Context
- When the device uploads a new system software package, the system software package contains the web system file. After the HTTP service is enabled using the http server enable command or the HTTPS service is enabled using the http secure-server enable command, the device decompresses the web system file web.zip into the memory. You must perform operations of Logging In to the Device Through the Console Port and Setting the Management IP Address of the Device.
- The device uploads the web system file using FTP. You must perform operations of Logging In to the Device Through the Console Port, Setting the Management IP Address of the Device, Uploading the Web System File, and Loading the Web System File in sequence.
- 3.1 Web Platform Overview
- 3.2 Logging In to the Device Through the Console Port
- 3.3 Configuring an IP Address for Web Platform Login
- 3.4 (Optional) Uploading the Web System File Through FTP
- 3.5 (Optional) Loading the Web System File
- 3.6 (Optional) Creating User Accounts for the Web Platform
- 3.7 (Optional) Configuring an HTTPS Server
3.1 Web Platform Overview
To help users to manage and maintain the access controller, the access controller provides a built-in web server to enable a connected terminal (for example, a PC) to access the web platform.
Figure 3-1 shows the running environment of the web platform.
NOTE:The preceding figure shows the networking when a user completes initial configurations through the console port. It is for reference only.
3.2 Logging In to the Device Through the Console Port
Context
To establish a local configuration environment through the Console port, you can connect your PC to the access controller using the Windows HyperTerminal.
NOTE:Procedure
- Use the Console cable to connect the PC's COM port to the access controller's Console port.
- Start the HyperTerminal on the PC.
This document takes Windows XP as example. Choose . The HyperTerminal is displayed.
- Create a connection.
In the Name text box shown in Figure 3-2, enter the connection name, select an icon, and click OK.
- Select a connection port.
In the Connect To window shown in Figure 3-3, select a connection port from the Connect using drop-down list box, and click OK.
- Set the communication parameters.
After the COM1 Properties window is displayed as shown in Figure 3-4, set parameters to values set on the access controller.
In the COM1 Properties window shown in Figure 3-4, set the communication parameters to the default parameter values on the access controller.
NOTE:On other Windows operating systems, Bits per second may be described as Baud rate, and Flow control as Traffic control. - Start the HyperTerminal and choose . The window for connection properties is displayed, as shown in Figure 3-5. Click the Settings tab, select Auto detect or VT100 from the Emulation drop-down list box.
Input the login password, and press Enter. If the <AC6605> prompt is displayed, you have logged in to the access controller.
3.3 Configuring an IP Address for Web Platform Login
Procedure
- Run the system-view command to enter the system view.
- Run the vlan vlan-id command to create a VLAN and enter the VLAN view.
- Run the quit command to return to the system view.
- Run the interface vlanif vlanif-id command to create a VLANIF interface and enter the VLANIF interface view.
- Run the ip address ip-address { mask | mask-length } [ sub ] command to configure an IP address for the VLANIF interface.
- Run the quit command to return to the system view.
- Run the interface interface-type interface-number command to enter the interface view.
- Run the port link-type trunk command to configure the link type for the interface.
- Run the port trunk allow-pass vlan vlan-id command to add the interface to the VLAN created in step 2.
For example, set the management IP address of GE0/0/0 to 192.168.200.161 and mask length to 24.
<AC6605> system-view [AC6605] vlan 10 [AC6605-vlan10] quit [AC6605] interface Vlanif 10 [AC6605-Vlanif10] ip address 192.168.200.161 24 [AC6605-Vlanif10] quit [AC6605] interface gigabitethernet 0/0/1 [AC6605-GigabitEthernet0/0/1] port link-type trunk [AC6605-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 [AC6605-GigabitEthernet0/0/1] quit
NOTE:MEth0/0/1 is the management port of the AC6605. If you expect to use the IP address of MEth0/0/1 to log in to the web platform, run the following commands to configure the IP address:Run the system-view command to enter the system view.
Run the interface MEth 0/0/1 command to enter the view of MEth0/0/1.
Run the ip address ip-address { mask | mask-length } [ sub ] command to configure an IP address for MEth0/0/1.
3.4 (Optional) Uploading the Web System File Through FTP
Context
Ensure that the route between the access controller and the FTP server is reachable. If the new software package that contains the web system file has been uploaded to the access controller, you do not need to upload the web system file again.
NOTE:The FTP protocol will bring risk to device security. The SFTP V2 mode is recommended.
Procedure
- Run the system-view command to enter the system view.
- Run the ftp server enable command to start the FTP server.
- Run the aaa command to enter the AAA view.
- Run the local-user user-name password irreversible-cipher password command to set the local user name and password.
- Run the local-user User name service-type ftp command to set the service type of the local user to FTP.
- Run the local-user User name ftp-directory directory command to set the FTP directory.
- Run the local-user user-name privilege level level command to set the local user level. NOTE:
The local user level must be set to 3 or higher. Otherwise, users cannot log in to the device through FTP.
- On the FTP server, choose . The command-line interface (CLI) is displayed.
- Access the directory that stores the web system file, for example, D:\ftp.
- Run the ftp IP address command to log in to the access controller using FTP.
In the preceding command, IP address indicates the management IP address of the access controller.
Enter the user name and password, and press Enter. If the command prompt in the FTP client view is displayed, for example, ftp>, you have accessed the FTP directory, as shown in Figure 3-6. - Run the binary command to enter the binary mode. NOTE:
The FTP supports the following transmission modes:
ASCII: Text files are transmitted using ASCII characters, separated by a new-line character.
Binary: Binary files are transmitted directly.
The default transmission mode is ASCII, but the binary mode is recommended here. You can run the ascii or binarycommand to switch between the two modes.
- Run the put **.zip command to upload the web system file from the FTP server to the access controller. In the preceding command, **.zip indicates the name of the web system file, as shown in Figure 3-7.
- On the access controller, run the dir command to check whether the web system file exists in the current directory. NOTE:
If the size of the web system file on the access controller is different from that on the FTP file server, a transmission exception may occur. Upload the web system file again.
3.5 (Optional) Loading the Web System File
Context
Before loading the web system file, ensure that the file has been uploaded to the access controller. The web system file is in .zip format. If the router has loaded the new software package that contains the web system file, you can simply enable the HTTP service and do not need to load the web system file again.
Procedure
- Run the system-view command to enter the system view.
- Run the http server load file-name command to load the web system file.
By default, the device loads the default web file contained in the system software when the HTTP service is enabled.
- Run the http server enable command to enable the HTTP service.
By default, the HTTP server is enabled.
3.6 (Optional) Creating User Accounts for the Web Platform
Procedure
- Run the system-view command to enter the system view.
- Run the aaa command to enter the AAA view.
- Run the local-user user-name password irreversible-cipher password command to set the web user name and password.
- Run the local-user user name privilege level level command to set the local user level. NOTE:
The default user name and password are admin and admin@huawei.com. You are advised to change the password after logging in to the device for security.
Users with level 0 or without a level configured cannot log in to the web platform. Mappings between user levels and users are as follows:- 1: common user
- 2: enterprise administrator
- 3-15: super administrator
- Run the local-user user name service-type http command to set the user access type to HTTP.
- Run the quit command to return to the system view.
- (Optional) Run the http timeout timeout command to set the timeout interval for HTTP sessions. In the command, timeout is in minutes.
The default timeout interval is 10 minutes.
3.7 (Optional) Configuring an HTTPS Server
Context
In some insecure scenarios where attacks may occur, you can use the Hypertext Transfer Protocol Secure (HTTPS) protocol to log in to the web platform. The HTTPS protocol encrypts data, ensuring data transmission security.
Procedure
- Configure a server SSL policy.
# Specify the PKI domain default in the client SSL policy.
The device provides a default SSL policy, and the web page file contains the SSL certificate. Therefore, you do not need to upload the certificate or configure the SSL policy. To ensure security, it is recommended that you obtain a new digital certificate from the certificate authority (CA) and manually configure an SSL policy.
[AC6605] ssl policy userserver type server [AC6605-ssl-policy-userserver] pki-realm default
- Configure an HTTPS server.
# Apply the SSL policy userserver to the HTTPS service.
[AC6605] http secure-server ssl-policy userserver# Enable the HTTPS server function on the AC.
[AC6605] http secure-server enable This operation will take several minutes, please wait......................................................... Info: Succeeded in starting the HTTPS server [AC6605] quit
- Start the browser on a host, and enter https://IP address in the address box. The host access web pages of the AC using HTTPS, and you can manage the AC on the web pages.
