Can users who log in to S series switches using the web network management system be authorized through HWTACACS

51

Users who log in to S series switches using the web network management system cannot be authorized through HWTACACS.
The switches support local and remote authentication and authorization for users who log in using the web system. However, the web system supports only two authorization levels: level-0 and non-level-0, which are controlled through local user authorization. If remote authorization is used, the web system cannot obtain the user authority from the local user MIB table and grants the default level-0 authority to the user. HWTACACS authorization fails.

Other related questions:
How to configure access control on an AR router
1. Control login to the device through HTTP. Users can log in to the device through the web platform. The device cannot limit source addresses of users, which causes security risks. To ensure device security and prevent unauthorized users from using the web platform to log in to the device, an ACL can be used to allow specified users to log in to the device through HTTP. a. Configure ACL 2000 to allow the device at 192.168.6.10 and devices on network segment 192.168.5.0 to log in to the device through HTTP. b. Reference the ACL After the preceding configuration is completed, only the device at 192.168.6.10 and devices on network segment 192.168.5.0 are allowed to log in to the device through the web platform. After the configuration, limited users can open the web platform page, but cannot access the web platform after entering the user name and password. 2. Configure a security policy to limit users' login through Telnet. The route is reachable between the PC and the device, and users want to configure and manage remote devices easily. To meet the requirement, configure AAA authentication for Telnet users on the server and configure an ACL-based security policy. This ensures that only the users that meet the security policy can log in to the device. a. Set the server port number and enable the server function. system-view [Huawei] sysname Telnet Server [Telnet Server] telnet server enable [Telnet Server] telnet server port 1025 b. Configure the parameters of VTY user interface. # Configure the maximum number of VTY user interfaces. [Telnet Server] user-interface maximum-vty 8 # Configure the host address allowed by the device. [Telnet Server] acl 2001 [Telnet Server-acl-basic-2001] rule permit source 10.1.1.1 0 [Telnet Server-acl-basic-2001] quit [Telnet Server] user-interface vty 0 7 [Telnet Server-ui-vty0-7] acl 2001 inbound # Configure terminal attributes of the VTY user interface. # Configure the user authentication mode for the VTY user interface. [Telnet Server-ui-vty0-7] authentication-mode aaa [Telnet Server-ui-vty0-7] quit c. Configure information about login users. # Set the authentication mode for login users. [Telnet Server] aaa [Telnet Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789 [Telnet Server-aaa] local-user admin1234 service-type telnet [Telnet Server-aaa] local-user admin1234 privilege level 3 [Telnet Server-aaa] quit d. Log in to the client. Access the Windows command line prompt interface of the administrator’s PC, and run commands to log in to the device through Telnet. C:\Documents and Settings\Administrator> telnet 10.137.217.177 1025 Press Enter, and enter the configured user name and password in the login window. If authentication succeeds, command line prompt is displayed in the user view, indicating that you have successfully logged in to the device. Login authentication Username:admin1234 Password: After the configuration, limited users cannot log in to the device.

Can a user log in to an S series switch through fingerprint authentication
All S series switches do not support user login through fingerprint identification.

When authorization is not required, why the HWTACACS authentication of S series switches fails
When configuring the HWTACACS server template on an S series switch (except the S1700 switch), specify an authorization server even if authorization is not required. If not, the HWTACACS authentication will fail.

How to log in to the web self-service system of the U1900 series unified gateway
Internet Explorer 7 or a later version with ActiveX and JavaScript supported is required for the web self-service system. To log in to the web self-service system of the U1900 series unified gateway, perform the following steps: 1. Open a web browser and enter the URL of the gateway (https://Gateway IP address) in the address box. Note: For U1911/U1960/U1980/U1981 in dual-network-port or triple-network-port mode, you can log in to the web self-service system through network port 0, 1, or 2 on the SCU/SMCU board. 2. Enter the user name and password, and click Login. Note: The user name is the user number. The default password for V200R003 is Change_Me and for V100R001C20 is huawei123. You can click Change password in the upper right corner of the web page to change the password after login. To ensure account security, change the password periodically and ensure that the password meets complexity requirements. It is recommended that you download and install the CA root certificate to improve your login speed.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top