You must enable javascript in order to view this page or you can go
here
to view the webhelp.
Contents
Search
Loading, please wait ...
ArubaOS-CX 10.04 Security Guide
Home
About this document
Applicable products
Latest version available online
Command syntax notation conventions
About the examples
Identifying switch ports and interfaces
Identifying switch components
About security
About Authentication, Authorization, and Accounting (AAA)
Managing local users and groups
Default user admin
Built-in user groups and their privileges
User-defined user groups
User name requirements
Password requirements
User and user group management tasks
Resetting the switch admin password using the Service OS console
Resetting the admin password by reverting the switch to factory defaults
User and group commands
user
user-group
user password
service export-password
show user-group
show user information
show user-list
SSH server
About the SSH server
SSH defaults
SSH server tasks
SSH server commands
show ssh host-key
show ssh server
show ssh server sessions
ssh certified-algorithms-only
ssh host-key
ssh known-host remove
ssh maximum-auth-attempts
ssh server vrf
SSH client
About the SSH client
SSH client commands
ssh (client login)
Local AAA
About local AAA
Local AAA defaults and limits
Local authentication
Local authentication overview
Local authentication tasks
Local authorization
Local authorization overview
Local authorization tasks
Local accounting
Local accounting overview
Local accounting tasks
Local AAA commands
aaa accounting all-mgmt
aaa authentication limit-login-attempts
aaa authentication login
aaa authentication minimum-password-length
aaa authorization commands
show aaa accounting
show aaa authentication
show aaa authorization
show ssh authentication-method
show user
ssh password-authentication
ssh public-key-authentication
user authorized-key
Remote AAA with TACACS+
About remote AAA with TACACS+
Default server groups
Remote AAA (TACACS+) defaults and limits
About global versus per-TACACS+ server passkeys (shared secrets)
Remote AAA TACACS+ server configuration requirements
User role assignment using TACACS+ attributes
TACACS+ server redundancy and access sequence
Single source IP address for consistent source identification to AAA servers
TACACS+ general tasks
TACACS+ authentication
TACACS+ authentication overview
About authentication fail-through
TACACS+ authentication tasks
TACACS+ authorization
TACACS+ authorization overview
About authentication fail-through and authorization
TACACS+ authorization tasks
TACACS+ accounting
TACACS+ accounting overview
TACACS+ accounting tasks
Example: Configuring the switch for Remote AAA with TACACS+
Remote AAA with RADIUS
About remote AAA with RADIUS
Default server groups
Remote AAA (RADIUS) defaults and limits
About global versus per-RADIUS server passkeys (shared secrets)
Remote AAA RADIUS server configuration requirements
User role assignment using RADIUS attributes
RADIUS server redundancy and access sequence
Single source IP address for consistent source identification to AAA servers
RADIUS general tasks
RADIUS authentication
RADIUS authentication overview
About authentication fail-through
RADIUS authentication tasks
Configuring two-factor authentication
RADIUS accounting
RADIUS accounting overview
RADIUS accounting tasks
Example: Configuring the switch for Remote AAA with RADIUS
Remote AAA (TACACS+, RADIUS) commands
aaa accounting all-mgmt
aaa authentication allow-fail-through
aaa authentication login
aaa authorization commands
aaa group server
radius-server auth-type
radius-server host
radius-server host secure ipsec
radius-server key
radius-server retries
radius-server timeout
radius-server tracking
server
show aaa accounting
show aaa authentication
show aaa authorization
show aaa server-groups
show accounting log
show radius-server
show radius-server secure ipsec
show radius-server statistics
show tacacs-server
show tacacs-server statistics
show tech aaa
tacacs-server auth-type
tacacs-server host
tacacs-server key
tacacs-server timeout
tacacs-server tracking
PKI
PKI concepts
PKI on the switch
Installing a self-signed leaf certificate (created inside the switch)
Installing a self-signed leaf certificate (created outside the switch)
Installing a certificate of a root CA
Installing a CA-signed leaf certificate (initiated in the switch)
Installing a CA-signed leaf certificate (created outside the switch)
PKI commands
crypto pki application
crypto pki certificate
crypto pki ta-profile
enroll self-signed
enroll terminal
import (CA-signed leaf certificate)
import (self-signed leaf certificate)
key-type
ocsp disable-nonce
ocsp enforcement-level
ocsp url
ocsp vrf
revocation-check ocsp
show crypto pki application
show crypto pki certificate
show crypto pki ta-profile
subject
ta-certificate
Configuring enhanced security
About enhanced security
Configuring enhanced security
password complexity
CLI user session management
cli-session
Configuring remote logging using SSH reverse tunnel
Auditors and auditing tasks
Auditing tasks (CLI)
Auditing tasks (Web UI)
REST requests and accounting logs
Websites
Support and other resources
Accessing Aruba Support
Accessing updates
Warranty information
Regulatory information
Documentation feedback
Your browser does not support iframes.