AP/AC Hardening

Hi, friend!

Please wait, the engineer will answer you later.

Hi, friend!

Here's the answer to your question.

1. You can delete the admin user and log in as the admin2 user again.

2. The login page is automatically redirected to the HTTPS page by default.

3. To change the web interface port to 8443, run the http secure-server port 12780 command.

4. ACLs can be configured to restrict IP address login to the device.

5. To configure the fat transparent mode, you can do not invoke the NAT rule on the interface without deleting the NAT configuration.

6. This question is not clear.

7. this question is not understood either.

AC6005
1. You can delete the admin user and log in as the admin2 user again.
tried
I have 2 options here
option1 delete admin a/c
option2 set admin permission as common administrator and set difficult password

2. The login page is automatically redirected to the HTTPS page by default.

3. To change the web interface port to 8443, run the http secure-server port 12780 command.
]http secure-server port 8443

4. ACLs can be configured to restrict IP address login to the device.
I set trusted host then I encounter login Access denied if using ssh. login via GUI ok
delete trusted host then restart, still can't login using correct password
enable only sftp and stelnet no luck

5. To configure the fat transparent mode, you can do not invoke the NAT rule on the interface without deleting the NAT configuration.

6. This question is not clear.
I have AC in SERVER VLAN, AP in LAN VLAN
I have firewall in between
of course I need to know what ports need to be opened in order for AC<>AP can communicate between them
That list of ports that I wanna know

7. this question is not understood either.
let say you have GUEST ssid in hotel, instead of giving them internet for free, I want to sell voucher/coupon that only valid for 1hour. The voucher has random username and password, or maybe scan using QR code
Cambium or Mikrotik AP can do that
How to do the same in Huawei

UPDATE
3. ]http secure-server port 8443
4. I need to console and change admin service-type
local-user admin service-type ssh http

change Service VLAN ID from 100 to 1

6. https://support.huawei.com/enterprise/en/doc/EDOC1100197507
doc need to be corrected 
http port 80
https port 443

7.
OPTION1
https://support.huawei.com/enterprise/en/doc/EDOC1000091619?section=j005

maybe using this, but it seems need to buy another hardware

OPTION2
https://docs.netgate.com/pfsense/en/latest/captiveportal/vouchers.html

using free 3rd party captive portal, but I don't know how to combine with Huawei AC

Hello, friend!
I'm sorry to say so. Because, I can't see the latest of the posts you're replying to on other floors. Maybe you can try @me so I can see.
About your new question
6. If you have a firewall, how should you set it up?
If your AP and AC are in the same security zone, you do not need to configure security policies on the firewall. If they belong to different security zones, you need to change the action of the two security zones to Allow.

7. You need to configure authentication and determine whether other devices are required.
Yes, you do. In Huawei, configure portal authentication or other authentication. Generally, the AC and controller software are used together. The controller software is used to configure authentication.