Logging In to the Web Platform

Before logging in to the web platform in wired connection mode, perform the following tasks:

The IP address of the device's access port has been configured.
The device and your PC are properly connected.
The device is running properly, and the HTTP and HTTPS services are correctly configured.
The web browser software has been installed on your PC.

The IP address 169.254.1.1 has been configured for MEth0/0/1 on the AirEngine 9700-M1, AirEngine 9700-M and AC6805 before the delivery.
The IP address 169.254.1.1 has been configured for VLANIF 1 on the AC6800V, AC6508, AC6507S, and AirEngine 9700S-S before the delivery. By default, all GE interfaces on the AC6508, AC6507S, and AirEngine 9700S-S have been added to VLAN 1, and all GE and XGE interfaces on the AC6800V have been added to VLAN 1.
The STelnet service has been configured on the device before delivery. The STelnet service port number is 22.
The HTTP and HTTPS services have been configured on the device before delivery. The default service port number of the HTTP service is 80, and that of the HTTPS service is 443.
The default username and password are available in WLAN Default Usernames and Passwords (Enterprise Network or Carrier). If you have not obtained the access permission of the document, see Help on the website to find out how to obtain it.

Figure 1 shows the running environment of the web platform. You can manage and configure the device through the web platform on your PC.

Figure 1 Running environment of the web platform

Logging In to the Web Platform

Open a browser such as Internet Explorer 10.0, enter http://IP address or https://IP address in the address box, for example, http://169.254.1.1 or https://169.254.1.1, and press Enter. (169.254.1.1 is used as an example here. Enter the actual IP address of the access interface.) The web platform login page is displayed.

When a user logs in to a device through HTTP, the HTTPS login page is displayed. If the HTTPS service is unavailable, for example, the HTTPS service is not enabled, or the HTTPS service is enabled but not bound to an SSL policy, the incorrect page is displayed.
Enter the login information.
1. Select a language.
  
  The system supports English and Chinese. By default, the system uses the same language as the browser.
2. Enter a user name and password.
  
  Upon the first login to the web platform, you are prompted to set the user name and password for subsequent login through the web platform or STelnet, which will be delivered to managed Fit APs for logging in to them. Additionally, the specified password is used as the password for console port login. This password will be also used as the key for the offline management VAP, allowing for wireless connections to the management SSID.
3. Click Login.
If the login fails, the following possible causes are displayed at the same time:
- The user name or password is incorrect: indicates that the entered user name or password is incorrect. Click OK to check the user name and password. If they are incorrect, enter them again.
- The user does not have the right to log in or the login right expires: indicates that the current online user has no permission to log in to the web platform. Contact network administrators.
- The number of login users has reached the maximum value: indicates that the number of online web users reaches the upper limit. By default, the maximum number of online web users is 52.
- The number of times the password is incorrectly entered has reached the limit, and the user is locked: indicates that the current login account is locked and will be automatically unlocked after 5 minutes.
Click Logout in the upper right corner to Log out of the web platform. The login page is displayed.
If you do not perform any operation within a specified duration (10 minutes by default), you are logged out. To return to the login page, click OK.

(Optional) Loading a Web Page File

Generally, a web page file is integrated in the system software of the device and has been installed. You do not need to install the web page file separately. However, to upgrade the web page file, you can log in to the official website to download an independent web page file, upload it to the device, and install it.

Upload the web page file to the device.

Load the web page file.

<HUAWEI> system-view
[HUAWEI] http server load web.7z

Enable the HTTPS service.

[HUAWEI] http secure-server enable    //By default, the HTTPS IPv4 service is enabled, and the HTTPS IPv6 service is disabled.

(Optional) Loading a Digital Certificate File and Binding an SSL Policy

By default, a digital certificate file has been loaded on the device. If the browser displays a message indicating a security risk or the web page fails to be accessed due to a certificate issue, you need to update the digital certificate file.

Upload the digital certificates and private key file to the device.

Ensure that you have obtained the local certificate abc_local.pem, CA certificate abc_ca.pem, and RSA key pair privatekey.pem and uploaded them to the storage medium of the device. If multiple CA certificates are available, perform the same operation to load the certificates to the memory of the device. The key for generating privatekey.pem is Example@123.

Load the certificates and RSA key pair.

[HUAWEI] pki realm abc
[HUAWEI-pki-realm-abc] quit
[HUAWEI] pki import-certificate local realm abc pem filename abc_local.pem
[HUAWEI] pki import-certificate ca realm abc pem filename abc_ca.pem
[HUAWEI] pki import rsa-key-pair key1 pem privatekey.pem password Example@123

Create an SSL policy and load a digital certificate.

[HUAWEI] ssl policy sslserver type server
[HUAWEI-ssl-policy-sslserver] pki-realm abc
[HUAWEI-ssl-policy-sslserver] version tls1.2
[HUAWEI-ssl-policy-sslserver] quit

Bind the SSL policy and enable the HTTPS service.

[HUAWEI] http secure-server ssl-policy sslserver
[HUAWEI] http secure-server enable

Display detailed information about the loaded digital certificates.

[HUAWEI] display ssl policy sslserver
------------------------------------------------------------------------------ 
  Policy name                            :   sslserver                             
  Policy ID                              :   2                                 
  Policy type                            :   Server                             
  Cipher suite                           :   ecdhe_rsa_aes128_gcm_sha256        
                                             ecdhe_rsa_aes256_gcm_sha384   
  PKI realm                              :   abc  
  Version                                :   tls1.2   
  Cache number                           :   128                                  
  Time out(second)                       :   3600                                
  Server certificate load status         :   loaded                              
  CA certificate chain load status       :   loaded                              
  SSL renegotiation status               :   enable   
  Bind number                            :   1                                   
  SSL connection number                  :   0                                  
------------------------------------------------------------------------------