Wired Intelligent Edge

last person joined: 10 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

[CX] Single line configuration changes

This thread has been viewed 15 times
  • 1.  [CX] Single line configuration changes

    Posted Oct 03, 2021 11:12 AM
    Hi everyone,

    We allow our helpdesk technicians to login to our switches and do simple tasks like change vlans and names on ports connected to end users.

    On ArubaOS-Switch it was easy to limit this through RADIUS since these changes could be simple one-liners that we could whitelist in the RADIUS server like:

    interface XX name yyyy
    interface XX untagged yy

    On ArubaOS-CX as far as I can tell you need to first "enter" the interface before you can edit it, making whitelisting harder, is there a way to do one-liners on AOS-CX?


    Keeper of the Keys

  • 2.  RE: [CX] Single line configuration changes

    Posted Oct 29, 2021 05:59 AM

    Hi er72,

    a little late response, but maybe it will also be helpful for future readers.
    Anyway in OS-CX there is no "official" or "predetermined" way to make the configuration outside of the interface submenu. You have to enter the submenu first.
    However you have the possibility to make an alias for a command or a set of commands and then use this alias for your whitelisting.
    (This alias is a feature also available on the older ArubaOS/ProCurve devices.)
    Below I'm sending an example for making an alias to configure ports as access ports:

    8320(config)# alias
    WORD Alias command (Max Length 30 characters)
    8320(config)# alias untagged
    LINE Alias definition. Multiple commands should be separated by ";".
    Parameters $1, $2, etc. in the body are replaced by the corresponding
    argument from the command line. Extra arguments are appended at the
    end. (Max length 400 characters)
    8320(config)# alias untagged interface $1;vlan access $2
    8320(config)# show alias
    Alias Name Alias Definition
    ------------------------------------------------------------------------------ -
    untagged interface $1;vlan access $2
    8320(config)# untagged 1/1/54 10
    8320(config-if)# show vlan

    VLAN Name Status Reason Type Interfaces
    1 DEFAULT_VLAN_1 down no_member_port default
    10 VLAN10 down no_member_forwarding static 1/1/54

    I've also included the help outputs for the alias command to make things a bit easier. Keep in mind you can't use an already existing token/command name for your alias. "interface" for example. So you will have to work around that. 
    In your particular case I think a bit more specific whitelisting is probably easier than configuring aliases. But aliases can be useful if you want to filter some parts of the output of a show command you don't want your technicians to see. 

    Toni Andreev