Security

Reply
Occasional Contributor II
Posts: 11
Registered: ‎05-16-2012

authenticating an airwave user for cli

Hi,

 

We have set our Airwave admin account to be the Read-Write account when we authenticate using TACACS on the Aruba CPPM. This only allows HTTPS access - where do we configure the access to the CLI?  Using the 'AMP:https attribute we send back the role="Admin" and that works fineo n the GUI but not the CLI. Any pointers?

 

Kind regards,

 

Z

Aruba
Posts: 1,377
Registered: ‎12-12-2011

Re: authenticating an airwave user for cli

There is no user based access to the CLI. The only user is "root" and the password is set upon install of Airwave.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor II
Posts: 11
Registered: ‎05-16-2012

Re: authenticating an airwave user for cli

Seth,

 

Many thanks for confirming that - I was begining to think that was the case due to lack of information anywhere else. This is going to make it difficult to get into our NAC policy but I'll think of something.

 

Kind regards,

 

Z

Aruba
Posts: 1,377
Registered: ‎12-12-2011

Re: authenticating an airwave user for cli

There should be only limited use cases to get into the CLI once installed and working.  You can disable SSH via an ACL on the upstream router to Airwave for compliance perhaps

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor II
Posts: 11
Registered: ‎05-16-2012

Re: authenticating an airwave user for cli

Seth,

 

Thanks again. It is my first outing with the AMP and we chose to use TACACS+ for NAC on all our vendors (we have a lot) so it's been a learning curve for me on a number of devices including the CPPM itself too. I think this will come under our password release option so only requested access can get CLI access for upgrades/etc when needed. That someone else's issue I have created a RW and RO group for the GUI and they work a treat.

 

Kind regards,

 

Z

Search Airheads
Showing results for 
Search instead for 
Did you mean: