Enable the Web Management Interface

About this task

Enable the web management interface to provide management access to the switch using a web browser. This procedure assumes this is the first time you enable the web server on a switch with default passwords.

The system prompts you to change the admin and read-only user default passwords when you use the web-server enable command to enable the web management interface.

Important

Important

To enable HTTP access to the device, you must disable the web server secure-only option. To enable HTTPS access to the device, the web server secure-only option is enabled by default.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Enable the web server:

    web-server enable

  3. Optional: Enter and confirm the passwords for the RWA (admin) and read-only (user) accounts.
  4. Optional: Disable the secure-only option:

    no web-server secure-only

  5. Optional: Enable read-only user:

    web-server read-only-user enable

  6. Save the configuration:

    save config

  7. Display the web server status:

    show web-server

Examples

Enable the web server for the first time on a new switch:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#web-server enable
Default password is set for the admin account.
Please set a new password to enable WebServer.
Enter the New password : ********
Re-enter the New password : ********
Password changed.
Default password is set for the ro account.  
Please set a new password to enable WebServer.
Enter the New password : ********
Re-enter the New password : ********

Password changed.

Switch:1(config)#web-server read-only-user enable
Switch:1>show web-server
Web Server Info :

        Status                    : on
        Secure-only               : enabled
        TLS-minimum-version       : tlsv12
        RO Username Status        : enabled
        RO Username               : user
        RO Password               : ********
        RWA Username              : admin
        RWA Password              : ********
        Def-display-rows          : 30
        Inactivity timeout        : 900 sec
        Html help tftp source-dir :
        HttpPort                  : 80
        HttpsPort                 : 443
        NumHits                   : 0
        NumAccessChecks           : 0
        NumAccessBlocks           : 0
        NumRxErrors               : 0

        NumTxErrors               : 0
        NumSetRequest             : 0
        Minimum password length   : 8
        Last Host Access Blocked  : 0.0.0.0
        In use certificate        : Self signed
        Certificate Truspoint CA Name :
        Certificate with Subject Name : 823

        Ciphers-Tls               : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
                                    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
                                    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
                                    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
                                    TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA
                                    TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA

        SSL renegotiation         : enabled

Variable Definitions

Use the data in the following table to use the web-server command.

Variable

Value

def-display-rows <10-100>

Configures the number of rows each page displays. The default is 30.

enable

Enables the web interface. The default is disabled.

help-tftp <WORD/0-256>

Configures the TFTP or FTP directory for Help files, in one of the following formats: a.b.c.d:/| peer:/ [<dir>]. The path can use 0–256 characters. The following example paths illustrate the correct format:

  • 192.0.2.1:/help

  • 192.0.2.1:/

http-port <80-49151>

Configures the web server HTTP port. The default port is 80.

https-port <443-49151>

Configure the web server HTTPS port. The default port is 443.

inactivity-timeout<30–65535>

Configures the web-server session inactivity timeout. The default is 900 seconds (15 minutes).

password {ro | rwa} WORD<1-20>

Configures the user names and passwords for the web interface. The default user name for the RO account is user. The default user name for the RWA account is admin.

password min-passwd-len<1–32>

Configures the minimum password length. By default, the minimum password length is 8 characters.

read-only-user

Enables read-only user for the web server. The default is disabled.

secure-only

Enables secure-only access for the web server.

ssl-renegotiation

Enables SSL renegotiation in the web server.

The default is enabled.

tls-min-ver<tlsv10|tlsv11|tlsv12>

Configures the minimum version of the TLS protocol supported by the web-server. You can select among the following:

  • tlsv10 – Configures the version to TLS 1.0.

    Note:

    tlsv10 is not supported in enhanced secure mode.

  • tlsv11 – Configures the version to TLS 1.1.

  • tlsv12 – Configures the version to TLS 1.2

The default is tlsv12.