Starting the Management Web Interface
  • 03 Dec 2024
  • 12 Minutes to read
  • Contributors
  • PDF

Starting the Management Web Interface

  • PDF

Article summary

Physically Connecting to the Unit

The first time you connect to the unit before logging in, you must connect the LAN port on the management station to the management on the front of the unit. This allows you to log in and configure the unit for the first time. For example, you can set the unit’s time and date and create other logical interfaces so you can connect through a LAN or WAN .

The default management port is the Management port.

Logging In

Once you have established a physical connection to the equipment, you are ready to log in. There are various ways to log in depending on how the unit has been configured. You would usually connect to the unit for the first time using the Management port. You would then configure another interface, e.g. Network, for in-band management through the network.

When logging in for the first time

  1. The unit is pre-configured with a default static IP of 192.168.1.254/24, therefore, you must assign your workstation or terminal with a static IP address belonging to the same subnet as the unit. For example 192.168.1.2.

  2. Start your Web browser and enter the following in the address bar: https://192.168.1.254.
    The login page for the unit opens.


    Note: This is the factory default IP address of the unit.

  3. Login with the default credentials:

    • Username: admin
    • Password: admin

    You will be redirected to a forced password change page.

  4. Change the default password. See Changing the Default Password for more information.

  5. If you are using static IP addresses, modify the unit’s IP address to be unique, thereby avoiding duplicate IP addresses with other factory default units. As an alternative, you can configure the unit to use DHCP.

    For more information on modifying IP addresses, using DHCP, and other options for logical interfaces, refer to "Configuring Logical Interfaces".

Changing the Default Password

Upon logging in with the default credentials, you will be redirected to a forced password change page:

image.png


Note: This page will not allow access to any other part of the Web UI until the password has been changed.


CAUTION: When logging in initially via the CLI, you are prompted to change the default password while the unit is in the factory-default state. Only the following commands are available until you complete the password change: edit password ,exit, board show info, logout, firmware version, session show status, and configuration changes. Using other commands returns an error.
You can use the clear password option to change the password.

  1. Enter new password between 1 and 128 characters (all characters are accepted). For specific details, see also, Password Considerations below.

  2. Confirm a new password.

Your password has now been successfully changed.

image.png

Example Error Messages

Mismatch Error
If the new password and the confirmation do not match or do not meet the complexity requirements, the user will receive the following error message:
image.png

Password Reuse Error
The password can not be identical to the default password admin nor can you select a password you have already used.
image.png

Concurrent Password Change Error
If there are multiple sessions attempting the first login password change and one of them is successful, the system shall prevent the other sessions from continuing with the password change process. In this case you will be redirected to the login page with the following error message:

image.png

Once you have successfully updated the password, you will will be redirected to the default WebUI home page.

Important
If you try to access any other URL without finishing the initial password change, the system will refuse the request and redirect you to the password change screen.

Logging into the Web Interface

When logging in for the first time (if another logical interface is configured)

  1. Ensure your management station has a route to the equipment.
  2. Launch your Web browser and enter the equipment address in the address bar, e.g.
    https://192.168.1.25 (or host_name.domain_name if you are using a DNS).
  3. The login page opens. Log in using the admin username and account password.

Password Considerations

The Management Web Interface supports a variety of authentication methods, as well as the order in which these methods are applied. You can indicate your preferred authentication order in the System ▶Session ▶Configuration page.

The maximum permitted password length varies, depending on the authentication method you specify:

  • Local Authentication: 48 characters
  • RADIUS Authentication: 48 characters
  • TACACS+ Authentication: 64 characters

If you choose to include a fallback method in your authentication order, you must ensure that the user password you choose is valid for all authentication methods that you want to use. For example, if you want to use TACACS+ authentication when logging in—with local authentication as the fallback method—your TACACS+ password cannot exceed 31 characters.
Any passwords that are longer than 31 characters will be truncated and unusable by the local authentication system, even if they are supported by the TACACS+ server.


Notes:
If you plan on using a remote server for authentication, you should confirm that the remote system is functional before removing the local authentication.

If you remove local authentication and the remote system is not working, you will lose access to the unit. To ensure that authentication is working on the remote server, log in then out from the unit, then access the System ▶Agent ▶Syslog page. You should see a syslog message indicating a successful login attempt.


Character Limitations in URLs and User Input Fields

Limitations are in place to prevent use of specific special characters in URLs and user inputs fields throughout the Management Web interface. These limitations are:

  • The following special characters are not allowed in any user input fields: "&","<", ">", "\n", "\r", "\t ", "'' and " " ".
  • The following special characters are not allowed in the URL input: "<", ">", "\n", "\r" and "\t".

Working in the Home Page

The home page provides general information about the unit.To view the home page, access the page Home.
For information on specific parameters displayed on the home page, refer to the following table.
Home Page Parameters (Home)

ParameterDescription
MAC Base AddressThe base MAC address of the unit. For a line card with multiple ports, the base address is the address of the first port, and the address is subsequently incremented for the second port, etc.
Unit IdentifierThe host name that identifies the unit on the network. Access the page System ▶Configuration ▶DNS to change the host name.
Firmware VersionThe version number of the firmware running on the unit. Access the page System ▶Maintenance ▶Firmware to upgrade the firmware.
Serial NumberThe serial number assigned to the unit.
Board Info
System UptimeThe period of time that has elapsed since the unit was last restarted, whether it was following a firmware upgrade, a manual reboot or a power cycle.
System StartedThe time when the unit was last powered on as reported by the system clock. Access the page System ▶Configuration ▶Time to set the system clock.

Note: This value is reset when a power cycle is performed on the unit.

Modifying the Host Name

The default host name (or unit identifier) is the serial number assigned to the unit; it is displayed in the banner at the top of the screen after logging in. You can change the host name to a name more meaningful to your organization or use other DHCP host name options. The Host Name identifies the unit on the network and can be used when you log in to the unit, as shown in the figure in the section "About the Management Web Interface".


Note: The host name is also displayed in the CLI prompt and is added to system log entries to help you identify the unit more clearly.

To modify the Host Name

  1. Access the page System ▶Configuration ▶DNS.

  2. Enter the new unit identifier in the Host Name field.

  3. Click Apply to save your changes.

For information on specific parameters, refer to the following table.

DNS Parameters (System ▶Configuration ▶DNS)

ParameterDescription
Use DHCP ResultsEnables the use of DNS settings obtained via DHCP. You can then select the interface to use for obtaining DHCP information using the From Interface control.
Use DHCP6 ResultsEnables use of DNS settings obtained via DHCPv6. You can then select the interface to use for obtaining DHCPv6 information using From Interface (DHCP6).
Host NameThe name that identifies the unit on the network. A maximum of 64 alphanumeric characters is supported.

This parameter is only valid when DHCP host name is set to Current Hostname.

Note: See caution below

DHCP Host NameThe source of the DHCP host name

Possible values are:

  • Current Hostname: The host name is the string entered in the Host Name field.
  • Serial Number (DHCP option 12): The host name is the serial number of the unit.
  • Custom Hostname (DHCP option 12): The host name is the text string you enter in the field to the right of the DHCP Host Name.
Field to the right of DHCP host nameThis field is only used when the DHCP host name is set to Custom Hostname.
DHCP Client IDThis value corresponds to DHCP option 61. It allows you to enter a text string for use as the unit’s unique identifier when communicating with the DHCP host. When the text box is empty, the MAC address is used as the unit’s client ID.
From InterfaceThe interface used for obtaining DHCP information.

Note: This field is only available when the Use DHCP Results option is enabled.

From Interface (DHCP6)The interface used for obtaining DHCP information.

Note: This field is only available when the Use DHCP6 Results option is enabled.

DNS Server 1The address of DNS server 1 is available only when Use DHCP Results is not selected.
DNS Server 2The address of DNS server 2 is available only when Use DHCP Results is not selected.
DomainThe local domain name associated with the DNS is available only when Use DHCP Results is not selected.


CAUTION: Special characters are supported in the hostname, however these special characters, ~`!@#$%^()_+-=[]{}|;:,./? , should be used with caution because they can create some interoperability issues. These include, the inability to create a job configuration if the hostname contains the character "" \ "" or modify the hostname of any device if it includes "" \ "". Users cannot add special characters in the hostname as a reflector for session management automatically by default name; nor can they create objects and virtualize the performance monitoring data on Cisco Provider Connectivity Assurance if the hostname contains the special characters. Lastly, users cannot create circuits and virtualize performance monitoring data for device hostname containing "" \ "" on the legacy Skylight SLA Portal.

Managing SSL Certificates

The SSL protocol is used to secure communication over the Internet between the management station and the unit. In order to provide secure communication, a valid SSL certificate from a certificate authority must be loaded into the unit. To learn more about certificates, refer to the certificate authority and ITU-T Recommendation X.509.


Note: You can install the SSL certificate in each browser that you want to use when connecting to the unit.

In other cases, you may want the unit to communicate with other applications such as an FTP server. You can configure the unit for secure communication with these applications by using the Application Management section, which manages the validation of certificate use.
Access the page System ▶Maintenance ▶Certificates to manage SSL certificates.

System ▶Maintenance ▶Certificates

You can view the SSL certificates installed on the unit in the Certificate Management section.

To view the details of the installed certificates, click the View button.

To delete a certificate, click the Delete button.

To import a new certificate, select the certificate by using Browse in the Certificate Import section, complete the other fields and click Upload when ready. The certificate will be loaded into the unit and will appear in the Certificate Management section.

To assign a certificate to a specific application such as an FTP server, select it from the Common Name drop-down list in the Application Management section. Complete the other parameters as required, then click Submit to assign it to the application.


Note: If you submitted a certificate for Web Management, you must restart the Web GUI interface session by clicking Restart because this certificate is being actively used by the interface. As the interface's web server restarts, a message will be briefly displayed before the login page appears.

For information on specific parameters, refer to the following three tables.

Certificate Parameters (System ▶Maintenance ▶Certificates)

ParameterDescription
Common NameFor a Certificate Authority (CA), this is the name of the organization that issued the certificate.

For a server, this is the Fully Qualified Domain Name of the service (i.e. the Web server) using the certificate.

For a client, this may be the name of the application.

Valid UntilThe date when the certificate expires. It may still be valid if the peer has disabled checking.
FunctionDescribes how the certificate can be used in the unit.
  • CA: Used to validate peer certificates; provided as part of the certificate chain for server applications.
  • Client/Server: These certificates were imported with a private key. It is possible for a CA certificate imported with a private key to be used for this function. In this case, it does not show up as a CA.

Application Management (System ▶Maintenance ▶Certificates)

ParameterDescription
ApplicationPossible values are:
  • Web Management: This is the application you are currently using.
  • File Transfers: All applications that send or receive files through a secure channel (HTTPS or FTPS) such as firmware upgrades and configuration import/export using the CLI.
Common NameFor a certificate authority (CA), this is the name of the organization that issued the certificate.

For a server, this is the Fully Qualified Domain name of the service (i.e. the Web server) using the certificate.

For a client, this may be the name of the application.

Validate CAFor client applications, perform peer certificate validation. This includes the expiration date, hostname and CA chain.
Enable ClientFor client applications, enable or disable the use of the selected client certificate.

Certificate Import (System ▶Maintenance ▶Certificates)

ParameterDescription
TypePossible values are:
  • pkcs12: For importing client certificates, including the private key and the CA chain of certificates.
  • pkcs7: For importing multiple CA certificates.
  • x509-PEM For importing either:
    • A client or server certificate and its private key.
    • A single or multiple CA certificate.
  • x509-DER: For importing single CA certificates.

    Note: Importing a private key seperately from its certificate is not supported

PasscodeApplies to pkcs12 or PEM encoded private keys, which use a pass code. The pass code is only used once for importing.
Import CertificateThe name of the selected certificate appears here before you upload it.

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.