Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-H3C Wireless Devices Password Maintenance Guide | 105.64 KB |
|
|
|
|
|
H3C Wireless Devices |
|
Password Maintenance Guide |
|
|
|
New H3C Technologies Co., Ltd. http://www.h3c.com
Document version: 6W100-20220830 |
Creating/Editing a Telnet password
Editing a fit AP password from an AC
Recovering the password of the console port from BootWare menus
Dealing with console login password loss
Viewing the enablement status of password recovery capability
Rebooting the device by skipping the configuration file
Rebooting the device by clearing the current console login password
Rebooting the device by restoring the factory defaults
Configuring password recovery capability
Recovering the console login password from CLI
Changing the console login password after Telnet or SSH login
Editing a fit AP password from an AC
Restoring the factory defaults by pressing the RESET button
Recovering a Telnet password
Creating/Editing a Telnet password
Telnet and SSH supports remote maintenance and management of the device. If a Telnet or SSH password is forgotten, you can use one of the following methods to reconfigure a password:
· Log in to the device with the network-admin or level-15 user role, and then reconfigure a password.
· Log in to the device through the console port, and then reconfigure a password.
In the current software version, only the following verification methods are supported for Telnet login and SSH login:
· Scheme authentication—Log in to the device with the username and password.
· Password authentication—Log in to the device with only the password.
This section uses VTY lines 0 through 4 as an example.
Scheme authentication
1. Create Telnet user abc and set the password to admin.
<H3C> system-view
[H3C] telnet server enable
[H3C] line vty 0 4
[H3C-line-vty0-4] authentication-mode scheme
[H3C-line-vty0-4] protocol inbound all
[H3C-line-vty0-4] quit
[H3C] local-user abc
New local user added.
[H3C-luser-manage-abc] password simple admin
[H3C-luser-manage-abc] service-type telnet
[H3C-luser-manage-abc] authorization-attribute user-role network-admin
[H3C-luser-manage-abc] return
You can log in to the device with username abc and password admin.
2. Execute the save command to save the configuration to avoid configuration loss after a reboot.
Password authentication
1. Configure password authentication for VTY lines 0 through 4, and set the password to admin.
<H3C> system-view
[H3C] telnet server enable
[H3C] line vty 0 4
[H3C-line-vty0-4] authentication-mode password
[H3C-line-vty0-4] protocol inbound all
[H3C-line-vty0-4] set authentication password simple admin
[H3C-line-vty0-4] return
You can log in to the device with password admin.
2. Execute the save command to save the configuration to avoid configuration loss after a reboot.
Editing a fit AP password from an AC
If the password of a fit AP is forgotten and the AP has come online from an AC, edit the fit AP username and password in the AP configuration file. In the current software version, only the following verification methods are supported:
· Scheme authentication—Log in to the device with the username and password.
· Password authentication—Log in to the device with only the password.
This section uses VTY lines 0 through 4 as an example.
To edit the password of a fit AP from an AC through the configuration file:
1. Edit configuration file apcfg.txt of the AP.
|
|
NOTE: Edit the apcfg.txt file in compliance with CLI requirements and upload the file to the AC. After the AC is associated with the AP, execute the map-configuration command to deploy the configuration file to the AP. |
¡ Scheme authentication
# Configure configuration file apcfg.txt as follows:
system-view
telnet server enable
line vty 0 4
authentication-mode scheme
protocol inbound all
quit
local-user abc
password simple admin
service-type telnet
authorization-attribute user-role network-admin
return
¡ Password authentication
# Configure configuration file apcfg.txt as follows:
system-view
telnet server enable
line vty 0 4
authentication-mode password
protocol inbound all
set authentication password simple admin
return
2. Deploy configuration file apcfg.txt to the AP from the AC.
<H3C> system-view
[H3C] wlan ap ap1 model WA4320-ACN
[H3C-wlan-ap-ap1] map-configuration apcfg.txt
[H3C-wlan-ap-ap1] return
3. Execute the save command to save the configuration to avoid configuration loss after a reboot.
Recovering the password of the console port from BootWare menus
The console port in this chapter is a virtual console port for the WBC560 device.
Dealing with console login password loss
|
|
CAUTION: Dealing with console login password loss from BootWare menus requires device reboot, which will interrupt services. |
This section uses console login password loss on the WX3520H device as an example.
The procedure for dealing with console login password loss is as shown in Figure 1. By default, password recovery capability is enabled. To obtain the enablement status of password recovery capability, see "Viewing the enablement status of password recovery capability." For more information about password recovery capability, see "Configuring password recovery capability."
Figure 1 Procedure for dealing with password loss
Table 1 Methods for dealing with console login password loss
|
Prerequisite |
Method |
Description |
|
password recovery capability is enabled. |
Method 1: Rebooting the device by skipping the configuration file |
The device starts up with the factory defaults but does not delete the next-startup configuration file. |
|
Method 2: Rebooting the device by clearing the current console login password |
The device starts up with next-startup configuration file and skip password authentication for console login. |
|
|
password recovery capability is disabled. |
The device starts up with the factory defaults and delete the active and backup configuration files. |
Viewing the enablement status of password recovery capability
Reboot the device and press Ctrl+B to enter the BootWare menu.
System is starting...
Press Ctrl+D to access BASIC-BOOTWARE MENU
Press Ctrl+T to start heavy memory test
Booting Normal Extended BootWare........
The Extended BootWare is self-decompressing....Done.
****************************************************************************
* *
* H3C WX3520H BootWare, Version 1.10 *
* *
****************************************************************************
Copyright (c) 2004-2019 New H3C Technologies Co., Ltd.
Compiled Date : Apr 23 2018
CPU Type : XLP416
CPU Clock Speed : 1000MHz
Memory Type : DDR3 SDRAM
Memory Size : 4096MB
Memory Speed : 1333MHz
BootWare Size : 768KB
Flash Size : 16MB
cfa0 Size : 4002MB
CPLD1 Version : 004
CPLD2 Version : 000
PCB Version : Ver.A
BootWare Validating...
Press Ctrl+B to access EXTENDED-BOOTWARE MENU...
The enablement status of password recovery capability is displayed on the BootWare menu.
Password recovery capability is enabled.
Note: The current operating device is cfa0
Enter < Storage Device Operation > to select device.
===========================<EXTENDED-BOOTWARE MENU>=========================
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu |
|<4> File Control |
|<5> Restore to Factory Default Configuration |
|<6> Skip Current System Configuration |
|<7> BootWare Operation Menu |
|<8> Skip Authentication for Console Login |
|<9> Storage Device Operation |
|<0> Reboot |
============================================================================
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format File System
Ctrl+C: Display Copyright
Enter your choice(0-9):
Rebooting the device by skipping the configuration file
1. During device reboot, press Ctrl+B to enter the BootWare menu. Then, enter 6 to skip the current system configuration. The device does not delete the configuration file loaded at the last startup.
Password recovery capability is enabled.
Note: The current operating device is cfa0
Enter < Storage Device Operation > to select device.
===========================<EXTENDED-BOOTWARE MENU>=========================
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu |
|<4> File Control |
|<5> Restore to Factory Default Configuration |
|<6> Skip Current System Configuration |
|<7> BootWare Operation Menu |
|<8> Skip Authentication for Console Login |
|<9> Storage Device Operation |
|<0> Reboot |
============================================================================
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format File System
Ctrl+C: Display Copyright
Enter your choice(0-9): 6
The configuration is set successfully if the following message appears:
Flag Set Success.
2. When the BootWare menu appears again, enter 1. The device starts up.
3. After the device reboots, the device configuration is null. You can roll back the running configuration to the configuration in a configuration file, for example, startup.cfg, in system view as follows:
<Sysname> system-view
[Sysname] configuration replace file cfa0:/startup.cfg
Current configuration will be lost, save current configuration? [Y/N]:n
Info: Now replacing the current configuration. Please wait...
Info: Succeeded in replacing current configuration with the file startup.cfg.
Skip this step if you do not want to roll back the running configuration.
4. In system view, set the authentication mode for console login and set a new password. For example, enable password authentication for console login and set the console login password to 123456 in plain text.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] authentication-mode password
[Sysname-line-console0] set authentication password simple 123456
|
|
NOTE: · For a device with a physical console port, execute the line console 0 command to enter the view for console port configuration. · Execute the set authentication password { cipher | simple } password command to set a password in plain text or cipher text. The password is saved to the configuration file in cipher text. |
5. Save the configuration.
[Sysname-line-console0] save
|
|
NOTE: As a best practice, save the configuration to the default configuration file. |
Rebooting the device by clearing the current console login password
1. During device reboot, press Ctrl+B to enter the BootWare menu. Then, enter 8 to clear the current console login password only. The device does not delete the configuration file loaded at the last startup.
Password recovery capability is enabled.
Note: The current operating device is cfa0
Enter < Storage Device Operation > to select device.
===========================<EXTENDED-BOOTWARE MENU>=========================
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu |
|<4> File Control |
|<5> Restore to Factory Default Configuration |
|<6> Skip Current System Configuration |
|<7> BootWare Operation Menu |
|<8> Skip Authentication for Console Login |
|<9> Storage Device Operation |
|<0> Reboot |
============================================================================
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format File System
Ctrl+C: Display Copyright
Enter your choice(0-9): 8
The configuration is set successfully if the following message appears:
Clear Image Password Success!
2. When the BootWare menu appears again, enter 1. The device starts up.
3. In system view, set the authentication mode for console login and set a new password. For example, enable password authentication for console login and set the console login password to 123456 in plain text.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] authentication-mode password
[Sysname-line-console0] set authentication password simple 123456
|
|
NOTE: · For a device with a physical console port, execute the line console 0 command to enter the view for console port configuration. · Execute the set authentication password { cipher | simple } password command to set a password in plain text or cipher text. The password is saved to the configuration file in cipher text. |
4. Save the configuration.
[Sysname-line-console0] save
|
|
NOTE: As a best practice, save the configuration to the default configuration file. |
Rebooting the device by restoring the factory defaults
1. If password recovery capability is disabled, reboot the device to access the BootWare menu, and enter 5 to restore the factory defaults. The device automatically deletes the configuration file loaded at the last startup.
|
|
IMPORTANT: For factory default restoration, if the device has active and backup configuration files, the system deletes both files at the same time. |
Password recovery capability is disabled..
Note: The current operating device is cfa0
Enter < Storage Device Operation > to select device.
===========================<EXTENDED-BOOTWARE MENU>==========================
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu |
|<4> File Control |
|<5> Restore to Factory Default Configuration |
|<6> Skip Current System Configuration |
|<7> BootWare Operation Menu |
|<8> Skip Authentication for Console Login |
|<9> Storage Device Operation |
|<0> Reboot |
============================================================================
Ctrl+Z: Access EXTENDED ASSISTANT MENU
Ctrl+F: Format File System
Ctrl+C: Display Copyright
Enter your choice(0-9): 5
The configuration is set successfully if the following message appears:
Because the password recovery capability is disabled, this operation can
cause the configuration files to be deleted, and the system will start up
with factory defaults. Are you sure to continue?[Y/N]Y
Setting...Done.
2. When the BootWare menu appears again, enter 1. The device starts to reboot.
3. The device restores to the factory defaults after reboot. In system view, you can configure a new console login password or super password. For more information about how to configure a password, see "Rebooting the device by skipping the configuration file."
4. Save the configuration.
[Sysname] save
|
|
NOTE: As a best practice, save the configuration to the default configuration file. |
Configuring password recovery capability
Password recovery capability controls console user access to the device configuration and SDRAM from BootWare menus.
If password recovery capability is enabled, a console user can access the device configuration without authentication to configure a new password.
If password recovery capability is disabled, console users must restore the factory-default configuration before they can configure new passwords. Restoring the factory-default configuration deletes the next-startup configuration files.
To enhance system security, disable password recovery capability.
To configure password recovery capability:
|
Step |
Command |
Remarks |
|
1. Enter system view |
system-view |
N/A |
|
2. Enable password recovery capability. |
password-recovery enable |
Optional. By default, password recovery capability is enabled. |
|
3. Disable password recovery capability. |
undo password-recovery enable |
Optional. |
|
|
NOTE: When password recovery capability is disabled, do not downgrade the current version to a version that does not support password recovery capability from BootWare menus as a best practice. |
The available options of the BootWare menu depend on password recovery capability, as shown in Table 2.
Table 2 BootWare options depending on password recovery capability
|
Option in the BootWare menu |
When password recovery capability is enabled |
When password recovery capability is disabled |
Description |
|
Download Image Program To SDRAM And Run |
Supported |
Not supported |
This option allows the device to load and run Comware software images in SDRAM. |
|
Skip Authentication for Console Login |
Supported |
Not supported |
After you select this option and reboot the device, the device starts up with the next-startup configuration file. You can perform console login without authentication. |
|
Skip Current System Configuration |
Supported |
Not supported |
After you select this option and reboot the device, the device starts up with the factory defaults, but does not delete the next start-up configuration file. |
|
Restore to Factory Default Configuration |
Not supported |
Supported |
After you select this option and reboot the device, the device automatically deletes the next start-up configuration file, and then starts up with the factory defaults. |
Recovering the console login password from CLI
The console port in this chapter is a virtual console port for the WBC560 device.
Changing the console login password after Telnet or SSH login
If Telnet or SSH login with the network-admin or level-15 user role is supported, you can configure the console login password after Telnet or SSH login and save the configuration.
The following changes the console login password after Telnet login as an example:
1. Log in to the device with the network-admin or level-15 user role through Telnet.
2. Configure the console login password. This example specifies password authentication and sets the password to admin.
<H3C> system-view
[H3C] line console 0
[H3C-line-console0] authentication-mode password
[H3C-line-console0] set authentication password simple admin
[H3C-line-console0] return
3. Execute the save command to save the configuration to avoid configuration loss after a reboot.
Editing a fit AP password from an AC
If a fit AP password is forgotten but the AP has come online from an AC, edit the AP username and password in the AP configuration file for devices with console ports.
The following specifies password authentication for the console user and set the password to admin as an example:
1. Edit configuration file apcfg.txt of the AP.
|
|
NOTE: Edit the apcfg.txt file in compliance with CLI requirements and upload the file to the AC. After the AC is associated with the AP, execute the map-configuration command to deploy the configuration file to the AP. |
# Configure configuration file apcfg.txt as follows:
system-view
line console 0
authentication-mode password
set authentication password simple admin
return
2. Deploy configuration file apcfg.txt to the AP from the AC.
<H3C> system-view
[H3C] wlan ap ap1 model WA4320-ACN
[H3C-wlan-ap-ap1] map-configuration apcfg.txt
[H3C-wlan-ap-ap1] return
3. Execute the save command to save the configuration to avoid configuration loss after a reboot.
Restoring the factory defaults by pressing the RESET button
If all passwords are forgotten, perform one of following operations as needed:
· For a device with the RESET button, press the RESET button for five or more seconds. The device will reboot with the factory defaults restored.
· For a device with the RESET button, contact Technical Support.
