Aruba & ProVision-based

Disabling Aruba Switch 5412Rzl2 GUI when user not logged on...

 
SOLVED
Go to solution
yosinyc
Occasional Collector

Disabling Aruba Switch 5412Rzl2 GUI when user not logged on...

Hi,

When anybody types in the IP of the switch, there is a lot of information that we really don't want to be displayed unless we are logged on...

any way to change that?

Thank you in advance!

 

3 REPLIES 3
akg7
HPE Pro

Re: Disabling Aruba Switch 5412Rzl2 GUI when user not logged on...

Hello @yosinyc,

Can you please explain issue in detail?

Thanks!
Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
Emil_G
HPE Pro
Solution

Re: Disabling Aruba Switch 5412Rzl2 GUI when user not logged on...

Hello, 

Do you have any settings on the switch for protecting the management access? Are you using local or remote authentication (RADIUS or TACACS) for management access.

With the default settings the access to the webUI is controlled by both default local user accounts on the switch -operator and manager. But if you didnt configure passwords for this accounts (they dont have passwords by default), the switch will not enforce authentication. So if you dont have passwords for manager or operator you can configure a password and the access to the WebUI will be blocked until an user enters this password. Here for example how you configure a password for the local user account "manager" (this will be the user name you enter when prompted).

HPE#config
HPE(config)# password manager
New password for manager: ********
Re-enter the new password for manager: ********
HPE(config)#

If you are using RADIUS server for admin user authentication you can also enable RADIUS authentication for web access with this commands. login and enable are the access levels (operator and manager)

HPE(config)# aaa authentication web login radius
HPE(config)# aaa authentication web enable radius

This commands disable local authentication the switch will only use the RADIUS server for authentication. You can configure a secondary method local which will be used only when the RADIUS server is not reachable.

HPE(config)# aaa authentication web login radius local
HPE(config)# aaa authentication web enable radius local

There is also another approach to addressing this, without using authentication. You can use the command ip authorized-managers to specify which stations are allowed to  have access to the management interfaces of the switch. It is described in the following document.

https://techhub.hpe.com/eginfolib/networking/docs/switches/K-KA-KB/15-18/5998-8150_access_security_guide/content/c_Using_Authorized_IP_Managers.html

You can specify a single address or a range of addresses. You can also specify access-level and priviledge-level.

HTH

I am an HPE employee

Accept or Kudo


yosinyc
Occasional Collector

Re: Disabling Aruba Switch 5412Rzl2 GUI when user not logged on...

thank you, you hit it on the head.  As soon as I enabled password on Operator user, it required me to login when pointing to IP address.

Thank you so much!