< Home

Example for Configuring Switch Login Through the Web System (V200R005)

Overview

The web system uses the built-in web server on a switch to provide a GUI through which users can perform switch management and maintenance. Users can log in to the web system from terminals using HTTPS.

The web system is available in EasyOperation and Classics versions.
  • The EasyOperation version provides rich graphics and a more user-friendly UI on which users can perform monitoring, configuration, maintenance, and other network operations.
  • The Classics version inherits the web page style of Huawei switches and provides comprehensive configuration and management functions.

Configuration Notes

This example applies to V200R005 of all S series switches.

The following uses the command lines and outputs of the S5700-HI running V200R005 as an example.

Networking Requirements

As shown in Figure 1, a switch functions as the HTTPS server. The user wants to log in to the web system using HTTPS to manage and maintain the switch.

Figure 1 Networking diagram for configuring switch login through the web system

Configuration Roadmap

A switch provides a default SSL policy and has a randomly generated self-signed digital certificate in the web page file. If the default SSL policy and self-signed digital certificate can meet security requirements, you do not need to upload a digital certificate or manually configure an SSL policy, simplifying configuration. The following configuration uses the default SSL policy provided by the switch as an example.

The system software of the following switch models in V200R005 has integrated and loaded the web page file (including the EasyOperation and Classics editions). You only need to configure a web user and enter the web system login page.
  • Modular switch: all models
  • Fixed switch: S2750, S5700-LI, S5700S-LI

The Classics web page file has been loaded on the S5700-SI, S5700-EI, S5710-EI, S5700-HI, S5710-HI, and S6700-EI in V200R005, and has been loaded. To use the Classics web system, you only need to configure a web user and enter the web system login page. To use the EasyOperation web system, perform the configuration based on the following roadmap:

  1. Configure a management IP address for remotely transferring files and logging in to the switch through the web system.

  2. Upload the web page file to the HTTPS server through FTP.

  3. Load the web page file.

  4. Configure a web user and enter the web system login page.

FTP is an insecure protocol. Using SFTP V2, SCP, or FTPS is recommended.

Procedure

  1. Obtain the web page file.

    The following methods are available:
    • Obtain the web page file from a Huawei agent.
    • Download the web page file from the Huawei enterprise technical support website (http://support.huawei.com/enterprise).

      • For a fixed switch, download the system software containing the web page file.

      • For a modular switch, download the web page file.

      • In V200R005, the web page file is named in the format of product name-software version.web page file version.web.7z.

    Check whether the size of the obtained web page file is the same as the file size displayed on the website. If not, an exception may occur during file download. Download the file again.

  2. Configure a management IP address. 

    <HUAWEI> system-view
[HUAWEI] sysname HTTPS_Server
[HTTPS_Server] vlan 10
[HTTPS_Server-vlan10] quit
[HTTPS_Server] interface vlanif 10   //Configure VLANIF 10 as the management interface.
[HTTPS_Server-Vlanif10] ip address 192.168.0.1 24   //Configure the IP address and deploy the route based on the network plan to ensure reachability between the PC and switch.
[HTTPS_Server-Vlanif10] quit
[HTTPS_Server] interface gigabitethernet 0/0/10   //In this example, GE0/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements.
[HTTPS_Server-GigabitEthernet0/0/10] port link-type access   //Set the interface type to access.
[HTTPS_Server-GigabitEthernet0/0/10] port default vlan 10   //Add the interface to VLAN 10.
[HTTPS_Server-GigabitEthernet0/0/10] quit

  3. Upload the web page file to the HTTPS server through FTP.

    # Configure VTY user interfaces on the HTTPS server.

    [HTTPS_Server] user-interface vty 0 14   //Enter VTY user interfaces 0 to 14.
[HTTPS_Server-ui-vty0-14] authentication-mode aaa   //Set the authentication mode of users in VTY user interfaces 0 to 14 to AAA.
[HTTPS_Server-ui-vty0-14] quit

    # Configure the FTP function for the switch and information about an FTP user, including the password, user level, service type, and authorized directory.

    [HTTPS_Server] ftp server enable   //Enable the FTP server function.
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789   //Set the login password to Helloworld@6789.
[HTTPS_Server-aaa] local-user client001 privilege level 15   //Set the user level to 15.
[HTTPS_Server-aaa] local-user client001 service-type ftp   //Set the user service type to FTP.
[HTTPS_Server-aaa] local-user client001 ftp-directory flash:/   //Set the FTP authorized directory to flash:/.
[HTTPS_Server-aaa] quit

    # Log in to the HTTPS server from the PC through FTP and upload the web page file to the HTTPS server.

    Connect the PC to the switch using FTP. Enter the user name client001 and password Helloworld@6789 and set the file transfer mode to binary.

    The following example assumes that the PC runs the Windows XP operating system.

    C:\Documents and Settings\Administrator> ftp 192.168.0.1
Connected to 192.168.0.1.
220 FTP service ready.
User (192.168.0.1:(none)): client001
331 Password required for client001.
Password:
230 User logged in.
ftp> binary   //Set the file transfer mode to binary. By default, files are transferred in ASCII mode.
200 Type set to I.
ftp>

    Upload the web page file to the HTTPS server from the PC.

    ftp> put web.7z    //Upload the web page file. The web.7z file is used as an example here.
200 Port command okay.
150 Opening BINARY mode data connection for web.zip
226 Transfer complete.
ftp: 1308478 bytes sent in 11 Seconds 4.6Kbytes/sec.

    If the size of the web page file in the current directory on the switch is different from that on the PC, an exception may occur during file transfer. Upload the web page file again.

  4. Load the web page file.

    # Load the web page file.

    [HTTPS_Server] http server load web.7z    //Load the web page file.

  5. Enable the HTTPS service. 

    [HTTPS_Server] http secure-server enable    //The HTTPS service is enabled by default and does not require manual configuration. If the HTTPS service is manually disabled, run this command to enable it.

  6. Configure a web user and enter the web system login page.

    # Configure a web user.

    [HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user admin password irreversible-cipher Helloworld@6789    //Set the login password to Helloworld@6789.
[HTTPS_Server-aaa] local-user admin privilege level 15    //Set the user level to 15.
[HTTPS_Server-aaa] local-user admin service-type http    //Set the user service type to HTTP.
[HTTPS_Server-aaa] quit

    # Enter the web system login page.

    Open the web browser on the PC, type https://192.168.0.1 in the address box, and press Enter. The web system login page is displayed, as shown in Figure 2.

    In V200R005C00&C01&C02 version, You can log in to the web system using the Internet Explorer 8.0 to Internet Explorer 10.0, Firefox12.0 to Firefox26.0, or Google Chrome 23.0 to Google Chrome 32.0 browsers. If the browser version does not meet the preceding version requirements, the web page may be displayed abnormally. The web browser is required to support Javascript.

    In V200R005C03 version, You can log in to the web system using the Internet Explorer 10.0 to Internet Explorer 11.0, Firefox35.0 to Firefox41.0, or Google Chrome 34.0 to Google Chrome 45.0 browsers. If the browser version does not meet the preceding version requirements, the web page may be displayed abnormally. The web browser is required to support Javascript.

    Enter the web user name admin and password Helloworld@6789, and click GO or press Enter. The web system home page is displayed. The EasyOperation web system is logged in by default.

    Figure 2 Web system login page

  7. Verify the configuration.

    Log in to the switch through the web system. The login succeeds.

    Run the display http server command to view the status of the HTTPS server.

    [HTTPS_Server] display http server
   HTTP Server Status              : enabled
   HTTP Server Port                : 80(80)
   HTTP Timeout Interval           : 20
   Current Online Users            : 0
   Maximum Users Allowed           : 5
   HTTP Secure-server Status       : enabled
   HTTP Secure-server Port         : 443(443)
   HTTP SSL Policy                 : Default
   HTTP IPv6 Server Status         : disabled
   HTTP IPv6 Server Port           : 80(80)
   HTTP IPv6 Secure-server Status  : disabled
   HTTP IPv6 Secure-server Port    : 443(443)

Configuration Files

HTTPS_Server configuration file

#
sysname HTTPS_Server
#
FTP server enable
#
vlan batch 10
#
http server load web.7z
#
aaa
 local-user admin password irreversible-cipher %@%@wU:(2j8~r8Htyu3.]',NwU`Td[-A9~9"%4Kvhm'0RV[/U`Ww%@%@
 local-user admin privilege level 15
 local-user admin service-type http
 local-user client001 password irreversible-cipher %@%@5d~9:M^ipCfL\iB)EQd>,,ajwsi[\ad,saejin[qndi83Uwe%@%@
 local-user client001 privilege level 15
 local-user client001 ftp-directory flash:/
 local-user client001 service-type ftp
#
interface Vlanif10
 ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/10
 port link-type access
 port default vlan 10
#
user-interface vty 0 14
 authentication-mode aaa
#
return

Related Content

Videos

Log In to a Switch Using the Web System.

Configure a Switch Using the Web System.

Parent Topic: Example for Configuring Switch Login Through the Web System
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >