How to configure access control for AR routers on web pages

1

AR routers support Classic and EasyOperation web systems. You can configure access control in two web systems as follows:
Classic web system:
1. Log in to the web system and choose System Management > System Configuration > Service Management to access the Service Management page.
2. In the Service Management area, click Enabled in the Value-added security service line, and click Apply. The deep security defense function is enabled.
3. Choose System Management > System Configuration > Service Management to access the Service Management page.
4. In the Application interface line, select the interface to which online behavior management is to be applied.
5. Click Apply.
EasyOperation web system:
1. Choose Configuration > Network Behavior Management > Website Access Control to access the Website Access Control page.
2. Set User group name by selecting a user group from the drop-down list box or creating a user group.
3. Set other parameters based on the site requirements.
4. Click OK.

Other related questions:
How to configure access control on an AR router
1. Control login to the device through HTTP. Users can log in to the device through the web platform. The device cannot limit source addresses of users, which causes security risks. To ensure device security and prevent unauthorized users from using the web platform to log in to the device, an ACL can be used to allow specified users to log in to the device through HTTP. a. Configure ACL 2000 to allow the device at 192.168.6.10 and devices on network segment 192.168.5.0 to log in to the device through HTTP. b. Reference the ACL After the preceding configuration is completed, only the device at 192.168.6.10 and devices on network segment 192.168.5.0 are allowed to log in to the device through the web platform. After the configuration, limited users can open the web platform page, but cannot access the web platform after entering the user name and password. 2. Configure a security policy to limit users' login through Telnet. The route is reachable between the PC and the device, and users want to configure and manage remote devices easily. To meet the requirement, configure AAA authentication for Telnet users on the server and configure an ACL-based security policy. This ensures that only the users that meet the security policy can log in to the device. a. Set the server port number and enable the server function. system-view [Huawei] sysname Telnet Server [Telnet Server] telnet server enable [Telnet Server] telnet server port 1025 b. Configure the parameters of VTY user interface. # Configure the maximum number of VTY user interfaces. [Telnet Server] user-interface maximum-vty 8 # Configure the host address allowed by the device. [Telnet Server] acl 2001 [Telnet Server-acl-basic-2001] rule permit source 10.1.1.1 0 [Telnet Server-acl-basic-2001] quit [Telnet Server] user-interface vty 0 7 [Telnet Server-ui-vty0-7] acl 2001 inbound # Configure terminal attributes of the VTY user interface. # Configure the user authentication mode for the VTY user interface. [Telnet Server-ui-vty0-7] authentication-mode aaa [Telnet Server-ui-vty0-7] quit c. Configure information about login users. # Set the authentication mode for login users. [Telnet Server] aaa [Telnet Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789 [Telnet Server-aaa] local-user admin1234 service-type telnet [Telnet Server-aaa] local-user admin1234 privilege level 3 [Telnet Server-aaa] quit d. Log in to the client. Access the Windows command line prompt interface of the administrator’s PC, and run commands to log in to the device through Telnet. C:\Documents and Settings\Administrator> telnet 10.137.217.177 1025 Press Enter, and enter the configured user name and password in the login window. If authentication succeeds, command line prompt is displayed in the user view, indicating that you have successfully logged in to the device. Login authentication Username:admin1234 Password: After the configuration, limited users cannot log in to the device.

Only a part of users are allowed to access the web pages of an AR router
You can configure ACL rules on an AR router to control web access permission. The configuration can be implemented using command lines or through the web NMS. 1. Command lines: For the sake of security, configure an ACL on the router to limit clients which can log in to the device in HTTPS mode if the device is used as an HTTPS server. [Huawei] acl 2000 //Set the ACL number of an HTTPS IPv4 server to 2000. [Huawei-acl-basic-2000] rule 5 permit source 10.1.1.1 0 [Huawei-acl-basic-2000] quit [Huawei] http acl 2000 //Configure an HTTP login limit. 2. Web NMS: For details, choose Web-based Configuration > Security > ACL.

How to upgrade the system software through the web NMS on an AR router
To upgrade the system software through the web NMS on an AR router, do as follows: 1. Choose System Management > Upgrade and Maintenance > System Software. 2. Click Browse, and select the system software to be uploaded. 3. Click Load to upload the system software to a device, and specify the software as the system software of the device during next-time startup. Restart the device to validate the configuration.

How to enable the web function on an AR router
The methods of enabling the web function on an AR router are as follows: Method 1: Default web login 1. Connect a PC to the router over the management interface through a network cable. 2. Configure an IP address for the PC. Configurable network segment: 192.168.1.2~192.168.1.254. 3. Open a browser, enter the URL "https://192.168.1.1" in the address bar, and click Enter to enter the user login page. 4. Enter login information. 5. Configure the router through the web NMS page. Note: If you cannot enter the web NMS page, the software version you use does not support the default web login method. Please try the following method: Method 2: Non-default web login 1. Connect a PC to the router over the CON/AUX interface through a console configuration cable. 2. Enable the terminal emulation software on the PC, create a connection, and set an interface for the connection and other communication parameters. 3. Press Enter until the following information is displayed to remind users of configuring a verification code. 4. Connect a PC to the router over the management interface through a network cable. 5. Configure an IP address for the router for management. 6. Enable the web service. 7. Configure an HTTPS user and a user level. 8. Configure an IP address for the PC. 9. Open a browser, enter the URL "https://192.168.1.1" in the address bar, and click Enter to enter the user login page. 10. Configure the router through the web NMS page.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top