Enable the Web Management Interface
About this task
Enable the web management interface to provide management access to the switch using a web browser.
HTTP and HTTPS, and FTP support both IPv4 and IPv6 addresses, with no difference in functionality or configuration.
Important
To enable HTTP access to the device, you must disable the web server secure-only option. To enable HTTPS access to the device, the web server secure-only option is enabled by default. The TFTP server supports both IPv4 and IPv6 TFTP clients.
Procedure
Example
Enable the web-server.
Switch:1>enable Switch:1#configure terminal Switch:1(config)#web-server enable Switch:1(config)#web-server read-only-user enable Switch:1(config)#web-server password rwa smith2 Enter the New password : ******** Re-enter the New password : ******** Password changed. Switch:1(config)#web-server password ro jones6 Enter the New password : ******** Re-enter the New password : ******** Password changed.
Switch:1(config)#show web-server Web Server Info : Status : off Secure-only : enabled TLS-minimum-version : tlsv12 RO Username Status : disabled RO Username : user RO Password : ******** RWA Username : admin RWA Password : ******** Def-display-rows : 30 Inactivity timeout : 900 sec Html help tftp source-dir : HttpPort : 80 HttpsPort : 443 NumHits : 0 NumAccessChecks : 0 NumAccessBlocks : 0 NumRxErrors : 0 NumTxErrors : 0 NumSetRequest : 0 Minimum password length : 8 Last Host Access Blocked : 0.0.0.0 In use certificate : Self signed Certificate Truspoint CA Name : Certificate with Subject Name : 823 Ciphers-Tls : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA SSL renegotiation : enabled
Variable Definitions
Use the data in the following table to use the web-server command.
Variable |
Value |
---|---|
def-display-rows <10-100> |
Configures the number of rows each page displays, between 10 and 100. |
enable |
Enables the web interface. To disable the web server, use the no form of this command: no web-server [enable] |
help-tftp <WORD/0-256> |
Configures the TFTP or FTP directory for Help files, in one of the following formats: a.b.c.d:/| peer:/ [<dir>]. The path can use 0–256 characters. The following example paths illustrate the correct format:
|
http-port <80-49151> |
Configures the web server HTTP port. The default port is 80. |
https-port <443-49151> |
Configure the web server HTTPS port. The default port is 443. |
inactivity-timeout<30–65535> |
Configures the web-server session inactivity timeout. The default is 900 seconds (15 minutes). |
password {ro | rwa} WORD<1-20> |
Configures the logon and password for the web interface. |
password min-passwd-len<1–32> |
Configures the minimum password length. By default, the minimum password length is 8 characters. |
read-only-user |
Enables read-only user for the web server. |
secure-only |
Enables secure-only access for the web server. |
ssl-renegotiation |
Enables SSL renegotiation in the web server. To disable SSL renegotiation, use the no form of this command: no web-server ssl-renegotiation The default is enabled. |
tls-min-ver<tlsv10|tlsv11|tlsv12> |
Configures the minimum version of the TLS protocol supported by the web-server. You can select among the following:
The default is tlsv12. |