- Print
- PDF
Starting the Management Web Interface
Physically Connecting to the Unit
The first time you connect to the unit before logging in, you must connect the LAN port on the management station to the management on the front of the unit. This allows you to log in and configure the unit for the first time. For example, you can set the unit’s time and date and create other logical interfaces so you can connect through a LAN or WAN .
The default management port is the Management port.
Logging In
Once you have established a physical connection to the equipment, you are ready to log in. There are various ways to log in depending on how the unit has been configured. You would usually connect to the unit for the first time using the Management port. You would then configure another interface, e.g. Network, for in-band management through the network.
When logging in for the first time
The unit is pre-configured with a default static IP of 192.168.1.254/24, therefore, you must assign your workstation or terminal with a static IP address belonging to the same subnet as the unit. For example 192.168.1.2.
Start your Web browser and enter the following in the address bar: https://192.168.1.254.
The login page for the unit opens.
Note: This is the factory default IP address of the unit.Login with the default credentials:
- Username: admin
- Password: admin
You will be redirected to a forced password change page.
Change the default password. See Changing the Default Password for more information.
If you are using static IP addresses, modify the unit’s IP address to be unique, thereby avoiding duplicate IP addresses with other factory default units. As an alternative, you can configure the unit to use DHCP.
For more information on modifying IP addresses, using DHCP, and other options for logical interfaces, refer to "Configuring Logical Interfaces".
Changing the Default Password
Upon logging in with the default credentials, you will be redirected to a forced password change page:
Note: This page will not allow access to any other part of the Web UI until the password has been changed.
CAUTION: If logging in initially via the CLI, you must change the default password by using the
user edit admin password
command while the unit is in the factory-default state. Using other commands without changing the default password may fail without returning an error.Enter new password between 1 and 128 characters (all characters are accepted). For specific details, see also, Password Considerations below.
Confirm a new password.
Your password has now been successfully changed.
Example Error Messages
Mismatch Error
If the new password and the confirmation do not match or do not meet the complexity requirements, the user will receive the following error message:
Password Reuse Error
The password can not be identical to the default password admin nor can you select a password you have already used.
Concurrent Password Change Error
If there are multiple sessions attempting the first login password change and one of them is successful, the system shall prevent the other sessions from continuing with the password change process. In this case you will be redirected to the login page with the following error message:
Once you have successfully updated the password, you will will be redirected to the default WebUI home page.
Important
If you try to access any other URL without finishing the initial password change, the system will refuse the request and redirect you to the password change screen.
Logging into the Web Interface
When logging in for the first time (if another logical interface is configured)
- Ensure your management station has a route to the equipment.
- Launch your Web browser and enter the equipment address in the address bar, e.g.
https://192.168.1.25 (or host_name.domain_name if you are using a DNS). - The login page opens. Log in using the admin username and account password.
Password Considerations
The Management Web Interface supports a variety of authentication methods, as well as the order in which these methods are applied. You can indicate your preferred authentication order in the System ▶Session ▶Configuration page.
The maximum permitted password length varies, depending on the authentication method you specify:
- Local Authentication: 48 characters
- RADIUS Authentication: 48 characters
- TACACS+ Authentication: 64 characters
If you choose to include a fallback method in your authentication order, you must ensure that the user password you choose is valid for all authentication methods that you want to use. For example, if you want to use TACACS+ authentication when logging in—with local authentication as the fallback method—your TACACS+ password cannot exceed 31 characters.
Any passwords that are longer than 31 characters will be truncated and unusable by the local authentication system, even if they are supported by the TACACS+ server.
Notes:
If you plan on using a remote server for authentication, you should confirm that the remote system is functional before removing the local authentication.
If you remove local authentication and the remote system is not working, you will lose access to the unit. To ensure that authentication is working on the remote server, log in then out from the unit, then access the System ▶Agent ▶Syslog page. You should see a syslog message indicating a successful login attempt.
Character Limitations in URLs and User Input Fields
Limitations are in place to prevent use of specific special characters in URLs and user inputs fields throughout the Management Web interface. These limitations are:
- The following special characters are not allowed in any user input fields: "&","<", ">", "\n", "\r", "\t ", "'' and " " ".
- The following special characters are not allowed in the URL input: "<", ">", "\n", "\r" and "\t".
Working in the Home Page
The home page provides general information about the unit.To view the home page, access the page Home.
For information on specific parameters displayed on the home page, refer to the following table.
Home Page Parameters (Home)
Parameter | Description |
---|---|
MAC Base Address | The base MAC address of the unit. For a line card with multiple ports, the base address is the address of the first port, and the address is subsequently incremented for the second port, etc. |
Unit Identifier | The host name that identifies the unit on the network. Access the page System ▶Configuration ▶DNS to change the host name. |
Firmware Version | The version number of the firmware running on the unit. Access the page System ▶Maintenance ▶Firmware to upgrade the firmware. |
Serial Number | The serial number assigned to the unit. |
Board Info | |
System Uptime | The period of time that has elapsed since the unit was last restarted, whether it was following a firmware upgrade, a manual reboot or a power cycle. |
System Started | The time when the unit was last powered on as reported by the system clock. Access the page System ▶Configuration ▶Time to set the system clock. Note: This value is reset when a power cycle is performed on the unit. |
Modifying the Host Name
The default host name (or unit identifier) is the serial number assigned to the unit; it is displayed in the banner at the top of the screen after logging in. You can change the host name to a name more meaningful to your organization or use other DHCP host name options. The Host Name identifies the unit on the network and can be used when you log in to the unit, as shown in the figure in the section "About the Management Web Interface".
Note: The host name is also displayed in the CLI prompt and is added to system log entries to help you identify the unit more clearly.
To modify the Host Name
Access the page System ▶Configuration ▶DNS.
Enter the new unit identifier in the Host Name field.
Click Apply to save your changes.
For information on specific parameters, refer to the following table.
DNS Parameters (System ▶Configuration ▶DNS)
Parameter | Description |
---|---|
Use DHCP Results | Enables the use of DNS settings obtained via DHCP. You can then select the interface to use for obtaining DHCP information using the From Interface control. |
Use DHCP6 Results | Enables use of DNS settings obtained via DHCPv6. You can then select the interface to use for obtaining DHCPv6 information using From Interface (DHCP6). |
Host Name | The name that identifies the unit on the network. A maximum of 64 alphanumeric characters is supported. This parameter is only valid when DHCP host name is set to Current Hostname. Note: See caution below |
DHCP Host Name | The source of the DHCP host name Possible values are:
|
Field to the right of DHCP host name | This field is only used when the DHCP host name is set to Custom Hostname. |
DHCP Client ID | This value corresponds to DHCP option 61. It allows you to enter a text string for use as the unit’s unique identifier when communicating with the DHCP host. When the text box is empty, the MAC address is used as the unit’s client ID. |
From Interface | The interface used for obtaining DHCP information. Note: This field is only available when the Use DHCP Results option is enabled. |
From Interface (DHCP6) | The interface used for obtaining DHCP information. Note: This field is only available when the Use DHCP6 Results option is enabled. |
DNS Server 1 | The address of DNS server 1 is available only when Use DHCP Results is not selected. |
DNS Server 2 | The address of DNS server 2 is available only when Use DHCP Results is not selected. |
Domain | The local domain name associated with the DNS is available only when Use DHCP Results is not selected. |
CAUTION: Special characters are supported in the hostname, however these special characters, ~`!@#$%^()_+-=[]{}|;:,./? , should be used with caution because they can create some interoperability issues. These include, the inability to create a job configuration if the hostname contains the character "" \ "" or modify the hostname of any device if it includes "" \ "". Users cannot add special characters in the hostname as a reflector for session management automatically by default name; nor can they create objects and virtualize the performance monitoring data on Cisco Provider Connectivity Assurance if the hostname contains the special characters. Lastly, users cannot create circuits and virtualize performance monitoring data for device hostname containing "" \ "" on the legacy Skylight SLA Portal.
Managing SSL Certificates
The SSL protocol is used to secure communication over the Internet between the management station and the unit. In order to provide secure communication, a valid SSL certificate from a certificate authority must be loaded into the unit. To learn more about certificates, refer to the certificate authority and ITU-T Recommendation X.509.
Note: You can install the SSL certificate in each browser that you want to use when connecting to the unit.
In other cases, you may want the unit to communicate with other applications such as an FTP server. You can configure the unit for secure communication with these applications by using the Application Management section, which manages the validation of certificate use.
Access the page System ▶Maintenance ▶Certificates to manage SSL certificates.
System ▶Maintenance ▶Certificates
You can view the SSL certificates installed on the unit in the Certificate Management section.
To view the details of the installed certificates, click the View button.
To delete a certificate, click the Delete button.
To import a new certificate, select the certificate by using Browse in the Certificate Import section, complete the other fields and click Upload when ready. The certificate will be loaded into the unit and will appear in the Certificate Management section.
To assign a certificate to a specific application such as an FTP server, select it from the Common Name drop-down list in the Application Management section. Complete the other parameters as required, then click Submit to assign it to the application.
Note: If you submitted a certificate for Web Management, you must restart the Web GUI interface session by clicking Restart because this certificate is being actively used by the interface. As the interface's web server restarts, a message will be briefly displayed before the login page appears.
For information on specific parameters, refer to the following three tables.
Certificate Parameters (System ▶Maintenance ▶Certificates)
Parameter | Description |
---|---|
Common Name | For a Certificate Authority (CA), this is the name of the organization that issued the certificate. For a server, this is the Fully Qualified Domain Name of the service (i.e. the Web server) using the certificate. For a client, this may be the name of the application. |
Valid Until | The date when the certificate expires. It may still be valid if the peer has disabled checking. |
Function | Describes how the certificate can be used in the unit.
|
Application Management (System ▶Maintenance ▶Certificates)
Parameter | Description |
---|---|
Application | Possible values are:
|
Common Name | For a certificate authority (CA), this is the name of the organization that issued the certificate. For a server, this is the Fully Qualified Domain name of the service (i.e. the Web server) using the certificate. For a client, this may be the name of the application. |
Validate CA | For client applications, perform peer certificate validation. This includes the expiration date, hostname and CA chain. |
Enable Client | For client applications, enable or disable the use of the selected client certificate. |
Certificate Import (System ▶Maintenance ▶Certificates)
Parameter | Description |
---|---|
Type | Possible values are:
|
Passcode | Applies to pkcs12 or PEM encoded private keys, which use a pass code. The pass code is only used once for importing. |
Import Certificate | The name of the selected certificate appears here before you upload it. |
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks