Configure the Web Server
Perform this procedure to enable and manage the web server using the Command Line Interface (CLI). After you enable the web server, you can connect to EDM.
About this task
This procedure assumes that you use the default port assignments. You can change the port number used for HTTP and HTTPS.
Important
To enable HTTP access to the device, you must disable the secure-only option. To enable HTTPS access to the device, the secure-only option is enabled by default.
Procedure
-
Enable the web
server:
web-server enable
Important
When you enable the web management interface using the web-server enable command, the system prompts you to change the admin and read-only user default passwords. If you do not change the default passwords, you are prompted to change them every time you use the web-server enable command.
Example
Switch:1>show web-server
Web Server Info :
Status : on
Secure-only : enabled
TLS-minimum-version : tlsv12
RO Username Status : enabled
RO Username : user
RO Password : ********
RWA Username : admin
RWA Password : ********
Def-display-rows : 30
Inactivity timeout : 900 sec
Html help tftp source-dir :
HttpPort : 80
HttpsPort : 443
NumHits : 0
NumAccessChecks : 0
NumAccessBlocks : 0
NumRxErrors : 0
NumTxErrors : 0
NumSetRequest : 0
Minimum password length : 8
Last Host Access Blocked : 0.0.0.0
In use certificate : Self signed
Certificate Truspoint CA Name :
Certificate with Subject Name : 823
Ciphers-Tls : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA
SSL renegotiation : enabled
Variable Definitions
Use the data in the following table to use the web-server command.
|
Variable |
Value |
|---|---|
|
def-display-rows <10-100> |
Configures the number of rows each page displays. The default is 30. |
|
enable |
Enables the web interface. The default is disabled. |
|
help-tftp <WORD/0-256> |
Configures the TFTP or FTP directory for Help files, in one of the following formats: a.b.c.d:/| peer:/ [<dir>]. The path can use 0–256 characters. The following example paths illustrate the correct format:
|
|
http-port <80-49151> |
Configures the web server HTTP port. The default port is 80. |
|
https-port <443-49151> |
Configure the web server HTTPS port. The default port is 443. |
|
inactivity-timeout<30–65535> |
Configures the web-server session inactivity timeout. The default is 900 seconds (15 minutes). |
|
password {ro | rwa} WORD<1-20> |
Configures the user names and passwords for the web interface. The default user name for the RO account is user. The default user name for the RWA account is admin. |
|
password min-passwd-len<1–32> |
Configures the minimum password length. By default, the minimum password length is 8 characters. |
|
read-only-user |
Enables read-only user for the web server. The default is disabled. |
|
secure-only |
Enables secure-only access for the web server. |
| ssl-renegotiation |
Enables SSL renegotiation in the web server. The default is enabled. |
|
tls-min-ver<tlsv10|tlsv11|tlsv12> |
Configures the minimum version of the TLS protocol supported by the web-server. You can select among the following:
The default is tlsv12. |