Security

Hi,

We have set our Airwave admin account to be the Read-Write account when we authenticate using TACACS on the Aruba CPPM. This only allows HTTPS access - where do we configure the access to the CLI?  Using the 'AMP:https attribute we send back the role="Admin" and that works fineo n the GUI but not the CLI. Any pointers?

Kind regards,

Z

There is no user based access to the CLI. The only user is "root" and the password is set upon install of Airwave.

Seth,

Many thanks for confirming that - I was begining to think that was the case due to lack of information anywhere else. This is going to make it difficult to get into our NAC policy but I'll think of something.

Kind regards,

Z

There should be only limited use cases to get into the CLI once installed and working.  You can disable SSH via an ACL on the upstream router to Airwave for compliance perhaps

Seth,

Thanks again. It is my first outing with the AMP and we chose to use TACACS+ for NAC on all our vendors (we have a lot) so it's been a learning curve for me on a number of devices including the CPPM itself too. I think this will come under our password release option so only requested access can get CLI access for upgrades/etc when needed. That someone else's issue I have created a RW and RO group for the GUI and they work a treat.

Kind regards,

Z