No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Typical Configuration Examples

This document provides examples for configuring features in typical usage scenarios.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Switch Login Through the Web System

Example for Configuring Switch Login Through the Web System

Factory Settings of Web Page Files for S Series Switches

In V200R006 and later versions, the web page file has been integrated in the system software and loaded. For factory settings of web page files in versions earlier than V200R006, see the following tables.

Table 4-2  Factory settings of web page files for fixed switches

Product Model

V100R006C05

V200R001

V200R002

V200R003

V200R005

S2700SI/S2700EI

A web page file is saved in the storage medium, but is not loaded.

-

-

-

-

S2710SI

A web page file is saved in the storage medium, but is not loaded.

-

-

-

-

S2750EI

-

-

-

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded.

S3700SI/S3700EI

A web page file is saved in the storage medium, but is not loaded.

-

-

-

-

S3700HI

-

The storage medium does not contain a web page file.

-

-

-

S5710-C-LI

-

The storage medium does not contain a web page file.

-

-

-

S5700EI/S5700SI

-

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded for the Classics web system, but does not contain a web page file for the EasyOperation web system.

S5700LI/S5700S-LI

-

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

NOTE:
The web page file for the S5700-10P-LI needs to be loaded manually.

The system software contains a web page file that is loaded.

S5710EI

-

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded for the Classics web system, but does not contain a web page file for the EasyOperation web system.

S5700HI

-

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded for the Classics web system, but does not contain a web page file for the EasyOperation web system.

S5710HI

-

-

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded for the Classics web system, but does not contain a web page file for the EasyOperation web system.

S6700EI

-

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded for the Classics web system, but does not contain a web page file for the EasyOperation web system.

Table 4-3  Factory settings of web page files for modular switches

Product Model

V200R001

V200R002

V200R003

V200R005

S7700

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded.

S9700

The storage medium does not contain a web page file.

A web page file is saved in the storage medium, but is not loaded.

A web page file is saved in the storage medium, and is loaded.

The system software contains a web page file that is loaded.

NOTE:

A hyphen (-) indicates that the version is not available for the model.

Example for Configuring Switch Login Through the Web System (V200R001)

Overview

The web system uses the built-in web server on a switch to provide a GUI through which users can perform switch management and maintenance. Users can log in to the web system from terminals using HTTPS.

Configuration Notes

This example applies to V200R001 of all S series switches.

NOTE:

The following uses the command lines and outputs of the S5700EI running V200R001C00 as an example.

Networking Requirements

As shown in Figure 4-10, a switch functions as the HTTPS server. The user wants to log in to the web system using HTTPS to manage and maintain the switch. The user has obtained the server digital certificate 1_servercert_pem_dsa.pem and private key file 1_serverkey_pem_dsa.pem from the CA.

Figure 4-10  Networking diagram for configuring switch login through the web system

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a management IP address for remotely transferring files and logging in to the switch through the web system.

  2. Upload the required files to the HTTPS server through FTP, including the web page file, server digital certificate, and private key file.

  3. Load the web page file and digital certificate.

  4. Bind an SSL policy and enable the HTTPS service.

  5. Configure a web user and enter the web system login page.

FTP is an insecure protocol. Using SFTP V2, SCP, or FTPS is recommended.

Procedure

  1. Obtain the web page file.

    The following methods are available:
    • Obtain the web page file from a Huawei agent.
    • Download the web page file from the Huawei enterprise technical support website (http://support.huawei.com/enterprise). In V200R001, the web page file is named in the format of product name-software version.web page file version.web.zip.

    NOTE:

    Check whether the size of the obtained web page file is the same as the file size displayed on the website. If not, an exception may occur during file download. Download the file again.

  2. Configure a management IP address.

    <HUAWEI> system-view
    [HUAWEI] sysname HTTPS_Server
    [HTTPS_Server] vlan 10
    [HTTPS_Server-vlan10] interface vlanif 10   //Configure VLANIF 10 as the management interface.
    [HTTPS_Server-Vlanif10] ip address 192.168.0.1 24   //Configure the IP address and deploy the route based on the network plan to ensure reachability between the PC and switch.
    [HTTPS_Server-Vlanif10] quit
    [HTTPS_Server] interface gigabitethernet 0/0/10   //In this example, GE0/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements.
    [HTTPS_Server-GigabitEthernet0/0/10] port link-type access   //Set the interface type to access.
    [HTTPS_Server-GigabitEthernet0/0/10] port default vlan 10   //Add the interface to VLAN 10.
    [HTTPS_Server-GigabitEthernet0/0/10] quit

  3. Upload the web page file and digital certificate to the HTTPS server through FTP.

    # Configure VTY user interfaces on the HTTPS server.

    [HTTPS_Server] user-interface vty 0 14   //Enter VTY user interfaces 0 to 14.
    [HTTPS_Server-ui-vty0-14] authentication-mode aaa   //Set the authentication mode of users in VTY user interfaces 0 to 14 to AAA.
    [HTTPS_Server-ui-vty0-14] quit

    # Configure the FTP function for the switch and information about an FTP user, including the password, user level, service type, and authorized directory.

    [HTTPS_Server] ftp server enable   //Enable the FTP server function.
    [HTTPS_Server] aaa
    [HTTPS_Server-aaa] local-user client001 password cipher Helloworld@6789   //Set the login password to Helloworld@6789.
    [HTTPS_Server-aaa] local-user client001 privilege level 15   //Set the user level to 15.
    [HTTPS_Server-aaa] local-user client001 service-type ftp   //Set the user service type to FTP.
    [HTTPS_Server-aaa] local-user client001 ftp-directory flash:/   //Set the FTP authorized directory to flash:/.
    [HTTPS_Server-aaa] quit
    [HTTPS_Server] quit

    # Log in to the HTTPS server from the PC through FTP and upload the web page file and digital certificate to the HTTPS server.

    Connect the PC to the switch using FTP. Enter the user name client001 and password Helloworld@6789 and set the file transfer mode to binary.

    The following example assumes that the PC runs the Windows XP operating system.

    C:\Documents and Settings\Administrator> ftp 192.168.0.1
    Connected to 192.168.0.1.
    220 FTP service ready.
    User (192.168.0.1:(none)): client001
    331 Password required for client001.
    Password:
    230 User logged in.
    ftp> binary   //Set the file transfer mode to binary. By default, files are transferred in ASCII mode.
    200 Type set to I.
    ftp>

    Upload the web page file and digital certificate to the HTTPS server from the PC.

    ftp> put web.zip    //Upload the web page file. The web.zip file is used as an example here.
    200 Port command okay.
    150 Opening BINARY mode data connection for web.zip
    226 Transfer complete.
    ftp: 1308478 bytes sent in 11 Seconds 4.6Kbytes/sec.
    ftp> put 1_servercert_pem_dsa.pem
    200 Port command okay.
    150 Opening BINARY mode data connection for 1_servercert_pem_dsa.pem
    226 Transfer complete.
    ftp: 1302 bytes sent in 2 Seconds 4.6Kbytes/sec.
    ftp> put 1_serverkey_pem_dsa.pem
    200 Port command okay.
    150 Opening BINARY mode data connection for 1_serverkey_pem_dsa.pem
    226 Transfer complete.
    ftp: 951 bytes sent in 1 Second 4.6Kbytes/sec.
    # Run the dir command on the Switch to check whether the web page file and digital certificate exist in the current storage directory.
    NOTE:

    If the sizes of the web page file and digital certificate in the current storage directory on the switch is different from those on the PC, an exception may occur during file transfer. Upload the files again.

    # Create the subdirectory security on the HTTPS server and copy the digital certificate and private key file to the subdirectory.

    <HTTPS_Server> mkdir security
    <HTTPS_Server> copy 1_servercert_pem_dsa.pem security
    Copy flash:/1_servercert_pem_dsa.pem to flash:/security/1_servercert_pem_dsa.pem?[Y/N]:y
    100%  complete
    Info: Copied file flash:/1_servercert_pem_dsa.pem to flash:/security/1_servercert_pem_dsa.pem...Done. 
    <HTTPS_Server> copy 1_serverkey_pem_dsa.pem security
    Copy flash:/1_serverkey_pem_dsa.pem to flash:/security/1_serverkey_pem_dsa.pem?[Y/N]:y
    100%  complete
    Info: Copied file flash:/1_serverkey_pem_dsa.pem to flash:/security/1_serverkey_pem_dsa.pem...Done.

    # Run the dir command in the security subdirectory to check the digital certificate.

    <HTTPS_Server> cd security
    <HTTPS_Server> dir
    Directory of flash:/security/
    
      Idx  Attr     Size(Byte)  Date        Time       FileName
        0  -rw-          1,200  Sep 26 2013 22:35:37   1_servercert_pem_dsa.pem
        1  -rw-            736  Sep 26 2013 22:36:11   1_serverkey_pem_dsa.pem
    
    30,008 KB total (348 KB free)

  4. Load the web page file and digital certificate.

    # Load the web page file.

    <HTTPS_Server> system-view
    [HTTPS_Server] http server load web.zip

    # Create an SSL policy and load the PEM digital certificate.

    [HTTPS_Server] ssl policy http_server
    [HTTPS_Server-ssl-policy-http_server] certificate load pem-cert 1_servercert_pem_dsa.pem key-pair dsa key-file 1_serverkey_pem_dsa.pem auth-code 123456
    [HTTPS_Server-ssl-policy-http_server] quit

    # After the preceding configurations are complete, run the display ssl policy command on the HTTPS server to check detailed information about the loaded digital certificate.

    [HTTPS_Server] display ssl policy
    
           SSL Policy Name: http_server
         Policy Applicants: 
             Key-pair Type: DSA
     Certificate File Type: PEM
          Certificate Type: certificate
      Certificate Filename: 1_servercert_pem_dsa.pem
         Key-file Filename: 1_serverkey_pem_dsa.pem
                 Auth-code: 123456
                       MAC:
                  CRL File:
           Trusted-CA File: 

  5. Bind an SSL policy and enable the HTTPS service.

    NOTE:

    Disable the HTTP service before enabling the HTTPS service.

    [HTTPS_Server] undo http server enable   //Disable the HTTP service.
    [HTTPS_Server] http secure-server ssl-policy http_server   //Bind an SSL policy named http_server to the HTTP server.
    [HTTPS_Server] http secure-server enable   //Enable the HTTPS service.

  6. Configure a web user and enter the web system login page.

    # Configure a web user.

    [HTTPS_Server] aaa
    [HTTPS_Server-aaa] local-user admin password cipher Helloworld@6789   //Create a local user named admin and set its password to Helloworld@6789.
    [HTTPS_Server-aaa] local-user admin privilege level 15   //Set the user level to 15.
    [HTTPS_Server-aaa] local-user admin service-type http   //Set the access type to http, that is, web user.
    [HTTPS_Server-aaa] quit

    # Enter the web system login page.

    Open the web browser on the PC, type https://192.168.0.1 in the address box, and press Enter. The web system login page is displayed, as shown in Figure 4-11.

    You can log in to the web system using the Internet Explorer (6.0 or 8.0) or Firefox (3.5) browsers. If the browser version or browser patch version is not within the preceding ranges, the web page may be displayed incorrectly. Additionally, the web browser used to log in to the web system must support JavaScript.

    Enter the user name, password, and verification code. Click Login. The web system home page is displayed.

    Figure 4-11  Web system login page

  7. Verify the configuration.

    Log in to the switch through the web system. The login succeeds.

    Run the display http server command to view the SSL policy name and the HTTPS server status.

    [HTTPS_Server] display http server
       HTTP Server Status              : disabled
       HTTP Server Port                : 80(80)
       HTTP Timeout Interval           : 20
       Current Online Users            : 0
       Maximum Users Allowed           : 5
       HTTP Secure-server Status       : enabled
       HTTP Secure-server Port         : 443(443)
       HTTP SSL Policy                 : http_server

Configuration Files

HTTPS_Server configuration file

#
sysname HTTPS_Server
#
FTP server enable
#
vlan batch 10
#
undo http server enable
http server load web.zip
http secure-server ssl-policy http_server
http secure-server enable
#
aaa
 local-user admin password cipher %$%$_h,hW_!nJ!2gXkH9v$X)+,#w%$%$ 
 local-user admin privilege level 15
 local-user admin service-type http
 local-user client001 password cipher %$%$jD,QKAhe{Yd9kD9Fqi#I+QH~%$%$
 local-user client001 privilege level 15
 local-user client001 ftp-directory flash:/
 local-user client001 service-type ftp
#
interface Vlanif10
 ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet0/0/10
 port link-type access
 port default vlan 10
# 
user-interface vty 0 14
 authentication-mode aaa
#
ssl policy http_server
 certificate load pem-cert 1_servercert_pem_dsa.pem key-pair dsa key-file 1_serverkey_pem_dsa.pem auth-code 123456
#
return

Example for Configuring Switch Login Through the Web System (V100R006C05&V200R002&V200R003)

Overview

The web system uses the built-in web server on a switch to provide a GUI through which users can perform switch management and maintenance. Users can log in to the web system from terminals using HTTPS.

Configuration Notes

This example applies to V100R006C05, V200R002, and V200R003 of all S series switches.

NOTE:

The following uses the command lines and outputs of the S5700EI running V200R002C00 as an example.

Networking Requirements

As shown in Figure 4-12, a switch functions as the HTTPS server. The user wants to log in to the web system using HTTPS to manage and maintain the switch.

Figure 4-12  Networking diagram for configuring switch login through the web system

Configuration Roadmap

The configuration roadmap is as follows:

NOTE:

The web page file is delivered with a switch. For all switches in V100R006C05&V200R002 and S5700-10P-LI switches in V200R003C00, you need to load the web page file. Fixed switches excluding S5700-10P-LI in V200R003 have loaded the web page file before delivery. Step 2 can be skipped.

A switch provides a default SSL policy and has a randomly generated self-signed digital certificate in the web page file. If the default SSL policy and self-signed digital certificate can meet security requirements, you do not need to upload a digital certificate or manually configure an SSL policy, simplifying configuration. The following configuration uses the default SSL policy provided by the switch as an example.

  1. Configure a management IP address for logging in to the switch through the web system.

  2. Load the web page file.

  3. Configure a web user and enter the web system login page.

Procedure

  1. Configure a management IP address.

    <HUAWEI> system-view
    [HUAWEI] sysname HTTPS_Server
    [HTTPS_Server] vlan 10
    [HTTPS_Server-vlan10] interface vlanif 10    //Configure VLANIF 10 as the management interface.
    [HTTPS_Server-Vlanif10] ip address 192.168.0.1 24    //Configure the IP address and deploy the route based on the network plan to ensure reachability between the PC and switch.
    [HTTPS_Server-Vlanif10] quit
    [HTTPS_Server] interface gigabitethernet 1/0/10    //In this example, GE1/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements.
    [HTTPS_Server-GigabitEthernet1/0/10] port link-type access    //Set the interface type to access.
    [HTTPS_Server-GigabitEthernet1/0/10] port default vlan 10    //Add the interface to VLAN 10.
    [HTTPS_Server-GigabitEthernet1/0/10] quit

  2. Load the web page file.

    NOTE:
    • Run the dir command to view the name of the web page file carried by the switch.

    • In V100R006C05, the web page file is named in the format of product name-software version.web page file version.web.zip. In V200R002 and V200R003, the web page file is named in the format of product name-software version.web page file version.web.7z.

    [HTTPS_Server] http server load web.7z    //Upload the web page file. The web.7z file is used as an example here.

  3. Enable the HTTPS service.

    [HTTPS_Server] http secure-server enable    //The HTTPS service is enabled by default and does not require manual configuration. If the HTTPS service is manually disabled, run this command to enable it.

  4. Configure a web user and enter the web system login page.

    # Configure a web user.

    [HTTPS_Server] aaa
    [HTTPS_Server-aaa] local-user admin password cipher Helloworld@6789   //Create a local user named admin and set its password to Helloworld@6789.
    [HTTPS_Server-aaa] local-user admin privilege level 15   //Set the user level to 15.
    [HTTPS_Server-aaa] local-user admin service-type http   //Set the access type to http, that is, web user.
    [HTTPS_Server-aaa] quit

    # Enter the web system login page.

    Open the web browser on the PC, type https://192.168.0.1 in the address box, and press Enter. The web system login page is displayed, as shown in Figure 4-13.

    You can use the Internet Explorer (6.0 – 9.0), Firefox (3.5 – 17.0) browsers to log in to the web system for V100R006C05, use the Internet Explorer (8.0), Firefox (3.6) browsers to log in to the web system for V200R001C00, use the Internet Explorer (6.0 – 9.0), Firefox (3.5 – 17.0) browsers to log in to the web system for V2100R003C00. If the browser version or browser patch version is not within the preceding ranges, the web page may be displayed incorrectly. Additionally, the web browser used to log in to the web system must support JavaScript.

    Enter the user name, password, and verification code. Click Login. The web system home page is displayed.

    Figure 4-13  Web system login page

  5. Verify the configuration.

    Log in to the switch through the web system. The login succeeds.

    Run the display http server command to view the status of the HTTPS server.

    [HTTPS_Server] display http server
       HTTP Server Status              : enabled
       HTTP Server Port                : 80(80)
       HTTP Timeout Interval           : 20
       Current Online Users            : 0
       Maximum Users Allowed           : 5
       HTTP Secure-server Status       : enabled
       HTTP Secure-server Port         : 443(443)
       HTTP SSL Policy                 : Default

Configuration Files

HTTPS_Server configuration file

#
sysname HTTPS_Server
#
vlan batch 10
#
http server load web.7z
#
aaa
 local-user admin password cipher %$%$+8;_RIkI680;]{;b/Vo&T/l>%$%$ 
 local-user admin privilege level 15
 local-user admin service-type http
#
interface Vlanif10
 ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/10
 port link-type access
 port default vlan 10
#
return

Example for Configuring Switch Login Through the Web System (V200R005)

Overview

The web system uses the built-in web server on a switch to provide a GUI through which users can perform switch management and maintenance. Users can log in to the web system from terminals using HTTPS.

The web system is available in EasyOperation and Classics versions.
  • The EasyOperation version provides rich graphics and a more user-friendly UI on which users can perform monitoring, configuration, maintenance, and other network operations.
  • The Classics version inherits the web page style of Huawei switches and provides comprehensive configuration and management functions.
Configuration Notes

This example applies to V200R005 of all S series switches.

NOTE:

The following uses the command lines and outputs of the S5700HI running V200R005 as an example.

Networking Requirements

As shown in Figure 4-14, a switch functions as the HTTPS server. The user wants to log in to the web system using HTTPS to manage and maintain the switch.

Figure 4-14  Networking diagram for configuring switch login through the web system

Configuration Roadmap
NOTE:

A switch provides a default SSL policy and has a randomly generated self-signed digital certificate in the web page file. If the default SSL policy and self-signed digital certificate can meet security requirements, you do not need to upload a digital certificate or manually configure an SSL policy, simplifying configuration. The following configuration uses the default SSL policy provided by the switch as an example.

The system software of the following switch models in V200R005 has integrated and loaded the web page file (including the EasyOperation and Classics editions). You only need to configure a web user and enter the web system login page.
  • Modular switch: all models
  • Fixed switch: S2750, S5700LI, S5700S-LI

The Classics web page file has been loaded on the S5700SI, S5700EI, S5710EI, S5700HI, S5710HI, and S6700EI in V200R005, and has been loaded. To use the Classics web system, you only need to configure a web user and enter the web system login page. To use the EasyOperation web system, perform the configuration based on the following roadmap:

  1. Configure a management IP address for remotely transferring files and logging in to the switch through the web system.

  2. Upload the web page file to the HTTPS server through FTP.

  3. Load the web page file.

  4. Configure a web user and enter the web system login page.

FTP is an insecure protocol. Using SFTP V2, SCP, or FTPS is recommended.

Procedure

  1. Obtain the web page file.

    The following methods are available:
    • Obtain the web page file from a Huawei agent.
    • Download the web page file from the Huawei enterprise technical support website (http://support.huawei.com/enterprise).
      • For a fixed switch, download the system software containing the web page file.

      • For a modular switch, download the web page file.

      • In V200R005, the web page file is named in the format of product name-software version.web page file version.web.7z.
    NOTE:

    Check whether the size of the obtained web page file is the same as the file size displayed on the website. If not, an exception may occur during file download. Download the file again.

  2. Configure a management IP address.

    <HUAWEI> system-view
    [HUAWEI] sysname HTTPS_Server
    [HTTPS_Server] vlan 10
    [HTTPS_Server-vlan10] interface vlanif 10   //Configure VLANIF 10 as the management interface.
    [HTTPS_Server-Vlanif10] ip address 192.168.0.1 24   //Configure the IP address and deploy the route based on the network plan to ensure reachability between the PC and switch.
    [HTTPS_Server-Vlanif10] quit
    [HTTPS_Server] interface gigabitethernet 0/0/10   //In this example, GE0/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements.
    [HTTPS_Server-GigabitEthernet0/0/10] port link-type access   //Set the interface type to access.
    [HTTPS_Server-GigabitEthernet0/0/10] port default vlan 10   //Add the interface to VLAN 10.
    [HTTPS_Server-GigabitEthernet0/0/10] quit

  3. Upload the web page file to the HTTPS server through FTP.

    # Configure VTY user interfaces on the HTTPS server.

    [HTTPS_Server] user-interface vty 0 14   //Enter VTY user interfaces 0 to 14.
    [HTTPS_Server-ui-vty0-14] authentication-mode aaa   //Set the authentication mode of users in VTY user interfaces 0 to 14 to AAA.
    [HTTPS_Server-ui-vty0-14] quit

    # Configure the FTP function for the switch and information about an FTP user, including the password, user level, service type, and authorized directory.

    [HTTPS_Server] ftp server enable   //Enable the FTP server function.
    [HTTPS_Server] aaa
    [HTTPS_Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789   //Set the login password to Helloworld@6789.
    [HTTPS_Server-aaa] local-user client001 privilege level 15   //Set the user level to 15.
    [HTTPS_Server-aaa] local-user client001 service-type ftp   //Set the user service type to FTP.
    [HTTPS_Server-aaa] local-user client001 ftp-directory flash:/   //Set the FTP authorized directory to flash:/.
    [HTTPS_Server-aaa] quit

    # Log in to the HTTPS server from the PC through FTP and upload the web page file to the HTTPS server.

    Connect the PC to the switch using FTP. Enter the user name client001 and password Helloworld@6789 and set the file transfer mode to binary.

    The following example assumes that the PC runs the Windows XP operating system.

    C:\Documents and Settings\Administrator> ftp 192.168.0.1
    Connected to 192.168.0.1.
    220 FTP service ready.
    User (192.168.0.1:(none)): client001
    331 Password required for client001.
    Password:
    230 User logged in.
    ftp> binary   //Set the file transfer mode to binary. By default, files are transferred in ASCII mode.
    200 Type set to I.
    ftp>

    Upload the web page file to the HTTPS server from the PC.

    ftp> put web.7z    //Upload the web page file. The web.7z file is used as an example here.
    200 Port command okay.
    150 Opening BINARY mode data connection for web.zip
    226 Transfer complete.
    ftp: 1308478 bytes sent in 11 Seconds 4.6Kbytes/sec.
    NOTE:

    If the size of the web page file in the current directory on the switch is different from that on the PC, an exception may occur during file transfer. Upload the web page file again.

  4. Load the web page file.

    # Load the web page file.

    [HTTPS_Server] http server load web.7z    //Load the web page file.

  5. Enable the HTTPS service.

    [HTTPS_Server] http secure-server enable    //The HTTPS service is enabled by default and does not require manual configuration. If the HTTPS service is manually disabled, run this command to enable it.

  6. Configure a web user and enter the web system login page.

    # Configure a web user.

    [HTTPS_Server] aaa
    [HTTPS_Server-aaa] local-user admin password irreversible-cipher Helloworld@6789    //Set the login password to Helloworld@6789.
    [HTTPS_Server-aaa] local-user admin privilege level 15    //Set the user level to 15.
    [HTTPS_Server-aaa] local-user admin service-type http    //Set the user service type to HTTP.
    [HTTPS_Server-aaa] quit

    # Enter the web system login page.

    Open the web browser on the PC, type https://192.168.0.1 in the address box, and press Enter. The web system login page is displayed, as shown in Figure 4-15.

    Enter the web user name admin and password Helloworld@6789, and click GO or press Enter. The web system home page is displayed. The EasyOperation web system is logged in by default.

    Figure 4-15  Web system login page

  7. Verify the configuration.

    Log in to the switch through the web system. The login succeeds.

    Run the display http server command to view the status of the HTTPS server.

    [HTTPS_Server] display http server
       HTTP Server Status              : enabled
       HTTP Server Port                : 80(80)
       HTTP Timeout Interval           : 20
       Current Online Users            : 0
       Maximum Users Allowed           : 5
       HTTP Secure-server Status       : enabled
       HTTP Secure-server Port         : 443(443)
       HTTP SSL Policy                 : Default
       HTTP IPv6 Server Status         : disabled
       HTTP IPv6 Server Port           : 80(80)
       HTTP IPv6 Secure-server Status  : disabled
       HTTP IPv6 Secure-server Port    : 443(443) 

Configuration Files

HTTPS_Server configuration file

#
sysname HTTPS_Server
#
FTP server enable
#
vlan batch 10
#
http server load web.7z
#
aaa
 local-user admin password irreversible-cipher %@%@wU:(2j8~r8Htyu3.]',NwU`Td[-A9~9"%4Kvhm'0RV[/U`Ww%@%@
 local-user admin privilege level 15
 local-user admin service-type http
 local-user client001 password irreversible-cipher %@%@5d~9:M^ipCfL\iB)EQd>,,ajwsi[\ad,saejin[qndi83Uwe%@%@
 local-user client001 privilege level 15
 local-user client001 ftp-directory flash:/
 local-user client001 service-type ftp
#
interface Vlanif10
 ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/10
 port link-type access
 port default vlan 10
#
user-interface vty 0 14
 authentication-mode aaa
#
return

Example for Configuring Switch Login Through the Web System (V200R006 and later versions)

Overview

The web system uses the built-in web server on a switch to provide a GUI through which users can perform switch management and maintenance. Users can log in to the web system from terminals using HTTPS.

The web system is available in EasyOperation and Classics versions.
  • The EasyOperation version provides rich graphics and a more user-friendly UI on which users can perform monitoring, configuration, maintenance, and other network operations.
  • The Classics version inherits the web page style of Huawei switches and provides comprehensive configuration and management functions.
NOTE:

In V200R011C10 and later versions, the Classics version is not supported.

Configuration Notes

This example applies to V200R006 and later versions of all S series switches.

NOTE:

The following uses the command lines and outputs of the S5720EI running V200R008C00 as an example.

Networking Requirements

As shown in Figure 4-16, a switch functions as the HTTPS server. The user wants to log in to the web system using HTTPS to manage and maintain the switch.

Figure 4-16  Networking diagram for configuring switch login through the web system

Configuration Roadmap

The configuration roadmap is as follows:

  • The system software of the switch has integrated and loaded the web page file. No manual configuration is required.

  • A switch provides a default SSL policy and has a randomly generated self-signed digital certificate in the web page file. If the default SSL policy and self-signed digital certificate can meet security requirements, you do not need to upload a digital certificate or manually configure an SSL policy, simplifying configuration. The following configuration uses the default SSL policy provided by the switch as an example.

  • Configure a management IP address for logging in to the switch through the web system.

  • Configure a web user and enter the web system login page.

Procedure

  1. Configure a management IP address.

    <HUAWEI> system-view
    [HUAWEI] sysname HTTPS_Server
    [HTTPS_Server] vlan 10
    [HTTPS_Server-vlan10] interface vlanif 10    //Configure VLANIF 10 as the management interface.
    [HTTPS_Server-Vlanif10] ip address 192.168.0.1 24    //Configure the IP address and deploy the route based on the network plan to ensure reachability between the PC and switch.
    [HTTPS_Server-Vlanif10] quit
    [HTTPS_Server] interface gigabitethernet 1/0/10    //In this example, GE1/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements.
    [HTTPS_Server-GigabitEthernet1/0/10] port link-type access    //Set the interface type to access.
    [HTTPS_Server-GigabitEthernet1/0/10] port default vlan 10    //Add the interface to VLAN 10.
    [HTTPS_Server-GigabitEthernet1/0/10] quit

  2. Enable the HTTPS service.

    [HTTPS_Server] http secure-server enable    //The HTTPS service is enabled by default and does not require manual configuration. If the HTTPS service is manually disabled, run this command to enable it.

  3. Configure a web user and enter the web system login page.

    # Configure a web user.

    [HTTPS_Server] aaa
    [HTTPS_Server-aaa] local-user admin password irreversible-cipher Helloworld@6789    //Set the login password to Helloworld@6789.
    [HTTPS_Server-aaa] local-user admin privilege level 15    //Set the user level to 15.
    [HTTPS_Server-aaa] local-user admin service-type http    //Set the user service type to HTTP.
    [HTTPS_Server-aaa] quit

    # Enter the web system login page.

    Open the web browser on the PC, type https://192.168.0.1 in the address box, and press Enter. The web system login page is displayed, as shown in Figure 4-17.

    Table 4-4 lists browser versions required for login to a switch through the web system. If the browser version or browser patch version is not within the preceding ranges, the web page may not be properly displayed. Upgrade the browser and browser patch. In addition, the browser must support JavaScript.

    Enter the web user name admin and password Helloworld@6789, and click GO or press Enter. The web system home page is displayed. The EasyOperation web system is logged in by default.

    Table 4-4  Mapping between the product version and browser version
    Product Version Browser Version for EasyOperation Web System Browser Version for Classic Web System
    V200R006 Internet Explorer 8.0 to 11.0, Firefox 12.0 to 28.0, or Google Chrome 23.0 to 34.0 Internet Explorer 8.0 to 11.0, or Firefox 12.0 to 28.0
    V200R007 Internet Explorer 8.0 to 11.0, Firefox 12.0 to 32.0, or Google Chrome 23.0 to 37.0 Internet Explorer 8.0 to 11.0, or Firefox 12.0 to 32.0
    V200R008 Internet Explorer 10.0, Internet Explorer 11.0, Firefox 31.0 to 35.0, or Google Chrome 30.0 to 39.0 Internet Explorer 10.0, Internet Explorer 11.0, or Firefox 31.0 to 35.0
    V200R009 Internet Explorer 10.0, Internet Explorer 11.0, Firefox 35.0 to 45.0, or Google Chrome 34.0 to 49.0 Internet Explorer 10.0, Internet Explorer 11.0, or Firefox 35.0 to 45.0
    V200R010 Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 39.0 to 49.0, or Google Chrome 39.0 to 54.0 Internet Explorer 10.0, Internet Explorer 11.0, or Firefox 39.0 to 49.0
    V200R011C10 Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 53.0 to 59.0, or Google Chrome 54.0 to 66.0
    V200R012(C00&C20) Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 53.0 to 59.0, or Google Chrome 54.0 to 66.0
    V200R013C00 Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 58.0 to 62.0, or Google Chrome 60.0 to 69.0
    Figure 4-17  Web system login page

  4. Verify the configuration.

    Log in to the switch through the web system. The login succeeds.

    Run the display http server command to view the status of the HTTPS server.

    [HTTPS_Server] display http server
       HTTP Server Status              : enabled
       HTTP Server Port                : 80(80)
       HTTP Timeout Interval           : 20
       Current Online Users            : 0
       Maximum Users Allowed           : 5
       HTTP Secure-server Status       : enabled
       HTTP Secure-server Port         : 443(443)
       HTTP SSL Policy                 : Default
       HTTP IPv6 Server Status         : disabled
       HTTP IPv6 Server Port           : 80(80)
       HTTP IPv6 Secure-server Status  : disabled
       HTTP IPv6 Secure-server Port    : 443(443)
       HTTP server source address      : 0.0.0.0

Configuration Files

HTTPS_Server configuration file

#
sysname HTTPS_Server
#
vlan batch 10
#
aaa
 local-user admin password irreversible-cipher %#%#wU:(2j8~r8Htyu3.]',NwU`Td[-A9~9"%4Kvhm'0RV[/U`Ww%#%#
 local-user admin privilege level 15
 local-user admin service-type http
#
interface Vlanif10
 ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/10
 port link-type access
 port default vlan 10
#
return
Download
Updated: 2019-04-20

Document ID: EDOC1000069520

Views: 657273

Downloads: 29805

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next