Wired

last person joined: an hour ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Aruba 2930F Web GUI local user

Jump to Best Answer
  • 1.  Aruba 2930F Web GUI local user

    Posted Apr 02, 2020 08:14 AM

    Hi,
    I am able to access Web GUI using manager and operator users but I am not able to do that using other local users on priviledge Level-15. SSH is accessible. 
    aaa authentication local-user "webwebweb" group "Level-15"
    Is it possible to create a group which has https access? Is https access for local users supported? 



  • 2.  RE: Aruba 2930F Web GUI local user

    Posted Apr 03, 2020 06:46 AM

    Are you using full-on RBAC? 

     

    If I assume not you actually need something like...

     

    password manager user-name <username> plaintext <password>

     

    to add a user capable of logging into the CLI or WebUI



  • 3.  RE: Aruba 2930F Web GUI local user

    Posted Apr 09, 2020 04:14 AM

    As I have mentioned before, manager and operator users are able to use Web GUI. Local users created this way (see below) - are not.

    aaa authentication local-user "webwebweb" group "Level-15"

     

    Radius authenticated users can access Web GUI also, but failback to local user authentication is not working (except for manager and operator users).

     

    aaa authentication web login radius server-group "RADIUS"  local

    aaa authentication web enable radius server-group "RADIUS" local 

     

    or 

     

    aaa authentication web login local

    aaa authentication web enable local 

     



  • 4.  RE: Aruba 2930F Web GUI local user

    Posted Apr 09, 2020 07:37 AM

    What's the configuration for the group "Level-15"?

     

    This is an example of a user created with full permissions? 

     

    #aaa authorization group "test-group" 10 match-command "*" permit

    #aaa authentication local-user test-user group test-group password plaintext

     



  • 5.  RE: Aruba 2930F Web GUI local user

    Posted Apr 09, 2020 07:46 AM

    On 2930F platform "Level-15" is predefined group will full permitions - you do not have to create one.

     

    Minondas, are you able to connect via https using local user from created group? "test-group" in your case.

     

    Thank you



  • 6.  RE: Aruba 2930F Web GUI local user

    Posted Apr 09, 2020 07:57 AM

    Hi Paulius.

     

    I've tested with http web-management and it worked just fine.

     



  • 7.  RE: Aruba 2930F Web GUI local user

    Posted Apr 09, 2020 09:12 AM
    Hi Paulinius.

    Just adding that besides that I am able to login using http/https when I go to users details my user is marked as “operator”.
    Trying to find the option that would allow the login as manager.

    Obter o Outlook para iOS


  • 8.  RE: Aruba 2930F Web GUI local user

    Posted Sep 20, 2020 07:13 PM
    # aaa authorization group ADMINS 10 match-command "*" permit
    # aaa authentication local-user admin2 group ADMINS password plaintext
    New password for admin2: ********
    Please retype new password for admin2: ********
     

    PROBLEMS:

    1. the problem with those commands is the password in sha1 which can easily decrypted although encrypt-credentials=enable



  • 9.  RE: Aruba 2930F Web GUI local user
    Best Answer

    Posted Apr 09, 2020 08:12 AM

    Hi Paulius,

     

    It is stated in the 'Aruba 2930F / 2930M Access Security Guide for ArubaOS-Switch 16.10' that RBAC is not supported for WebUI access. 

     

    Limitations section under Chapter 19

     

    Screenshot 2020-04-09 at 5.37.14 PM.png

     

     
     


  • 10.  RE: Aruba 2930F Web GUI local user

    Posted Apr 09, 2020 09:53 AM

    The information on the manual pointed by saishyam explains this behaviour. 

    Even given full access to the user it is still being allowed just operator access through WebUI.

    Older versions of the same document (16.02 for example) does not have that information.

     



  • 11.  RE: Aruba 2930F Web GUI local user

    Posted Apr 09, 2020 10:55 AM

    I wonder how you are getting that operator access because I am not getting any  

    Ok, let's give sayshyam Kudos, hope that Aruba is going to fix this some day and I am now switching my customer's local-user account to device manager

     

    Thanks for help!