple ways to authentication management users. This includes external radius or TACACS server, internal database and local users created with mgmt-user command.
If the external authentication is enabled and the local management user authentication is disabled, you will not be able to login using the local username and credential. In the case if you are not able to login using the external user credential, you will have to login using the password recovery mechanism using the console connection and re-enable the local management authentication.
To check the local management authentication mode, enter the following command from the command line interface (CLI)
show mgmt-user local-authentication-mode
The local management user authentication is enabled in this example.
(Lab) #show mgmt-user local-authentication-mode
Local Authentication Mode: Enabled
To check the external management user authentication configuration, enter the following command from the CLI.
show aaa authentication mgmt
(Lab) #show aaa authentication mgmt
Management Authentication Profile
Default Role read-only
Server Group Internal
To re-enable the local management authentication, you must connect to the controller using the console connection. When the login prompt appears on the console screen, follow these steps:
1. Type the username as password
2. Type the password as forgetme!
3. Type enable to enter the enable mode and the password is enable
4. Type the following commands:
a. config t
b. no mgmt-user localauth-disable
5. Now you should be able to login with the local management user’s credential.
6. After you login, type “write mem” to save the configuration.