- Print
- PDF
Starting the Management Web Interface
Physically Connecting to the Sensor Control
Before logging in to the unit via the Management Web interface, you must first establish communication between your workstation and the Cisco Provider Connectivity Assurance Sensor Control (formerly Skylight sensor: control), which is running on a virtual machine:
- Connect your workstation's LOCAL-1 network interface to the LAN where the physical server (i.e., hypervisor or virtual machine monitor) running the Sensor Control's virtual machine is also located.
- Bridge the LOCAL-1 network interface of the physical server running the Sensor Control's virtual machine to the corresponding interface on the virtual machine.
Once the virtual machine is powered on and actively running, you are ready to log in and configure the Sensor Control for the first time.
Logging In
Once you have established a physical connection to the equipment, you are ready to log in. There are various ways to log in, depending on how the unit has been configured. You would usually connect to the Sensor Control for the first time using the Management port. You would then configure another interface for in-band management through the network.
When logging in for the first time
Assign the Sensor Control a static IP address belonging to the same subnet as the equipment to which you want to log in. The address 192.168.1.254 is used in this procedure.
Start your Web browser and enter the following IP address in the address bar: https://192.168.1.254.
The login page for the Sensor Control opens.
Note: This is the factory default IP address of each instance of the Sensor Control.Login with the default credentials:
- Username: admin
- Password: admin
You will be redirected to a forced password change page.
Change the default password. See Changing the Default Password for more information.
If you are using static IP addresses, modify the Sensor Control instance’s IP address to be unique, thereby avoiding duplicate IP addresses with other factory default units. As an alternative, you can configure the Sensor Control to use DHCP.
For more information on modifying IP addresses, using DHCP, and other options for logical interfaces, refer to Configuring Logical Interfaces.
Changing the Default Password
Upon logging in with the default credentials, you will be redirected to a forced password change page:
Note: This page will not allow access to any other part of the Web UI until the password has been changed.
CAUTION: When logging in initially via the CLI, you are prompted to change the default password while the unit is in the factory-default state. Only the following commands are available until you complete the password change:
edit password
,exit
, board show info
, logout
, firmware version
, session show status
, and configuration changes
. Using other commands returns an error.You can use the
clear password
option to change the password.Enter new password between 1 and 128 characters (all characters are accepted). For specific details, see also, Password Considerations below.
Confirm a new password.
Your password has now been successfully changed.
Example Error Messages
Mismatch Error
If the new password and the confirmation do not match or do not meet the complexity requirements, the user will receive the following error message:
Password Reuse Error
The password can not be identical to the default password admin nor can you select a password you have already used.
Concurrent Password Change Error
If there are multiple sessions attempting the first login password change and one of them is successful, the system shall prevent the other sessions from continuing with the password change process. In this case you will be redirected to the login page with the following error message:
Once you have successfully updated the password, you will will be redirected to the default WebUI home page.
Important
If you try to access any other URL without finishing the initial password change, the system will refuse the request and redirect you to the password change screen.
Logging into the Web Interface
When logging in for the first time (if another logical interface is configured)
Ensure your management station has a route to the equipment.
Launch your Web browser and enter the equipment address in the address bar, e.g. https://192.168.1.25 (or host_name.domain_name if you are using a DNS).
The login page opens.Log in using the admin username and account password.
Password Considerations
The Management Web Interface supports a variety of authentication methods and allows you to set the order in which these methods are applied. You can indicate your preferred authentication order in the System ▶ Session ▶ Configuration page.
The maximum permitted password length varies, depending on the authentication method you specify:
- Local Authentication: 48 characters
- RADIUS Authentication: 48 characters
- TACACS+ Authentication: 64 characters
If you choose to include a fallback method in your authentication order, you must ensure that the user password you choose is valid for all authentication methods that you want to use. For example, if you want to use TACACS+ authentication when logging in—with local authentication as the fallback method—your TACACS+ password cannot exceed 48 characters. Any passwords that are longer than 48 characters will be truncated and unusable by the local authentication system, even if they are supported by the TACACS+ server.
Notes:
If you plan on using a remote server for authentication, you should confirm that the remote system is functional before removing the local authentication.
If you remove local authentication and the remote system is not working, you will lose access to the Sensor Control. To ensure that authentication is working on the remote server, log in then out from the Sensor Control, then access the System ▶ Agent ▶ Syslog page. You should see a syslog message indicating a successful login attempt.
Character Limitations in URLs and User Input Fields
Limitations are in place to prevent utilization of specific special characters in URLs and user inputs fields throughout the Management Web interface. These limitations are:
- The following special characters are not allowed in any user input fields: "&","<", ">", "\n", "\r", "\t ", "'' and " " ".
- The following special characters are not allowed in the URL input: "<", ">", "\n", "\r" and "\t".
Viewing System Information in the Home Page
The home page provides general information about the Sensor Control.
To view the Home page shown in the figure below, select Home in the first level menu.
Home Page
For information on specific parameters displayed on the home page, refer to the following table.
Home Page Parameters (Home)
Parameter | Description |
---|---|
MAC base address | The base MAC address of the Sensor Control. |
Unit identifier | The host name that identifies the Sensor Control on the network. Access the page System ▶ Configuration ▶ DNS to change the host name. |
Firmware version | The version number of the firmware running on the Sensor Control. Access the page System ▶ Maintenance ▶ Firmware to upgrade the firmware. |
Serial number | The serial number assigned to the Sensor Control. |
Virtual machine | The platform on which the Sensor Control virtual machine is running. |
Storage type | Storage type available |
Board Info
Parameter | Description |
---|---|
System uptime | The period of time that has elapsed since the Sensor Control was last restarted, whether it be following a firmware upgrade, a manual reboot or a power cycle. |
System started | The time when the Sensor Control was last powered on, according to the Sensor Control system clock. Access the page System ▶ Configuration ▶ Time to set the system clock. Note: This value is reset when a power cycle is performed on the Sensor Control. |
Modifying the Sensor Control's Unit Identifier (Hostname)
The default host name (or unit identifier) is the serial number assigned to the Sensor Control; it is displayed in the banner at the top of the screen after logging in. You can change the host name to a name more meaningful to your organization or use other DHCP host name options. The Host Name identifies the Sensor Control on the network and can be used when you log in to it, as shown in the figure in the section "About the Management Web Interface".
Note: The host name is also displayed in the CLI prompt and is added to system log entries to help you identify the Sensor Control more clearly.
To modify the Sensor Control's unit identifier
Access the page System ▶ Configuration ▶ DNS.
Enter the new unit identifier in the Host Name field.
Click Apply to save your changes.
For information on specific parameters, refer to the following table.
DNS Parameters (System ▶ Configuration ▶ DNS)
Parameter | Description |
---|---|
Use DHCP results | Enables the use of DNS settings obtained via DHCP. You can then select the interface to use for obtaining DHCP information using the From Interface control. |
Use DHCP6 results | Enables use of DNS settings obtained via DHCPv6. You can then select the interface to use for obtaining DHCPv6 information using From Interface (DHCP6). |
Host name | The name that identifies the Sensor Control on the network. A maximum of 64 alphanumeric characters is supported. The value in this field is only used if DHCP host name is set to Current Hostname. Note: See caution below. |
DHCP host name | The source of the DHCP host name Possible values are:
|
Field to the right of DHCP host name | Enter a custom host name. The value in this field is only used if the DHCP host name is set to Custom hostname. |
DHCP client ID | This value corresponds to DHCP option 61. It allows you to enter a text string for use as the Sensor Control's unique identifier when communicating with the DHCP host. When the text box is empty, the MAC address of the Sensor Control will be used as its client ID. |
From interface | The interface used for obtaining DHCP information Note: This field is only available when the Use DHCP Results option is enabled. |
From interface (DHCP6) | The interface used for obtaining DHCP6 information Note: This field is only available when the Use DHCP6 Results option is enabled. |
DNS server 1 | If you do not want to use DHCP, you can specify one or two DNS servers manually as follows: 1. Uncheck both DHCP checkboxes (Use DHCP Results and Use DHCP6 Results). 2. Enter the address of a DNS server in this field. 3. Optionally, enter the address of a second server in the DNS Server 2 field. |
DNS server 2 | The address of a second DNS server to be used for domain name resolution. |
Domain | The domain name of your organization. The value in this field is only used if Use DHCP Results or Use DHCP6 Results is enabled. |
CAUTION: Special characters are supported in the host name, however, these special characters, ~`!@#$%^()_+-=[]{}|;:,./? , must be used with caution because they can create interoperability issues. These issues include the inability to create a job configuration if the host name contains the character "" \ "" or modify the host name of any device if it includes "" \ "". Users cannot add special characters in the host name as a reflector for session management automatically by default name, nor can they create objects and virtualize the performance monitoring data on Cisco Provider Connectivity Assurance (formerly Skylight performance analytics) if the host name contains the special characters. Lastly, users cannot create circuits and virtualize performance monitoring data for device host name containing "" \ "" on the Skylight SLA Portal.
Managing SSL Certificates
The SSL protocol is used to secure communication over the Internet between the management station and the Sensor Control. In order to provide secure communication, a valid SSL certificate from a certificate authority must be imported into the Sensor Control. To learn more about certificates, refer to the certificate authority and ITU-T Recommendation X.509.
Note: You must install the SSL certificate in any browser that you will use to connect to a Sensor Control.
In other cases, you may want the Sensor Control to communicate with other applications such as an FTP server. You can configure the Sensor Control for secure communication with these applications by using the Application Management section, which manages the validation of certificate use.
Access the page System ▶ Maintenance ▶ Certificates to manage SSL certificates.
System ▶ Maintenance ▶ Certificates
You can view the SSL certificates installed on the Sensor Control in the Certificate Management section. To view the details of the installed certificates, click the View button.
To delete a certificate, click the Delete button.
To import a new certificate, select the certificate by using Browse in the Certificate Import section, complete the other fields and click Upload when ready. The certificate will be installed on the Sensor Control and will appear in the Certificate Management section.
To assign a certificate to a specific application such as an FTP server, select it from the Common Name drop-down list in the Application Management section. Complete the other parameters as required, then click Submit to assign it to the application.
Note: If you submitted a certificate for Web Management, you must restart the Web GUI interface session by clicking Restart because this certificate is being actively used by the interface. As the interface's web server restarts, a message will be briefly displayed before the login page appears.
For information on specific parameters, refer to the following three tables.
Certificate Management (System ▶ Maintenance ▶ Certificates)
Parameter | Description |
---|---|
Common name | For a Certificate Authority (CA), this is the name of the organization that issued the certificate. For a server, this is the Fully Qualified Domain Name of the service (i.e., the Web server) using the certificate. For a client, this may be the name of the application. |
Valid until | The date when the certificate expires. It may still be valid if the peer has disabled checking. |
Function | Describes how the certificate can be used in the Sensor Control.
|
Application Management (System ▶ Maintenance ▶ Certificates)
Parameter | Description |
---|---|
Application | Possible values are:
|
Common name | For a certificate authority (CA), this is the name of the organization that issued the certificate. For a server, this is the Fully Qualified Domain name of the service (the Web server) using the certificate. For a client, this may be the name of the application. |
Validate CA | For client applications, perform peer certificate validation. This includes the expiration date, hostname and CA chain. |
Enable Client | For client applications, enable or disable the use of the selected client certificate. |
Certificate Import (System ▶ Maintenance ▶ Certificates)
Parameter | Description |
---|---|
Type | The following certificate file types are supported:
Note: Importing a private key separately from its certificate is not supported. |
Passcode | Applies to pkcs12 or PEM encoded private keys, which use a pass code. The pass code is only used once for importing. |
Import certificate | The name of the selected certificate appears here before you upload it. |
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks