External User Management. Aruba M3MK1, 7024, 7240, 620, 7280, 650, ArubaOS 6.5.3.x, 3200
Add to My manuals1162 Pages
advertisement
![External User Management. Aruba M3MK1, 7024, 7240, 620, 7280, 650, ArubaOS 6.5.3.x, 3200 | Manualzz External User Management. Aruba M3MK1, 7024, 7240, 620, 7280, 650, ArubaOS 6.5.3.x, 3200 | Manualzz](http://s3.manualzz.com/store/data/065045702_1-408b09793e6f944b7784da0f06210a05-360x466.png)
Chapter 44
External User Management
This chapter introduces the ArubaOS XML API interface and briefly discusses how you can use simple API calls to perform external user management tasks. Sample scripts are listed at the end of the chapter to help you get started with using the XML API.
Topics in this chapter include: n n n n n
How the ArubaOS XML API Works on page 1080
Creating an XML Request on page 1080
Overview
ArubaOS allows you to set up customized external captive portal user management using its native XML API interface. The XML API interface allows you to create and execute user management operations on behalf of the clients or users. You can use the XML API interface to add, delete, authenticate, blacklist, query, or log out a user.
Before you Begin
n n
Enable the External Services Interface software module. This is available in the PEFNG license.
Ensure that you have connectivity between your XML API server and the controllers via HTTPS.
How the ArubaOS XML API Works
The typical interaction between your XML API server and the controller happens using an HTTPS POST command. A typical communication process using the XML API interface happens as follows:
1. An API command is issued from your server in XML format to the controller. The XML request can be composed using a language of your choice using the format described in the
command. See the
2. The XML request is sent using an HTTPS POST command. The common format of the HTTPS POST is https://<controller-ip>/auth/command.xml
. See
Creating an XML Request on page 1080
for more information.
3. The controller processes the XML API request and sends the response to the XML API server. You can use the response and take appropriate action that suits your requirement. The response from the controller is returned using predefined formats. See the
for more information.
Creating an XML Request
You can create XML request to add, delete, authenticate, blacklist, query, or logout a user. This section provides
XML request formats that you can use for each task.
ArubaOS 6.5.3.x
| User Guide External User Management | 1080
The XML API functions such as addition, deletion, authentication, blacklisting, querying, and logout have been extended to support IPv6 users in addition to IPv4 users. However, the XML API server must be configured with an
IPv4 address for communication with the controller.
Adding a User
This XML request uses the user_add command to create a new user entry in the controllers user table. If the user entry is already present in the user table, the command will modify the entry with the values defined in the XML request, with an exception of IP and MAC address. Session time-out is only applicable to captive portal users.
xml=<aruba command="user_add">
<ipaddr>IP-address_of_the_user</ipaddr>
<macaddr>MAC-address_of_the_user</macaddr>
<name>User_Name</name>
<role>Role_Name</role>
<session_timeout>Session_timeout</session_timeout>
<key>Shared_Key</key>
<authentication>MD5|SHA-1|cleartext</authentication>
<version>1.0</version>
</aruba>
The following options are mandatory when you execute the user_add command: n n n n n
IP Address
MAC Address (a valid wireless or wired client on the controller)
Key
Authentication
Version
Deleting a User
Do not use the user_delete command if the intention is to clear the association from the controller user table. If the client is dual-stack, it re-inherits the authentication state from the IPv6 address. If not dual-stack, the client reverts to the initial role.
This XML request uses the user_delete command to delete an existing user from the controllers user table.
xml=<aruba command="user_delete">
<ipaddr>IP-address_of_the_user</ipaddr>
<macaddr>MAC-address_of_the_user</macaddr>
<name>User_Name</name>
<key>Shared_Key</key>
<authentication>MD5|SHA-1|cleartext</authentication>
<version>1.0</version>
</aruba>
The following options are mandatory when you execute the user_delete command: n n n n
IP Address
Key
Authentication
Version
Passing the MAC address or username serves only to perform additional validation against the mandatory IP address. For example, if the IP address is 1.2.3.4 and the MAC address passed is 00:11:22:33:44:55 but the real MAC address is 66:77:88:99:aa:bb then the XML request will fail with response code 1, " unknown user " message.
1081 | External User Management ArubaOS 6.5.3.x | User Guide
Authenticating a User
This XML request uses the user_authenticate command to authenticate against the server group defined in the captive portal profile. This is only applicable to captive portal users.
xml=<aruba command="user_authenticate">
<ipaddr>IP-address_of_the_user</ipaddr>
<macaddr>MAC-address_of_the_user</macaddr>
<name>User_Name</name>
<password>Password_for_the_user</password>
<key>Shared_Key</key>
<authentication>MD5|SHA-1|cleartext</authentication>
<version>1.0</version>
</aruba>
The following options are mandatory when you execute the user_authenticate command: n n n n n n
IP Address
Name
Password
Key
Authentication
Version
Passing the MAC address serves only to perform additional validation against the mandatory IP address. For example, if the IP address is 1.2.3.4 and the MAC address passed is 00:11:22:33:44:55 but the real MAC address is
66:77:88:99:aa:bb then the XML request will fail with response code 1, " unknown user " message.
Blacklisting a User
This XML request uses the user_blacklist command to blacklist a user from connecting to your network. This command uses the default blacklist timeout of 3600 seconds. There is no corresponding clear command. You can use the controller CLI to clear the blacklisted clients. Refer the show ap blacklist-clients , stm removeblacklist-client , and stm purge-blacklist-clients commands in the ArubaOS CLI Reference Guide to clear the blacklisted clients.
xml=<aruba command="user_blacklist">
<ipaddr>IP-address_of_the_user</ipaddr>
<macaddr>MAC-address_of_the_user</macaddr>
<name>User_Name</name>
<key>Shared_Key</key>
<authentication>MD5|SHA-1|cleartext</authentication>
<version>1.0</version>
</aruba>
The following options are mandatory when you execute the user_blacklist command: n n n n
IP Address
Key
Authentication
Version
Passing the MAC address or username serves only to perform additional validation against the mandatory IP address. For example, if the IP address is 1.2.3.4 and the MAC address passed is 00:11:22:33:44:55 but the real MAC address is 66:77:88:99:aa:bb then the XML request will fail with response code 1, " unknown user " message.
ArubaOS 6.5.3.x
| User Guide External User Management | 1082
Querying for User Status
This XML request uses the user_query command to get the status and details of a user connected to your network. A dual-stack client can be queried by any of its IPv4 or IPv6 addresses, but only the queried IP address is displayed in the output.
xml=<aruba command="user_query">
<ipaddr>IP-address_of_the_user</ipaddr>
<macaddr>MAC-address_of_the_user</macaddr>
<name>User_Name</name>
<key>Shared_Key</key>
<authentication>MD5|SHA-1|cleartext</authentication>
<version>1.0</version>
</aruba>
The following options are mandatory when you execute the user_query command: n n n n
IP Address
Key
Authentication
Version
Passing the MAC address or username serves only to perform additional validation against the mandatory IP address. For example, if the IP address is 1.2.3.4 and the MAC address passed is 00:11:22:33:44:55 but the real MAC address is 66:77:88:99:aa:bb then the XML request will fail with response code 1, " unknown user " message.
Logging Out a User
This XML request uses the user_logout command to revert the user to the initial role. This is only applicable to captive portal users. For dual-stack clients, all user-table entries will be reverted to the initial role.
xml=<aruba command="user_logout">
<ipaddr>IP-address_of_the_user</ipaddr>
<macaddr>MAC-address_of_the_user</macaddr>
<name>User_Name</name>
<key>Shared_Key</key>
<authentication>MD5|SHA-1|cleartext</authentication>
<version>1.0</version>
</aruba> n n
The following options are mandatory when you execute the user_logout command: n n
IP Address
Key
Authentication
Version
XML Response
For every successful XML request the controller will return the processed information as an XML response.
There are two types of responses: Default response and Query response.
Default Response Format
The format of a default XML response from the controller is:
<aruba>
<status>Ok | Error</status>
<code>response_code</code>
<reason>response_message</reason>
1083 | External User Management ArubaOS 6.5.3.x | User Guide
</aruba>
In which, n n n the status specifies if the XML response succeeds or fails. If the request succeeds, the status tag will contain the Ok string. If the request fails, the status tag will contain the Error string.
the code is an integer number that represents the error in the request. This tag is populated only if there is an error in the request.
the reason is a message that contains descriptive information about the error.
Response Codes
The following response codes are returned if the XML request returns an Error string.
Table 268: XML Response Codes
Code Reason message
1
2
3 unknown user
The user specified in the XML request does not exist or is incorrect.
If the MAC address or username is specified in the query, the controller restricts the supplied IP address, i.e., the requested user
IP address together with any MAC address and username will not be found.
unknown role
The specified role in the XML request does not exist in the controller.
unknown external agent
Description
Returned by the user_ authenticate , user_delete , user_ blacklist , user_logout , and user_ query commands.
Returned by the user_add command.
4
5 authentication failed
This error string is returned due to an unknown source IP (i.e. not configured as an XML server).
Or,
In case of an user_add command, it is likely to be due to the defaultxml-api AAA profile missing from the AAA authentication wired profile.
Indicates an authentication failure during user_authenticate .
This is only applicable to captive portal users.
—
6
7 invalid command
The XML request contains a command not supported by ArubaOS
XML API interface.
invalid message authentication method
The authentication method specified in the XML request is not supported by the ArubaOS XML API interface.
invalid message digest
Returned by commands that contain the authentication method in the XML request.
This is due to a mismatch in secret between the XML server and the controller XML API profile.
If using non cleartext, this could be an error in the calculation of the hashed secret.
ArubaOS 6.5.3.x
| User Guide External User Management | 1084
Code
8
9
10
12
13
14
Reason message missing message authentication
The authentication method is not specified in the XML request.
Description
Returned by all commands that require the authentication method in the XML request.
Returned by all commands.
missing or invalid version number
The XML request does not contain the version number or the version number is incorrect.
internal error can't use vlan ip invalid ip
The XML request contains invalid IP address of the user or client.
can't use switch ip
The XML request contains the controllers IP address instead of the client IP address.
—
Indicates the supplied IP matches a
VLAN IP on the controller.
Returned by all commands that required IP address to be specified in the XML request.
Returned by all commands that required IP address to be specified in the XML request.
15
16
17 missing MAC address
The XML request does not contain the MAC address of the user or client.
unsupported command for this user socket failed or timed out waiting for operation to complete
Returned by all commands that required MAC address to be specified in the XML request.
Returned when the requested operation is invalid for the specified user.
Returned when the status of the requested operation is unavailable; usually signifies a socket communication failure or timeout.
Query Command Response Format
The response of the XML request with the user_query command contains detailed information about the status of the user or client.
The status , code and reason values are similar to the default response. The following responses are returned only if the status code returns the Ok string.
Table 269: Query Response Code
Response
Code
Description status Displays the status of the XML response.
code macaddr
Displays the code as an integer number that represents the error in the request. This tag is populated only if there is an error in the request.
Displays the MAC address of the client.
1085 | External User Management ArubaOS 6.5.3.x | User Guide
Response
Code ipaddr name role type vlan location age auth_status auth_server auth_method essid bssid phy_type mobility_state in_packets in_octets out_packets out_octets
Description
Displays the IPv4 or IPv6 address of the client.
Displays the hostname of the user or client.
Displays the current role of the authenticated client.
Displays if the client is wired or wireless .
Displays the VLAN ID of the client.
Displays the name of the AP to which the client is associated.
Displays the age of the client in the controller. The age is displayed in DD:HH:MM format
(Day:Hours:Minutes).
Displays the authentication status of the client. Available values are: authenticated or unauthenticated .
Displays the name of the authentication server used for authenticating the client. This information is available only if the client is authenticated by the controller.
Displays the authentication mechanism used to authenticate the client. This information is available only if the client is authenticated by the controller.
Displays the ESSID to which the client is associated.
Displays the BSSID of the AP to which the client is associated.
Displays the physical connection type. Available values are: a , b , g , a-HT , g-HT , and a-
VHT .
Displays the roaming state of the client. Available values are: Wired (Visitor) , Visitor ,
Wired (Away) , Away , Wired (Foreign VLAN) , Foreign VLAN , Wired (Remote) , Associated (Remote) , Wired , and Wireless .
Displays the total number of incoming packets received by the client.
Displays the incoming packets (in bytes) received by the client.
Displays the total number of outgoing packets received by the client.
Displays the outgoing packets (in bytes) received by the client.
Using the XML API Server
Follow the steps below to use the XML API:
1. Configure an XML API server.
2. Associate the XML API server to an appropriate AAA profile.
3. Configure a user role to direct non-authenticated users to the external captive portal server.
4. Configure captive portal profile and associate that to an initial role (example logon ).
5. Create an XML request with the appropriate API call.
6. Process XML response appropriately.
ArubaOS 6.5.3.x
| User Guide External User Management | 1086
The default logon role of a client or user must have captive-portal enabled.
Configuring the XML API Server
Configure an external XML API server in your AAA infrastructure. In this example, 10.11.12.13 is your server.
The XML API interface on the controller will receive requests from this server.
Define the XML API server and specify the key for verifying requests from your server:
(host) (config) #aaa xml-api server 10.11.12.13
(host) (XML API Server “10.11.12.13”) #key aruba123
Verify the XML API server configuration:
(host) #show aaa xml-api server
XML API Server List
-------------------
Name References Profile Status
----
10.11.12.13
-----------------------
0
Total:1
Associating the XML API Server to a AAA profile
After you define the XML API server profile associate it to the appropriate AAA profile. If the XML API server is not correctly configured in the appropriate profile, the controller will respond with the client not authorized error message. You can add XML API server references to the following AAA profile depending on your requirement:
For wireless users, associate the XML API server to the AAA profile of the virtual AP profile:
(host) (config) #aaa profile wirelessusers
(host) (AAA Profile "wirelessusers") #xml-api-server 10.11.12.13
(host) (AAA Profile "wirelessusers") #exit
(host) (config) #show aaa profile wirelessusers
AAA Profile "wirelessusers"
---------------------------
Parameter
---------
Initial role
MAC Authentication Profile
MAC Authentication Default Role
MAC Authentication Server Group
Value
----logon
N/A guest default
802.1X Authentication Profile N/A
802.1X Authentication Default Role guest
802.1X Authentication Server Group N/A
RADIUS Accounting Server Group N/A
XML API server
RFC 3576 server
User derivation rules
Wired to Wireless Roaming
SIP authentication role
10.11.12.13
N/A
N/A
Enabled
N/A
(host) (config) #wlan virtual-ap wireless-vap
(host) (Virtual AP profile "wireless-vap") #aaa-profile wirelessusers
(host) (AAA Profile "wirelessusers") #exit
(host) (config) #show wlan virtual-ap wireless-vap
Virtual AP profile "wireless-vap"
---------------------------------
1087 | External User Management ArubaOS 6.5.3.x | User Guide
Parameter
---------
Virtual AP enable
Allowed band
AAA Profile
Value
-----
Enabled all wirelessusers
802.11K Profile
SSID Profile
VLAN
Forward mode
Deny time range
Mobile IP
HA Discovery on-association
DoS Prevention
Station Blacklisting
Blacklist Time default default
N/A tunnel
N/A
Enabled
Disabled
Disabled
Enabled
3600 sec
Dynamic Multicast Optimization (DMO) Disabled
Dynamic Multicast Optimization (DMO) Threshold 6
Authentication Failure Blacklist Time
Multi Association
3600 sec
Disabled
Strict Compliance
VLAN Mobility
Remote-AP Operation
Drop Broadcast and Unknown Multicast
Disabled
Disabled standard
Disabled
Convert Broadcast ARP requests to unicast
Band Steering
WMM Traffic Management Profile
Enabled
Disabled
N/A
For wired users, associate the XML API server to the AAA profile of the appropriate wired profile:
(host) (config) #aaa profile wiredusers
(host) (AAA Profile "wiredusers") #xml-api-server 10.11.12.13
(host) (AAA Profile "wiredusers") #exit
(host) (config) #aaa authentication wired
(host) (Wired Authentication Profile) #profile wiredusers
(host) (Wired Authentication Profile) #exit
(host) (config) #show aaa authentication wired
Wired Authentication Profile
----------------------------
Parameter
---------
Value
-----
AAA Profile wiredusers
For unknown wired users, associate the XML API server to the default-xml-api AAA profile:
The default-xml-api AAA profile is used only to add or authenticate new users.
The following example illustrates using the default-xml-api AAA profile.
(host) (config) #aaa profile default-xml-api
(host) (AAA Profile "default-xml-api") #xml-api-server 10.11.12.13
(host) (AAA Profile "default-xml-api") #exit
(host) (config) #show aaa profile default-xml-api
AAA Profile "default-xml-api" (Predefined (changed))
----------------------------------------------------
Parameter Value
---------
Initial role
MAC Authentication Profile
----logon
N/A
ArubaOS 6.5.3.x
| User Guide External User Management | 1088
MAC Authentication Default Role
MAC Authentication Server Group guest default
802.1X Authentication Profile N/A
802.1X Authentication Default Role guest
802.1X Authentication Server Group N/A
RADIUS Accounting Server Group N/A
XML API server
RFC 3576 server
User derivation rules
Wired to Wireless Roaming
SIP authentication role
10.11.12.13
N/A
N/A
Enabled
N/A
Your controller is now ready to receive API calls from your XML API server.
Setting up the Captive Portal Profile
Set up a Captive Portal profile with a login page that will redirect users to the external Captive Portal server.
(host) (config-role) #aaa authentication captive-portal captive-portal-auth
(host) (Captive Portal Authentication Profile "captive-portal-auth") #default-role authenticated
(host) (Captive Portal Authentication Profile "captive-portal-auth") #login-page https://10.11.12.13/cgi-bin/login.pl
(host) (Captive Portal Authentication Profile "captive-portal-auth") #switch-in-redirectionurl
The login-page https://10.11.12.13/cgin-bin/login.pl
is for illustration purposes where the login.pl
is a Perl script on the external server that handles the external captive portal.
Associating the Captive Portal Profile to an Initial Role
(host) (Captive Portal Authentication Profile "captive-portal-auth") #user-role logon
(host) (config-role) #captive-portal captive-portal-auth
(host) (config-role) #session-acl captiveportal
(host) (config-role) #!
You can either create a new ACL or append specific rules to an existing ACLs. To create session ACL for the logon role do the following:
(host) (config) #ip access-list session captiveportal
(host) (config-sess-captiveportal)#user alias xCP svc-https permit
(host) (config-sess-captiveportal)#user alias xCP svc-http permit
(host) (config-sess-captiveportal) #!
(host) (config) #netdestination xCP
(host) (config-dest) #host 10.11.12.13
(host) (config-dest) #!
Creating an XML API Request
You can now create an XML request with an XML API command and send it to the controller via HTTPS POST.
The format of the URL to send the XML request is: https://<controller-ip/auth/command.xml
n n controller-ip : The IP address of the controller that will receive the XML API request command.xml
: The XML request that contains the XML API command.
The format of the XML API request is: xml=<aruba command="<XML API command>">
<options>Value</options>
...
1089 | External User Management ArubaOS 6.5.3.x | User Guide
<options>Value</options>
</aruba>
You can specify any of the following commands in the XML request:
Table 270: XML API Command
XML API Command user_add user_delete user_authenticate user_blacklist user_query user_logout
Description
This command creates a new user entry in the controllers user table. If the user entry is already present in the user table, the command will modify the entry with the values defined in the XML request. For an existing user, this command will update any value that is supplied, with an exception of
IP and MAC address. Session time-out is only applicable to captive portal users.
This command deletes an existing user from the controllers user table.
NOTE: Do not use the user_delete command if the intention is to clear the association from the controller user table. If the client is dual-stack, it re-inherits the authentication state from the IPv6 address. If not dualstack, the client reverts to the initial role.
This command authenticates against the server group defined in the captive portal profile. This is only applicable to captive portal users.
This command blacklists a user from connecting to your network. This command uses the default blacklist timeout of 3600 seconds. There is no corresponding clear command. You can use the controller CLI to clear the blacklisted clients. Refer the show ap blacklist-clients , stm removeblacklist-client , and stm purge-blacklist-clients commands in the
ArubaOS CLI Reference Guide to clear the blacklisted clients.
This command fetches the status and details of a user connected to your network. A dual-stack client can be queried by any of its IPv4 or IPv6 addresses, but only the queried IP address is displayed in the output.
This command reverts the user to the initial role. This is only applicable to captive portal users. For dual-stack clients, all user-table entries will be reverted to the initial role.
Each XML API command requires certain mandatory options to successfully execute the task. The list of all available options are:
Table 271: XML API Command Options
Options ipaddr macaddr user role password
Description
IP address of the user in IPv4 or IPv6 format.
MAC address of the user in aa:bb:cc:dd:ee:ff format.
Name of the user.
The role to apply to a newly created user, or change of role for an existing user. This option applies to user_add and user_delete commands only.
The password of the user for authentication.
Range / Defaults
—
Enter MAC address with colon.
64 character string
64 character string
—
ArubaOS 6.5.3.x
| User Guide External User Management | 1090
Options session_timeout authentication key version
Description
Session time-out in seconds. User will be disconnected after this time.
Authentication method used to authenticate the message and the sender. You can use any of MD5,
SHA-1 or clear text methods of authentication. This option is ignored if shared secret is not configured.
It is, however, mandatory if it is configured.
This is the encoded SHA1/MD5 hash of shared secret or plaintext shared secret.
This option is ignored if shared secret is not configured on the switch.
The actual MD5/SHA-1 hash is 16/20 bytes and consists of binary data. It must be encoded as an
ASCII based HEX string before sending. It must be present when the controller is configured with an xml-api key for the server. Encoded hash length is
32/40 bytes for MD5/SHA-1.
The version of the XML API interface available in the controller. This field is mandatory in all XML API requests.
Range / Defaults
—
—
Current version 1.0
Monitoring External Captive Portal Usage Statistics
To check the external captive portal authentication statistics use the show aaa xml-api statistics command.
This command displays the number of times an authentication command was executed per client. The command also displays the number of times an authentication event occurred and the number of new authentication events that occurred since the last status check.
(host) # show aaa xml-api statistics
Sample Scripts
You can download the sample scripts from support.arubanetworks.com
. Before downloading the scripts, you must read the following disclaimer.
The sample scripts are examples and provided for illustration purposes only. If you plan to use this script in your environment, ensure that the script meets your IT guidelines. By running this script, you acknowledge that Aruba, a
Hewlett Packard Enterprise company is in no way liable for any loss, damage, problems arising from running this script.
The following scripts are available for download:
Python 2.7 Script n
ArubaXMLDemo.py
: This is a Python 2.7 script. This script demonstrates the basic functionality of the XML
API. Using this script, you can send XML requests to add, delete, authenticate, blacklist, query, or log out a user.
Bourne Shell Scripts n n xml_user_add.sh
: This script adds a user using the user_add command.
xml_user_del_or_logout.sh
: The user_delete part of the script deletes an existing user from the controller user table. The user_logout part of the script reverts an existing user to the initial role in the AAA profile.
1091 | External User Management ArubaOS 6.5.3.x | User Guide
n xml_user_query.sh
: This script fetches the status and details of a user connected in the network using the user_query command.
The Bourne Shell scripts work on most Unix, Linux, and Mac operating systems. To run on Windows, you can install
Cygwin.
All scripts require cURL to be installed on the XML API server. cURL is an open source command line tool and library for transferring data with URL syntax. You can download cURL from http://curl.haxx.se/download.html
.
XML API using Python 2.7
The information covered in the following section is based on running the ArubaXMLDemo.py
script on a
Windows 8.1 64-bit and Python 2.7.
Understanding Request and Response
The controller processes the XML API request and sends the response to the XML API server. The XML response contains the status of the request and a code in case of an error.
Request format: <script_name> <controller-ip> <secret_key> <command> [options]
Understanding XML API Request Parameters
The
lists all parameters that you can use in a request.
Table 272: XML API Request Parameters and Descriptions
Parameter Description script_name controller-ip secret_key
The name of the script executable.
The IP address of the controller that will receive the XML requests.
The password used to validate the authentication request from your authentication server. See
Configuring the XML API Server on page 1087
for more information.
ArubaOS 6.5.3.x
| User Guide External User Management | 1092
Parameter command
Options
Description
The XML API command sent to the controller. You can send one of the following commands per request: n use_add : Creates a new user entry in the controllers user table. If the user entry is already present in the user table, the command will modify the entry with the values defined in the XML request. For an existing user, this command will update any value that is supplied, with an exception of IP and MAC address. Session time-out is only applicable to captive portal users.
n n user_delete : Deletes an existing user from the controllers user table.
NOTE: Do not use the user_delete command if the intention is to clear the association from the controller user table. If the client is dual-stack, it re-inherits the authentication state from the IPv6 address. If not dual-stack, the client reverts to the initial role.
user_authenticate : Authenticates against the server group defined in the captive portal profile. This is only applicable to captive portal users.
n user_blacklist : Blacklists a user from connecting to your network. This command uses the default blacklist timeout of 3600 seconds. There is no corresponding clear command. You can use the controller CLI to clear the blacklisted clients. Refer the show ap blacklist-clients , stm remove-blacklist-client , and stm purge-blacklistclients commands in the ArubaOS CLI Reference Guide to clear the blacklisted clients.
n n user_query : Fetches the status and details of a user connected to your network. A dual-stack client can be queried by any of its IPv4 or IPv6 addresses, but only the queried IP address is displayed in the output.
user_logout : Reverts the user to the initial role. This is only applicable to captive portal users. For dual-stack clients, all user-table entries will be reverted to the initial role.
n n n n n n n n n
-i <ip_addr> : Specify the IP address of the user in IPv4 or IPv6 format.
-m <mac_addr> : Specify the MAC address of the user in aa:bb:cc:dd:ee:ff format.
-n <name> : Specify the name of the user.
-p <password> : Specify the password of the user for authentication.
-r role : Specify the role to apply to a newly created user, or change of role for an existing user. This option applies to user_add and user_delete commands only.
-t timeout : Specifies the session time-out in seconds. User will be disconnected after this time.
-v version : Specifies the version of the XML API interface available in the controller.
This field is mandatory is all requests. Default version is 1.0.
-a method : Specifies the encryption method to send the secret key. You can specify
MD5 or SHA-1 or cleartext as the encryption method. By default, cleartext method is used to send the key.
-s sessid : Specifies the active session ID.
Understanding an XML API Response
The response message from the controller is sent in an XML format. The default format of the response is:
[Message header]
Displays the request parameters and other standard header details.
...
...
...
<response>
<status>Status Message</status>
<code>Code in case of an error</code>
</response>
The following section describes few of the XML API requests and responses from the controller.
Adding a User
This XML request uses the user_add command to create a new user entry in the controllers user table.
C:\Python27>python ArubaXMLDemo.py --switch-ip=192.0.2.1 --secret=aruba123 --command=user_add
--ip=192.0.2.2 --mac=a4:e:60:c3:10:59 --role=logon
1093 | External User Management ArubaOS 6.5.3.x | User Guide
The command sends the following information in the XML request to the controller: n n n n n n
--switch-ip : IP address of the controller
--secret : Shared secret key (sent as plain text)
--command : XML API command
--ip : IP address of the user
--mac : MAC address of the user
--role : User role
Controller Response
The controller processes using an XML format and sends the following response to the XML API server.
Warning: The specified mac address *must* match the user specified by --ip or the command will fail.
Prepared XML buf
--------------------------------xml=<aruba command="user_add">
<ipaddr>192.0.2.2</ipaddr>
<macaddr>a4:5e:60:c3:10:59</macaddr>
<role>logon</role>
<authentication>cleartext</authentication>
<key>aruba123</key>
<version>1.0</version>
</aruba>
---------------------------------
Sending XML request to https://192.0.2.1/auth/command.xml
Controller response status: 200
Response XML
-----------------------------------
<aruba>
<status>Ok</status>
<code>0</code>
</aruba>
-----------------------------------
Controller CLI
You can view the updated details of the user in the controller CLI.
(host) #show user-table
Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming
Essid/Bssid/Phy Profile Forward mode Type Host Name
-------------------------------------------------------- -----
-----------------------------------------
192.0.2.2 a4:5e:60:c3:10:59 logon 00:00:00
User Entries: 1/1
Querying a User
This XML request uses the user_query command to get the status and details of a user connected to your network.
C:\Python27>python ArubaXMLDemo.py --switch-ip=192.0.2.1 --secret=aruba123 --command=user_ query --ip=192.0.2.2
The command sends the following information in the XML request to the controller: n
--switch-ip : IP address of the controller
ArubaOS 6.5.3.x
| User Guide External User Management | 1094
n n n
--secret : Shared secret key (sent as plain text)
--command : XML API command
--ip : IP address of the user
Controller Response
The controller processes using an XML format and sends the following response to the XML API server.
Prepared XML buf
--------------------------------xml=<aruba command="user_query">
<ipaddr>192.0.2.2</ipaddr>
<authentication>cleartext</authentication>
<key>aruba123</key>
<version>1.0</version>
</aruba>
---------------------------------
Sending XML request to https://192.0.2.1/auth/command.xml
Controller response status: 200
Response XML
-----------------------------------
<aruba>
<status>Ok</status>
<code>0</code>
<macaddr>a4:5e:60:c3:10:59</macaddr>
<ipaddr>192.0.2.2</ipaddr>
<name>John</name>
<role>authenticated</role>
<type>Wireless</type>
<vlan>1034</vlan>
<location>ap225-sales</location>
<age>00:03:51</age>
<auth_status>Authenticated</auth_status>
<auth_server>clearpass-hq1</auth_server>
<auth_method>802.1X</auth_method>
<essid>ethersphere-wpa2</essid>
<bssid>9c:1c:12:92:2e:f1</bssid>
<phy_type>a-VHT-80</phy_type>
<mobility_state>Wireless</mobility_state>
<in_packets>93400</in_packets>
<in_octets>24947332</in_octets>
<out_packets>89042</out_packets>
<out_octets>79397284</out_octets>
</aruba>
Controller CLI
The output of the show user command displays the client information.
(host) #show user
Users
-----
IP MAC
---------------------
192.0.2.2
Name Role
--------a4:5e:60:c3:10:59 John
Age(d:h:m)
---------authenticate 00:03:51
Auth
----
Authenticated
VPN link
--------
Profile Forward mode
------------------
AP name
------ap225-sales
Type Host Name
------------
Roaming Essid/Bssid/Phy
----------------------
Wireless ethersphere-wpa2/9c:1c:12:92:2e:f1/a-VHT-80
1095 | External User Management ArubaOS 6.5.3.x | User Guide
User Entries: 1/1
Logging Out a User
This XML request uses the user_logout command to revert the user to the initial role. This is only applicable to captive portal users.
C:\Python27>python ArubaXMLDemo.py --switch-ip=192.0.2.1 --secret=aruba123 --command=user_ logout --ip=192.0.2.2
The command sends the following information in the XML request to the controller: n n n n
--switch-ip : IP address of the controller
--secret : Shared secret key (sent as plain text)
--command : XML API command
--ip : IP address of the user
Controller Response
The controller processes using an XML format and sends the following response to the XML API server.
Prepared XML buf
--------------------------------xml=<aruba command="user_logout">
<ipaddr>192.0.2.2</ipaddr>
<authentication>cleartext</authentication>
<key>aruba123</key>
<version>1.0</version>
</aruba>
---------------------------------
Sending XML request to https://192.0.2.1/auth/command.xml
Controller response status: 200
Response XML
-----------------------------------
<aruba>
<status>Ok</status>
<code>0</code>
</aruba>
Controller CLI
The output of the show user command displays the client information.
(host) #show user
Users
-----
IP MAC
---------------------
192.0.2.2
Name a4:5e:60:c3:10:59 John
Role
--------initial
AP name
------ap225-sales
Roaming
--------
Wireless
Essid/Bssid/Phy
---------------
Age(d:h:m)
----------
00:00:06
Auth
----
Unauthenticated ethersphere-wpa2/9c:1c:12:92:2e:f1/a-VHT-80
Profile
-------
VPN link
--------
Forward mode
------------
Type Host Name
------------
User Entries: 1/1
ArubaOS 6.5.3.x
| User Guide External User Management | 1096
advertisement
Related manuals
advertisement
Table of contents
- 3 Contents
- 16 Revision History
- 17 About this Guide
- 17 What's New In ArubaOS 6.5.x
- 29 Fundamentals
- 30 Related Documents
- 31 Conventions
- 32 Contacting Support
- 33 The Basic User-Centric Networks
- 33 Understanding Basic Deployment and Configuration Tasks
- 36 Controller Configuration Workflow
- 37 Connect the Controller to the Network
- 38 7000 Series and 7200 Series Controllers
- 40 Using the LCD Screen
- 43 Configuring a VLAN to Connect to the Network
- 46 Enabling Wireless Connectivity
- 47 Enabling Wireless Connectivity
- 47 Configuring Your User-Centric Network
- 47 Replacing a Controller
- 54 Control Plane Security
- 55 Control Plane Security Overview
- 55 Configuring Control Plane Security
- 57 Managing AP Whitelists
- 64 Managing Whitelists on Master and Local Controllers
- 68 Working in Environments with Multiple Master Controllers
- 71 Replacing a Controller on a Multi-Controller Network
- 75 Configuring Control Plane Security after Upgrading
- 76 Troubleshooting Control Plane Security
- 78 Software Licenses
- 78 Getting Started with ArubaOS Licenses
- 78 License Types and Usage
- 81 Licensing Best Practices and Limitations
- 82 Centralized Licensing Overview
- 88 Configuring Centralized Licensing
- 90 Installing a License
- 92 Deleting a License
- 93 Monitoring and Managing Centralized Licenses
- 96 Network Configuration Parameters
- 96 Campus WLAN Workflow
- 97 Understanding VLAN Assignments
- 105 Configuring VLANs
- 109 Configuring Ports
- 112 Configuring Static Routes
- 112 Configuring the Loopback IP Address
- 113 Configuring the Controller IP Address
- 114 Configuring GRE Tunnels
- 123 Configuring GRE Tunnel Groups
- 126 Jumbo Frame Support
- 129 IPv6 Support
- 129 Understanding IPv6 Notation
- 129 Understanding IPv6 Topology
- 130 Enabling IPv6
- 130 Enabling IPv6 Support for Controller and APs
- 138 Filtering an IPv6 Extension Header (EH)
- 138 Configuring a Captive Portal over IPv6
- 139 Working with IPv6 Router Advertisements (RAs)
- 143 RADIUS Over IPv6
- 144 TACACS Over IPv6
- 145 DHCPv6 Server
- 147 Understanding ArubaOS Supported Network Configuration for IPv6 Clients
- 148 Understanding ArubaOS Authentication and Firewall Features that Support IPv6
- 153 Managing IPv6 User Addresses
- 154 Understanding IPv6 Exceptions and Best Practices
- 156 Link Aggregation Control Protocol
- 156 Understanding LACP Best Practices and Exceptions
- 157 Configuring LACP
- 159 LACP Sample Configuration
- 160 OSPFv2
- 160 Understanding OSPF Deployment Best Practices and Exceptions
- 161 Understanding OSPFv2 by Example using a WLAN Scenario
- 162 Understanding OSPFv2 by Example using a Branch Scenario
- 164 Configuring OSPF
- 165 Sample Topology and Configuration
- 176 Tunneled Nodes
- 176 Understanding Tunneled Node Configuration
- 177 Configuring a Wired Tunneled Node Client
- 179 Authentication Servers
- 179 Understanding Authentication Server Best Practices and Exceptions
- 179 Understanding Servers and Server Groups
- 180 Configuring Authentication Servers
- 198 Managing the Internal Database
- 201 Configuring Server Groups
- 207 Assigning Server Groups
- 212 Configuring Authentication Timers
- 213 Authentication Server Load Balancing
- 214 MAC-based Authentication
- 214 Configuring MAC-Based Authentication
- 215 Configuring Clients
- 217 Branch Controller Config for Cloud Services Controllers
- 218 Branch Deployment Features
- 219 Scalable Site-to-Site VPN Tunnels
- 219 Layer-3 Redundancy for Branch Controller Masters
- 220 WAN Failure (Authentication) Survivability
- 226 WAN Health Check
- 226 WAN Optimization through IP Payload Compression
- 227 Interface Bandwidth Contracts
- 228 Branch Integration with a Palo Alto Networks (PAN) Portal
- 231 Branch Controller Routing Features
- 232 Cloud Management
- 232 Zero-Touch Provisioning
- 239 Using Smart Config to create a Branch Config Group
- 260 PortFast and BPDU Guard
- 262 Preventing WAN Link Failure on Virtual APs
- 263 Branch WAN Dashboard
- 265 802.1X Authentication
- 265 Understanding 802.1X Authentication
- 268 Configuring 802.1X Authentication
- 276 Enabling 802.1X Supplicant Support on an AP
- 277 Sample Configurations
- 293 Performing Advanced Configuration Options for 802.1X
- 294 Application Single Sign-On Using L2 Authentication
- 296 Device Name as User Name for Non-802.1X Authentication
- 297 Stateful and WISPr Authentication
- 297 Working With Stateful Authentication
- 298 Working With WISPr Authentication
- 298 Understanding Stateful Authentication Best Practices
- 298 Configuring Stateful 802.1X Authentication
- 299 Configuring Stateful NTLM Authentication
- 300 Configuring Stateful Kerberos Authentication
- 301 Configuring WISPr Authentication
- 304 Certificate Revocation
- 304 Understanding OCSP and CRL
- 305 Configuring the Controller as an OCSP Client
- 307 Configuring the Controller as a CRL Client
- 308 Configuring the Controller as an OCSP Responder
- 309 Certificate Revocation Checking for SSH Pubkey Authentication
- 310 OCSP Configuration for VIA
- 312 Captive Portal Authentication
- 312 Understanding Captive Portal
- 313 Configuring Captive Portal in the Base Operating System
- 315 Using Captive Portal with a PEFNG License
- 318 Sample Authentication with Captive Portal
- 324 Configuring Guest VLANs
- 325 Configuring Captive Portal Authentication Profiles
- 330 Enabling Optional Captive Portal Configurations
- 333 Personalizing the Captive Portal Page
- 336 Creating and Installing an Internal Captive Portal
- 346 Creating Walled Garden Access
- 347 Enabling Captive Portal Enhancements
- 351 Netdestination for AAAA Records
- 352 Virtual Private Networks
- 352 Planning a VPN Configuration
- 356 Working with VPN Authentication Profiles
- 358 Configuring a Basic VPN for L2TP/IPsec
- 362 Configuring a VPN for L2TP/IPsec with IKEv2
- 367 Configuring a VPN for Smart Card Clients
- 368 Configuring a VPN for Clients with User Passwords
- 369 Configuring Remote Access VPNs for XAuth
- 370 Working with Remote Access VPNs for PPTP
- 371 Working with Site-to-Site VPNs
- 379 Working with VPN Dialer
- 381 Roles and Policies
- 381 Configuring Firewall Policies
- 391 User Roles
- 393 Assigning User Roles
- 399 Understanding Global Firewall Parameters
- 403 Using AppRF 2.0
- 408 ClearPass Policy Manager Integration
- 408 Introduction
- 408 Important Points to Remember
- 409 Enabling Downloadable Role on a Controller
- 409 Sample Configuration
- 417 Virtual APs
- 417 Virtual AP Configuration Workflow
- 418 Virtual AP Profiles
- 426 Changing a Virtual AP Forwarding Mode
- 427 Radio Resource Management (802.11k)
- 434 BSS Transition Management (802.11v)
- 434 Fast BSS Transition ( 802.11r)
- 436 SSID Profiles
- 443 WLAN Authentication
- 446 High-Throughput Virtual APs
- 451 Guest WLANs
- 454 Changing a Virtual AP Forwarding Mode
- 455 Adaptive Radio Management
- 455 Understanding ARM
- 457 Client Match
- 459 ARM Coverage and Interference Metrics
- 460 Configuring ARM Profiles
- 470 Assigning an ARM Profile to an AP Group
- 470 Using Multi-Band ARM for 802.11a/802.11g Traffic
- 471 Band Steering
- 472 Dynamic Bandwidth Switch
- 473 Enabling Traffic Shaping
- 475 Traffic Steering
- 476 Spectrum Load Balancing
- 476 Reusing Channels to Control RX Sensitivity Tuning
- 477 Configuring Non-802.11 Noise Interference Immunity
- 477 Troubleshooting ARM
- 479 Wireless Intrusion Prevention
- 479 Working with the Reusable Wizard
- 482 Monitoring the Dashboard
- 483 Detecting Rogue APs
- 486 Working with Intrusion Detection
- 498 Configuring Intrusion Protection
- 502 Configuring the WLAN Management System
- 505 Understanding Client Blacklisting
- 508 Working with WIP Advanced Features
- 508 Configuring TotalWatch
- 510 Administering TotalWatch
- 511 Tarpit Shielding Overview
- 512 Configuring Tarpit Shielding
- 513 Access Points
- 513 Important Points to Remember
- 514 AP Discovery Logic
- 527 Basic Functions and Features
- 528 Naming and Grouping APs
- 530 Understanding AP Configuration Profiles
- 537 Before you Deploy an AP
- 537 Enable Controller Discovery
- 538 Enable DHCP to Provide APs with IP Addresses
- 539 AP Provisioning Profiles
- 542 Configuring Installed APs
- 547 Optional AP Configuration Settings
- 563 RF Management
- 577 Optimizing APs Over Low-Speed Links
- 585 AP Scanning Optimization
- 587 Channel Group Scanning
- 588 Configuring AP Channel Assignments
- 590 Managing AP Console Settings
- 593 Link Aggregation Support on 220 Series, 270 Series, 320 Series, and 330 Series
- 596 Recording Consolidated AP-Provisioned Information
- 598 Intelligent Power Monitoring
- 600 Secure Enterprise Mesh
- 600 Mesh Overview Information
- 600 Mesh Configuration Procedures
- 600 Understanding Mesh Access Points
- 602 Understanding Mesh Links
- 604 Understanding Mesh Profiles
- 608 Understanding Remote Mesh Portals (RMPs)
- 609 Understanding the AP Boot Sequence
- 610 Mesh Deployment Solutions
- 612 Mesh Deployment Planning
- 614 Configuring Mesh Cluster Profiles
- 618 Creating and Editing Mesh Radio Profiles
- 623 Creating and Editing Mesh High-Throughput SSID Profiles
- 629 Configuring Ethernet Ports for Mesh
- 631 Provisioning Mesh Nodes
- 633 Verifying Your Mesh Network
- 635 Configuring Remote Mesh Portals (RMPs)
- 638 Increasing Network Uptime Through Redundancy and VRRP
- 638 High Availability
- 638 VRRP-Based Redundancy
- 639 High Availability Deployment Models
- 641 Client State Synchronization
- 642 High Availability Inter-Controller Heartbeats
- 642 High Availability Extended Controller Capacity
- 643 Configuring High Availability
- 645 High Availability Alerting
- 646 Migrating from VRRP or Backup-LMS Redundancy
- 648 Configuring VRRP Redundancy
- 656 RSTP
- 656 Understanding RSTP Migration and Interoperability
- 656 Working with Rapid Convergence
- 657 Configuring RSTP
- 659 Troubleshooting RSTP
- 660 PVST+
- 660 Understanding PVST+ Interoperability and Best Practices
- 660 Enabling PVST+ in the CLI
- 661 Enabling PVST+ in the WebUI
- 662 Link Layer Discovery Protocol
- 662 Important Points to Remember
- 662 LLDP Overview
- 663 Configuring LLDP
- 664 Monitoring LLDP Configuration
- 668 IP Mobility
- 668 Understanding Aruba Mobility Architecture
- 669 Configuring Mobility Domains
- 673 Tracking Mobile Users
- 675 Configuring Advanced Mobility Functions
- 684 Understanding Bridge Mode Mobility Deployments
- 684 Enabling Mobility Multicast
- 689 External Firewall Configuration
- 689 Understanding Firewall Port Configuration Among Aruba Devices
- 690 Enabling Network Access
- 690 Ports Used for Virtual Intranet Access (VIA)
- 692 Configuring Ports to Allow Other Traffic Types
- 693 PAPI Enhanced Security
- 693 Interoperability
- 693 Configuring PAPI Enhanced Security
- 694 Verifying PAPI Enhanced Security
- 695 Palo Alto Networks Firewall Integration
- 695 Limitation
- 695 Preconfiguration on the PAN Firewall
- 697 Configuring PAN Firewall Integration
- 701 Remote Access Points
- 701 About Remote Access Points
- 703 Configuring the Secure Remote Access Point Service
- 709 Deploying a Branch/Home Office Solution
- 714 Enabling Remote AP Advanced Configuration Options
- 728 Understanding Split Tunneling
- 734 Understanding Bridge
- 739 Provisioning Wi-Fi Multimedia
- 739 Reserving Uplink Bandwidth
- 740 Provisioning 4G USB Modems on Remote Access Points
- 742 Provisioning RAPs at Home
- 745 Configuring RAP-3WN and RAP-3WNP Access Points
- 746 Converting an IAP to RAP or CAP
- 747 Enabling Bandwidth Contract Support for RAPs
- 750 RAP TFTP Image Upgrade
- 753 Virtual Intranet Access
- 754 Spectrum Analysis
- 754 Understanding Spectrum Analysis
- 759 Creating Spectrum Monitors and Hybrid APs
- 761 Connecting Spectrum Devices to the Spectrum Analysis Client
- 764 Configuring the Spectrum Analysis Dashboards
- 767 Customizing Spectrum Analysis Graphs
- 793 Working with Non-Wi-Fi Interferers
- 795 Understanding the Spectrum Analysis Session Log
- 795 Viewing Spectrum Analysis Data
- 796 Recording Spectrum Analysis Data
- 799 Troubleshooting Spectrum Analysis
- 801 Dashboard Monitoring
- 801 WAN
- 802 Performance
- 803 Usage
- 804 Potential Issues
- 804 Traffic Analysis
- 826 AirGroup
- 827 Security
- 827 UCC
- 829 Controller
- 831 WLANs
- 832 Access Points
- 832 Clients
- 833 Firewall
- 839 Automatic Reporting (PhoneHome)
- 839 Pre-Deployment Information
- 839 Configuration Procedures
- 839 Sending Reports to Activate vs. SMTP Servers
- 840 Configuring PhoneHome Automatic Reporting
- 841 Sending an Individual Report
- 842 Viewing Report Status
- 843 PhoneHome-Lite
- 844 Management Access
- 844 Configuring Certificate Authentication for WebUI Access
- 845 Secure Shell (SSH)
- 846 WebUI Session Timer
- 847 Enabling RADIUS Server Authentication
- 853 Connecting to an AirWave Server
- 856 Custom Certificate Support for RAP
- 858 Implementing a Specific Management Password Policy
- 860 Configuring AP Image Preload
- 863 Configuring Centralized Image Upgrades
- 865 Managing Certificates
- 871 Configuring SNMP
- 873 Enabling Capacity Alerts
- 874 Configuring Logging
- 878 Enabling Guest Provisioning
- 894 Managing Files on the Controller
- 897 Setting the System Clock
- 899 ClearPass Profiling with IF-MAP
- 900 Whitelist Synchronization
- 901 Downloadable Regulatory Table
- 904 802.11u Hotspots
- 904 Hotspot Profile Configuration Tasks
- 904 Hotspot 2.0 Overview
- 907 Configuring Hotspot 2.0 Profiles
- 911 Configuring Hotspot Advertisement Profiles
- 913 Configuring ANQP Venue Name Profiles
- 915 Configuring ANQP Network Authentication Profiles
- 916 Configuring ANQP Domain Name Profiles
- 917 Configuring ANQP IP Address Availability Profiles
- 918 Configuring ANQP NAI Realm Profiles
- 921 Configuring ANQP Roaming Consortium Profiles
- 921 Configuring ANQP 3GPP Cellular Network Profiles
- 922 Configuring H2QP Connection Capability Profiles
- 924 Configuring H2QP Operator Friendly Name Profiles
- 925 Configuring H2QP Operating Class Indication Profiles
- 926 Configuring H2QP WAN Metrics Profiles
- 927 Configuring H2QP OSU Provider List Profiles
- 930 Adding Local Controllers
- 930 Moving to a Multi-Controller Environment
- 933 Configuring Local Controllers
- 935 Uplink Monitoring and Management
- 937 Voice and Video
- 937 Voice and Video License Requirements
- 937 Configuring Voice and Video
- 946 Working with QoS for Voice and Video
- 955 Unified Communication and Collaboration
- 974 Understanding Extended Voice and Video Features
- 998 Advanced Voice Troubleshooting
- 1004 AirGroup
- 1004 Zero Configuration Networking
- 1004 AirGroup Solution
- 1008 AirGroup Integrated Deployment Model
- 1009 Features Supported in AirGroup
- 1014 ClearPass Policy Manager and ClearPass Guest Features
- 1014 Auto-association and Controller-based Policy
- 1016 Best Practices and Limitations
- 1020 Integrated Deployment Model
- 1028 Controller Dashboard Monitoring
- 1031 Configuring the AirGroup-CPPM Interface
- 1038 Bluetooth-Based Discovery and AirGroup
- 1039 AirGroup mDNS Static Records
- 1041 mDNS AP VLAN Aggregation
- 1043 mDNS Multicast Response Propagation
- 1045 Troubleshooting and Log Messages
- 1048 Instant AP VPN Support
- 1048 Overview
- 1053 VPN Configuration
- 1054 Viewing Branch Status
- 1056 External Services Interface
- 1056 Sample ESI Topology
- 1058 Understanding the ESI Syslog Parser
- 1060 Configuring ESI
- 1067 Sample Route-Mode ESI Topology
- 1072 Sample NAT-mode ESI Topology
- 1077 Understanding Basic Regular Expression (BRE) Syntax
- 1080 External User Management
- 1080 Overview
- 1080 How the ArubaOS XML API Works
- 1080 Creating an XML Request
- 1083 XML Response
- 1086 Using the XML API Server
- 1091 Sample Scripts
- 1097 Behavior and Defaults
- 1097 Understanding Mode Support
- 1099 Understanding Basic System Defaults
- 1107 Understanding Default Management User Roles
- 1110 Understanding Default Open Ports
- 1113 DHCP with Vendor-Specific Options
- 1113 Configuring a Windows-Based DHCP Server
- 1116 Enabling DHCP Relay Agent Information Option (Option-82)
- 1118 Enabling Linux DHCP Servers
- 1120 802.1X Configuration for IAS and Windows Clients
- 1120 Configuring Microsoft IAS
- 1122 Configuring Management Authentication using IAS
- 1124 Window XP Wireless Client Sample Configuration
- 1127 Glossary of Terms