No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Configuration Guide - Basic Configuration

This document describes the configurations of Basic, including CLI Overview, EasyDeploy Configuration, USB-based Deployment Configuration, Logging In to a Device for the First Time, CLI Login Configuration, Web System Login Configuration, File Management, Configuring System Startup, ISSU Configuration, BootLoad Menu Operation.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of Web System Login

Overview of Web System Login

Definition

The web system is a GUI-based device-management tool that helps provision the device, simplify device deployment and manageability, and improve user experience. You can use the Web system to build configurations, and monitor and troubleshoot the device without having CLI expertise.

Purpose

You can manage a switch through a web system or a CLI. The CLI enables you to implement fine-grained device management through commands. However, you must be familiar with the command syntax and understand how the CLI operates. The web system provides only basic routine maintenance and management functions. You can use the CLI or web system according to your management requirements.

To use the CLI, you must log in to the switch through a console port or a mini USB port, or using Telnet or STelnet. To use the web system, you must log in to the switch through HTTPS.

For details about how to log in to a switch through a console port or a mini USB port, or using Telnet or STelnet, see CLI Login Configuration.

Concepts of Web System Login

Concepts involved in web system login are described as follows:
  • HTTP

    Hypertext Transfer Protocol (HTTP) is used to transfer web page files over the Internet. It runs at the application layer of the TCP/IP protocol stack. The transport layer uses the connection-oriented TCP protocol. Due to the security vulnerability of HTTP, devices only allow you to log in to the web system through the more secure Hypertext Transfer Protocol Secure (HTTPS).

  • HTTPS

    HTTPS uses secure sockets layer (SSL) to encrypt data exchanged between the client and device and defines access control policies based on certificate attributes. HTTPS enhances data integrity and transmission security, ensuring that only authorized clients can log in to the device.

  • SSL policy

    An SSL policy defines parameters that the device uses during startup. Before HTTPS configuration, the SSL policy needs to be deployed and the corresponding digital certificate is loaded on the device. The SSL policy takes effect only after it is applied to application layer protocols, such as HTTP.

  • Digital certificate

    A digital certificate is issued by a certificate authority (CA) and uses a digital signature to bind a public key with an identity (applicant who possesses the certificate). The digital certificate includes information such as the applicant name, public key, digital signature of the CA, and validity period of the digital certificate. Digital certificates validate the identities of two communicating parties to improve communication reliability.

  • CA

    A CA issues, manages, and revokes digital certificates by checking the validity of digital certificate owners, issuing digital certificates to prevent eavesdropping and tampering, and managing keys. A worldwide trusted CA is called a root CA. The root CA can authorize other CAs as subordinate CAs. CA identity needs to be verified and is described in a trusted-CA file.

    For example, CA1 is a root CA. It issues a certificate for CA2, which can then issue a certificate for CA3. This process continues until the final server certificate is issued.

    Assume that CA3 issues the server certificate. A certificate authentication process on the client starts from server certificate authentication:
    • The client first verifies the validity of the server certificate based on the CA3 certificate.
    • The client then checks the CA2 certificate to verify the validity of the CA3 certificate.
    • The client then checks the CA1 certificate to verify the validity of the CA2 certificate.
    • The server certificate passes the authentication only if the CA2 certificate is verified as being valid according to the CA1 certificate.

    Figure 7-1 shows the certificate issuing and authentication processes.

    Figure 7-1  Certificate issuing and authentication
  • Certificate Revocation List (CRL)

    A CRL is issued by a CA and specifies a list of certificates that have been revoked.

    Each digital certificate has a limited lifetime and a CA can revoke a digital certificate to shorten its lifetime. The validity period of a certificate specified in the CRL is shorter than the original validity period of the certificate. If a CA revokes a digital certificate, the key pair defined in the certificate can no longer be used even if the digital certificate has not expired. When a certificate expires, it is deleted from the CRL.

You can load the CRL and a certificate (trust certificate) with a higher level than the digital certificate on your PC. If not loaded, you are prompted to trust the server when establishing a connection with a web server. After the connection is established successfully, the PC cannot immediately verify the digital certificate on the server. However, data transmitted between the PC and server is confidential. To ensure that you are connecting to a valid web server, you can load a trust certificate and CRL on the PC. For details on how to load trust certificates, refer to the help information in the operating system.
Translation
Download
Updated: 2019-04-08

Document ID: EDOC1100065643

Views: 10950

Downloads: 35

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next