Example for Configuring Switch Login Through the Web System (V100R006C05&V200R002&V200R003)

Overview

The web system uses the built-in web server on a switch to provide a GUI through which users can perform switch management and maintenance. Users can log in to the web system from terminals using HTTPS.

Configuration Notes

This example applies to V100R006C05, V200R002, and V200R003 of all S series switches.

The following uses the command lines and outputs of the S5700-EI running V200R002C00 as an example.

Networking Requirements

As shown in Figure 1, a switch functions as the HTTPS server. The user wants to log in to the web system using HTTPS to manage and maintain the switch.

Figure 1 Networking diagram for configuring switch login through the web system

Configuration Roadmap

The configuration roadmap is as follows:

The web page file is delivered with a switch. For all switches in V100R006C05&V200R002 and S5700-10P-LI switches in V200R003C00, you need to load the web page file. Fixed switches excluding S5700-10P-LI in V200R003 have loaded the web page file before delivery. Step 2 can be skipped.

A switch provides a default SSL policy and has a randomly generated self-signed digital certificate in the web page file. If the default SSL policy and self-signed digital certificate can meet security requirements, you do not need to upload a digital certificate or manually configure an SSL policy, simplifying configuration. The following configuration uses the default SSL policy provided by the switch as an example.

Configure a management IP address for logging in to the switch through the web system.
Load the web page file.
Configure a web user and enter the web system login page.

Procedure

Configure a management IP address.

<HUAWEI> system-view
[HUAWEI] sysname HTTPS_Server
[HTTPS_Server] vlan 10
[HTTPS_Server-vlan10] quit
[HTTPS_Server] interface vlanif 10    //Configure VLANIF 10 as the management interface.
[HTTPS_Server-Vlanif10] ip address 192.168.0.1 24    //Configure the IP address and deploy the route based on the network plan to ensure reachability between the PC and switch.
[HTTPS_Server-Vlanif10] quit
[HTTPS_Server] interface gigabitethernet 1/0/10    //In this example, GE1/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements.
[HTTPS_Server-GigabitEthernet1/0/10] port link-type access    //Set the interface type to access.
[HTTPS_Server-GigabitEthernet1/0/10] port default vlan 10    //Add the interface to VLAN 10.
[HTTPS_Server-GigabitEthernet1/0/10] quit

Load the web page file.
- Run the dir command to view the name of the web page file carried by the switch.
- In V100R006C05, the web page file is named in the format of product name-software version.web page file version.web.zip. In V200R002 and V200R003, the web page file is named in the format of product name-software version.web page file version.web.7z.
```
[HTTPS_Server] http server load web.7z    //Upload the web page file. The web.7z file is used as an example here.
```

Enable the HTTPS service.

[HTTPS_Server] http secure-server enable    //The HTTPS service is enabled by default and does not require manual configuration. If the HTTPS service is manually disabled, run this command to enable it.

Configure a web user and enter the web system login page.
# Configure a web user.
```
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user admin password cipher Helloworld@6789   //Create a local user named admin and set its password to Helloworld@6789.
[HTTPS_Server-aaa] local-user admin privilege level 15   //Set the user level to 15.
[HTTPS_Server-aaa] local-user admin service-type http   //Set the access type to http, that is, web user.
[HTTPS_Server-aaa] quit
```
# Enter the web system login page.

Open the web browser on the PC, type https://192.168.0.1 in the address box, and press Enter. The web system login page is displayed, as shown in Figure 2.

You can use the Internet Explorer (6.0 – 9.0), Firefox (3.5 – 17.0) browsers to log in to the web system for V100R006C05, use the Internet Explorer (8.0), Firefox (3.6) browsers to log in to the web system for V200R001C00, use the Internet Explorer (6.0 – 9.0), Firefox (3.5 – 17.0) browsers to log in to the web system for V2100R003C00. If the browser version or browser patch version is not within the preceding ranges, the web page may be displayed incorrectly. Additionally, the web browser used to log in to the web system must support JavaScript.

Enter the user name, password, and verification code. Click Login. The web system home page is displayed.

Figure 2 Web system login page

Verify the configuration.

Run the display http server command to view the status of the HTTPS server.

[HTTPS_Server] display http server
   HTTP Server Status              : enabled
   HTTP Server Port                : 80(80)
   HTTP Timeout Interval           : 20
   Current Online Users            : 0
   Maximum Users Allowed           : 5
   HTTP Secure-server Status       : enabled
   HTTP Secure-server Port         : 443(443)
   HTTP SSL Policy                 : Default

Configuration Files

HTTPS_Server configuration file

#
sysname HTTPS_Server
#
vlan batch 10
#
http server load web.7z
#
aaa
 local-user admin password cipher %$%$+8;_RIkI680;]{;b/Vo&T/l>%$%$ 
 local-user admin privilege level 15
 local-user admin service-type http
#
interface Vlanif10
 ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/10
 port link-type access
 port default vlan 10
#
return