Starting the Management Web Interface
  • 02 Dec 2024
  • 13 Minutes to read
  • Contributors
  • PDF

Starting the Management Web Interface

  • PDF

Article summary

Physically Connecting to the Sensor Control

Before logging in to the unit via the Management Web interface, you must first establish communication between your workstation and the Cisco Provider Connectivity Assurance Sensor Control (formerly Skylight sensor: control), which is running on a virtual machine:

  • Connect your workstation's LOCAL-1 network interface to the LAN where the physical server (i.e., hypervisor or virtual machine monitor) running the Sensor Control's virtual machine is also located.
  • Bridge the LOCAL-1 network interface of the physical server running the Sensor Control's virtual machine to the corresponding interface on the virtual machine.

Once the virtual machine is powered on and actively running, you are ready to log in and configure the Sensor Control for the first time.

Logging In

Once you have established a physical connection to the equipment, you are ready to log in. There are various ways to log in, depending on how the unit has been configured. You would usually connect to the Sensor Control for the first time using the Management port. You would then configure another interface for in-band management through the network.

When logging in for the first time

  1. Assign the Sensor Control a static IP address belonging to the same subnet as the equipment to which you want to log in. The address 192.168.1.254 is used in this procedure.

  2. Start your Web browser and enter the following IP address in the address bar: https://192.168.1.254.
    The login page for the Sensor Control opens.


    Note: This is the factory default IP address of each instance of the Sensor Control.

  3. Login with the default credentials:

    • Username: admin
    • Password: admin

    You will be redirected to a forced password change page.

  4. Change the default password. See Changing the Default Password for more information.

  5. If you are using static IP addresses, modify the Sensor Control instance’s IP address to be unique, thereby avoiding duplicate IP addresses with other factory default units. As an alternative, you can configure the Sensor Control to use DHCP.

    For more information on modifying IP addresses, using DHCP, and other options for logical interfaces, refer to Configuring Logical Interfaces.

Changing the Default Password

Upon logging in with the default credentials, you will be redirected to a forced password change page:

image.png


Note: This page will not allow access to any other part of the Web UI until the password has been changed.


CAUTION: When logging in initially via the CLI, you are prompted to change the default password while the unit is in the factory-default state. Only the following commands are available until you complete the password change: edit password ,exit, board show info, logout, firmware version, session show status, and configuration changes. Using other commands returns an error.
You can use the clear password option to change the password.

  1. Enter new password between 1 and 128 characters (all characters are accepted). For specific details, see also, Password Considerations below.

  2. Confirm a new password.

Your password has now been successfully changed.

image.png

Example Error Messages

Mismatch Error
If the new password and the confirmation do not match or do not meet the complexity requirements, the user will receive the following error message:
image.png

Password Reuse Error
The password can not be identical to the default password admin nor can you select a password you have already used.
image.png

Concurrent Password Change Error
If there are multiple sessions attempting the first login password change and one of them is successful, the system shall prevent the other sessions from continuing with the password change process. In this case you will be redirected to the login page with the following error message:

image.png

Once you have successfully updated the password, you will will be redirected to the default WebUI home page.

Important
If you try to access any other URL without finishing the initial password change, the system will refuse the request and redirect you to the password change screen.

Logging into the Web Interface

When logging in for the first time (if another logical interface is configured)

  1. Ensure your management station has a route to the equipment.

  2. Launch your Web browser and enter the equipment address in the address bar, e.g. https://192.168.1.25 (or host_name.domain_name if you are using a DNS).
    The login page opens.

  3. Log in using the admin username and account password.

Password Considerations

The Management Web Interface supports a variety of authentication methods and allows you to set the order in which these methods are applied. You can indicate your preferred authentication order in the System ▶ Session ▶ Configuration page.

The maximum permitted password length varies, depending on the authentication method you specify:

  • Local Authentication: 48 characters
  • RADIUS Authentication: 48 characters
  • TACACS+ Authentication: 64 characters

If you choose to include a fallback method in your authentication order, you must ensure that the user password you choose is valid for all authentication methods that you want to use. For example, if you want to use TACACS+ authentication when logging in—with local authentication as the fallback method—your TACACS+ password cannot exceed 48 characters. Any passwords that are longer than 48 characters will be truncated and unusable by the local authentication system, even if they are supported by the TACACS+ server.


Notes:
If you plan on using a remote server for authentication, you should confirm that the remote system is functional before removing the local authentication.

If you remove local authentication and the remote system is not working, you will lose access to the Sensor Control. To ensure that authentication is working on the remote server, log in then out from the Sensor Control, then access the System ▶ Agent ▶ Syslog page. You should see a syslog message indicating a successful login attempt.


Character Limitations in URLs and User Input Fields

Limitations are in place to prevent utilization of specific special characters in URLs and user inputs fields throughout the Management Web interface. These limitations are:

  • The following special characters are not allowed in any user input fields: "&","<", ">", "\n", "\r", "\t ", "'' and " " ".
  • The following special characters are not allowed in the URL input: "<", ">", "\n", "\r" and "\t".

Viewing System Information in the Home Page

The home page provides general information about the Sensor Control.

To view the Home page shown in the figure below, select Home in the first level menu.

Home Page

image.png

For information on specific parameters displayed on the home page, refer to the following table.

Home Page Parameters (Home)

ParameterDescription
MAC base addressThe base MAC address of the Sensor Control.
Unit identifierThe host name that identifies the Sensor Control on the network.

Access the page System ▶ Configuration ▶ DNS to change the host name.

Firmware versionThe version number of the firmware running on the Sensor Control.

Access the page System ▶ Maintenance ▶ Firmware to upgrade the firmware.

Serial numberThe serial number assigned to the Sensor Control.
Virtual machineThe platform on which the Sensor Control virtual machine is running.
Storage typeStorage type available

Board Info

ParameterDescription
System uptimeThe period of time that has elapsed since the Sensor Control was last restarted, whether it be following a firmware upgrade, a manual reboot or a power cycle.
System startedThe time when the Sensor Control was last powered on, according to the Sensor Control system clock. Access the page System ▶ Configuration ▶ Time to set the system clock.

Note: This value is reset when a power cycle is performed on the Sensor Control.

Modifying the Sensor Control's Unit Identifier (Hostname)

The default host name (or unit identifier) is the serial number assigned to the Sensor Control; it is displayed in the banner at the top of the screen after logging in. You can change the host name to a name more meaningful to your organization or use other DHCP host name options. The Host Name identifies the Sensor Control on the network and can be used when you log in to it, as shown in the figure in the section "About the Management Web Interface".


Note: The host name is also displayed in the CLI prompt and is added to system log entries to help you identify the Sensor Control more clearly.

To modify the Sensor Control's unit identifier

  1. Access the page System ▶ Configuration ▶ DNS.

  2. Enter the new unit identifier in the Host Name field.

  3. Click Apply to save your changes.

For information on specific parameters, refer to the following table.

DNS Parameters (System ▶ Configuration ▶ DNS)

ParameterDescription
Use DHCP resultsEnables the use of DNS settings obtained via DHCP. You can then select the interface to use for obtaining DHCP information using the From Interface control.
Use DHCP6 resultsEnables use of DNS settings obtained via DHCPv6. You can then select the interface to use for obtaining DHCPv6 information using From Interface (DHCP6).
Host nameThe name that identifies the Sensor Control on the network. A maximum of 64 alphanumeric characters is supported.

The value in this field is only used if DHCP host name is set to Current Hostname.

Note: See caution below.

DHCP host nameThe source of the DHCP host name

Possible values are:

  • Current Hostname: The host name is the string entered in the Host Name field.
  • Serial Number (DHCP option 12): The host name is the serial number of the Sensor Control.
  • Custom Hostname (DHCP option 12): The host name is the text string you enter in the field to the right of the DHCP Host Name field.
Field to the right of DHCP host nameEnter a custom host name. The value in this field is only used if the DHCP host name is set to Custom hostname.
DHCP client IDThis value corresponds to DHCP option 61. It allows you to enter a text string for use as the Sensor Control's unique identifier when communicating with the DHCP host. When the text box is empty, the MAC address of the Sensor Control will be used as its client ID.
From interfaceThe interface used for obtaining DHCP information

Note: This field is only available when the Use DHCP Results option is enabled.

From interface (DHCP6)The interface used for obtaining DHCP6 information

Note: This field is only available when the Use DHCP6 Results option is enabled.

DNS server 1If you do not want to use DHCP, you can specify one or two DNS servers manually as follows:

1. Uncheck both DHCP checkboxes (Use DHCP Results and Use DHCP6 Results).

2. Enter the address of a DNS server in this field.

3. Optionally, enter the address of a second server in the DNS Server 2 field.

DNS server 2The address of a second DNS server to be used for domain name resolution.
DomainThe domain name of your organization. The value in this field is only used if Use DHCP Results or Use DHCP6 Results is enabled.


CAUTION: Special characters are supported in the host name, however, these special characters, ~`!@#$%^()_+-=[]{}|;:,./? , must be used with caution because they can create interoperability issues. These issues include the inability to create a job configuration if the host name contains the character "" \ "" or modify the host name of any device if it includes "" \ "". Users cannot add special characters in the host name as a reflector for session management automatically by default name, nor can they create objects and virtualize the performance monitoring data on Cisco Provider Connectivity Assurance (formerly Skylight performance analytics) if the host name contains the special characters. Lastly, users cannot create circuits and virtualize performance monitoring data for device host name containing "" \ "" on the Skylight SLA Portal.

Managing SSL Certificates

The SSL protocol is used to secure communication over the Internet between the management station and the Sensor Control. In order to provide secure communication, a valid SSL certificate from a certificate authority must be imported into the Sensor Control. To learn more about certificates, refer to the certificate authority and ITU-T Recommendation X.509.


Note: You must install the SSL certificate in any browser that you will use to connect to a Sensor Control.

In other cases, you may want the Sensor Control to communicate with other applications such as an FTP server. You can configure the Sensor Control for secure communication with these applications by using the Application Management section, which manages the validation of certificate use.

Access the page System ▶ Maintenance ▶ Certificates to manage SSL certificates.

System ▶ Maintenance ▶ Certificates

image.png

You can view the SSL certificates installed on the Sensor Control in the Certificate Management section. To view the details of the installed certificates, click the View button.

To delete a certificate, click the Delete button.

To import a new certificate, select the certificate by using Browse in the Certificate Import section, complete the other fields and click Upload when ready. The certificate will be installed on the Sensor Control and will appear in the Certificate Management section.

To assign a certificate to a specific application such as an FTP server, select it from the Common Name drop-down list in the Application Management section. Complete the other parameters as required, then click Submit to assign it to the application.


Note: If you submitted a certificate for Web Management, you must restart the Web GUI interface session by clicking Restart because this certificate is being actively used by the interface. As the interface's web server restarts, a message will be briefly displayed before the login page appears.

For information on specific parameters, refer to the following three tables.

Certificate Management (System ▶ Maintenance ▶ Certificates)

ParameterDescription
Common nameFor a Certificate Authority (CA), this is the name of the organization that issued the certificate.

For a server, this is the Fully Qualified Domain Name of the service (i.e., the Web server) using the certificate.

For a client, this may be the name of the application.

Valid untilThe date when the certificate expires. It may still be valid if the peer has disabled checking.
FunctionDescribes how the certificate can be used in the Sensor Control.
  • CA: Used to validate peer certificates; provided as part of the certificate chain for server applications.
  • Client/Server: These certificates were imported with a private key. It is possible for a CA certificate imported with a private key to be used for this function. In this case, it does not show up as a CA.

Application Management (System ▶ Maintenance ▶ Certificates)

ParameterDescription
ApplicationPossible values are:
  • Web Management: This is the Sensor Control web interface.
  • File Transfers: All applications that send or receive files through a secure channel (HTTPS or FTPS) such as firmware upgrades and configuration import/export using the CLI.
Common nameFor a certificate authority (CA), this is the name of the organization that issued the certificate.

For a server, this is the Fully Qualified Domain name of the service (the Web server) using the certificate.

For a client, this may be the name of the application.

Validate CAFor client applications, perform peer certificate validation. This includes the expiration date, hostname and CA chain.
Enable ClientFor client applications, enable or disable the use of the selected client certificate.

Certificate Import (System ▶ Maintenance ▶ Certificates)

ParameterDescription
TypeThe following certificate file types are supported:
  • pkcs12: For importing client certificates, including the private key and the CA chain of certificatespkcs7: For importing multiple CA certificates
  • x509-PEM For importing either:
    • A client or server certificate and its private key
    • A single or multiple CA certificate
  • x509-DER: For importing single CA certificates

Note: Importing a private key separately from its certificate is not supported.

PasscodeApplies to pkcs12 or PEM encoded private keys, which use a pass code. The pass code is only used once for importing.
Import certificateThe name of the selected certificate appears here before you upload it.

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.