Fat AP and Cloud AP

Web-based Configuration Guide 2 Getting Started

2 Getting Started

About This Chapter

2.1 Web Platform Overview

2.2 Logging In to the Web Platform
2.3 Precautions for Using the Web Platform
2.4 Web Page Description
2.5 Web Platform Overview for Common Cloud APs
2.6 Web Platform Overview for Cloud Central APs
2.7 Viewing Alarms on the Web Platform

2.1 Web Platform Overview

To help users to manage and maintain the wireless access point, the wireless
access point provides a built-in web server to enable a terminal connected in
wired (for example, a PC) or wireless mode to access the web platform.
Figure 2-1 shows the running environment of the web platform.

Figure 2-1 Running environment of the web platform

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 3

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

2.2 Logging In to the Web Platform

Applicable Mode
This login mode is applicable to Fat APs and cloud APs.

Before logging in to an AP through the web platform, connect a terminal to the

AP using an Ethernet cable or in wireless mode to ensure that they are reachable
to each other. Then you can log in to the AP using a browser. Table 2-1 lists the
default parameter settings of an AP.

Table 2-1 Default parameter settings of an AP

Parameter Fit AP (Factory Fat AP Cloud AP

Settings)

SSID hw_manage_xxxx HUAWEI- hw_manage_xxxx

(xxxx specifies the LeaderAP-XXXX (xxxx specifies the
last 4 digits of the (XXXX specifies last 4 digits of the
AP's MAC the last 4 digits of AP's MAC
address.) the AP's MAC address.)
address.)

IP address ● Ethernet cable ● Ethernet cable ● Ethernet cable

connection: connection: connection:
169.254.1.1 169.254.1.1 169.254.1.1
● Wireless ● Wireless ● Wireless
connection: connection: connection:
169.254.2.1 192.168.1.1 169.254.2.1
(V200R021C00
and earlier
versions);
169.254.2.1
(V200R021C01
and later
versions)

Subnet mask 255.255.255.0 255.255.255.0 255.255.255.0

Username and For V200R020C10 and earlier versions: The default

password username and password are available in WLAN Default
Usernames and Passwords (Enterprise Network or
Carrier). If you have not obtained the access permission of
the document, see Help on the website to find out how to
obtain it.
For V200R021C00 and later versions: The device has no
default username or password. You need to set the
username and password when logging in to the device for
the first time.

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 4

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

NOTE

In V200R009 or an earlier version, the default subnet mask of an AP in Ethernet cable

connection mode is 255.255.0.0.

Connecting to an AP
● Through an Ethernet cable
You can connect a PC to any network port on an AP or a network port on a
switch reachable to the AP (IP addresses of the PC and AP on the same
network segment).

Figure 2-2 Connecting to an AP through an Ethernet cable

a. Use an Ethernet cable to connect the PC to the AP.

b. Configure the PC.
Configure the IP address of the PC to be on the same network segment
as the default IP address of the AP, for example, 169.254.1.x/24
(excluding 169.254.1.1; 169.254.1.100 recommended).
● In wireless mode

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 5

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

Figure 2-3 Connecting to an AP in wireless mode

a. Configure the terminal to automatically obtain an IP address.

b. Within the coverage of the AP, search for the WLAN on the terminal. You
can access the WLAN directly or by entering the correct wireless
password.

Logging In to the Web Platform

Step 1 Open the browser on the PC, enter http://IP address or https://IP address in the
address box, and press Enter. The login page is displayed.
Step 2 Enter the login information.
NOTE

For a cloud AP or cloud central AP, the locally changed password is valid only before the device
registers with the iMaster NCE-Campus. After the device registers, the iMaster NCE-Campus
uniformly delivers an administrator password. The delivered password will overwrite the locally
configured one and is permanently valid.

1. Select a language.
The system supports English and Chinese. By default, the system uses the
same language as the browser.
2. Enter a user name and password.
Upon the first login to the web platform, you are prompted to set the user
name and password for subsequent login through the web platform or
STelnet, which will be delivered to managed Fit APs for logging in to them.
Additionally, the specified password is used as the password for console port
login. This password will be also used as the key for the offline management
VAP, allowing for wireless connections to the management SSID.
3. Click Login.

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 6

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

NOTE

If the login fails, the following possible causes are displayed at the same time:
● The user name or password is incorrect: indicates that the entered user name or
password is incorrect. Click OK to check the user name and password. If they are
incorrect, enter them again.
● The user does not have the right to log in or the login right expires: indicates that
the current online user has no permission to log in to the web platform. Contact
network administrators.
● The number of login users has reached the maximum value: indicates that the
number of online web users reaches the upper limit. By default, the maximum number
of online web users is 2.
● The number of times the password is incorrectly entered has reached the limit, and
the user is locked: indicates that the current login account is locked and will be
automatically unlocked after 5 minutes.

Step 3 Click Logout in the upper right corner to Log out of the web platform. The login
page is displayed.
Step 4 If you do not perform any operation within a specified duration (10 minutes by
default), you are logged out. To return to the login page, click OK.

----End

(Optional) Loading a Web Page File

Generally, a web page file is integrated in the system software of the device and
has been installed. You do not need to install the web page file separately.
However, to upgrade the web page file, you can log in to the official website to
download an independent web page file, upload it to the device, and install it.
1. Upload the web page file to the device.
2. Load the web page file.
<HUAWEI> system-view
[HUAWEI] http server load web.7z

3. Enable the HTTPS service.

[HUAWEI] http secure-server enable //By default, the HTTPS IPv4 service is enabled, and the
HTTPS IPv6 service is disabled.

(Optional) Loading a Digital Certificate File and Binding an SSL Policy

By default, a digital certificate file has been loaded on the device. If the browser
displays a message indicating a security risk or the web page fails to be accessed
due to a certificate issue, you need to update the digital certificate file.
1. Upload the digital certificates and private key file to the device.
NOTE

Ensure that you have obtained the local certificate abc_local.pem, CA certificate
abc_ca.pem, and RSA key pair privatekey.pem and uploaded them to the storage medium
of the device. If multiple CA certificates are available, perform the same operation to load
the certificates to the memory of the device. The key for generating privatekey.pem is
YsHsjx_202206.
2. Load the certificates and RSA key pair.
[HUAWEI] pki realm abc
[HUAWEI-pki-realm-abc] quit

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 7

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

[HUAWEI] pki import-certificate local realm abc pem filename abc_local.pem

[HUAWEI] pki import-certificate ca realm abc pem filename abc_ca.pem
[HUAWEI] pki import rsa-key-pair key1 pem privatekey.pem password YsHsjx_202206

3. Create an SSL policy and load a digital certificate.

[HUAWEI] ssl policy sslserver type server
[HUAWEI-ssl-policy-sslserver] pki-realm abc
[HUAWEI-ssl-policy-sslserver] version tls1.2
[HUAWEI-ssl-policy-sslserver] quit

4. Bind the SSL policy and enable the HTTPS service.

[HUAWEI] http secure-server ssl-policy sslserver
[HUAWEI] http secure-server enable

5. Display detailed information about the loaded digital certificates.

[HUAWEI] display ssl policy sslserver
------------------------------------------------------------------------------
Policy name : sslserver
Policy ID : 2
Policy type : Server
Cipher suite : ecdhe_rsa_aes128_gcm_sha256
ecdhe_rsa_aes256_gcm_sha384
PKI realm : abc
Version : tls1.2
Cache number : 128
Time out(second) : 3600
Server certificate load status : loaded
CA certificate chain load status : loaded
SSL renegotiation status : enable
Bind number : 1
SSL connection number : 0
------------------------------------------------------------------------------

2.3 Precautions for Using the Web Platform

● The operating system required for web platform login must be Windows 7.0,
Windows 8.0, Windows 8.1, or Windows 10.0.
● The web platform supports different browsers. You can log in to the web
platform using Internet Explorer 10 or 11, Firefox 97 to 101, or Google
Chrome 93 to 102. If the version of your web browser is not supported, the
web page may be displayed incorrectly. In specific situations, if the web page
is displayed slowly when you use the Chrome browser to log in to the web
platform, use the Internet Explorer or Firefox browser.
● When you log in to the web platform using Internet Explorer, the security
level cannot be set to High; otherwise, web pages cannot be displayed. When
you access the web platform using the web proxy, choose Tools > Internet
Options > Advanced from the menu bar of the browser, and select Use HTTP
1.1 through proxy connections. Choose Tools > Internet Options > Security,
and click Custom level. Set Script ActiveX controls marked as safe for
scripting*, Run ActiveX controls and plug-ins, and Active scripting to
Enable; otherwise, web pages cannot be displayed.
● If the message "Your browser's security settings are too high to complete this
process. See the help menu for instructions on adjusting your security
settings." is displayed during file upload, configure the Internet Explorer as
follows:
a. Choose Tools > Internet Options > Security, and click Custom level.
b. Select Enable or Prompt for Initialize and script ActiveX controls not
marked as safe for scripting.

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 8

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

If you select Enable, the file can be uploaded directly. If you select
Prompt, the message "An ActiveX control on this page might be unsafe
to interact with other parts of the page. Do you want to allow this
interaction?" is displayed. If you click Yes, the file can be uploaded.
c. Select Enable for Include local directory path when uploading files to
a server.
● After the device software version changes (for example, the software version
is upgraded or rolled back) or the HTTP/HTTPS port number is changed, clear
the browser cache before using the web platform. Otherwise, web pages may
be incorrectly displayed.
– When you log in to the web platform using Internet Explorer, choose
Tools > Internet Options > General, click Delete, select Temporary
Internet files and website files and Cookies and website data, and
click Delete to clear the browser cache.
– When you log in to the web platform using the Firefox browser, choose
Options > Privacy & Security and click Clear History. In the displayed
Clear Recent History dialog box, choose Everything from the Time
range to clear drop-down list. Select all options in the History and Data
areas, and click Clear Now to clear the browser cache.
– When you log in to the web platform using Google Chrome, choose
History from the menu bar of the browser, click Clear browsing data,
select Cookies and other site data and Cached images and files, and
click Clear browsing data to clear the browser cache.
● The web platform does not support back, forward, and refresh buttons on the
browser. If you click these buttons, the web platform may return to the login
page.
● The web platform provides the following administrator roles. Only users of
level 2 or higher have the management rights. Users of levels lower than 2
have only the visit right. It is recommended that you set the level of web
management users to level 2 or higher.
– Common administrator: user level 1
– Enterprise administrator: user level 2
– Guest administrator: user level 3
– Super administrator: user level 3–15
● The web platform allows for login only when the administrator level is at
least 1. If the server does not deliver the administrator level during remote
authentication, the administrator level is 0 by default. In this case, to enable
the administrator to log in to the web platform, run the admin-user privilege
level command in the service scheme view to upgrade the administrator level
in local authorization mode. If both authorization provided by the remote
server and local authorization are available, authorization provided by the
remote server takes precedence.
NOTE

The option layout in the browser settings provided in this topic is for reference only. The
actual option layout may vary depending on the browser version.

2.4 Web Page Description

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 9

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

This section describes elements on the main page of the web platform and their
functions.

Layout
The main page of the web platform mainly includes the following areas, as shown
in Figure 2-4.

Figure 2-4 Main page of the web platform

Table 2-2 Layout

Are Name Description

a

1 Button You can click these buttons to save settings, get help
information, and log out of the platform.

2 Naviga Functions are displayed in a navigation tree.

tion The level-1 menu is on the upper left corner of the page, and
tree the level-2 menu is on the left of the page.

3 Operati You can configure functions or view function status in the

on area operation area.

Button
Buttons locate in the upper right corner of the main page.

Table 2-3 Buttons

Button Function

Save Commits the configured commands.

After modifying device configuration information on web pages, you
need to click Save to save the modification to the device
configuration file. Unsaved configuration information will be lost
after the device restarts.

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 10

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

Button Function

Console Displays the command-line interface (CLI).

You can manage and maintain devices on the CLI.
NOTE
The Telnet client function must be enabled on the operating system.

Alarm &
You can click to quick open Alarm & Event page.
Event

Logout Logs you out of the web platform.

To log out of the web platform, click . To log in to the web

platform, enter the user name and password.

Languag Switches languages for the web platform.

e
● Click . The web page displays in English.

● Click . The web page displays in Chinese.

Common Web Platform Buttons

This section describes common web platform buttons.

Table 2-4 Common web platform buttons

Button Description

Create Displays the page for creating table entries and profiles.

Delete Deletes selected table entries or profiles.

Clear Clears table entries or profiles.

Refresh Updates information displayed on the current page.

Auto Automatically updates information displayed on the current page.

refresh

Apply Makes the current page configuration effective.

Confirm Makes the current page configuration effective.

Display Displays information of profiles that uses the current profile.

Reference

Searches for results.

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 11

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

2.5 Web Platform Overview for Common Cloud APs

Table 2-5 describes the main functions of the web platform for common cloud
APs.

Table 2-5 Web platform overview

Level-1 Menu Level-2 Menu Description

Home Displays the uplink connection details and

deployment configurations of the AP.
● The uplink connection details include the
interface name, IP address obtaining mode,
IP address, subnet mask, and primary and
Summary secondary DNS servers.
● The deployment configurations include the
AP's working mode, network connection
configuration, VLAN configuration, cloud
management controller configuration, and
certificate import configuration.

Displays basic information about AP interfaces,

such as the interface name, status, negotiated
AP Interface
rate, number of sent and received packets and
bytes, and STP status.

Displays basic information about users, such as

the user name, MAC address, IP address, device
User name, connected SSID, frequency band, RSSI,
rate, and going-online and -offline records, and
provides the function of disconnecting STAs.

Displays basic information about routes, such

Routing Table as the destination IP address, subnet mask,
route type, next hop, and outbound interface.

Diagnosis Exports a large amount of diagnostic

information about the AP to the
One-Click
web_diaginfo.txt file. The information includes
Information
the startup configuration, current
Collection
configuration, interface information, system
time, and system version.

Checks whether a destination IP address or

Ping host is reachable to determine network
connectivity.

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 12

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

Level-1 Menu Level-2 Menu Description

Tracks the forwarding path of a packet from

the source device to the destination device. If a
Trace Route network failure occurs, you can use this
function to locate the fault. You can specify a
destination IP address or host name.

Checks the quality of wireless links between

RF-Ping
the AP and STAs.

Displays ARP information about the device,

such as the destination IP address, MAC
ARP Entry
address, VLAN ID, interface name, and timeout
interval.

Maintenance Displays basic information about the cloud AP,

such as the device name, model, MAC address,
SN, version, number of restart times, maximum
Basic number of access STAs, and system operation
time. In addition, you can upgrade the version,
export the configuration file, and clear the
number of restart times.

Displays current and historical alarm data,

Alarm & such as the alarm severity, OID, alarm content,
Event module, time, and alias, and allows you to
clear alarms.

Supports log host management, provides the

log saving and clearing functions, and displays
Log
log information such as the time, severity,
module, summary, and content.

Displays administrator logout records and user

session records, such as the user name, IP
address, authentication type, domain name,
Administrator
logout reason, login time, logout time, and
session creation time, and provides the
function of disconnecting STAs.

Deletes the current and historical user

Factory
configurations, and restores the factory
Settings
settings and Fit mode of APs.

2.6 Web Platform Overview for Cloud Central APs

Table 2-6 describes main functions of the web platform for cloud central APs.

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 13

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

Table 2-6 Web platform overview

Level-1 Menu Level-2 Menu Function Description

Home Displays connection information and

deployment configurations of the AP.
● The connection information includes the
interface name, IP address allocation mode,
IP address, subnet mask, and primary and
Summary
secondary DNS servers, and RUs.
● The deployment configuration information
includes the AP's working mode, network
connection, VLAN, Agile Controller-Campus,
and certificate import configurations.

Displays basic information about AP interfaces,

Central AP such as the interface name, state, negotiation
Interface rate, number of sent and received packets and
bytes, and STP status.

Displays basic information about RUs, such as

the device name, state, MAC address, IP
address, type, version, sequence number,
traffic, number of connected STAs, STA offline
RU
rate, STA access failure rate, online duration,
total number of restart times, number of
restart times due to power failures, and STA
online and offline records.

Displays basic information about users, such as

the user name, MAC address, IP address, name
of the connected device, connected SSID,
User
frequency band, RSSI, access rate, and online
and offline records. The function of
disconnecting STAs is also provided.

Displays basic information about routes, such

Routing Table as the destination IP address, subnet mask,
route type, next hop, and outbound interface.

Diagnosis Exports a large amount of diagnostic

information about the AP to the
One-click
web_diaginfo.txt file. The information includes
Information
the startup configuration, current
Collection
configuration, interface information, system
time, and system version.

Checks whether a destination IP address or

Ping host is reachable to determine network
connectivity.

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 14

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

Level-1 Menu Level-2 Menu Function Description

Tracks the forwarding path of a packet from

the source to the destination. If a network
Trace Route failure occurs, you can use the trace route
function to locate the fault. You can specify a
destination IP address or host name.

Checks the quality of wireless links between

RF-Ping
APs and STAs.

Displays ARP information about the AP, such as

ARP Entry the destination IP address, MAC address, VLAN
ID, interface name, and timeout period.

Maintenance Displays basic information about the AP, such

as the device name, model, MAC address,
sequence number, version, number of restart
Basic times, maximum number of access STAs, and
system operation time. The functions, including
version upgrade, configuration file export, and
restart statistics reset, are also provided.

Displays current and historical alarm data,

Alarm & such as the alarm severity, OID, alarm content,
Event module name, time, and alias. The alarm
clearing function is also provided.

Supports log host management, provides the

log saving and clearing functions, and displays
Log
log information such as the time, severity,
module name, summary, and content.

Displays administrator offline records and user

session records, such as the user name, IP
address, authentication type, domain name,
Administrator
offline reason, online time, offline time, and
session creation time. The function of
disconnecting STAs is also provided.

Deletes current and historical user

Factory
configurations, and restores the factory
Settings
settings of the AP.

2.7 Viewing Alarms on the Web Platform

Log in to the web platform and choose Maintenance > Alarm & Event to view
current and historical alarm data, such as the alarm severity, OID, alarm content,
module, time, and mnemonic.

To ensure that alarms can be reported to the web platform, you need to run
commands to enable the alarm function for a specific module. Note that an
interface status alarm is generated when the interface status changes, and you

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 15

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

need to enable the alarm function of the standard module both globally and on
the required interface.

Configuring the Device to Send Alarms to the Web Platform Through the CLI
Step 1 Run the system-view command to enter the system view.

Step 2 Enable the alarm sending function.

Enable the alarm function for modules:

● To enable the alarm function for all modules at a time, run the snmp-agent
trap enable command.
● To enable the alarm function for a specified module, run the snmp-agent
trap enable feature-name command.

Enable the alarm function for the interface status:

Run the snmp-agent trap enable feature-name ifnet trap-name { linkdown |

linkup } command to enable the alarm function for the interface status globally.

By default, the alarm function for the interface status is disabled globally. After
the linkdown and linkup alarm functions of the ifnet module are enabled
globally, an alarm is generated when the interface status changes. When an
interface flaps, the interface frequently sends alarms to the web platform, which
increases the processing load of the web platform. In this case, you can disable the
alarm function on the specified interface. The procedure is as follows:

1. Run the interface interface-type interface-number command to enter the

interface view.
2. Run the undo enable snmp trap updown command to disable the alarm
function for the interface status.
3. Run the quit command to return to the system view.

Step 3 Run the snmp-agent trap source interface-type interface-number command to

specify the source interface for sending trap messages.

After the source interface is specified, the IP address of the source interface is used
as the source IP address for sending trap messages. This helps the web platform
identify the alarm source. The source interface that sends trap messages must
have an IP address configured. Otherwise, the command does not take effect. To
ensure device security, you are advised to configure the local loopback address as
the source address.

The source interface of trap messages specified on the wireless access point must
be the same as that specified for the wireless access point on the web platform.
Otherwise, the web platform cannot receive trap messages from the wireless
access point.

Step 4 Run the snmp-agent trap queue-size size command to configure the queue
length of trap messages sent to the target host.

By default, the queue length of trap messages sent to the target host is 100.

To ensure that trap messages can be received by the web platform, determine the
length of the trap queue by the number of generated trap messages. When the

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 16

Fat AP and Cloud AP
Web-based Configuration Guide 2 Getting Started

wireless access point sends trap messages frequently, you can prolong the queue
length to reduce alarm loss.
Step 5 Run the snmp-agent trap life seconds command to set the TTL of trap messages.
By default, the TTL of trap messages is 120 seconds.
To ensure that trap messages can be received by the web platform, determine the
saving time by the number of generated trap messages. When the wireless access
point sends trap messages frequently, you can run this command to increase the
TTL of trap messages to reduce alarm loss.

----End

Issue 01 (2023-09-30) Copyright © Huawei Technologies Co., Ltd. 17