What to do if a WLAN device user has insufficient permissions to configure the device

12

Hierarchical management of users and commands is implemented to restrict users' permissions to access a WLAN device and their operations on this device. User levels correspond to command levels. After logging to a WLAN device, users of each level can use only the commands whose levels are equal to or lower than the corresponding user level.
If a Telnet user or console user (assuming that the account of a low user level is client) cannot perform some configurations due to its low level, change the user level based on the following conditions:
1. If the user authentication mode is AAA and the device has other high-level users, the user level is determined by the local-user user-name privilege level level command in the AAA view. Log in to the device as a high-level user, and then change the level of client in the AAA view. The configurations are as follows:
[HUAWEI] aaa
[HUAWEI-aaa] local-user client privilege level 3
[HUAWEI-aaa] return
2. Specifically, if the user authentication mode is password and the login mode is Telnet, the user level is determined by the user privilege level level command of the VTY interface. If the low-level client has been configured only for partial VTY channels, log in to the device through a high-level VTY channel, and then change the user level of low-level VTY channels. The following is an example of changing the user level of VTY 0-4:
[HUAWEI] user-interface vty 0 4
[HUAWEI-ui-vty0-4] user privilege level 3
[HUAWEI-ui-vty0-4] return

Other related questions:
Do WLAN devices support the user-based rate limiting
ACs and Fat APs support user traffic rate limiting, but Fit APs does not.

What are the default user name and password of a WLAN device
For the default user name and password of console, Telnet, Bootrom, and web accounts, visit Wireless Access Controllers Troubleshooting, download the file, and find the List_of_Default_User_Names_and_Passwords_WLAN.xlsx file in the package.

What is a patch of a WLAN device
A patch is a kind of software compatible with the system software. It is used to remove some critical bugs from system software. Patch classification: - Hot patch Hot patches do not interrupt running services of a WLAN device and can repair software defects of the current system without restarting the device. - Cold patch Cold patches repair software defects of the current system only after a device restart. SPH indicates a hot patch, while SPC indicates a cold patch. The patch file uses .pat as the file name extension.

How to configure the user-based rate limiting on WLAN devices
Configure the user-based rate limiting on APs:
Configure traffic policing in a traffic profile to limit the traffic rate of all STAs or a single STA on the VAP using the traffic profile.
<Huawei> system-view
[Huawei] wlan 
[Huawei-wlan-view] traffic-profile name p1 
[Huawei-wlan-traffic-prof-p1] rate-limit vap up 64 //Rate limiting of upstream packets of all STAs on a VAP   
[Huawei-wlan-traffic-prof-p1] rate-limit client up 32 //Rate limiting of upstream packets of each STA on a VAP  

Configure traffic policing in a user profile: Bind a QoS CAR profile in a user profile. Then bind the user profile to a service set to limit the traffic rate of the user bound to the service set.
<Huawei> system-view
[Huawei] qos car c1 cir 10000 cbs 10240 //Configure the CIR and CBS value.
[Huawei] wlan 
[Huawei-wlan-view] user-profile name u1
[Huawei-wlan-user-prof-u1] qos car inbound c1 //Bind the QoS CAR profile.
[Huawei-wlan-user-prof-u1] quit
[Huawei-wlan-view] service-set name huawei
[Huawei-wlan-service-set-huawei] user-profile name u1 //Bind the user profile in a service set.

Configure the user-based rate limiting on the AC:
Configure traffic policing in a traffic profile to limit the traffic rate of all STAs or a single STA on the VAP using the traffic profile.
<AC6605> system-view
[AC6605] wlan 
[AC6605-wlan-view] traffic-profile name p1 
[AC6605-wlan-traffic-prof-p1] rate-limit vap up 64 //Rate limiting of upstream packets of all STAs on a VAP   
[AC6605-wlan-traffic-prof-p1] rate-limit client up 32 //Rate limiting of upstream packets of each STA on a VAP  
[AC6605-wlan-traffic-prof-p1] quit
[AC6605-wlan-view] commit all //Configure traffic policing in a user profile: Bind a QoS CAR profile in a user profile. Then bind the user profile to a service set to limit the traffic rate of the user bound to the service set.
<AC6605> system-view
[AC6605] qos car c1 cir 10000 cbs 10240 //Configure the CIR and CBS value.
[AC6605] wlan 
[AC6605-wlan-view] user-profile name u1
[AC6605-wlan-user-prof-u1] qos car inbound c1 //Bind the QoS CAR profile.
[AC6605-wlan-user-prof-u1] quit
[AC6605-wlan-view] service-set name huawei
[AC6605-wlan-service-set-huawei] user-profile name u1 //Bind the user profile in a service set.
[AC6605-wlan-service-set-huawei] quit
[AC6605-wlan-view] commit all //Submit the configurations.

Configuring access interfaces on WLAN devices
The following example describes how to configure an access interface on a WLAN device: An access interface can connect to a user host. [HUAWEI]vlan batch 2 //Create a VLAN. [HUAWEI]interface gigabitethernet0/0/1 [HUAWEI-GigabitEthernet0/0/1]port link-type access //Set the interface type to access. [HUAWEI-GigabitEthernet0/0/1]port default vlan 2 //Add the interface to VLAN 2. [HUAWEI-GigabitEthernet0/0/1]quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top