Product and Solutions: This article applies to all Aruba OS versions.
The typical interaction between your external server and the controller happens over HTTPS post commands. A typical communication process using the XML API interface happens as follows:
1) An API command is issued from your server in XML format to the controller. The XML message or request can be composed using a language of your choice using the format described in the "XMLRequest". Sample code in C gives a simple example.
2) The controller processes the XML request and sends the response to the authentication server in the XML format. The XML request is sent using an HTTPS post. The common format of the HTTPS post is https://<controller-ip>/auth/command.xml.
3) You can use the response and take appropriate actions that suit your requirements. The response from the controller is returned using predefined formats.
4) Using XML you can add, delete, authenticate, query, and blacklist a user.
Adding a User
This XML requests uses the user_add command to create a new user entry in the controller user table. If the user entry is already present in the user table, the command modifies the entry with the values defined in the XML request.
xml=<aruba command="user_add">
<ipaddr>IP-address_of_the_user</ipaddr>
<macaddr>MAC-address_of_the_user</macaddr>
<name>User_Name</name>
<role>Role_Name<role>
<session_timeout>Session_timeout</session_timeout>
<key>Shared_Key</key>
<authentication>MD5|SHA-1|cleartext</authentication> #select any one
<version>1.0</version>
</aruba>
The following options are mandatory when you execute the user_add command:
IP Address
Version
Deleting a User
This XML requests uses the user_delete command to delete an existing user from the controller user table. If the user entry contains multiple attributes, they must be specified in the XML request:
xml=<aruba command="user_delete">
<ipaddr>IP-address_of_the_user</ipaddr>
<macaddr>MAC-address_of_the_user</macaddr>
<name>User_Name</name>
<key>Shared_Key</key>
<authentication>MD5|SHA-1|cleartext</authentication> #select any one
<version>1.0</version>
</aruba>
The following options are mandatory when you execute the user_add command:
IP Address
Version
Authenticating a User
This XML requests uses the user_authenticate command to authenticate and derive a new entry for the user.
xml=<aruba command="user_authenticate">
<ipaddr>IP-address_of_the_user</ipaddr>
<macaddr>MAC-address_of_the_user</macaddr>
<name>User_Name</name>
<password>Password_for_the_user</password>
<key>Shared_Key</key>
<authentication>MD5|SHA-1|cleartext</authentication> #select any one
<version>1.0</version>
</aruba>
The following options are mandatory when you execute the user_authenticate command:
IP Address
Version
Name
Password
Blacklisting a User
This XML requests uses the user_blacklist command to prevent a user from connecting to your network.
xml=<aruba command="user_blacklist">
<ipaddr>IP-address_of_the_user</ipaddr>
<macaddr>MAC-address_of_the_user</macaddr>
<name>User_Name</name>
<key>Shared_Key</key>
<authentication>MD5|SHA-1|cleartext</authentication> #select any one
<version>1.0</version>
</aruba>
The following options are mandatory when you execute the user_blacklist command:
IP Address
Version
Querying a User Status
This XML requests uses the user_query command to get the status and details of a user connected to your network.
xml=<aruba command="user_query">
<ipaddr>IP-address_of_the_user</ipaddr>
<macaddr>MAC-address_of_the_user</macaddr>
<name>User_Name</name>
<key>Shared_Key</key>
<authentication>MD5|SHA-1|cleartext</authentication> #select any one
<version>1.0</version>
</aruba>
The following options are mandatory when you execute the user_blacklist command:
IP Address
Version
Default Response Format
The format of a default XML response from the controller is:
<aruba>
<result>Error | Ok</result>
<code>response_code</code>
<reason>response_message</reason>
</aruba>
In which:
- Result specifies if the XML result was successful or a failure. If the request was successful, the result tag contains the Ok string. If the request was a failure, the result tag contains the Error string.
- Code is an integer number that represents the error in the request. This tag is populated only if the request contains an error.
- Reason is the message that contains descriptive information about the error.