Why non-authentication cannot be used for the administrator on an AR

7

To improve the security of the AR, administrators are not allowed to use no-authentication.

Other related questions:
Why administrators are not allowed to use no-authentication on the AR
To improve security of the AR, administrators are not allowed to use no-authentication.

The administrator cannot pass authentication if the administrator's authentication mode is changed to RADIUS authentication on an S series switch
The administrator cannot pass authentication if the administrator's authentication mode is changed to RADIUS authentication. For S series switches (except the S1700), such an authentication failure occurs because the entered user name does not contain a domain name. You need to check whether the user name on the authentication server contains a domain name. - If the user name on the authentication server contains a domain name, run the radius-server user-name domain-included command in the RADIUS server template view or run the hwtacacs-server user-name domain-included command in the HWTACACS server template view. - If the user name on the authentication server does not contain a domain name, run the undo radius-server user-name domain-included command in the RADIUS server template view or run the undo hwtacacs-server user-name domain-included command in the HWTACACS server template view.

Why must the administrator pass AAA authentication
To ensure device security, the administrator must be authenticated by AAA authentication in local or remote authentication mode. The administrator, however, can log in to the device in non-authentication mode in the VTY interface view.

Only a part of users are allowed to access the web pages of an AR router
You can configure ACL rules on an AR router to control web access permission. The configuration can be implemented using command lines or through the web NMS. 1. Command lines: For the sake of security, configure an ACL on the router to limit clients which can log in to the device in HTTPS mode if the device is used as an HTTPS server. [Huawei] acl 2000 //Set the ACL number of an HTTPS IPv4 server to 2000. [Huawei-acl-basic-2000] rule 5 permit source 10.1.1.1 0 [Huawei-acl-basic-2000] quit [Huawei] http acl 2000 //Configure an HTTP login limit. 2. Web NMS: For details, choose Web-based Configuration > Security > ACL.

Why cannot STAs associate with an AP when WEP authentication is used
The possible causes are as follows: - No WEP SSID is added to the STA. Many STAs associate with WEP SSIDs by using encryption without authentication. However, the AP uses both authentication and encryption. Therefore, the STA cannot associate with the SSID. The SSID must be manually configured on the STA. At last, set the encryption type to share mode. - The key index configured on the AP is different from the key index on the STA. By default, the key index of an AP is 0 (ranging from 0 to 3), and the key index of STA is 1 (ranging from 1 to 4). Key index 0 on the AP matches key index 1 on the STA.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top