Concept Guide

Table Of Contents
626| mgmt-user Dell Networking W-Series ArubaOS 6.5.x| Reference Guide
Parameter Description Default
console-block
Enables or disables the console login.
The purpose of this command is to introduce an ability to lock
down all console ports, for example, micro USB, mini USB on
the controller to enable high level security. This also ensures
that no SSH access is allowed at the remote branch office.
The SSH is only allowed from the headquarters via the IPsec
tunnel.
Disabled
localauth-disable
Disables authentication of management users based on the
results returned by the authentication server.
To cancel this setting, use the no form of the command:
no mgmt-user localauth-disable
To verify if authentication of local management user
accounts is enabled or disabled, use the following command:
show mgmt-user local-authentication-mode
Enabled
ssh-pubkey
Configures certificate authentication of administrative users
using the CLI through SSH.
client-cert
Name of the X.509 client certificate for authenticating
administrative users using SSH.
<username>
Name of the user.
<role>
Role assigned to the authenticated user.
<rcp>
Revocation Checkpoint for the ssh user's client certificate.
The rcp checks the revocation status of the SSH user’s client
certificate before permitting access.
webui-cacert
The client certificate for authenticating administrative users
using the WebUI.
<certificate_name>
The CA certificate. If configured, certificate authentication
and authorization are automatically completed using an
authentication server.
serial
Serial number of the client certificate.
<username>
Name of the user.
<role>
Role assigned to the authenticated user.
Usage Guidelines
You can configure client certificate authentication of WebUI or SSH management users (by default, only
username/password is used). To configure certificate authentication for the WebUI or SSH, use the web-server
mgmt-auth certificate or ssh mgmt-auth public-key commands, respectively.
Use webui-cacert <certificate name> command if you want an external authentication server to derive the
management user role. This is helpful if there are a large number of users who need to be authenticated.