What to do if a WLAN device cannot be logged in through Telnet

6

For WLAN devices, if an error occurs when you log in to the Telnet server through Telnet, perform the following checks:
1. Check whether the number of users logging in to the server has reached the upper limit.
Log in to the server through the console port and run the display users command to check whether all the current VTY channels are occupied. By default, the maximum number of users supported by VTY channels is 5. Run the display user-interface maximum-vty command to query the maximum number of users supported by the current VTY channels.
2. Check whether an ACL is configured in the VTY user interface view. (Telnet IPv4 is used as an example.)
On the Telnet server, run the user-interface vty command to enter the user interface view, and then run the display this command to check whether an ACL rule is configured on the VTY user interface. If an ACL rule has been configured, record the ACL number.
Run the display acl acl-number command on the Telnet server to check whether the IP address of the Telnet client is denied in the ACL. If the IP address of the client is denied, run the undo rule rule-id command in the ACL view to delete the denial rule, and then run relevant commands to modify the ACL, allowing access of the IP address of the client.
3. Check whether the access protocol configured in the VTY user interface view is correct.
On the Telnet server, run the user-interface vty command to enter the user interface view, and then run the display this command to check whether the protocol inbound on the VTY user interface is Telnet or all. If none of these 2 options is selected, run the protocol inbound { telnet | all } command to modify the configurations, allowing Telnet users to access the server.
4. Check whether the login authentication mode is configured in the user interface view.
- If the login authentication mode of VTY channels has been configured to password by running the authentication-mode password command, you must enter the password when logging in to the server.
- If the authentication mode has been configured to aaa by running the authentication-mode aaa command, you must run the local-user command to create local user AAA.

Other related questions:
Is it possible for a user to log in to a WLAN device through Telnet and the web page at the same time
ACs and Fat APs allows a user to log in to them through Telnet and the web page at the same time. Configure the service mode to Telnet and HTTP in the AAA view. The following is an example of logging in to a WLAN device as user client through Telnet and the web page at the same time. The configurations are as follows: [Huawei] aaa [Huawei-aaa] local-user client service-type telnet http //Configure the service mode of user client to Telnet and HTTP so that the user can log in to the WLAN device through Telnet and the web page. [Huawei] return Fit APs do not support the web system function.

What to do if a WLAN device user has insufficient permissions to configure the device
Hierarchical management of users and commands is implemented to restrict users' permissions to access a WLAN device and their operations on this device. User levels correspond to command levels. After logging to a WLAN device, users of each level can use only the commands whose levels are equal to or lower than the corresponding user level. If a Telnet user or console user (assuming that the account of a low user level is client) cannot perform some configurations due to its low level, change the user level based on the following conditions: 1. If the user authentication mode is AAA and the device has other high-level users, the user level is determined by the local-user user-name privilege level level command in the AAA view. Log in to the device as a high-level user, and then change the level of client in the AAA view. The configurations are as follows: [HUAWEI] aaa [HUAWEI-aaa] local-user client privilege level 3 [HUAWEI-aaa] return 2. Specifically, if the user authentication mode is password and the login mode is Telnet, the user level is determined by the user privilege level level command of the VTY interface. If the low-level client has been configured only for partial VTY channels, log in to the device through a high-level VTY channel, and then change the user level of low-level VTY channels. The following is an example of changing the user level of VTY 0-4: [HUAWEI] user-interface vty 0 4 [HUAWEI-ui-vty0-4] user privilege level 3 [HUAWEI-ui-vty0-4] return

How to configure access control on an AR router
1. Control login to the device through HTTP. Users can log in to the device through the web platform. The device cannot limit source addresses of users, which causes security risks. To ensure device security and prevent unauthorized users from using the web platform to log in to the device, an ACL can be used to allow specified users to log in to the device through HTTP. a. Configure ACL 2000 to allow the device at 192.168.6.10 and devices on network segment 192.168.5.0 to log in to the device through HTTP. b. Reference the ACL After the preceding configuration is completed, only the device at 192.168.6.10 and devices on network segment 192.168.5.0 are allowed to log in to the device through the web platform. After the configuration, limited users can open the web platform page, but cannot access the web platform after entering the user name and password. 2. Configure a security policy to limit users' login through Telnet. The route is reachable between the PC and the device, and users want to configure and manage remote devices easily. To meet the requirement, configure AAA authentication for Telnet users on the server and configure an ACL-based security policy. This ensures that only the users that meet the security policy can log in to the device. a. Set the server port number and enable the server function. system-view [Huawei] sysname Telnet Server [Telnet Server] telnet server enable [Telnet Server] telnet server port 1025 b. Configure the parameters of VTY user interface. # Configure the maximum number of VTY user interfaces. [Telnet Server] user-interface maximum-vty 8 # Configure the host address allowed by the device. [Telnet Server] acl 2001 [Telnet Server-acl-basic-2001] rule permit source 10.1.1.1 0 [Telnet Server-acl-basic-2001] quit [Telnet Server] user-interface vty 0 7 [Telnet Server-ui-vty0-7] acl 2001 inbound # Configure terminal attributes of the VTY user interface. # Configure the user authentication mode for the VTY user interface. [Telnet Server-ui-vty0-7] authentication-mode aaa [Telnet Server-ui-vty0-7] quit c. Configure information about login users. # Set the authentication mode for login users. [Telnet Server] aaa [Telnet Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789 [Telnet Server-aaa] local-user admin1234 service-type telnet [Telnet Server-aaa] local-user admin1234 privilege level 3 [Telnet Server-aaa] quit d. Log in to the client. Access the Windows command line prompt interface of the administrator’s PC, and run commands to log in to the device through Telnet. C:\Documents and Settings\Administrator> telnet 10.137.217.177 1025 Press Enter, and enter the configured user name and password in the login window. If authentication succeeds, command line prompt is displayed in the user view, indicating that you have successfully logged in to the device. Login authentication Username:admin1234 Password: After the configuration, limited users cannot log in to the device.

How to change the password of a Telnet user to log in to a WLAN device
You can log in to a WLAN device through the console port and then set a new Telnet password for login. - The following is an example of logging in to VTY 0 using password Huawei@123. The configurations are as follows: [Huawei] user-interface vty 0 [Huawei-ui-vty0] authentication-mode password [Huawei-ui-vty0] set authentication password cipher Huawei@123 [Huawei-ui-vty0] return - The following is an example of logging in to VTY 0 based on AAA authentication and changing the password of Telnet user admin123 into Huawei@123. The configurations are as follows: [Huawei] user-interface vty 0 [Huawei-ui-vty0] authentication-mode aaa [Huawei-ui-vty0] quit [Huawei] aaa [Huawei-aaa] local-user admin123 password irreversible-cipher Huawei@123 [Huawei-aaa] return

Method for configuring Telnet login to the USG6000 series
To understand how to log in to the USG6000 series through Telnet, log in to Huawei Enterprise Service Support website, view or download the product document based on the product model and version, and search the product document for the following case: Configuring Telnet Login to the CLI.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top