Occasional Contributor II

SSH RADIUS Authentication

I currently access my controller over SSH. The authentication method is RADIUS.

Is there possibility to directly enter the enable mode?

e.g. Cisco supports the RADIUS Attribute Service-Type: Administrative

Guru Elite

Re: SSH RADIUS Authentication

If you are running ArubaOS 6.1 and above, the "enable bypass" directive can skip the enable prompt for root users who are authenticated:


(host) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(host) (config) #enable bypass ?

 From the ArubaOS 6.1 user guide:



Bypassing the Enable Password Prompt

The bypass enable feature lets you bypass the enable password prompt and go directly to the privileged commands (config mode) after logging on to the controller. This is useful if you want to avoid changing the enable password due to company policy.

Use the enable bypass CLI command to bypass the enable prompt an go directly to the privileged commands (config mode). Use the no enable bypass CLI command to restore the enable password prompt."


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos

Re: SSH RADIUS Authentication

If you don't want to set it globally as Colin suggested or aren't running 6.1 you can use the Aruba-Priv-Admin-User RADIUS attribute.   It is returned in an integer format (any non-negative value should work....I usually just assign it 1).


If your RADIUS does not have the Aruba dictionary files:

Vendor Code = 14823

Attribute Number = 3

Integer = 1 (or whatever you want)


Then on the Server Group set on the management authentication servers page be sure to have this server derived rule deffined.




Systems Engineer, Northeast USA

Occasional Contributor II

Re: SSH RADIUS Authentication

Thank you. This works very well!

Search Airheads
Showing results for 
Search instead for 
Did you mean: