Requirement:We need some kind of systems to protect the third party users or un-authorized users to collect the highly sensitive information, like financial and banking institutions via AP Console.
Solution:The ArubaOS AP console password feature helps protect systems that manage highly sensitive information, like financial and banking institutions, by requiring users to log in to the AP network with a password. The AP console password is enabled by default. Passwords must be 6 to 32 characters in length, and can include alphanumeric and special characters. If configured, you must enter this password to get AP console access. If not configured, the controller generates a default random password which can be viewed by executing the encrypt disable command followed by the show ap system-profile <profile-name> command.
The timeout feature is also supported as an added level of security. If there is no user input or activity during one timeout interval (default of 30 minutes), the user is logged out of the system. The timeout interval cannot be modified.
Configuration:Setting an AP Console Password:
You can configure an AP console password using the controller WebUI or CLI.
In the WebUI
To set a password in the WebUI:
1. Navigate to Configuration > Advanced Services > All Profiles.
2. Expand the AP tab, then click on AP System.
3. Under the AP System list, select the AP system you want to modify.
4. On the Advanced tab, check the Console Enable checkbox.
5. In the AP Console Password field, enter the desired AP console password. Retype the password to confirm.
6. Click the AP Console Protection check box to enable the AP console password.
7. Click Apply, then Save Configuration to save your changes.
In the CLI
To set the AP console password in the CLI:
(host) (config) #ap system-profile <profile>
(host) (AP system profile “<profile>") #console-enable
(host) (AP system profile “<profile>”) #ap-console-password <ap-console-password>
(host) (AP system profile “<profile>”) #ap-console-protection
To disable the AP console password in the CLI:
(host) (config) #ap system-profile <profile>
(host) (AP system profile “<profile>”) #no ap-console-password
VerificationIf the password is lost, and the AP is not connected to a controller, the console can be reset using the reset button on the AP or the factory_reset AP boot command. If it is already connected to a controller, the AP password can be changed under the AP Console Password field of the AP System profile in the WebUI, or using the ap-console-password parameter of the ap system-profile command in the CLI.
#ap system-profile default | include console
console-enable
ap-console-protection enabled
ap-console-password aruba@123