• All Files
doc title Help Center
You are here: Home > Managing Switches > Getting Started with Aruba Switch Deployments > Managing Password in Configuration Templates

Managing Password in Configuration Templates

All IAP and switch templates must include a password command to set a password for the device. The template cannot be saved without adding a password command. If the configuration that is pushed from Aruba Central to the switch does not contain a password command, the configuration push is aborted for the device and a log is added to the audit trail. For example, if you add the password command in a condition block and the condition evaluates to false, the configuration that is pushed will not contain the password command.

 

When configuring a password, you must add the include-credentials command in the template. This command stores the password in the running-config file associated with the switch. Aruba Central automatically executes this command while reading the switch configuration.

For Aruba CX switches, you must configure the password only in plaintext.

Password for Switches

The following format of the passwords can be set on Aruba Switch series:

password manager plaintext <string>

password manager sha1 <string>

password manager sha256 <string>

password manager user-name <string> plaintext <string>

password manager user-name <string> sha1 <string>

password manager user-name <string> sha256 <string>

The following format of the passwords can be set on Aruba CX switches:

user manager group <string> password plaintext <string>

user manager password plaintext <string>

Password for APs

The following format of the passwords can be set on the APs:

mgmt-user <STRING:username:User_name> { <STRING:password:Password> }

hash-mgmt-user <STRING:username:User_name> password cleartext <STRING:cleartext_password:Password>

hash-mgmt-user <STRING:username:User_name> password hash <STRING:hash_password:Password>

Setting Password using Variables

User cannot enter the entire password line in a variable. The following examples show the valid and invalid format for entering password using a variable.

Valid format where the variable contains only the password (for example, %pass_var% = Aruba@123) for the device:

hostname "Aruba-2930M-24G"

password manager plaintext "%pass_var%"

include-credentials

no cwmp enable

Invalid format where the variable contains the password command (for example, %pass_var% = password manager plaintext Aruba@123) for the device:

hostname "Aruba-2930M-24G"

%pass_var%

include-credentials

no cwmp enable

/*]]>*/