Wireless Access

Reply
Contributor I

Remote and Local Management

We would like to disable local user remote login via ssh/telnet and only allow TACACS remote login. Is the correct method just to disable "Allow Local Authentication?" we would want to be able to login locally with root/admin if the network is down still and need certain local accounts to access the web gui for guest provisioning as we don't use clearpass/amigopod.

 

 

Aruba Employee

Re: Remote and Local Management

Yes, disable ?Allow Local Authentication?. If the TACACS server(s) are not reachable, then and only then can you use the local accounts.
Contributor I

Re: Remote and Local Management

This works perfect for securing remote access via ssh/telnet but then we have the issue for anyone that doesn't have tacacs permissions. Is there no way to disable "root" accounts like the admin and in our case airwave management user from remote login but still allow local accounts that need to login for guest provisioning?

Aruba Employee

Re: Remote and Local Management

Can you pass back the role via the TACACS server?
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: