Enable the Web Management Interface
About this task
Enable the web management interface to provide management access to the switch using a web browser. This procedure assumes this is the first time you enable the web server on a switch with default passwords.
The system prompts you to change the admin and read-only user default passwords when you use the web-server enable command to enable the web management interface.
Important
To enable HTTP access to the device, you must disable the web server secure-only option. To enable HTTPS access to the device, the web server secure-only option is enabled by default.
Procedure
Examples
Enable the web server for the first time on a new switch:
Switch:1>enable Switch:1#configure terminal Switch:1(config)#web-server enable Default password is set for the admin account. Please set a new password to enable WebServer. Enter the New password : ******** Re-enter the New password : ******** Password changed. Default password is set for the ro account. Please set a new password to enable WebServer. Enter the New password : ******** Re-enter the New password : ******** Password changed. Switch:1(config)#web-server read-only-user enable
Switch:1>show web-server
Web Server Info :
Status : on
Secure-only : enabled
TLS-minimum-version : tlsv12
RO Username Status : enabled
RO Username : user
RO Password : ********
RWA Username : admin
RWA Password : ********
Def-display-rows : 30
Inactivity timeout : 900 sec
Html help tftp source-dir :
HttpPort : 80
HttpsPort : 443
NumHits : 0
NumAccessChecks : 0
NumAccessBlocks : 0
NumRxErrors : 0
NumTxErrors : 0
NumSetRequest : 0
Minimum password length : 8
Last Host Access Blocked : 0.0.0.0
In use certificate : Self signed
Certificate Truspoint CA Name :
Certificate with Subject Name : 823
Ciphers-Tls : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA
SSL renegotiation : enabled
Variable Definitions
Use the data in the following table to use the web-server command.
|
Variable |
Value |
|---|---|
|
def-display-rows <10-100> |
Configures the number of rows each page displays. The default is 30. |
|
enable |
Enables the web interface. The default is disabled. |
|
help-tftp <WORD/0-256> |
Configures the TFTP or FTP directory for Help files, in one of the following formats: a.b.c.d:/| peer:/ [<dir>]. The path can use 0–256 characters. The following example paths illustrate the correct format:
|
|
http-port <80-49151> |
Configures the web server HTTP port. The default port is 80. |
|
https-port <443-49151> |
Configure the web server HTTPS port. The default port is 443. |
|
inactivity-timeout<30–65535> |
Configures the web-server session inactivity timeout. The default is 900 seconds (15 minutes). |
|
password {ro | rwa} WORD<1-20> |
Configures the user names and passwords for the web interface. The default user name for the RO account is user. The default user name for the RWA account is admin. |
|
password min-passwd-len<1–32> |
Configures the minimum password length. By default, the minimum password length is 8 characters. |
|
read-only-user |
Enables read-only user for the web server. The default is disabled. |
|
secure-only |
Enables secure-only access for the web server. |
| ssl-renegotiation |
Enables SSL renegotiation in the web server. The default is enabled. |
|
tls-min-ver<tlsv10|tlsv11|tlsv12> |
Configures the minimum version of the TLS protocol supported by the web-server. You can select among the following:
The default is tlsv12. |