Example for Configuring Switch Login Through the Web System

42 0 0 0

Factory Settings of Web Page Files for S Series Switches

In V200R006 and later versions, the web page file has been integrated in the system software and loaded. For factory settings of web page files in versions earlier than V200R006, see the following tables.

Table 3-3  Factory settings of web page files for fixed switches

Product Model

V100R006C05

V200R001

V200R002

V200R003

V200R005

S2700SI/S2700EI

A web page file is saved in the storage medium, but is not loaded.

-

-

-

-

S2710SI

A web page file is saved in the storage medium, but is not loaded.

-

-

-

-

S2750EI

-

-

-

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded.

S3700SI/S3700EI

A web page file is saved in the storage medium, but is not loaded.

-

-

-

-

S3700HI

-

The storage medium does not contain a web page file.

-

-

-

S5710-C-LI

-

The storage medium does not contain a web page file.

-

-

-

S5700EI/S5700SI

-

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded for the Classics web system, but does not contain a web page file for the EasyOperation web system.

S5700LI/S5700S-LI

-

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

NOTE:The web page file for the S5700-10P-LI needs to be loaded manually.

The system software contains a web page file that is loaded.

S5710EI

-

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded for the Classics web system, but does not contain a web page file for the EasyOperation web system.

S5700HI

-

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded for the Classics web system, but does not contain a web page file for the EasyOperation web system.

S5710HI

-

-

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded for the Classics web system, but does not contain a web page file for the EasyOperation web system.

S6700EI

-

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded for the Classics web system, but does not contain a web page file for the EasyOperation web system.

Table 3-4  Factory settings of web page files for modular switches

Product Model

V200R001

V200R002

V200R003

V200R005

S7700

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded.

S9700

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded.

imgDownload?uuid=11b088faedbd47d7950d333 NOTE:

A hyphen (-) indicates that the version is not available for the model.

Example for Configuring Switch Login Through the Web System (V200R001)

Overview

The web system uses the built-in web server on a switch to provide a GUI through which users can perform switch management and maintenance. Users can log in to the web system from terminals using HTTPS.

Configuration Notes

This example applies to V200R001 of all S series switches.

imgDownload?uuid=11b088faedbd47d7950d333 NOTE:

The following uses the command lines and outputs of the S5700EI running V200R001C00 as an example.

Networking Requirements

As shown in Figure 3-11, a switch functions as the HTTPS server. The user wants to log in to the web system using HTTPS to manage and maintain the switch. The user has obtained the server digital certificate 1_servercert_pem_dsa.pem and private key file 1_serverkey_pem_dsa.pem from the CA.

Figure 3-11  Networking diagram for configuring switch login through the web system 
imgDownload?uuid=b7edbebcfac54d1f9e4fc9a

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a management IP address for remotely transferring files and logging in to the switch through the web system.

  2. Upload the required files to the HTTPS server through FTP, including the web page file, server digital certificate, and private key file.

  3. Load the web page file and digital certificate.

  4. Bind an SSL policy and enable the HTTPS service.

  5. Configure a web user and enter the web system login page.

imgDownload?uuid=092e039de8e64cf7ac26734

FTP is an insecure protocol. Using SFTP V2, SCP, or FTPS is recommended.

Procedure

  1. Obtain the web page file.

    The following methods are available:
    • Obtain the web page file from a Huawei agent.
    • Download the web page file from the Huawei enterprise technical support website (http://support.huawei.com/enterprise). In V200R001, the web page file is named in the format of product name-software version.web page file version.web.zip.

    imgDownload?uuid=11b088faedbd47d7950d333 NOTE:

    Check whether the size of the obtained web page file is the same as the file size displayed on the website. If not, an exception may occur during file download. Download the file again.

  2. Configure a management IP address.

    <HUAWEI> system-view [HUAWEI] sysname HTTPS_Server [HTTPS_Server] vlan 10 [HTTPS_Server-vlan10] interface vlanif 10   //Configure VLANIF 10 as the management interface. [HTTPS_Server-Vlanif10] ip address 192.168.0.1 24   //Configure the IP address and deploy the route based on the network plan to ensure reachability between the PC and switch. [HTTPS_Server-Vlanif10] quit [HTTPS_Server] interface gigabitethernet 0/0/10   //In this example, GE0/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements. [HTTPS_Server-GigabitEthernet0/0/10] port link-type access   //Set the interface type to access. [HTTPS_Server-GigabitEthernet0/0/10] port default vlan 10   //Add the interface to VLAN 10. [HTTPS_Server-GigabitEthernet0/0/10] quit

  3. Upload the web page file and digital certificate to the HTTPS server through FTP.

    # Configure VTY user interfaces on the HTTPS server.

    [HTTPS_Server] user-interface vty 0 14   //Enter VTY user interfaces 0 to 14. [HTTPS_Server-ui-vty0-14] authentication-mode aaa   //Set the authentication mode of users in VTY user interfaces 0 to 14 to AAA. [HTTPS_Server-ui-vty0-14] quit

    # Configure the FTP function for the switch and information about an FTP user, including the password, user level, service type, and authorized directory.

    [HTTPS_Server] ftp server enable   //Enable the FTP server function. [HTTPS_Server] aaa [HTTPS_Server-aaa] local-user client001 password cipher Helloworld@6789   //Set the login password to Helloworld@6789. [HTTPS_Server-aaa] local-user client001 privilege level 15   //Set the user level to 15. [HTTPS_Server-aaa] local-user client001 service-type ftp   //Set the user service type to FTP. [HTTPS_Server-aaa] local-user client001 ftp-directory flash:/   //Set the FTP authorized directory to flash:/. [HTTPS_Server-aaa] quit [HTTPS_Server] quit

    # Log in to the HTTPS server from the PC through FTP and upload the web page file and digital certificate to the HTTPS server.

    Connect the PC to the switch using FTP. Enter the user name client001 and password Helloworld@6789 and set the file transfer mode to binary.

    The following example assumes that the PC runs the Windows XP operating system.

    C:\Documents and Settings\Administrator> ftp 192.168.0.1 Connected to 192.168.0.1. 220 FTP service ready. User (192.168.0.1:(none)): client001 331 Password required for client001. Password: 230 User logged in. ftp> binary   //Set the file transfer mode to binary. By default, files are transferred in ASCII mode. 200 Type set to I. ftp>

    Upload the web page file and digital certificate to the HTTPS server from the PC.

    ftp> put web.zip    //Upload the web page file. The web.zip file is used as an example here. 200 Port command okay. 150 Opening BINARY mode data connection for web.zip 226 Transfer complete. ftp: 1308478 bytes sent in 11 Seconds 4.6Kbytes/sec.
    ftp> put 1_servercert_pem_dsa.pem 200 Port command okay. 150 Opening BINARY mode data connection for 1_servercert_pem_dsa.pem 226 Transfer complete. ftp: 1302 bytes sent in 2 Seconds 4.6Kbytes/sec.
    ftp> put 1_serverkey_pem_dsa.pem 200 Port command okay. 150 Opening BINARY mode data connection for 1_serverkey_pem_dsa.pem 226 Transfer complete. ftp: 951 bytes sent in 1 Second 4.6Kbytes/sec.
    # Run the dir command on the Switch to check whether the web page file and digital certificate exist in the current storage directory.imgDownload?uuid=11b088faedbd47d7950d333 NOTE:

    If the sizes of the web page file and digital certificate in the current storage directory on the switch is different from those on the PC, an exception may occur during file transfer. Upload the files again.

    # Create the subdirectory security on the HTTPS server and copy the digital certificate and private key file to the subdirectory.

    <HTTPS_Server> mkdir security <HTTPS_Server> copy 1_servercert_pem_dsa.pem security Copy flash:/1_servercert_pem_dsa.pem to flash:/security/1_servercert_pem_dsa.pem?[Y/N]:y 100%  complete Info: Copied file flash:/1_servercert_pem_dsa.pem to flash:/security/1_servercert_pem_dsa.pem...Done.  <HTTPS_Server> copy 1_serverkey_pem_dsa.pem security Copy flash:/1_serverkey_pem_dsa.pem to flash:/security/1_serverkey_pem_dsa.pem?[Y/N]:y 100%  complete Info: Copied file flash:/1_serverkey_pem_dsa.pem to flash:/security/1_serverkey_pem_dsa.pem...Done.

    # Run the dir command in the security subdirectory to check the digital certificate.

    <HTTPS_Server> cd security <HTTPS_Server> dir Directory of flash:/security/   Idx  Attr     Size(Byte)  Date        Time       FileName     0  -rw-          1,200  Sep 26 2013 22:35:37   1_servercert_pem_dsa.pem     1  -rw-            736  Sep 26 2013 22:36:11   1_serverkey_pem_dsa.pem 30,008 KB total (348 KB free)

  4. Load the web page file and digital certificate.

    # Load the web page file.

    <HTTPS_Server> system-view [HTTPS_Server] http server load web.zip

    # Create an SSL policy and load the PEM digital certificate.

    [HTTPS_Server] ssl policy http_server [HTTPS_Server-ssl-policy-http_server] certificate load pem-cert 1_servercert_pem_dsa.pem key-pair dsa key-file 1_serverkey_pem_dsa.pem auth-code 123456 [HTTPS_Server-ssl-policy-http_server] quit

    # After the preceding configurations are complete, run the display ssl policy command on the HTTPS server to check detailed information about the loaded digital certificate.

    [HTTPS_Server] display ssl policy        SSL Policy Name: http_server      Policy Applicants:           Key-pair Type: DSA  Certificate File Type: PEM       Certificate Type: certificate   Certificate Filename: 1_servercert_pem_dsa.pem      Key-file Filename: 1_serverkey_pem_dsa.pem              Auth-code: 123456                    MAC:               CRL File:        Trusted-CA File: 

  5. Bind an SSL policy and enable the HTTPS service.

    imgDownload?uuid=11b088faedbd47d7950d333 NOTE:

    Disable the HTTP service before enabling the HTTPS service.

    [HTTPS_Server] undo http server enable   //Disable the HTTP service. [HTTPS_Server] http secure-server ssl-policy http_server   //Bind an SSL policy named http_server to the HTTP server. [HTTPS_Server] http secure-server enable   //Enable the HTTPS service.

  6. Configure a web user and enter the web system login page.

    # Configure a web user.

    [HTTPS_Server] aaa [HTTPS_Server-aaa] local-user admin password cipher Helloworld@6789   //Create a local user named admin and set its password to Helloworld@6789. [HTTPS_Server-aaa] local-user admin privilege level 15   //Set the user level to 15. [HTTPS_Server-aaa] local-user admin service-type http   //Set the access type to http, that is, web user. [HTTPS_Server-aaa] quit

    # Enter the web system login page.

    Open the web browser on the PC, type https://192.168.0.1 in the address box, and press Enter. The web system login page is displayed, as shown in Figure 3-12.

    You can log in to the web system using the Internet Explorer (6.0 or 8.0) or Firefox (3.5) browsers. If the browser version or browser patch version is not within the preceding ranges, the web page may be displayed incorrectly. Additionally, the web browser used to log in to the web system must support JavaScript.

    Enter the user name, password, and verification code. Click Login. The web system home page is displayed.

    Figure 3-12  Web system login page 
    imgDownload?uuid=17fbf7465d0b4688bf3f945

  7. Verify the configuration.

    Log in to the switch through the web system. The login succeeds.

    Run the display http server command to view the SSL policy name and the HTTPS server status.

    [HTTPS_Server] display http server    HTTP Server Status              : disabled    HTTP Server Port                : 80(80)    HTTP Timeout Interval           : 20    Current Online Users            : 0    Maximum Users Allowed           : 5    HTTP Secure-server Status       : enabled    HTTP Secure-server Port         : 443(443)    HTTP SSL Policy                 : http_server

Configuration Files

HTTPS_Server configuration file

# sysname HTTPS_Server # FTP server enable # vlan batch 10 # undo http server enable http server load web.zip http secure-server ssl-policy http_server http secure-server enable # aaa  local-user admin password cipher %$%$_h,hW_!nJ!2gXkH9v$X)+,#w%$%$   local-user admin privilege level 15  local-user admin service-type http  local-user client001 password cipher %$%$jD,QKAhe{Yd9kD9Fqi#I+QH~%$%$  local-user client001 privilege level 15  local-user client001 ftp-directory flash:/  local-user client001 service-type ftp # interface Vlanif10  ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet0/0/10  port link-type access  port default vlan 10 #  user-interface vty 0 14  authentication-mode aaa # ssl policy http_server  certificate load pem-cert 1_servercert_pem_dsa.pem key-pair dsa key-file 1_serverkey_pem_dsa.pem auth-code 123456 # return

Example for Configuring Switch Login Through the Web System (V100R006C05&V200R002&V200R003)

Overview

The web system uses the built-in web server on a switch to provide a GUI through which users can perform switch management and maintenance. Users can log in to the web system from terminals using HTTPS.

Configuration Notes

This example applies to V100R006C05, V200R002, and V200R003 of all S series switches.

imgDownload?uuid=11b088faedbd47d7950d333 NOTE:

The following uses the command lines and outputs of the S5700EI running V200R002C00 as an example.

Networking Requirements

As shown in Figure 3-13, a switch functions as the HTTPS server. The user wants to log in to the web system using HTTPS to manage and maintain the switch.

Figure 3-13  Networking diagram for configuring switch login through the web system 
imgDownload?uuid=b7edbebcfac54d1f9e4fc9a

Configuration Roadmap

The configuration roadmap is as follows:

imgDownload?uuid=11b088faedbd47d7950d333 NOTE:

The web page file is delivered with a switch. For all switches in V100R006C05&V200R002 and S5700-10P-LI switches in V200R003C00, you need to load the web page file. Fixed switches excluding S5700-10P-LI in V200R003 have loaded the web page file before delivery. Step 2 can be skipped.

A switch provides a default SSL policy and has a randomly generated self-signed digital certificate in the web page file. If the default SSL policy and self-signed digital certificate can meet security requirements, you do not need to upload a digital certificate or manually configure an SSL policy, simplifying configuration. The following configuration uses the default SSL policy provided by the switch as an example.

  1. Configure a management IP address for logging in to the switch through the web system.

  2. Load the web page file.

  3. Configure a web user and enter the web system login page.

Procedure

  1. Configure a management IP address.

    <HUAWEI> system-view [HUAWEI] sysname HTTPS_Server [HTTPS_Server] vlan 10 [HTTPS_Server-vlan10] interface vlanif 10    //Configure VLANIF 10 as the management interface. [HTTPS_Server-Vlanif10] ip address 192.168.0.1 24    //Configure the IP address and deploy the route based on the network plan to ensure reachability between the PC and switch. [HTTPS_Server-Vlanif10] quit [HTTPS_Server] interface gigabitethernet 1/0/10    //In this example, GE1/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements. [HTTPS_Server-GigabitEthernet1/0/10] port link-type access    //Set the interface type to access. [HTTPS_Server-GigabitEthernet1/0/10] port default vlan 10    //Add the interface to VLAN 10. [HTTPS_Server-GigabitEthernet1/0/10] quit

  2. Load the web page file.

    imgDownload?uuid=11b088faedbd47d7950d333 NOTE:
    • Run the dir command to view the name of the web page file carried by the switch.

    • In V100R006C05, the web page file is named in the format of product name-software version.web page file version.web.zip. In V200R002 and V200R003, the web page file is named in the format of product name-software version.web page file version.web.7z.

    [HTTPS_Server] http server load web.7z    //Upload the web page file. The web.7z file is used as an example here.

  3. Enable the HTTPS service.

    [HTTPS_Server] http secure-server enable    //The HTTPS service is enabled by default and does not require manual configuration. If the HTTPS service is manually disabled, run this command to enable it.

  4. Configure a web user and enter the web system login page.

    # Configure a web user.

    [HTTPS_Server] aaa [HTTPS_Server-aaa] local-user admin password cipher Helloworld@6789   //Create a local user named admin and set its password to Helloworld@6789. [HTTPS_Server-aaa] local-user admin privilege level 15   //Set the user level to 15. [HTTPS_Server-aaa] local-user admin service-type http   //Set the access type to http, that is, web user. [HTTPS_Server-aaa] quit

    # Enter the web system login page.

    Open the web browser on the PC, type https://192.168.0.1 in the address box, and press Enter. The web system login page is displayed, as shown in Figure 3-14.

    You can use the Internet Explorer (6.0 – 9.0), Firefox (3.5 – 17.0) browsers to log in to the web system for V100R006C05, use the Internet Explorer (8.0), Firefox (3.6) browsers to log in to the web system for V200R001C00, use the Internet Explorer (6.0 – 9.0), Firefox (3.5 – 17.0) browsers to log in to the web system for V2100R003C00. If the browser version or browser patch version is not within the preceding ranges, the web page may be displayed incorrectly. Additionally, the web browser used to log in to the web system must support JavaScript.

    Enter the user name, password, and verification code. Click Login. The web system home page is displayed.

    Figure 3-14  Web system login page 
    imgDownload?uuid=637bb14b8d454c35aa4f024

  5. Verify the configuration.

    Log in to the switch through the web system. The login succeeds.

    Run the display http server command to view the status of the HTTPS server.

    [HTTPS_Server] display http server    HTTP Server Status              : enabled    HTTP Server Port                : 80(80)    HTTP Timeout Interval           : 20    Current Online Users            : 0    Maximum Users Allowed           : 5    HTTP Secure-server Status       : enabled    HTTP Secure-server Port         : 443(443)    HTTP SSL Policy                 : Default

Configuration Files

HTTPS_Server configuration file

# sysname HTTPS_Server # vlan batch 10 # http server load web.7z # aaa  local-user admin password cipher %$%$+8;_RIkI680;]{;b/Vo&T/l>%$%$   local-user admin privilege level 15  local-user admin service-type http # interface Vlanif10  ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet1/0/10  port link-type access  port default vlan 10 # return

Example for Configuring Switch Login Through the Web System (V200R005)

Overview

The web system uses the built-in web server on a switch to provide a GUI through which users can perform switch management and maintenance. Users can log in to the web system from terminals using HTTPS.

The web system is available in EasyOperation and Classics versions.

  • The EasyOperation version provides rich graphics and a more user-friendly UI on which users can perform monitoring, configuration, maintenance, and other network operations.
  • The Classics version inherits the web page style of Huawei switches and provides comprehensive configuration and management functions.

Configuration Notes

This example applies to V200R005 of all S series switches.

imgDownload?uuid=11b088faedbd47d7950d333 NOTE:

The following uses the command lines and outputs of the S5700HI running V200R005 as an example.

Networking Requirements

As shown in Figure 3-15, a switch functions as the HTTPS server. The user wants to log in to the web system using HTTPS to manage and maintain the switch.

Figure 3-15  Networking diagram for configuring switch login through the web system 
imgDownload?uuid=b7edbebcfac54d1f9e4fc9a

Configuration Roadmap

imgDownload?uuid=11b088faedbd47d7950d333 NOTE:

A switch provides a default SSL policy and has a randomly generated self-signed digital certificate in the web page file. If the default SSL policy and self-signed digital certificate can meet security requirements, you do not need to upload a digital certificate or manually configure an SSL policy, simplifying configuration. The following configuration uses the default SSL policy provided by the switch as an example.

The system software of the following switch models in V200R005 has integrated and loaded the web page file (including the EasyOperation and Classics editions). You only need to configure a web user and enter the web system login page.

  • Modular switch: all models
  • Fixed switch: S2750, S5700LI, S5700S-LI

The Classics web page file has been loaded on the S5700SI, S5700EI, S5710EI, S5700HI, S5710HI, and S6700EI in V200R005, and has been loaded. To use the Classics web system, you only need to configure a web user and enter the web system login page. To use the EasyOperation web system, perform the configuration based on the following roadmap:

  1. Configure a management IP address for remotely transferring files and logging in to the switch through the web system.

  2. Upload the web page file to the HTTPS server through FTP.

  3. Load the web page file.

  4. Configure a web user and enter the web system login page.

imgDownload?uuid=092e039de8e64cf7ac26734

FTP is an insecure protocol. Using SFTP V2, SCP, or FTPS is recommended.

Procedure

  1. Obtain the web page file.

    The following methods are available:
    • Obtain the web page file from a Huawei agent.
    • Download the web page file from the Huawei enterprise technical support website (http://support.huawei.com/enterprise).
      • For a fixed switch, download the system software containing the web page file.

      • For a modular switch, download the web page file.

      • In V200R005, the web page file is named in the format of product name-software version.web page file version.web.7z.
    imgDownload?uuid=11b088faedbd47d7950d333 NOTE:

    Check whether the size of the obtained web page file is the same as the file size displayed on the website. If not, an exception may occur during file download. Download the file again.

  2. Configure a management IP address.

    <HUAWEI> system-view [HUAWEI] sysname HTTPS_Server [HTTPS_Server] vlan 10 [HTTPS_Server-vlan10] interface vlanif 10   //Configure VLANIF 10 as the management interface. [HTTPS_Server-Vlanif10] ip address 192.168.0.1 24   //Configure the IP address and deploy the route based on the network plan to ensure reachability between the PC and switch. [HTTPS_Server-Vlanif10] quit [HTTPS_Server] interface gigabitethernet 0/0/10   //In this example, GE0/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements. [HTTPS_Server-GigabitEthernet0/0/10] port link-type access   //Set the interface type to access. [HTTPS_Server-GigabitEthernet0/0/10] port default vlan 10   //Add the interface to VLAN 10. [HTTPS_Server-GigabitEthernet0/0/10] quit

  3. Upload the web page file to the HTTPS server through FTP.

    # Configure VTY user interfaces on the HTTPS server.

    [HTTPS_Server] user-interface vty 0 14   //Enter VTY user interfaces 0 to 14. [HTTPS_Server-ui-vty0-14] authentication-mode aaa   //Set the authentication mode of users in VTY user interfaces 0 to 14 to AAA. [HTTPS_Server-ui-vty0-14] quit

    # Configure the FTP function for the switch and information about an FTP user, including the password, user level, service type, and authorized directory.

    [HTTPS_Server] ftp server enable   //Enable the FTP server function. [HTTPS_Server] aaa [HTTPS_Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789   //Set the login password to Helloworld@6789. [HTTPS_Server-aaa] local-user client001 privilege level 15   //Set the user level to 15. [HTTPS_Server-aaa] local-user client001 service-type ftp   //Set the user service type to FTP. [HTTPS_Server-aaa] local-user client001 ftp-directory flash:/   //Set the FTP authorized directory to flash:/. [HTTPS_Server-aaa] quit

    # Log in to the HTTPS server from the PC through FTP and upload the web page file to the HTTPS server.

    Connect the PC to the switch using FTP. Enter the user name client001 and password Helloworld@6789 and set the file transfer mode to binary.

    The following example assumes that the PC runs the Windows XP operating system.

    C:\Documents and Settings\Administrator> ftp 192.168.0.1 Connected to 192.168.0.1. 220 FTP service ready. User (192.168.0.1:(none)): client001 331 Password required for client001. Password: 230 User logged in. ftp> binary   //Set the file transfer mode to binary. By default, files are transferred in ASCII mode. 200 Type set to I. ftp>

    Upload the web page file to the HTTPS server from the PC.

    ftp> put web.7z    //Upload the web page file. The web.7z file is used as an example here. 200 Port command okay. 150 Opening BINARY mode data connection for web.zip 226 Transfer complete. ftp: 1308478 bytes sent in 11 Seconds 4.6Kbytes/sec.
    imgDownload?uuid=11b088faedbd47d7950d333 NOTE:

    If the size of the web page file in the current directory on the switch is different from that on the PC, an exception may occur during file transfer. Upload the web page file again.

  4. Load the web page file.

    # Load the web page file.

    [HTTPS_Server] http server load web.7z    //Load the web page file.

  5. Enable the HTTPS service.

    [HTTPS_Server] http secure-server enable    //The HTTPS service is enabled by default and does not require manual configuration. If the HTTPS service is manually disabled, run this command to enable it.

  6. Configure a web user and enter the web system login page.

    # Configure a web user.

    [HTTPS_Server] aaa [HTTPS_Server-aaa] local-user admin password irreversible-cipher Helloworld@6789    //Set the login password to Helloworld@6789. [HTTPS_Server-aaa] local-user admin privilege level 15    //Set the user level to 15. [HTTPS_Server-aaa] local-user admin service-type http    //Set the user service type to HTTP. [HTTPS_Server-aaa] quit

    # Enter the web system login page.

    Open the web browser on the PC, type https://192.168.0.1 in the address box, and press Enter. The web system login page is displayed, as shown in Figure 3-16.

    In V200R005C00&C01&C02 version, You can log in to the web system using the Internet Explorer 8.0 to Internet Explorer 10.0, Firefox12.0 to Firefox26.0, or Google Chrome 23.0 to Google Chrome 32.0 browsers. If the browser version does not meet the preceding version requirements, the web page may be displayed abnormally. The web browser is required to support Javascript.

    In V200R005C03 version, You can log in to the web system using the Internet Explorer 10.0 to Internet Explorer 11.0, Firefox35.0 to Firefox41.0, or Google Chrome 34.0 to Google Chrome 45.0 browsers. If the browser version does not meet the preceding version requirements, the web page may be displayed abnormally. The web browser is required to support Javascript.

    Enter the web user name admin and password Helloworld@6789, and click GO or press Enter. The web system home page is displayed. The EasyOperation web system is logged in by default.

    Figure 3-16  Web system login page 
    imgDownload?uuid=2bdf9f894fe44f23aad4f58

  7. Verify the configuration.

    Log in to the switch through the web system. The login succeeds.

    Run the display http server command to view the status of the HTTPS server.

    [HTTPS_Server] display http server    HTTP Server Status              : enabled    HTTP Server Port                : 80(80)    HTTP Timeout Interval           : 20    Current Online Users            : 0    Maximum Users Allowed           : 5    HTTP Secure-server Status       : enabled    HTTP Secure-server Port         : 443(443)    HTTP SSL Policy                 : Default    HTTP IPv6 Server Status         : disabled    HTTP IPv6 Server Port           : 80(80)    HTTP IPv6 Secure-server Status  : disabled    HTTP IPv6 Secure-server Port    : 443(443) 

Configuration Files

HTTPS_Server configuration file

# sysname HTTPS_Server # FTP server enable # vlan batch 10 # http server load web.7z # aaa  local-user admin password irreversible-cipher %@%@wU:(2j8~r8Htyu3.]',NwU`Td[-A9~9"%4Kvhm'0RV[/U`Ww%@%@  local-user admin privilege level 15  local-user admin service-type http  local-user client001 password irreversible-cipher %@%@5d~9:M^ipCfL\iB)EQd>,,ajwsi[\ad,saejin[qndi83Uwe%@%@  local-user client001 privilege level 15  local-user client001 ftp-directory flash:/  local-user client001 service-type ftp # interface Vlanif10  ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet1/0/10  port link-type access  port default vlan 10 # user-interface vty 0 14  authentication-mode aaa # return

Related Content

Videos

Log In to a Switch Using the Web System.

Configure a Switch Using the Web System.

Example for Configuring Switch Login Through the Web System (V200R006 and later versions)

Overview

The web system uses the built-in web server on a switch to provide a GUI through which users can perform switch management and maintenance. Users can log in to the web system from terminals using HTTPS.

The web system is available in EasyOperation and Classics versions.

  • The EasyOperation version provides rich graphics and a more user-friendly UI on which users can perform monitoring, configuration, maintenance, and other network operations.
  • The Classics version inherits the web page style of Huawei switches and provides comprehensive configuration and management functions.

imgDownload?uuid=11b088faedbd47d7950d333 NOTE:

In V200R011C10 and later versions, the Classics version is not supported.

Configuration Notes

This example applies to V200R006 and later versions of all S series switches.

imgDownload?uuid=11b088faedbd47d7950d333 NOTE:

The following uses the command lines and outputs of the S5720EI running V200R008C00 as an example.

Networking Requirements

As shown in Figure 3-17, a switch functions as the HTTPS server. The user wants to log in to the web system using HTTPS to manage and maintain the switch.

Figure 3-17  Networking diagram for configuring switch login through the web system 
imgDownload?uuid=b7edbebcfac54d1f9e4fc9a

Configuration Roadmap

The configuration roadmap is as follows:

  • The system software of the switch has integrated and loaded the web page file. No manual configuration is required.

  • A switch provides a default SSL policy and has a randomly generated self-signed digital certificate in the web page file. If the default SSL policy and self-signed digital certificate can meet security requirements, you do not need to upload a digital certificate or manually configure an SSL policy, simplifying configuration. The following configuration uses the default SSL policy provided by the switch as an example.

  • Configure a management IP address for logging in to the switch through the web system.

  • Configure a web user and enter the web system login page.

Procedure

  1. Configure a management IP address.

    <HUAWEI> system-view [HUAWEI] sysname HTTPS_Server [HTTPS_Server] vlan 10 [HTTPS_Server-vlan10] interface vlanif 10    //Configure VLANIF 10 as the management interface. [HTTPS_Server-Vlanif10] ip address 192.168.0.1 24    //Configure the IP address and deploy the route based on the network plan to ensure reachability between the PC and switch. [HTTPS_Server-Vlanif10] quit [HTTPS_Server] interface gigabitethernet 1/0/10    //In this example, GE1/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements. [HTTPS_Server-GigabitEthernet1/0/10] port link-type access    //Set the interface type to access. [HTTPS_Server-GigabitEthernet1/0/10] port default vlan 10    //Add the interface to VLAN 10. [HTTPS_Server-GigabitEthernet1/0/10] quit

  2. Enable the HTTPS service.

    [HTTPS_Server] http secure-server enable    //The HTTPS service is enabled by default and does not require manual configuration. If the HTTPS service is manually disabled, run this command to enable it.

  3. Configure a web user and enter the web system login page.

    # Configure a web user.

    [HTTPS_Server] aaa [HTTPS_Server-aaa] local-user admin password irreversible-cipher Helloworld@6789    //Set the login password to Helloworld@6789. [HTTPS_Server-aaa] local-user admin privilege level 15    //Set the user level to 15. [HTTPS_Server-aaa] local-user admin service-type http    //Set the user service type to HTTP. [HTTPS_Server-aaa] quit

    # Enter the web system login page.

    Open the web browser on the PC, type https://192.168.0.1 in the address box, and press Enter. The web system login page is displayed, as shown in Figure 3-18.

    Table 3-5 lists browser versions required for login to a switch through the web system. If the browser version or browser patch version is not within the preceding ranges, the web page may not be properly displayed. Upgrade the browser and browser patch. In addition, the browser must support JavaScript.

    Enter the web user name admin and password Helloworld@6789, and click GO or press Enter. The web system home page is displayed. The EasyOperation web system is logged in by default.

    Table 3-5  Mapping between the product version and browser version
    Product VersionBrowser Version for EasyOperation Web SystemBrowser Version for Classic Web System
    V200R006Internet Explorer 8.0 to 11.0, Firefox 12.0 to 28.0, or Google Chrome 23.0 to 34.0Internet Explorer 8.0 to 11.0, or Firefox 12.0 to 28.0
    V200R007Internet Explorer 8.0 to 11.0, Firefox 12.0 to 32.0, or Google Chrome 23.0 to 37.0Internet Explorer 8.0 to 11.0, or Firefox 12.0 to 32.0
    V200R008Internet Explorer 10.0, Internet Explorer 11.0, Firefox 31.0 to 35.0, or Google Chrome 30.0 to 39.0Internet Explorer 10.0, Internet Explorer 11.0, or Firefox 31.0 to 35.0
    V200R009Internet Explorer 10.0, Internet Explorer 11.0, Firefox 35.0 to 45.0, or Google Chrome 34.0 to 49.0Internet Explorer 10.0, Internet Explorer 11.0, or Firefox 35.0 to 45.0
    V200R010Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 39.0 to 49.0, or Google Chrome 39.0 to 54.0Internet Explorer 10.0, Internet Explorer 11.0, or Firefox 39.0 to 49.0
    V200R011C00Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 46.0 to 50.0, or Google Chrome 39.0 to 54.0Internet Explorer 10.0, Internet Explorer 11.0, or Firefox 46.0 to 50.0
    V200R011C10Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 53.0 to 59.0, or Google Chrome 54.0 to 66.0
    V200R012(C00&C20)Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 53.0 to 59.0, or Google Chrome 54.0 to 66.0
    V200R013C00Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 58.0 to 62.0, or Google Chrome 60.0 to 69.0
    Figure 3-18  Web system login page 
    imgDownload?uuid=2bdf9f894fe44f23aad4f58

  4. Verify the configuration.

    Log in to the switch through the web system. The login succeeds.

    Run the display http server command to view the status of the HTTPS server.

    [HTTPS_Server] display http server    HTTP Server Status              : enabled    HTTP Server Port                : 80(80)    HTTP Timeout Interval           : 20    Current Online Users            : 0    Maximum Users Allowed           : 5    HTTP Secure-server Status       : enabled    HTTP Secure-server Port         : 443(443)    HTTP SSL Policy                 : Default    HTTP IPv6 Server Status         : disabled    HTTP IPv6 Server Port           : 80(80)    HTTP IPv6 Secure-server Status  : disabled    HTTP IPv6 Secure-server Port    : 443(443)    HTTP server source address      : 0.0.0.0

Configuration Files

HTTPS_Server configuration file

# sysname HTTPS_Server # vlan batch 10 # aaa  local-user admin password irreversible-cipher %#%#wU:(2j8~r8Htyu3.]',NwU`Td[-A9~9"%4Kvhm'0RV[/U`Ww%#%#  local-user admin privilege level 15  local-user admin service-type http # interface Vlanif10  ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet1/0/10  port link-type access  port default vlan 10 # return

See more please click 

https://support.huawei.com/enterprise/en/doc/EDOC1000069520/9aadccc0/comprehensive-configuration-examples


  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login