Alcatel-Lucent AOS-W 6.5.3.x

To Next Page

To Previous Page

392| Roles and Policies AOS-W 6.5.3.x| User Guide

dictionary file. VSAs supported on switches conform to the format recommended in RFC 2865, “Remote

Authentication Dial In User Service (RADIUS)”.

For more information on Alcatel-Lucent VSAs, see RADIUS Server VSAs on page 183. Dictionary files that

contain Alcatel-Lucent VSAs are available on the Alcatel-Lucent support website for various RADIUS servers.

Log into the Alcatel-Lucent support website to download a dictionary file from the Tools folder.

Configuring a Standard Role

Starting from AOS-W 6.5.1.0, a new management role, Standard role, is supported which has all the root

privileges but cannot make changes to the management users. The purpose of creating this new role is to

prevent changes to the local account from externally authenticated management user.

In the WebUI

1. Navigate to Configuration > Management > Administration page.

2. Click Add to add a new user.

3. In the Add User section, perform the following steps to set the Standard role:

a. Enter the User Name.

a. In Conventional User Account, enter the Password, Confirm Password fields and set the Role as

Standard using the drop-down list.

b. In Certificate Management, select WebUI Certificate, disable the Use external authentication

server to authenticate field, set the Role as Standard using the drop-down list, enter the Client

Certificate Serial No., and select the Trusted CA Certificate Name.

c. In Certificate Management, select SSH Public Key, set the Role as Standard, the Client

Certificate Name, and Revocation Checkpoint using the respective drop-down lists,

d. ClickApply.

For SSH public key and WebUi certificate, the certificates have to be imported prior to setting the role.

In the CLI

To configure a conventional user account with the Standard role:

(host) (config) #mgmt-user <username> standard

To configure a user with the Standard role in the local userdb:

(host) (config) #local-userdb add username <username> password <password> role standard

To configure a user with the Standard role using the webui-cert after importing certificates to the client:

(host) (config) #mgmt-user webui-cacert <certificate name> serial <serial-no> <username>

(host) (config) #mgmt-userssh-pubkey client-cert <certificate> <username> <role> rcp <rcp_

name>

To configure the default user with the Standard role:

(host) (config) #aaa authentication mgmt default-role standard

The Standard user role can also be set using

n Filter-Id in SDR by setting a rule in the server-group to filter the specified operand and assign the Standard

role if the condition match in the filter.

n External RADIUS server by configuring the username, password, and Aruba-Admin-Role attribute in the

RADIUS server.

Alcatel-Lucent AOS-W 6.5.3.x - Page 392