< Home

Managing Wireless Login for APs

Context

In addition to logging in through a wired interface, you can log in to an AP through Telnet over WLANs. Currently, only the Telnet login mode is supported in wireless mode. To log in to an AP through Telnet in wireless mode, set the VAP type to management AP, change the STA's IP address to 169.254.2.x/24 (except 169.254.2.1, 169.254.2.100 is recommended), and set telnet to the IP address of the AP.

  • If the type of a VAP is set to service, STAs connected to the VAP can only access network resources but not APs. Service VAPs are used in regular WLAN deployment scenarios.
  • If the type of a VAP is set to ap-management, STAs connected to the VAP can only access APs but not network resources. AP management VAPs are used in STA access and AP management scenarios.

  • If the type of a VAP is set to service-backup ap-offline, STAs can access the network through the backup service VAP after the AP goes offline. For example, on a headquarters-branch network, when APs at branches connect to the AC at the headquarters through a WAN, APs may go offline due to the WAN instability. You can configure a backup service VAP to allow new STAs to access the network if the AP goes offline.

  • If the type of a VAP is set to service-backup auth-server-down, the VAP is automatically enabled to allow network access of associated STAs when the authentication server is not accessible. When the authentication server recovers, this VAP is not automatically disabled. You can manually disable it if needed. If the authentication server is accessible but rejects user access, this VAP is not automatically enabled. You can manually enable it if needed. To enable or disable this VAP, run the vap-service-backup auth-server-down command.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run wlan

    The WLAN view is displayed.

  3. Run ap username username password cipher

    The user name and password for AP login are configured.

    By default, the user name is admin and password is admin@huawei.com.

  4. (Optional) Configure AP login password policies.
    1. Run the ap password policy command to enable the password policy function and enter the AP password policy view.

      By default, the AP login password policy function is disabled.

    2. Run the password expire days command to set the password expiration time.

      By default, the password validity period is 90 days.

    3. Run the password alert before-expire days command to set the password expiration prompt days.

      By default, the number of password expiration prompt days is 30 days.

    4. Run the password alert original command to enable the device to prompt users to change initial passwords.

      By default, the initial password change prompt function is enabled.

    5. Run the password history record number number command to set the maximum number of historical passwords recorded for each user.

      By default, a maximum of five historical passwords are recorded for each user.

    6. Run the quit command to return to the WLAN view.
  5. Run ap-system-profile name profile-name

    An AP system profile is created, and the AP system profile view is displayed.

    By default, the system provides the AP system profile default.

  6. Run telnet enable

    The Telnet service function is enabled.

    By default, Telnet is disabled on an AP.

  7. Run quit

    Return to the WLAN view.

  8. Run vap-profile name profile-name

    The VAP profile view is displayed.

    By default, the system provides the VAP profile default.

  9. Run type ap-management

    The VAP type is set to management AP.

    By default, the type of a VAP is service.

    The VAP profile in which the VAP type is set to management AP can only be applied to one radio of an AP.

  10. Run quit

    Return to the WLAN view.

  11. Bind an AP system profile and a VAP profile to an AP group or AP.

    • Bind a VAP profile and an AP system profile to an AP group.
      1. Run the ap-group name group-name command to enter the AP group view.

      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP group.

        By default, the AP system profile default is bound to an AP group.

      3. Run the vap-profile profile-name wlan wlan-id radio { radio-id | all } command to bind the VAP profile to the radio.

        By default, no VAP profile is bound to a radio.

    • Bind a VAP profile and an AP system profile to an AP.
      1. Run the ap-id ap-id, ap-mac ap-mac, or ap-name ap-name command to enter the AP view.

      2. Run the ap-system-profile profile-name command to bind the AP system profile to the AP.

        By default, no AP system profile is bound to an AP.

      3. Run the vap-profile profile-name wlan wlan-id radio { radio-id | all } command to bind the VAP profile to the radio.

        By default, no VAP profile is bound to a radio.

Verifying the Configuration

  • Run the display ap username [ ap-name ap-name | ap-id ap-id ] command to check the user information for AP login.
  • Run the display ap-system-profile { all | name profile-name } command to check configuration and reference information about an AP system profile.
  • Run the display references ap-system-profile name profile-name command to check reference information about an AP system profile.
  • Run the display vap-profile { all | name profile-name } command to check configuration and reference information about a VAP profile.
  • Run the display references vap-profile name profile-name command to check reference information about a VAP profile.
Parent Topic: AP Management Configuration Guide
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >