This community is currently in a read-only state due to a maintenance window. For more info click here

AP Console Password Protection


We need some kind of systems to protect the third party users or un-authorized users to collect the highly sensitive information, like financial and banking institutions via AP Console.


The ArubaOS AP console password feature helps protect systems that manage highly sensitive information, like financial and banking institutions, by requiring users to log in to the AP network with a password. The AP console password is enabled by default. Passwords must be 6 to 32 characters in length, and can include alphanumeric and special characters. If configured, you must enter this password to get AP console access. If not configured, the controller generates a default random password which can be viewed by executing the encrypt disable command followed by the show ap system-profile <profile-name> command.


The timeout feature is also supported as an added level of security. If there is no user input or activity during one timeout interval (default of 30 minutes), the user is logged out of the system. The timeout interval cannot be modified.


Setting an AP Console Password:

You can configure an AP console password using the controller WebUI or CLI.

In the WebUI
To set a password in the WebUI:
1. Navigate to Configuration > Advanced Services > All Profiles.
2. Expand the AP tab, then click on AP System.
3. Under the AP System list, select the AP system you want to modify.
4. On the Advanced tab, check the Console Enable checkbox.
5. In the AP Console Password field, enter the desired AP console password. Retype the password to confirm.
6. Click the AP Console Protection check box to enable the AP console password.

7. Click Apply, then Save Configuration to save your changes.


In the CLI
To set the AP console password in the CLI:
(host) (config) #ap system-profile <profile>
(host) (AP system profile “<profile>") #console-enable
(host) (AP system profile “<profile>”) #ap-console-password <ap-console-password>
(host) (AP system profile “<profile>”) #ap-console-protection

To disable the AP console password in the CLI:
(host) (config) #ap system-profile <profile>
(host) (AP system profile “<profile>”) #no ap-console-password


If the password is lost, and the AP is not connected to a controller, the console can be reset using the reset button on the AP or the factory_reset AP boot command. If it is already connected to a controller, the AP password can be changed under the AP Console Password field of the AP System profile in the WebUI, or using the ap-console-password parameter of the ap system-profile command in the CLI.


#ap system-profile default | include console


ap-console-protection    enabled

ap-console-password      aruba@123

Version history
Revision #:
2 of 2
Last update:
‎10-18-2016 04:38 PM
Updated by:
Labels (1)



If there is a deployment of dozens of AP, do you know if there is a easy and secure way to assign different passwords to each AP and also be able to change them from time to time? 







After setting the console password, how would one use it? My CAP prompts me for a password, then I enter it, and after if I type anything, it just gives me a "permission denied" message.