No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 Series Agile Switches Typical Configuration Examples

This document provides examples for configuring features in typical usage scenarios.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Switch Login Through the Web System

Example for Configuring Switch Login Through the Web System

Factory Settings of Web Page Files for S Series Switches

Table 4-2  Factory settings of web page files for S series switches

Product Model

V200R005

V200R006

V200R007

V200R008

V200R009

V200R010

S12708/S12712

The system software contains a web page file that is loaded.

S12704

-

-

-

The system software contains a web page file that is loaded.

The system software contains a web page file that is loaded.

The system software contains a web page file that is loaded.

S12710

-

-

-

-

-

The system software contains a web page file that is loaded.

NOTE:

A hyphen (-) indicates that the version is not available for the model.

Example for Configuring Switch Login Through the Web System (V200R005)

Overview

The web system uses the built-in web server on a switch to provide a GUI through which users can perform switch management and maintenance. Users can log in to the web system from terminals using HTTPS.

The web system is available in EasyOperation and Classics versions.
  • The EasyOperation version provides rich graphics and a more user-friendly UI on which users can perform monitoring, configuration, maintenance, and other network operations.
  • The Classics version inherits the web page style of Huawei switches and provides comprehensive configuration and management functions.
Configuration Notes

This example applies to V200R005 of the S12700.

Networking Requirements

As shown in Figure 4-10, a switch functions as the HTTPS server. The user wants to log in to the web system using HTTPS to manage and maintain the switch.

Figure 4-10  Networking diagram for configuring switch login through the web system

Configuration Roadmap
NOTE:

A switch provides a default SSL policy and has a randomly generated self-signed digital certificate in the web page file. If the default SSL policy and self-signed digital certificate can meet security requirements, you do not need to upload a digital certificate or manually configure an SSL policy, simplifying configuration. The following configuration uses the default SSL policy provided by the switch as an example.

The system software in V200R005 has integrated and loaded the web page file (including the EasyOperation and Classics editions). You only need to configure a web user and enter the web system login page.

FTP is an insecure protocol. Using SFTP V2, SCP, or FTPS is recommended.

Procedure

  1. Obtain the web page file.

    The following methods are available:
    • Obtain the web page file from a Huawei agent.
    • Download the web page file from the Huawei enterprise technical support website (http://support.huawei.com/enterprise).
      • For a fixed switch, download the system software containing the web page file.

      • For a modular switch, download the web page file.

      • In V200R005, the web page file is named in the format of product name-software version.web page file version.web.7z.
    NOTE:

    Check whether the size of the obtained web page file is the same as the file size displayed on the website. If not, an exception may occur during file download. Download the file again.

  2. Configure a management IP address.

    <HUAWEI> system-view
    [HUAWEI] sysname HTTPS_Server
    [HTTPS_Server] vlan 10
    [HTTPS_Server-vlan10] interface vlanif 10   //Configure VLANIF 10 as the management interface.
    [HTTPS_Server-Vlanif10] ip address 192.168.0.1 24   //Configure the IP address and deploy the route based on the network plan to ensure reachability between the PC and switch.
    [HTTPS_Server-Vlanif10] quit
    [HTTPS_Server] interface gigabitethernet 0/0/10   //In this example, GE0/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements.
    [HTTPS_Server-GigabitEthernet0/0/10] port link-type access   //Set the interface type to access.
    [HTTPS_Server-GigabitEthernet0/0/10] port default vlan 10   //Add the interface to VLAN 10.
    [HTTPS_Server-GigabitEthernet0/0/10] quit

  3. Upload the web page file to the HTTPS server through FTP.

    # Configure VTY user interfaces on the HTTPS server.

    [HTTPS_Server] user-interface vty 0 14   //Enter VTY user interfaces 0 to 14.
    [HTTPS_Server-ui-vty0-14] authentication-mode aaa   //Set the authentication mode of users in VTY user interfaces 0 to 14 to AAA.
    [HTTPS_Server-ui-vty0-14] quit

    # Configure the FTP function for the switch and information about an FTP user, including the password, user level, service type, and authorized directory.

    [HTTPS_Server] ftp server enable   //Enable the FTP server function.
    [HTTPS_Server] aaa
    [HTTPS_Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789   //Set the login password to Helloworld@6789.
    [HTTPS_Server-aaa] local-user client001 privilege level 15   //Set the user level to 15.
    [HTTPS_Server-aaa] local-user client001 service-type ftp   //Set the user service type to FTP.
    [HTTPS_Server-aaa] local-user client001 ftp-directory flash:/   //Set the FTP authorized directory to flash:/.
    [HTTPS_Server-aaa] quit

    # Log in to the HTTPS server from the PC through FTP and upload the web page file to the HTTPS server.

    Connect the PC to the switch using FTP. Enter the user name client001 and password Helloworld@6789 and set the file transfer mode to binary.

    The following example assumes that the PC runs the Windows XP operating system.

    C:\Documents and Settings\Administrator> ftp 192.168.0.1
    Connected to 192.168.0.1.
    220 FTP service ready.
    User (192.168.0.1:(none)): client001
    331 Password required for client001.
    Password:
    230 User logged in.
    ftp> binary   //Set the file transfer mode to binary. By default, files are transferred in ASCII mode.
    200 Type set to I.
    ftp>

    Upload the web page file to the HTTPS server from the PC.

    ftp> put web.7z    //Upload the web page file. The web.7z file is used as an example here.
    200 Port command okay.
    150 Opening BINARY mode data connection for web.zip
    226 Transfer complete.
    ftp: 1308478 bytes sent in 11 Seconds 4.6Kbytes/sec.
    NOTE:

    If the size of the web page file in the current directory on the switch is different from that on the PC, an exception may occur during file transfer. Upload the web page file again.

  4. Load the web page file.

    # Load the web page file.

    [HTTPS_Server] http server load web.7z    //Load the web page file.

  5. Enable the HTTPS service.

    [HTTPS_Server] http secure-server enable    //The HTTPS service is enabled by default and does not require manual configuration. If the HTTPS service is manually disabled, run this command to enable it.

  6. Configure a web user and enter the web system login page.

    # Configure a web user.

    [HTTPS_Server] aaa
    [HTTPS_Server-aaa] local-user admin password irreversible-cipher Helloworld@6789    //Set the login password to Helloworld@6789.
    [HTTPS_Server-aaa] local-user admin privilege level 15    //Set the user level to 15.
    [HTTPS_Server-aaa] local-user admin service-type http    //Set the user service type to HTTP.
    [HTTPS_Server-aaa] quit

    # Enter the web system login page.

    Open the web browser on the PC, type https://192.168.0.1 in the address box, and press Enter. The web system login page is displayed, as shown in Figure 4-11.

    Enter the web user name admin and password Helloworld@6789, and click GO or press Enter. The web system home page is displayed. The EasyOperation web system is logged in by default.

    Figure 4-11  Web system login page

  7. Verify the configuration.

    Log in to the switch through the web system. The login succeeds.

    Run the display http server command to view the status of the HTTPS server.

    [HTTPS_Server] display http server
       HTTP Server Status              : enabled
       HTTP Server Port                : 80(80)
       HTTP Timeout Interval           : 20
       Current Online Users            : 0
       Maximum Users Allowed           : 5
       HTTP Secure-server Status       : enabled
       HTTP Secure-server Port         : 443(443)
       HTTP SSL Policy                 : Default
       HTTP IPv6 Server Status         : disabled
       HTTP IPv6 Server Port           : 80(80)
       HTTP IPv6 Secure-server Status  : disabled
       HTTP IPv6 Secure-server Port    : 443(443) 

Configuration Files

HTTPS_Server configuration file

#
sysname HTTPS_Server
#
FTP server enable
#
vlan batch 10
#
http server load web.7z
#
aaa
 local-user admin password irreversible-cipher %@%@wU:(2j8~r8Htyu3.]',NwU`Td[-A9~9"%4Kvhm'0RV[/U`Ww%@%@
 local-user admin privilege level 15
 local-user admin service-type http
 local-user client001 password irreversible-cipher %@%@5d~9:M^ipCfL\iB)EQd>,,ajwsi[\ad,saejin[qndi83Uwe%@%@
 local-user client001 privilege level 15
 local-user client001 ftp-directory flash:/
 local-user client001 service-type ftp
#
interface Vlanif10
 ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/10
 port link-type access
 port default vlan 10
#
user-interface vty 0 14
 authentication-mode aaa
#
return

Example for Configuring Switch Login Through the Web System (V200R006 and later versions)

Overview

The web system uses the built-in web server on a switch to provide a GUI through which users can perform switch management and maintenance. Users can log in to the web system from terminals using HTTPS.

The web system is available in EasyOperation and Classics versions.
  • The EasyOperation version provides rich graphics and a more user-friendly UI on which users can perform monitoring, configuration, maintenance, and other network operations.
  • The Classics version inherits the web page style of Huawei switches and provides comprehensive configuration and management functions.
NOTE:

In V200R011C10 and later versions, the Classics version is not supported.

Configuration Notes

The web system is not supported in V200R007C20.

This example applies to V200R006 and later versions (V200R007C20 excluded) of the S12700.

Networking Requirements

As shown in Figure 4-12, a switch functions as the HTTPS server. The user wants to log in to the web system using HTTPS to manage and maintain the switch.

Figure 4-12  Networking diagram for configuring switch login through the web system

Configuration Roadmap

The configuration roadmap is as follows:

  • The system software of the switch has integrated and loaded the web page file. No manual configuration is required.

  • A switch provides a default SSL policy and has a randomly generated self-signed digital certificate in the web page file. If the default SSL policy and self-signed digital certificate can meet security requirements, you do not need to upload a digital certificate or manually configure an SSL policy, simplifying configuration. The following configuration uses the default SSL policy provided by the switch as an example.

  • Configure a management IP address for logging in to the switch through the web system.

  • Configure a web user and enter the web system login page.

Procedure

  1. Configure a management IP address.

    <HUAWEI> system-view
    [HUAWEI] sysname HTTPS_Server
    [HTTPS_Server] vlan 10
    [HTTPS_Server-vlan10] interface vlanif 10    //Configure VLANIF 10 as the management interface.
    [HTTPS_Server-Vlanif10] ip address 192.168.0.1 24    //Configure the IP address and deploy the route based on the network plan to ensure reachability between the PC and switch.
    [HTTPS_Server-Vlanif10] quit
    [HTTPS_Server] interface gigabitethernet 1/0/10    //In this example, GE1/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements.
    [HTTPS_Server-GigabitEthernet1/0/10] port link-type access    //Set the interface type to access.
    [HTTPS_Server-GigabitEthernet1/0/10] port default vlan 10    //Add the interface to VLAN 10.
    [HTTPS_Server-GigabitEthernet1/0/10] quit

  2. Enable the HTTPS service.

    [HTTPS_Server] http secure-server enable    //The HTTPS service is enabled by default and does not require manual configuration. If the HTTPS service is manually disabled, run this command to enable it.

  3. Configure a web user and enter the web system login page.

    # Configure a web user.

    [HTTPS_Server] aaa
    [HTTPS_Server-aaa] local-user admin password irreversible-cipher Helloworld@6789    //Set the login password to Helloworld@6789.
    [HTTPS_Server-aaa] local-user admin privilege level 15    //Set the user level to 15.
    [HTTPS_Server-aaa] local-user admin service-type http    //Set the user service type to HTTP.
    [HTTPS_Server-aaa] quit

    # Enter the web system login page.

    Open the web browser on the PC, type https://192.168.0.1 in the address box, and press Enter. The web system login page is displayed, as shown in Figure 4-13.

    Table 4-3 lists browser versions required for login to a switch through the web system. If the browser version or browser patch version is not within the preceding ranges, the web page may not be properly displayed. Upgrade the browser and browser patch. In addition, the browser must support JavaScript.

    Enter the web user name admin and password Helloworld@6789, and click GO or press Enter. The web system home page is displayed. The EasyOperation web system is logged in by default.

    Table 4-3  Mapping between the product version and browser version
    Product Version Browser Version for EasyOperation Web System Browser Version for Classic Web System
    V200R006 Internet Explorer 8.0 to 11.0, Firefox 12.0 to 28.0, or Google Chrome 23.0 to 34.0 Internet Explorer 8.0 to 11.0, or Firefox 12.0 to 28.0
    V200R007 Internet Explorer 8.0 to 11.0, Firefox 12.0 to 32.0, or Google Chrome 23.0 to 37.0 Internet Explorer 8.0 to 11.0, or Firefox 12.0 to 32.0
    V200R008 Internet Explorer 10.0, Internet Explorer 11.0, Firefox 31.0 to 35.0, or Google Chrome 30.0 to 39.0 Internet Explorer 10.0, Internet Explorer 11.0, or Firefox 31.0 to 35.0
    V200R009 Internet Explorer 10.0, Internet Explorer 11.0, Firefox 35.0 to 45.0, or Google Chrome 34.0 to 49.0 Internet Explorer 10.0, Internet Explorer 11.0, or Firefox 35.0 to 45.0
    V200R010 Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 39.0 to 49.0, or Google Chrome 39.0 to 54.0 Internet Explorer 10.0, Internet Explorer 11.0, or Firefox 39.0 to 49.0
    V200R011C10 Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 53.0 to 59.0, or Google Chrome 54.0 to 66.0
    V200R012(C00&C20) Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 53.0 to 59.0, or Google Chrome 54.0 to 66.0
    V200R013C00 Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 58.0 to 62.0, or Google Chrome 60.0 to 69.0
    Figure 4-13  Web system login page

  4. Verify the configuration.

    Log in to the switch through the web system. The login succeeds.

    Run the display http server command to view the status of the HTTPS server.

    [HTTPS_Server] display http server
       HTTP Server Status              : enabled
       HTTP Server Port                : 80(80)
       HTTP Timeout Interval           : 20
       Current Online Users            : 0
       Maximum Users Allowed           : 5
       HTTP Secure-server Status       : enabled
       HTTP Secure-server Port         : 443(443)
       HTTP SSL Policy                 : Default
       HTTP IPv6 Server Status         : disabled
       HTTP IPv6 Server Port           : 80(80)
       HTTP IPv6 Secure-server Status  : disabled
       HTTP IPv6 Secure-server Port    : 443(443)
       HTTP server source address      : 0.0.0.0

Configuration Files

HTTPS_Server configuration file

#
sysname HTTPS_Server
#
vlan batch 10
#
aaa
 local-user admin password irreversible-cipher %#%#wU:(2j8~r8Htyu3.]',NwU`Td[-A9~9"%4Kvhm'0RV[/U`Ww%#%#
 local-user admin privilege level 15
 local-user admin service-type http
#
interface Vlanif10
 ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/10
 port link-type access
 port default vlan 10
#
return
Download
Updated: 2019-05-16

Document ID: EDOC1000069466

Views: 165791

Downloads: 1817

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next