Enable the Web Management Interface
About this task
Enable the web management interface to provide management access to the switch using a web browser. This procedure assumes this is the first time you enable the web server on a switch with default passwords.
The system prompts you to change the admin and read-only user default passwords when you use the web-server enable command to enable the web management interface.
Important
To enable HTTP access to the device, you must disable the web server secure-only option. To enable HTTPS access to the device, the web server secure-only option is enabled by default.
Procedure
Examples
Enable the web server for the first time on a new switch:
Switch:1>enable Switch:1#configure terminal Switch:1(config)#web-server enable Default password is set for the admin account. Please set a new password to enable WebServer. Enter the New password : ******** Re-enter the New password : ******** Password changed. Default password is set for the ro account. Please set a new password to enable WebServer. Enter the New password : ******** Re-enter the New password : ******** Password changed. Switch:1(config)#web-server read-only-user enable
Switch:1>show web-server Web Server Info : Status : on Secure-only : enabled TLS-minimum-version : tlsv12 RO Username Status : enabled RO Username : user RO Password : ******** RWA Username : admin RWA Password : ******** Def-display-rows : 30 Inactivity timeout : 900 sec Html help tftp source-dir : HttpPort : 80 HttpsPort : 443 NumHits : 0 NumAccessChecks : 0 NumAccessBlocks : 0 NumRxErrors : 0 NumTxErrors : 0 NumSetRequest : 0 Minimum password length : 8 Last Host Access Blocked : 0.0.0.0 In use certificate : Self signed Certificate Truspoint CA Name : Certificate with Subject Name : 823 Ciphers-Tls : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA SSL renegotiation : enabled
Variable Definitions
Use the data in the following table to use the web-server command.
Variable |
Value |
---|---|
def-display-rows <10-100> |
Configures the number of rows each page displays. The default is 30. |
enable |
Enables the web interface. The default is disabled. |
help-tftp <WORD/0-256> |
Configures the TFTP or FTP directory for Help files, in one of the following formats: a.b.c.d:/| peer:/ [<dir>]. The path can use 0–256 characters. The following example paths illustrate the correct format:
|
http-port <80-49151> |
Configures the web server HTTP port. The default port is 80. |
https-port <443-49151> |
Configure the web server HTTPS port. The default port is 443. |
inactivity-timeout<30–65535> |
Configures the web-server session inactivity timeout. The default is 900 seconds (15 minutes). |
password {ro | rwa} WORD<1-20> |
Configures the user names and passwords for the web interface. The default user name for the RO account is user. The default user name for the RWA account is admin. |
password min-passwd-len<1–32> |
Configures the minimum password length. By default, the minimum password length is 8 characters. |
read-only-user |
Enables read-only user for the web server. The default is disabled. |
secure-only |
Enables secure-only access for the web server. |
ssl-renegotiation |
Enables SSL renegotiation in the web server. The default is enabled. |
tls-min-ver<tlsv10|tlsv11|tlsv12> |
Configures the minimum version of the TLS protocol supported by the web-server. You can select among the following:
The default is tlsv12. |