Recovering a Telnet Password

WLAN Troubleshooting Guide (V200)

About This Document
Using eDesk Pro for Network Inspection and Troubleshooting
Using Troubleshooting Insights
Risky Operations
- Hardware-Related Risky Operations
- Software-Related Risky Operations
Routine Maintenance
- Routine Maintenance Overview
- Before You Start
- Checking the Device Environment
  - Checking the Equipment Room Environment
  - Checking the Cable Status
- Checking Basic Device Information
  - Checking the Indicator Status
  - Checking for Critical or Major Alarms on an AC
- Checking the Device Running Status
- Checking Interface Information
- Checking Services
  - Checking the User Status
- Fault Information Collection and Feedback
Troubleshooting: Hardware
- Hardware Overview
- Troubleshooting Guidelines for Hardware
- Troubleshooting Cases for Hardware Faults
- Hardware FAQs
Troubleshooting: STA Experience Faults
- Troubleshooting Guidelines for STA Experience Faults
- Troubleshooting Cases for STA Experience Issues
- STA Experience FAQs
Troubleshooting: AP Joining Faults
- Troubleshooting Guidelines for AP Joining Faults
  - An AP Fails to Go Online on the AC
  - An AP Goes Offline Unexpectedly
- Troubleshooting Cases for AP Onboarding Issues
- AP Onboarding FAQs
Troubleshooting: STA Onboarding Faults
- Troubleshooting Guidelines for STA Onboarding Faults
- Troubleshooting Cases for STA Onboarding Issues
- STA Onboarding FAQs
Troubleshooting: Wireless Access Authentication Issues
- 802.1X Authentication Failures
- HTTP-based External Portal Authentication Failures
- Failures in External Portal Authentication Using the Portal Protocol
- Portal Redirection Failures
- Built-in Portal LDAP or AD Authentication Failures
- Failure to Access the Built-in Portal Page
  - Key Configuration Check
  - Common Built-in Portal Page Access Failures
- Troubleshooting Cases for STA Authentication Failures
- WLAN Authentication FAQs
Troubleshooting: Device Login Faults
- Troubleshooting Guidelines for Device Login Faults
- Device Login FAQs
Troubleshooting: Device Upgrade Faults
- Troubleshooting Guidelines for Device Upgrade Faults
- Troubleshooting Cases for Device Upgrade Failures
  - Case Study: Intelligent Upgrade Fails Because the CA Certificate on the AC Does Not Match That on the HOUP Server
  - Case Study: AP5030DN Upgrade and Mode Switching Are Abnormal Because the AP5030DN Enters the Assistant Package Mode
- Device Upgrade FAQs
Troubleshooting: Device Management Faults
- Troubleshooting Guidelines for Device Management Faults
- Device Management FAQs
Troubleshooting: Reliability Faults
- Troubleshooting Guidelines for Reliability Faults
- Troubleshooting Cases for Reliability Issues
- Reliability FAQs
Troubleshooting: Wireless Bridge Service Faults
- Troubleshooting Guidelines for Wireless Bridge Service Faults
- Wireless Bridge FAQs
Troubleshooting: Radio Management Service Faults
- Troubleshooting Guidelines for Radio Management Service Faults
  - Radio Calibration Does Not Take Effect
  - AI Roaming Does Not Take Effect
- Radio Management FAQs
Troubleshooting: Cloud Management Faults
- Troubleshooting Guidelines for Cloud Management Faults
- Troubleshooting Cases for Cloud Management Faults
  - Case Study: Fit APs Managed by a Cloud AC Fail to Go Online Due to Insufficient License Resources on the Cloud Management Platform
  - Case Study: In a VRRP Backup Scenario, a Loop Occurs on the Network When ACs Connect to the Cloud in PnP Auto-Negotiation Mode
Troubleshooting: CPE Service Faults
- Troubleshooting Guidelines for CPE Service Faults
- Troubleshooting Cases for CPE Service Faults
  - Case Study: When a CPE Roams Repeatedly, Terminals Connected to the CPE Are Intermittently Disconnected
  - Case Study: An Exception Occurs on a CPE Tunnel Due to EoGRE Configuration Changes
- CPE Service FAQs
  - How Can I Know the CPE Connected to a Wired Terminal and Its Uplink AP?
  - How Do I Collect CPE Fault Information by One Click?
Troubleshooting: Others
- Troubleshooting Guidelines for Other WLAN Service Faults
  - User Rate Limiting Does Not Take Effect
- Troubleshooting Cases for Other WLAN Service Issues
  - Case Study: Two STAs Connected to the Same SSID on the Same AP Cannot Communicate with Each Other Because the traffic-optimize bcmc deny all Command Is Executed on the Device
- FAQs About Other WLAN Services
TechNotes
- WLAN Network Optimization
- How an AP Joins an AC and Troubleshooting Any Join Failures
- How to Log In to WLAN ACs and APs
- Troubleshooting WLAN Password Issues
- AP Mode Switching - Overview, Configuration Examples, and Troubleshooting
- TechNotes: Mapping Between WACs and APs
- TechNotes: Wireless Packet Obtaining
- VLAN Deployment Guide for WLAN
- WLAN Performance Test Guide
- How to Configure Option 43 When Huawei APs Are Connected to DHCP Servers of Different Vendors
- Common WLAN Configuration Errors
Appendix: Common Information Collection and Fault Diagnostic Commands
- Information Collection
- Typical Fault Information Collection
- System Maintenance Methods
- Common Fault Diagnostic Commands
Appendix: Indicators
Contacting Huawei Technical Support

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Recovering a Telnet Password

The following table provides the methods that you can use to recover the password of a Telnet or STelnet account.

Table 19-21 Methods to recover the password of a Telnet or STelnet account

No.	Method	Applicable Product	Applicable Version
1	Configuring a New Telnet Password	AC, Fat AP, and cloud AP	AC: V200R001C00 and later versions Fat AP: V200R003C00 and later versions Cloud AP: V200R007C10 and later versions
2	Changing the Password of a Fit AP on an AC	Fit AP	All versions
3	Changing the Password of a Fit AP in the Uboot View	Fit AP	V200R003C00-V200R019C00
4	Recovering the Password for a Fit AP Using the BootLoader	Fit AP	V200R019C10 and later versions
5	Configuring a New Password for a WS6603	WS6603	V100R003
6	Recovering the Password of an AT	AT	V200R005C10 and later versions

For a Fit AP, use method 2 if the AP has successfully connected to an AC and use method 3 or 4 if the AP has not connected to an AC.

Configuring a New Telnet Password
Changing the Password of a Fit AP on an AC
Changing the Password of a Fit AP in the Uboot View
Recovering the Password for a Fit AP Using the BootLoader
Recovering the Password of an AT
Configuring a New Password for a WS6603

Configuring a New Telnet Password

The Telnet or STelnet protocol can be to manage and maintain a device remotely. If the password of a Telnet or STelnet account is lost, use either of the following methods to configure a new password:

Log in to the device using a user account with a higher privilege level (at least level 3) than the previous user account, and configure a new password for the previous user account.
Log in to the device through the console port and configure a new password.

Two authentication modes can be used for Telnet or STelnet login:

AAA mode: Enter a user name and password to log in.
Password mode: Enter only the password to log in.

The following examples configure the same password for VTY user interfaces 0 to 4.

AAA Mode

Create a Telnet user huawei and set its password to huawei@123.

<Huawei> system-view 
[Huawei] telnet server enable 
[Huawei] user-interface vty 0 4 
[Huawei-ui-vty0-4] authentication-mode aaa 
[Huawei-ui-vty0-4] protocol inbound all 
[Huawei-ui-vty0-4] quit 
[Huawei] aaa 
[Huawei-aaa] local-user huawei password cipher huawei@123 
[Huawei-aaa] local-user huawei service-type telnet ssh 
[Huawei-aaa] local-user huawei privilege level 15

After completing the configuration, you can enter the user name huawei and password huawei@123 to log in to the device.

Run the save command to save the configuration so that the new password will not be lost after a system restart.

Password Mode

Set the authentication mode to password authentication and the password to huawei@123 for VTY user interfaces 0 to 4.
Different software versions provide different commands for changing the authentication password:
- V200R002 and earlier versions: set authentication password [ cipher password ]
- V200R003 and later versions: set authentication password cipher
```
<Huawei> system-view 
[Huawei] telnet server enable 
[Huawei] user-interface vty 0 4 
[Huawei-ui-vty0-4] authentication-mode password 
[Huawei-ui-vty0-4] protocol inbound all 
[Huawei-ui-vty0-4] set authentication password cipher 
Enter Password(<6-16>):    //The actual display may be different. 
Confirm Password: 
[Huawei-ui-vty0-4] return
```
After completing the configuration, you can enter password huawei@123 to log in to the device.
Run the save command to save the configuration so that the new password will not be lost after a system restart.

Changing the Password of a Fit AP on an AC

V200R005C10 and Earlier Versions

A Fit AP supports only one local user account, which can be a console, Telnet, or SSH account.

If the password of a Fit AP is lost but the AP has connected to an AC successfully, change the password or recover the default password:

Run the wlan ap username command on the AC to configure a new user name and password, and deliver the configuration to the Fit AP.
Run the undo wlan ap username command on the AC to recover the default user name and password, and deliver the configuration to the Fit AP.

The preceding operations may affect other APs connected to the AC. For example, if configuration needs to be delivered to other APs or new APs connect to the AC, the password configuration delivered from the AC will change the user name and password on these APs.

The following example changes the password of AP1 on an AC6605.

If a WS6603 is used, run the following commands to enter the WLAN view.

WS6603>enable
WS6603#config
WS6603(config)#wlan ac

Change the password of AP1.

<AC6605> system-view
[AC6605] wlan
[AC6605-wlan-view] wlan ap username admin password cipher
Enter the password (plain-text password of 8-32 characters or cipher-text passwo 
rd of 32 or 56 characters):  
Confirm password:  
[AC6605-wlan-view] commit ap 1 //Run the display ap command to obtain the AP ID beforehand. 
Warning: Committing configuration may cause service interruption, continue?[Y/N] 
:y

Recover the default user name and password of AP1.

<AC6605> system-view
[AC6605] wlan
[AC6605-wlan-view] undo wlan ap username
[AC6605-wlan-view] commit ap 1 //Obtain the AP ID beforehand. 
Warning: Committing configuration may cause service interruption, continue?[Y/N] 
:y

V200R006C10 and Later Versions

A Fit AP supports only one local user account, which can be a console, Telnet, or SSH account.

If the password of a Fit AP is lost but the AP has connected to an AC successfully, change the password or recover the default password:

Run the ap username command on the AC to configure a new user name and password, and deliver the configuration to the Fit AP.
Run the undo ap username command on the AC to recover the default user name and password, and deliver the configuration to the Fit AP.

The preceding operations may affect other APs connected to the AC. The AC automatically delivers the modified user name and password to all APs. The delivered configuration takes effect on all APs.

The following example changes the password of an AP on an AC6605.

Change the password of the AP.

<AC6605> system-view
[AC6605] wlan
[AC6605-wlan-view] ap username admin password cipher
Enter the password (plain-text password of 8-32 characters or cipher-text password of 48 or 68 characters):  
Confirm password:

Recover the default user name and password of the AP.

<AC6605> system-view
[AC6605] wlan
[AC6605-wlan-view] undo ap username

Changing the Password of a Fit AP in the Uboot View

A Fit AP supports only one local user account, which can be a console, Telnet, or SSH account. If the password of a Fit AP is lost and the AP has not joined an AC, enter the Uboot view and recover the default user name and password.

You must restart the device to enter the Uboot view, which results in service interruption. Back up service configuration and perform this operation in off-peak hours.
Do not power off the device during the operation.

Use a serial cable to connect a PC to the device and restart the device. When the message "Press f or F to stop Auto-Boot" is displayed, press F and enter the password to enter the Uboot view.
For details on how to connect a PC to the device with a serial cable, see Logging In to a Device Through the Console Port.

The BootROM password may vary in different software versions. For details, see Default User Names and Passwords for WLAN ACs and APs.

Run the defaultuser command to recover the default user name and password.

ar7240> defaultuser 
Start setting whether to Change Password..... 
Current Bootup Change PW is N  
Do you Want To Change The Default password, Y or N : Y 
 
ar7240>

Run the reset command to restart the device.
```
ar7240> reset 
Resetting...
```
The user name and password are recovered when the restart is complete.

Recovering the Password for a Fit AP Using the BootLoader

A Fit AP supports only one local user account, which can be a Bluetooth, Telnet, or SSH user account. If the password of a Fit AP is lost and the AP has not joined an AC, enter the BootLoader and recover the default user name and password.

You must restart the device to enter the BootLoader menu, which results in service interruption. Back up device data and perform this operation during off-peak hours.
Do not power off the device during the operation.

Use the CloudCampus app on the mobile phone to connect to the device through the Bluetooth serial port and restart the device. When the message "Press CTRL+B to enter BOOT menu" is displayed, press Ctrl+B within 3 seconds and enter the BootLoader password to access the BootLoader main menu. Note that you need to configure the password upon your first login to the BootLoader menu.
For details about how to connect to a device through the Bluetooth serial port, see Connecting to an AP Through the Bluetooth Serial Port.
Configure the device to skip the password check through the Bluetooth serial port.
1. Enter the number corresponding to Password manager submenu in the BootLoader main menu to access the password management submenu.
2. Enter the number corresponding to Clear the console login password in the password management submenu to remove the login password of the Bluetooth serial port.
  After you press y, the device automatically restarts.
```
Caution: A new console password must be set after the restart.
Continue now? Yes(y) or No(n): y
Clear Console Lockword Successfully.
```

Run the reset login password command in the diagnostic view to recover the default user name and password. Then log in to the device using the default user name and password and configure a new password of the Bluetooth serial port as prompted.

<Huawei> system-view
[Huawei] diagnose
[Huawei-diagnose] reset login password
Warning: The password used for login through the console port, Telnet, HTTP and SSH will be restored to the factory default. Continue? [Y/N]y
Info: Succeeded in setting password to default password.
Username:admin
Password: //Enter the default password.

Warning: The default password poses security risks. It is recommended that the user name and password of the AP be changed using the 'ap username' command in the WLAN view of the AC. Alternatively, directly change the command here.
Enter the password (plain-text password of 8-128 characters or cipher-text password of 48-188 characters that must contain at least one lowercase letter, one uppercase letter, and one digit):  //Enter a new password.
Confirm New Password:

Recovering the Password of an AT

An AT device supports only one local user account, which can be a console, Telnet, or SSH account. If the password is lost, enter the Uboot view and recover the default user name and password.

You must restart the device to enter the Uboot view, which results in service interruption. Back up service configuration and perform this operation in off-peak hours.
Do not power off the device during the operation.

Use a serial cable to connect a PC to the device and restart the device. When the message "Press f or F to stop Auto-Boot" is displayed, press F and enter the password to enter the Uboot view.
For details on how to connect a PC to the device with a serial cable, see Logging In to a Device Through the Console Port.

The BootROM password may vary in different software versions. For details, see List of Default User Names and Passwords.

Run the defaultuser command to recover the default user name and password.

ar7240> defaultuser
Start setting whether to Change Password.....
Current Bootup Change PW is N 
Do you Want To Change The Default password, Y or N : Y
ar7240>

Run the reset command to restart the device.
```
ar7240> reset
Resetting...
```
After the device restarts, use the default user name and password to log in and set a new user name and password. The following example sets the user name to huawei and password to huawei@123.
```
<AT815SN> system-view
[AT815SN] local-user huawei password cipher
New Password(<8-16>/<56>): 
Confirm Password:
[AT815SN] quit
```
Run the save command to save the configuration so that the new password will not be lost after a system restart.

Configuring a New Password for a WS6603

A super administrator or administrator can change the password of itself or a user with a lower level. When changing the password of a user with a lower level, the super administrator or administrator does not need to enter the old password of this user.

A common user or operator can only change its own password and must enter the old password before setting a new password.

Create a user account operator and set the user level to operator, number of login attempts to 2, and appended information to operator.

WS6603> enable
WS6603# terminal user name
  User Name(length<6,15>):operator
  User Password(length<6,15>): 
  Confirm Password(length<6,15>): 
  User profile name(<=15 chars)[root]: 
  User's Level: 
     1. Common User  2. Operator  3. Administrator:2
  Permitted Reenter Number(0--4):2
  User's Appended Info(<=30 chars):operator
  Adding user succeeds

Use an administrator account to log in to the system, and set the password for the operator user to huawei@123.

WS6603> enable
WS6603# terminal user password
  User Name(length<6,15>):operator
  New Password(length<6,15>): 
  Confirm Password(length<6,15>): 
  Information takes effect

Configuring a New Telnet Password
Changing the Password of a Fit AP on an AC
Changing the Password of a Fit AP in the Uboot View
Recovering the Password for a Fit AP Using the BootLoader
Recovering the Password of an AT
Configuring a New Password for a WS6603

Translation

简体中文

Download

Updated: 2023-12-01

Document ID: EDOC1000060368

Downloads: 6032

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

Configuring a New Telnet Password

AAA Mode

Password Mode

Changing the Password of a Fit AP on an AC

V200R005C10 and Earlier Versions

V200R006C10 and Later Versions

Changing the Password of a Fit AP in the Uboot View

Recovering the Password for a Fit AP Using the BootLoader

Recovering the Password of an AT

Configuring a New Password for a WS6603

Related Version

Related Documents

Digital Signature File