Is it possible for a user to log in to a WLAN device through Telnet and the web page at the same time

2

ACs and Fat APs allows a user to log in to them through Telnet and the web page at the same time. Configure the service mode to Telnet and HTTP in the AAA view. The following is an example of logging in to a WLAN device as user client through Telnet and the web page at the same time. The configurations are as follows:
[Huawei] aaa
[Huawei-aaa] local-user client service-type telnet http //Configure the service mode of user client to Telnet and HTTP so that the user can log in to the WLAN device through Telnet and the web page.
[Huawei] return
Fit APs do not support the web system function.

Other related questions:
What to do if a WLAN device cannot be logged in through Telnet
For WLAN devices, if an error occurs when you log in to the Telnet server through Telnet, perform the following checks: 1. Check whether the number of users logging in to the server has reached the upper limit. Log in to the server through the console port and run the display users command to check whether all the current VTY channels are occupied. By default, the maximum number of users supported by VTY channels is 5. Run the display user-interface maximum-vty command to query the maximum number of users supported by the current VTY channels. 2. Check whether an ACL is configured in the VTY user interface view. (Telnet IPv4 is used as an example.) On the Telnet server, run the user-interface vty command to enter the user interface view, and then run the display this command to check whether an ACL rule is configured on the VTY user interface. If an ACL rule has been configured, record the ACL number. Run the display acl acl-number command on the Telnet server to check whether the IP address of the Telnet client is denied in the ACL. If the IP address of the client is denied, run the undo rule rule-id command in the ACL view to delete the denial rule, and then run relevant commands to modify the ACL, allowing access of the IP address of the client. 3. Check whether the access protocol configured in the VTY user interface view is correct. On the Telnet server, run the user-interface vty command to enter the user interface view, and then run the display this command to check whether the protocol inbound on the VTY user interface is Telnet or all. If none of these 2 options is selected, run the protocol inbound { telnet | all } command to modify the configurations, allowing Telnet users to access the server. 4. Check whether the login authentication mode is configured in the user interface view. - If the login authentication mode of VTY channels has been configured to password by running the authentication-mode password command, you must enter the password when logging in to the server. - If the authentication mode has been configured to aaa by running the authentication-mode aaa command, you must run the local-user command to create local user AAA.

How to configure access control on an AR router
1. Control login to the device through HTTP. Users can log in to the device through the web platform. The device cannot limit source addresses of users, which causes security risks. To ensure device security and prevent unauthorized users from using the web platform to log in to the device, an ACL can be used to allow specified users to log in to the device through HTTP. a. Configure ACL 2000 to allow the device at 192.168.6.10 and devices on network segment 192.168.5.0 to log in to the device through HTTP. b. Reference the ACL After the preceding configuration is completed, only the device at 192.168.6.10 and devices on network segment 192.168.5.0 are allowed to log in to the device through the web platform. After the configuration, limited users can open the web platform page, but cannot access the web platform after entering the user name and password. 2. Configure a security policy to limit users' login through Telnet. The route is reachable between the PC and the device, and users want to configure and manage remote devices easily. To meet the requirement, configure AAA authentication for Telnet users on the server and configure an ACL-based security policy. This ensures that only the users that meet the security policy can log in to the device. a. Set the server port number and enable the server function. system-view [Huawei] sysname Telnet Server [Telnet Server] telnet server enable [Telnet Server] telnet server port 1025 b. Configure the parameters of VTY user interface. # Configure the maximum number of VTY user interfaces. [Telnet Server] user-interface maximum-vty 8 # Configure the host address allowed by the device. [Telnet Server] acl 2001 [Telnet Server-acl-basic-2001] rule permit source 10.1.1.1 0 [Telnet Server-acl-basic-2001] quit [Telnet Server] user-interface vty 0 7 [Telnet Server-ui-vty0-7] acl 2001 inbound # Configure terminal attributes of the VTY user interface. # Configure the user authentication mode for the VTY user interface. [Telnet Server-ui-vty0-7] authentication-mode aaa [Telnet Server-ui-vty0-7] quit c. Configure information about login users. # Set the authentication mode for login users. [Telnet Server] aaa [Telnet Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789 [Telnet Server-aaa] local-user admin1234 service-type telnet [Telnet Server-aaa] local-user admin1234 privilege level 3 [Telnet Server-aaa] quit d. Log in to the client. Access the Windows command line prompt interface of the administrator’s PC, and run commands to log in to the device through Telnet. C:\Documents and Settings\Administrator> telnet 10.137.217.177 1025 Press Enter, and enter the configured user name and password in the login window. If authentication succeeds, command line prompt is displayed in the user view, indicating that you have successfully logged in to the device. Login authentication Username:admin1234 Password: After the configuration, limited users cannot log in to the device.

How to change the password of a Telnet user to log in to a WLAN device
You can log in to a WLAN device through the console port and then set a new Telnet password for login. - The following is an example of logging in to VTY 0 using password Huawei@123. The configurations are as follows: [Huawei] user-interface vty 0 [Huawei-ui-vty0] authentication-mode password [Huawei-ui-vty0] set authentication password cipher Huawei@123 [Huawei-ui-vty0] return - The following is an example of logging in to VTY 0 based on AAA authentication and changing the password of Telnet user admin123 into Huawei@123. The configurations are as follows: [Huawei] user-interface vty 0 [Huawei-ui-vty0] authentication-mode aaa [Huawei-ui-vty0] quit [Huawei] aaa [Huawei-aaa] local-user admin123 password irreversible-cipher Huawei@123 [Huawei-aaa] return

How to disable Telnet in web mode on an AR router
The method of disabling Telnet in web mode is as follows: 1. Choose System Management > System Configuration > Service Management. 2. Select Disabled of Telnet Service to disable the Telnet service.

Why do WLAN devices allow only some users to access the web page
WLAN devices allow only some users to access the web page: When a WLAN device functions as an HTTPS server, you can configure an ACL on the device to allow only the specified clients to log in to it through HTTPS. This function improves system security. [Huawei] acl 2000 //Set the ACL number to 2000 for the HTTPS IPv4 server. [Huawei-acl-basic-2000] rule 1 permit source 10.1.1.1 0 //Allow only users on the network segment 10.1.1.1 to access the web page. [Huawei-acl-basic-2000] quit [Huawei] http acl 2000 //Configure the HTTP login restriction.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top