RADIUS Authentication For REST On Aruba switch

By esupport posted Nov 29, 2019 05:03 PM


RADIUS authentication for REST has been introduced in Aruba switches in 16.08. However, not all switches support this feature.

Setup used:

  • 3810 - Running on software - KB.16.09.0001
  • Clearpass Server - Running on




On the switch the following configuration is required:

  • Configure a RADIUS server
  • Enable authentication for REST for login mode
  • Enable authentication for REST for enable mode
  • Enable REST Interface

Also, make sure that http and/or https is enabled on the switch.


On the RADIUS Server (Clearpass):

  • Add the switch in Devices
  • Create a PROFILE
  • Create a POLICY
  • Create a Service
  • Call the Policy in the Service Enforcement

Also make sure that the User is added in the Local User Repository or any other Authentication source that will be used.



Now, in order to achieve RADIUS Authentication for REST, configure the switch with the following configuration:


These are the REST specific commands that are required.

The IP address is of the Clearpass server.

The command "rest-interface" is used to enable REST on the switch.


The rest of the configuration has to be done on the Clearpass server as follows:

1) Add the switch in the Clearpass server in Devices and use the same key as the one used on the switch in the "radius-server host " command.


The switch IP used in this example is


2) Create a profile :

You can name the profile as you desire.


Click on the Attributes TAB and configure the following:


3) Configure the Service as follows:


4) Under the authentication TAB select PAP and Local User Repository in the Authentication Methods and Authentication Sources respectively:

5) Finally, click on the Enforcement TAB and select the policy that defines the condition:






On the switch verify with the command:

show rest-interface

show logging   -------- Very useful while troubleshooting


On the Clearpass Server check the Access Tracker once a login attempt is made.

1 comment


Mar 02, 2020 12:23 PM

To add a specifying comement. the platform and swoftware versions that do not support REST API AAA authentication are:


YA / YB software versions.

ArubaOS-Switch Software Feature Support Matrix can be found here: