Procedure

1. Configure a web user.
   1. Run system-view

      The system view is displayed.

   2. Run aaa

      The AAA view is displayed.

   3. Run local-user user-name password irreversible-cipher password

      A local user name and a password are configured.

      The default username and password are available in S Series Switches Default Usernames and Passwords (Enterprise Network or Carrier). If you have not obtained the access permission of the document, see Help on the website to find out how to obtain it.

      If you have logged in to the device through the CLI and changed the password of the default user, the changed password takes effect.

   4. Run local-user user-name service-type http

      The access type of the local user is set to HTTP.

      By default, no access type is configured for a local user.

   5. Run local-user user-name privilege level level

      The local user level is set.

      The default username and password are available in S Series Switches Default Usernames and Passwords (Enterprise Network or Carrier). If you have not obtained the access permission of the document, see Help on the website to find out how to obtain it.

      Users of level 3 or higher are administrator users and have all operation rights of a web page. Users of level 2 or lower are monitoring users and can perform only ping and tracert operations.

      After logging in to the web system, monitoring users receive a message, showing their current level and prompting them to raise their user level.

      Figure 7-2  Message received by a monitoring user logging in to the web system
      

2. Log in to the web system.
   1. Open the web browser on a PC, enter https://IP address in the address box, and press Enter. The web system login page is displayed. Enter the web user name and password and select a language for the web system, as shown in Figure 7-3.

      IP address specifies the device's management IP address, which can be an IPv4 or IPv6 address, depending on the HTTPS service type.

      To ensure compatibility, a user logging in through HTTP is redirected to https://IP address if the user enters http://IP address in the address box.

      Figure 7-3  Web system login page
      
      • The operating system required for web system login must be the Windows 7.0, Windows 8.0, Windows 8.1, Windows 10.0, or iOS operating system.
      • To log in to the Web system, you must use Microsoft Edge, Internet Explorer 10.0, Internet Explorer 11.0, Firefox 53.0 to 59.0, or Google Chrome 54.0 to 66.0. If the browser version or browser patch version is not within the preceding ranges, the web page may not be properly displayed. Upgrade the browser and browser patch. In addition, the browser must support JavaScript.
      • When logging in to the web system using the Internet Explorer, ensure that active scripting in the Security tab page is enabled; otherwise, an exception may occur during web system login.
      • The best resolution of the display for web system login is 1316px. If the resolution is less than 1280px, the system displays a prompt message.
      • By default, the earliest SSL version used in SSL policies on the device is TLS1.1. When logging in to the device through the web system, ensure that the SSL version supported by the browser is the same as that supported by the device; otherwise, an exception may occur during web system login. It is recommended that you upgrade the browser based on the displayed page or modify the SSL configuration. Take the Internet Explorer as an example. Choose Tools > Internet Options, and click the Advanced tab to view and select the SSL version.
      • If you use Internet Explorer 8.0 running on Windows XP to log in to the web system, you must configure the RC4 algorithm for the customized SSL cipher suite policy. Otherwise, you will be unable to log in to the web system. To perform this configuration, run the set cipher-suite { tls1_ck_rsa_with_aes_256_sha | tls1_ck_rsa_with_aes_128_sha | tls1_ck_rsa_rc4_128_sha | tls1_ck_dhe_rsa_with_aes_256_sha | tls1_ck_dhe_dss_with_aes_256_sha | tls1_ck_dhe_rsa_with_aes_128_sha | tls1_ck_dhe_dss_with_aes_128_sha | tls12_ck_rsa_aes_256_cbc_sha256 } command.
      • The web system identifies device information based on the Item value in the device's electronic label, but the device hardware driver determines whether to start the device based on the BarCode value. Since the values of BarCode and Item may not be the same, the web system may not read or display the card information.
      • The web system does not support back, forward, and refresh buttons of the browser. You may return to the login page when you use the buttons.
      • If you log in to the Web systems with the same IP address through multiple windows on a browser, only the latest login is saved. If the Web systems have the same IP address and the same port number, the latest login account is displayed on earlier web pages after all the windows are refreshed. If the Web systems have the same IP address but different port numbers, timeout messages are displayed on earlier web pages after all the windows are refreshed.
      • If the software version of the device changes (for example, the device software is upgraded or rolled back), clear the browser cache before using the web system. Otherwise, the web page may be displayed incorrectly.
      • You can click Open Source software Notice to view details of the open source software notice.

   2. Access the password change page of the web system.

      On the web system login page, click GO or press Enter to access the password change page, as shown in Figure 7-4. Change the password and re-log in to the web system as prompted. You can manage and maintain the device after logging in to the web system.

      Figure 7-4  Password change page of the web system
      
      • The password change page is displayed during the login process only the first time you log in to the web system.
      • The password change page is also displayed if your password will expire or has expired. To access the web system main page, you must change the password.
      • For security purposes, a password must contain at least two types of the following: lowercase letters, uppercase letters, digits, and special characters (such as ! $ # %). In addition, the password cannot contain spaces or single quotation marks (').

   3. (Optional) Change the default user password.

      If you are logged in as an administrator, the system prompts you to change this password. Figure 7-5 shows the prompt. Click Confirm to display the User Management page on which you can change the password of the default user. The default username and password are available in S Series Switches Default Usernames and Passwords (Enterprise Network or Carrier). If you have not obtained the access permission of the document, see Help on the website to find out how to obtain it. Changing this password is recommended to improve security.

      Figure 7-5  Changing the default user
      

      • Only when you log in to the web system as an administrator user (level 3 or higher), the dialog box is displayed.

      • A secure password should contain at least two types of the following: lowercase letters, uppercase letters, numerals, special characters (such as ! $ # %). In addition, the password cannot contain spaces or single quotation marks (').