S600-E Series Switches Typical Configuration Examples
Example for Configuring Switch Login Through the Web System
Example for Configuring Switch Login Through the Web System
Overview
The web system uses the built-in web server on a switch to provide a GUI through which users can perform switch management and maintenance. Users can log in to the web system from terminals using HTTPS.
- The EasyOperation version provides rich graphics and a more user-friendly UI on which users can perform monitoring, configuration, maintenance, and other network operations.
- The Classics version inherits the web page style of Huawei switches and provides comprehensive configuration and management functions.
In V200R011C10 and later versions, the Classics version is not supported.
Networking Requirements
As shown in Figure 2-8, a switch functions as the HTTPS server. The user wants to log in to the web system using HTTPS to manage and maintain the switch.
Configuration Roadmap
The configuration roadmap is as follows:
The system software of the switch has integrated and loaded the web page file. No manual configuration is required.
A switch provides a default SSL policy and has a randomly generated self-signed digital certificate in the web page file. If the default SSL policy and self-signed digital certificate can meet security requirements, you do not need to upload a digital certificate or manually configure an SSL policy, simplifying configuration. The following configuration uses the default SSL policy provided by the switch as an example.
Configure a management IP address for logging in to the switch through the web system.
Configure a web user and enter the web system login page.
Procedure
- Configure a management IP address.
<HUAWEI> system-view [HUAWEI] sysname HTTPS_Server [HTTPS_Server] vlan 10 [HTTPS_Server-vlan10] quit [HTTPS_Server] interface vlanif 10 //Configure VLANIF 10 as the management interface. [HTTPS_Server-Vlanif10] ip address 192.168.0.1 24 //Configure the IP address and deploy the route based on the network plan to ensure reachability between the PC and switch. [HTTPS_Server-Vlanif10] quit [HTTPS_Server] interface gigabitethernet 0/0/10 //In this example, GE0/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements. [HTTPS_Server-GigabitEthernet0/0/10] port link-type access //Set the interface type to access. [HTTPS_Server-GigabitEthernet0/0/10] port default vlan 10 //Add the interface to VLAN 10. [HTTPS_Server-GigabitEthernet0/0/10] quit
- Enable the HTTPS service.
[HTTPS_Server] http secure-server enable //The HTTPS service is enabled by default and does not require manual configuration. If the HTTPS service is manually disabled, run this command to enable it. [HTTPS_Server] http server-source -i Vlanif 10 //Set the source interface of the server to VLANIF 10 so that the client can connect to the server through 192.168.0.1. - Configure a web user and enter the web system login page.
# Configure a web user.
[HTTPS_Server] aaa [HTTPS_Server-aaa] local-user admin password irreversible-cipher Helloworld@6789 //Set the login password to Helloworld@6789. [HTTPS_Server-aaa] local-user admin privilege level 15 //Set the user level to 15. Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N]Y [HTTPS_Server-aaa] local-user admin service-type http //Set the user service type to HTTP. [HTTPS_Server-aaa] quit
# Enter the web system login page.
Open the web browser on the PC, type https://192.168.0.1 in the address box, and press Enter. The web system login page is displayed, as shown in Figure 2-9.
You are advised to use Firefox or Google Chrome of the latest version to log in to the web system. If the browser version is too early, the web page may be displayed improperly. Additionally, the web browser used to log in to the web system must support JavaScript.
Enter the web user name admin and password Helloworld@6789, and click GO or press Enter. The web system home page is displayed. The EasyOperation web system is logged in by default.
- Verify the configuration.
Log in to the switch through the web system. The login succeeds.
Run the display http server command to view the status of the HTTPS server.
[HTTPS_Server] display http server HTTP Server Status : enabled HTTP Server Port : 80(80) HTTP Timeout Interval : 20 Current Online Users : 0 Maximum Users Allowed : 5 HTTP Secure-server Status : enabled HTTP Secure-server Port : 443(443) HTTP SSL Policy : Default HTTP IPv6 Server Status : disabled HTTP IPv6 Server Port : 80(80) HTTP IPv6 Secure-server Status : disabled HTTP IPv6 Secure-server Port : 443(443) HTTP server source address : 0.0.0.0 //This field displays HTTP server source interface in V200R020 and later versions.
Configuration Files
HTTPS_Server configuration file
# sysname HTTPS_Server # vlan batch 10 # http server-source -i Vlanif10 # aaa local-user admin password irreversible-cipher %^%#wU:(2j8~r8Htyu3.]',NwU`Td[-A9~9"%4Kvhm'0RV[/U`Ww%^%# local-user admin privilege level 15 local-user admin service-type http # interface Vlanif10 ip address 192.168.0.1 255.255.255.0 # interface GigabitEthernet0/0/10 port link-type access port default vlan 10 # return