Академический Документы
Профессиональный Документы
Культура Документы
AR120&AR150&AR160&AR200&AR1200&AR2200&A
R3200&AR3600 Series Enterprise Routers
Web System Guide 5 Logging In to the Web System
Context
You can use the device's factory settings to directly log in to the web system to manage and
maintain the device.
Alternatively, you can configure the device's IP address, web system parameters, and a web
system account, and then log in to the web system. For details about the configuration, see
Web System Login Configuration.
As shown in Figure 5-1, you can log in to the device through the web system, and configure
and manage the device on the PC.
PC Router
Pre-configuration Tasks
Before logging in to the device through the web system, complete the following tasks:
l Configure an IP address for the device's access interface.
NOTE
The factory settings of the device include the IP address 192.168.1.1 and subnet mask
255.255.255.0. The access interface is the management interface under which the silkscreen
Management is printed. HTTP and HTTPS services are enabled on the device. For more details,
seeWhich Interface Is Configured with the Default Management IP Address.
l Use a network cable to connect the PC to the device.
NOTE
If you cannot log in to the web using the PC that automatically acquires an IP address, configure a static
IP address that is in the same network segment as the IP address of the device for the PC and then log in
to the web.
l The device is running properly.
l Install the browser software on the PC.
Procedure
Step 1 Open the browser on the PC. Windows IE8.0 is used in this example. Enter https://
192.168.1.1 in the address box and press Enter. The web system login page is displayed, as
shown in Figure 5-2.
NOTE
You can use the web mode to configure voice services only when the device works in PBX mode. You
can log in to the voice self-service system using either of the following methods:
l On the web platform, click Enter voice self-service system.
l Run the self-service-http-server command in the voice view to access the self-service HTTP
server configuration view, and then run the self-service http secure-server enable command to
enable the self-service HTTPS server. You can enter https://192.168.1.1:1443/professional/user/
login.html in the address box to access the voice self-service system. In the configuration view of
the self-service HTTPS server, you can run the self-service http secure-server port command to
change the port number of the self-service HTTPS server. The default port number is 1443.
Check the cause of the login failure based on the prompt message. If the number of
incorrect password attempts reaches the upper limit, the current account will be locked.
By default, a locked account is automatically unlocked after 5 minutes.
NOTE
After a user logs in, the web system automatically displays the last login time, IP address, and login
mode of the user.
NOTE
l If the parameters are marked with a red asterisk (*), the system forcibly requires you to change the
password. After changing the password, click OK. If the password is changed successfully, the
system displays the message "Your password has been modified successfully". Click OK. The
login page is displayed. If you do not change the password, click Cancel. The login page is
displayed and you cannot log in to the web system.
l If the parameters are not marked with a red asterisk (*), the system asks you to change the
password. After changing the password, click OK. If the password is changed successfully, the
system displays the message "Your password has been modified successfully". Click OK. The
login page is displayed. If you do not change the password, click Cancel. The Device
Information page is displayed.
Step 4 Click Logout in the upper right corner of the page to return to the login page.
Step 5 If you do not perform any operations within a period (10 minutes by default) after logging in
to the web system, the system automatically logs you out. Click OK to return to the login
page.
----End
Symptom
The device cannot be logged in through the web platform.
Procedure
Step 1 Check whether the AR and client can ping each other.
1. Run the ping command on the Windows Command Prompt of the PC to check whether
the PC can ping the AR.
When the system displays the message "Request time out", the target device is
unreachable.
2. Run the display this command in the interface view to check whether the IP address is
configured correctly.
3. If the IP address is incorrect, run the ip address ip-address { mask | mask-length }
command in the interface view to reconfigure the IP address.
4. Open the web platform again and ensure that the input IP address in https://IP address is
the same as that configured on the AR.
Step 2 Check whether the browser configuration is correct.
1. Configure the browser according to 4 Precautions for Using the Web Platform and log
in to the web platform again.
2. Log in to the web platform through another browser and check whether the IE browser
limits the login to the web platform.
Step 3 Check whether the HTTPS server configuration is correct.
1. Check whether the HTTPS server is enabled.
Run the display http server command in any view. If the value of HTTPS server status
is Disabled, run the http secure-server enable command in the system view to enable
the HTTPS server.
2. Check the port number of the HTTPS server.
Run the display http server command in any view to check the value of HTTPS server
port.
Ensure that the input port number in the address bar is the same as the value of HTTPS
server port.
Run the http secure-server port command in the system view to configure the port
number of the HTTPS server.
Step 4 Check whether the number of login web users has reached the maximum value.
Run the display http server command in any view to check values of Current online users
and Maximum users allowed.
If the values of Current online users and Maximum users allowed are the same, log in
again after other users go offline.
Step 5 Check whether the physical interface that allows access to the web platform is configured.
Run the display current-configuration filter http server command in any view to check
whether there is the configuration of http server permit interface.
If the physical interface that allows access to the web platform Is configured and the physical
interface that accesses the web platform is not allowed, run the undo http server permit
interface command in the system view to cancel the configuration of the physical interface
that allows access to the web platform or run the http server permit interface command in
the system view to reconfigure the physical interface that allows access to the web platform.
Step 7 Check whether access control is configured for the web client.
1. Run the display current-configuration filter http acl command in any view to check
whether there is the configuration of http acl acl-number.
If there is the configuration of http acl acl-number, record the ACL number.
2. Run the display acl acl-number command in any view to check whether the IP address
of the web client is denied in the ACL.
If the IP address of the web client is denied in the ACL, run the undo rule rule-id
command to delete the ACL rule and use a command to modify the ACL to allow the IP
address of the web client.
----End
Symptom
After successful device login through the web system, the web system page is not completely
displayed, or only several options are displayed.
Procedure
Step 1 Check whether the web user level is too low.
If the user level is 1, the user is a common administrator and can only access Device
Information and change the password in User Management. If the user level is 2, the user is
an enterprise administrator and has most operating rights in the web system. If the user level
is 3 to 15, the user is a super administrator and has all operating rights in the web system.
Run the display this command in the AAA view to check the web user level. If the value of
level is too small in the local-user user-name privilege level level configuration, some
functions cannot be displayed in the web system. Run the local-user user-name privilege
level level command in the AAA view to set the web user level to 3 or higher so that the web
user has all operating rights in the web system.
----End
5.3 FAQ
This section describes common problems you may encounter during the configuration and
provides the solutions to these problems.
NOTE
Telnet has security vulnerabilities. You are advised to log in to the device using STelnet V2.
# Set the password to Huawei@123 for the user admin123. The configuration is as follows:
<Huawei> system-view
[Huawei] aaa
[Huawei-aaa] local-user admin123 password irreversible-cipher Huawei@123
[Huawei-aaa] local-user admin123 service-type http
[Huawei-aaa] local-user admin123 privilege level 15
[Huawei-aaa] return
<Huawei> save
Table 5-1 Default passwords for console port or Telnet login in different versions
Version Product Default User Default Default Level
Model Name Password
l Web login
Table 5-3 Default passwords for BootROM menu login to devices of different versions
Version Product Default User Default Default Level
Model Name Password
By default, a locked account is automatically unlocked after 5 minutes. You can wait until the
account is automatically unlocked, and enter the correct user name and password to log in to
the device again.
You can also log in to the device using the CLI mode when the account is locked, and run the
local-user user-name state active command in the AAA view to unlock the account.
The system software contains the web page file. After new system software is loaded to the
device, the web page file web.zip is directly decompressed from the system software and
saved to the memory.
5.3.7 How Do I Change the Port Number for Web Platform Login?
The default port number of the HTTPS server is 443. If you access and control the device
through the web platform, you do not need to specify the port number. If the default port
number is used, attackers may access this port continuously, consuming bandwidth resources
and degrading security performance of the server. As a result, authorized users cannot access
the device. If the default port number is used by another service, users cannot log in to the
device through the web platform.
You can run the http secure-server port port-number command in the system view to
reconfigure the port number of the HTTPS server.
You can change the IP address for web platform login using the command-line interface (CLI)
or web platform.
1. You can configure a management IP address on the CLI using either of the following
methods:
In the factory settings, all LAN interfaces on the AR150&AR160&AR200 are added to VLAN 1 by default.
The default IP address 192.168.1.1/24 is configured for VLANIF 1. Any LAN interface can use this IP
address as the management IP address.
<Huawei> system-view
[Huawei] vlan 1
[Huawei-vlan1] quit
[Huawei] interface vlanif 1
[Huawei-Vlanif1] ip address 192.168.1.10 24
[Huawei-Vlanif1] quit
Log in to the web platform. Choose WAN Access > Ethernet Interface. Find the
corresponding management interface on the Ethernet Interface page. Click next to the
interface to configure an IP address for the interface.
The device has a default management IP address configured and the web system enabled from
a specified version before it is delivered. Table 5-4 lists detailed information.