Network Management

 View Only
Expand all | Collapse all

Create a local user with only SSH to switch 2930M

This thread has been viewed 14 times
  • 1.  Create a local user with only SSH to switch 2930M

    Posted Mar 16, 2023 01:48 AM
    Edited by Greg_W Mar 17, 2023 09:47 AM

    Dear Friends, 

    I would like add a local user that only have access to SSH. What would be the best way? I already configured Radius Remote Management which is working fine with Windows NPS server. Donot really want to interrupt that. 

     

    I tried these commands:  

    aaa authorization commands local

    aaa authorization group "ReadOnlyGroup" 100 match-command "command:ssh" permit

    aaa authentication local-user "Readonly" group "ReadOnlyGroup" password plaintext

    However, I still cannot use this user "ReadOnly: to log in to SSH. 

    Also, is there a way I can configure this user "ReadOnly" read only? 

    Seems SNMPv3 user is not working in our scenario because we have to run powershell script to read Config. 

    Thanks a lot,

    ML



  • 2.  RE: Create a local user with only SSH to switch 2930M

    Posted Mar 16, 2023 09:41 PM

    I figured out username has to be case sensitive . Also, my switch does not do authentication fail through, I have to disable Radius Client first, otherwise, the readonly user will always fail. Since ArubaOS and ArubaCX are different, how can I implement Authentication fail through on ArubaOS? 

    Thanks

    ML