Internal, RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. , or TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. authentication servers can be configured to authenticate and authorize management users of an Instant AP. The authentication servers determine if the user has access to administrative interface. The privilege level for different types of management users is defined on the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. or TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. server instead of the Instant AP. The Instant APs map the management users to the corresponding privilege level and provide access to the users based on the attributes returned by the RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. or TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. server.
The following procedure describes how to configure authentication parameters for local admin, read-only, and guest management administrator account settings through the WebUI:
- Navigate to the Configuration > System page.
- Expand Admin.
- Configure the settings defined in the Authentication Parameters for Management Users table below.
- Click Save.
Table 1: Authentication Parameters for Management Users
Local Administrator | Internal | Select Internal Authentication if you want to specify a single set of user credentials. If using an internal authentication server:
|
Authentication Server | Select Authentication server if you want to use an Authentication server to authenticate the management user.
| |
Authentication server with fallback to Internal | Select Authentication server w/fallback to Internal if you want to use Authentication server as a primary authentication method and Internal authentication as a backup authentication option. The Instant AP will fall back to internal authentication in the following scenarios:
NOTE: To configure the Instant AP to fall back to local authentication only when the authentication server response times out, configure the mgmt-auth-server-timout-local-backup command. Configuring this will stop the AP from falling back to internal authentication when the authentication request is rejected by the server or there is a mismatch in authentication server shared secret. For more information, see Aruba Instant 8.x CLI Reference Guide. | |
View Only | Internal | Select Internal to specify a single set of user credentials. If using an internal authentication server:
|
Authentication server | If a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. or TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. server is configured, select Authentication server for authentication. | |
Guest Registration Only | Internal | Select Internal to specify a single set of user credentials. If using an internal authentication server:
|
Authentication server | If a RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. or TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. server is configured, select Authentication server for authentication. |
The following CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. snippet allows you to configure a local admin user:
(Instant AP)(config)# mgmt-user <username> [password]
The following CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. snippet allows you to configure guest management administrator credentials:
(Instant AP)(config)# mgmt-user <username> [password] guest-mgmt
The following CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. snippet allows you to configure a user with read-only privilege:
(Instant AP)(config)# mgmt-user <username> [password] read-only
The following CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. snippet allows you to configure management authentication settings:
(Instant AP)(config)# mgmt-auth-server <server1>
(Instant AP)(config)# mgmt-auth-server <server2>
(Instant AP)(config)# mgmt-auth-server-load-balancing
(Instant AP)(config)# mgmt-auth-server-local-backup
The following CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. snippet allows you to enable TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. accounting:
(Instant AP)(config)# mgmt-accounting command all