|
|
Table Of Contents
Understanding How the CWI Works
Hardware and Software Requirements
Configuring Authentication Login
Downloading the Catalyst CV to the Client
Using CWI-Related CLI Commands
Displaying the HTTP Server Information
Displaying the CWI Version Number
Displaying the CWI Configuration
Configuring the Authentication Login
Obtaining Technical Assistance
Obtaining Additional Publications and Information
Catalyst 6500 Series, 4500 Series, and 5000 Family Switches Web Interface Installation and Configuration Note
This installation and configuration note describes how to configure the Hypertext Transfer Protocol (HTTP) server and authentication login for the Catalyst Web Interface (CWI). It also describes how to download the Catalyst version of CiscoView (Catalyst CV) to your client.
Note
For the Catalyst 6500 series switches, the CWI is bundled with an online software image on Cisco.com. If your software image includes CWI, the name of the image contains "cv" appended to the supervisor engine. For example, an image for the Catalyst 6500 series switch is cat6000-sup2cvk8.8-1-3.bin.
Note
Note
Contents
This document contains these sections:
•
•
•
Understanding How the CWI Works
The CWI is a browser-based tool that you can use to configure the Catalyst 6500 series, Catalyst 4500 series, Catalyst 4000 series, Catalyst 5000 family, Catalyst 2948G, Catalyst 2948G-GE-TX, Catalyst 2980G, Catalyst 2980G-A, and Catalyst 4912G vmswitches. It consists of a graphical user interface (GUI) that runs on the client (Catalyst CV) and an HTTP server that runs on the switch.
The CWI provides a real-time graphical representation of the switch and detailed information, such as port status, module status, type of chassis, and modules.
Following a successful download, the Catalyst CV opens and displays switch information in your browser. The CWI obtains this information from the switch using SNMP requests.
Note
Communication between the client and server usually occurs on a TCP/IP connection. The TCP/IP port number for HTTP is 80. In this client-server mode, the client opens a connection to the server and sends a request. The server receives the request, sends a response back to the client, and closes the connection.
The HTTP server supports the following requests:
•
•
•
The HTTP server responds to a simple request with a simple response and to a full request with a full response.
In the default state, the HTTP server is disabled. To enable the CWI, you must enable the HTTP server. After you enable the HTTP server, it listens for requests on port number 80. You can change the TCP/IP port number to any port number from 1 to 65,535 at the CLI. If you change the TCP/IP port number that is not 80, then you will need to append the port number to the IP address of the switch. For example, if the IP address of the switch is http://10/77/209.183, and you change the TCP/IP port number to 900, then the URL for the switch will be http://10.77.209.183:900.
Although the system uses HTTP 1.0, it also supports HTTP 1.1 messaging.
Hardware and Software Requirements
Table 1 shows the CWI hardware and software requirements.
The supported client platforms, browsers, and Java Plug-in versions that are supported by CiscoView are as follows:
Note
Note
CWI Default Configuration
Table 2 shows the CWI default configuration.
Table 2 CWI Default Configuration
HTTP server
Disabled
TCP/IP port number
80
Authentication
Enabled
HTTP trace
Disabled
Configuring the CWI
Before you can access the Catalyst CV, you need to perform the tasks in these sections:
•
Configuring the HTTP Server
To configure the HTTP server, perform this task at the CLI:
Note
Configuring Authentication Login
The Catalyst switch software allows you to authenticate console and Telnet logins using the RADIUS/TACACS/Kerberos/Local database. With software release 5.4(2) or later releases, you can also authenticate HTTP users.
When you log into the switch using HTTP, a dialog box appears and prompts you for your username and password. After you provide your username and password, the system authenticates your login with the HTTP user-authentication method. The system denies access unless the username and password are valid.
In the default configuration, verification is enabled for all users of the CWI. The system validates the login password against the local login password.
Authentication for the CWI occurs at these two security levels:
•
Level 1 requires you to obtain authentication by providing a username and password. This process is similar to the authentication that you obtain at the command prompt for Telnet and console sessions.
After you pass the first level of security, you can download the Catalyst CV.
•
Level 2 restricts the IP address of the incoming SNMP request. You must configure the IP address of the SNMP request correctly before the CWI can communicate with the switch.
Note
To configure authentication, perform this task at the CLI:
Step 1
Configure authentication login.
set authentication login enable [console | telnet | http | all] [primary]
Step 2
Display authentication.
show authentication
This example shows how to configure the authentication login for the HTTP option:
Console> (enable) set authentication login tacacs enable http primaryTacacs authentication set to enable for HTTP sessions as primary authentication method.Console> (enable) set authentication login radius disable http primaryTacacs authentication set to disable for HTTP sessions.For detailed information on configuring the authentication login, refer to the "Configuring Switch Access Using AAA" chapter of the Software Configuration Guide for your switch.
Downloading the Catalyst CV to the Client
To download the Catalyst CV from your browser, follow these steps:
Step 1
http://172.20.14.89In this example, 172.20.14.89 is the switch IP address.
After you connect to the switch, a login dialog appears and prompts for your username and password.
Step 2
The home page of the switch appears on your browser.
Step 3
The switch downloads the Catalyst CV, and your browser opens with a real-time view of the switch chassis.
Note
Using the Catalyst CV
The Catalyst CV is a subset of the CiscoView Network Management System. Most of the monitoring features that are available in CiscoView are not available in the Catalyst CV. For example, you cannot monitor CPU, porrt counters, or memory usage in the Catalyst CV. However, the Catalyst CV does provide a clear view of which ports are up and running and which ports are down.
Note
The primary purpose of the Catalyst CV is to provide a GUI to configure the switch for those customers who do not want to purchase the CiscoView Network Management System. For information on how to configure a Catalyst switch with the Catalyst CV, refer to the "Configuring Devices" chapter in the CiscoView documentation.
For documentation on how to use the Non-Embedded CiscoView, refer to the following URL: http://www.cisco.com/en/US/partner/products/sw/cscowork/ps4565/index.html.
Using CWI-Related CLI Commands
The following sections describe how to use the CWI commands.
Overview of the CLI Commands
Table 3 is an overview of the CLI commands for the CWI.
Note
Configuring the HTTP Server
In the default state, the HTTP server is disabled on the switch. To configure the HTTP server, perform this task in privileged mode:
This example shows how to enable an HTTP server:
Console> (enable) set ip http server enableHTTP server is enabled on the system.This example shows the message that you receive when your switch does not support the CWI:
Console> (enable) set ip http server enableFeature not supported on the system.This example shows how to disable the HTTP server:
Console> (enable) set ip http server disableHTTP server is disabled on the system.Configuring the HTTP Port
You do not need to use this command unless you want to change the default setting. In the default state, the TCP/IP port number on the server is 80. To configure the port number for the HTTP server, perform this task in privileged mode:
This example shows how to configure the TCP/IP port number to the default of 80:
Console> (enable) set ip http port defaultHTTP TCP port number set to 80.This example shows how to configure the TCP port number to 2398:
Console> (enable)set ip http port 2398HTTP TCP port number set to 2398.Displaying the HTTP Server Information
To display the HTTP server information, perform this task in normal mode:
This example shows how to view information on the HTTP server. This example shows a CWI that is supported:
Console> show ip httpHTTP Information:------------------------------HTTP Server: enabledHTTP port: 80Web Interface: SupportedWeb Interface version(s):File: applet.htmlCV stats: file /applet.html is padded, deductingsize: 4791File: cvadp.jarCV stats: file /cvadp.jar is padded, deductingsize: 2164875File: cvadp_splash.jarCV stats: file /cvadp_splash.jar is padded, deductingsize: 19401File: cvadp_error.htmlCV stats: file /cvadp_error.html is padded, deductingsize: 401version: 8.1(1)date: 08/06.2003HTTP active sessions: 0Console> (enable)This example shows how to display information on the HTTP server. This example shows a CWI that is not supported:
Console>(enable) show ip httpHTTP information:-----------------------HTTP Server: disabledHTTP port: 80Web Interface: Not SupportedHTTP active sessions:Console> (enable)Displaying the CWI Version Number
To display the CWI version number, perform this task in normal mode:
This example shows how to display the CWI version number:
Console> show versionWS-C4003 Software, Version NmpSW: 8.1(1)Copyright (c) 1995-2003 by Cisco Systems, Inc.NMP S/W compiled on Jul 25 2003, 07:46:52GSP S/W compiled on Jul 25 2003, 03:52:03System Bootstrap Version: 5.4(1)System Web Interface Version: 8.1(1)Hardware Version: 1.5 Model: WS-C4003 Serial #: JAB03130104Mod Port Model Serial # Versions--- ---- ------------------ -------------------- -----------------------------1 0 WS-X4012 JAB03130104 Hw : 1.5Gsp: 8.1(1)Nmp: 8.1(1)2 48 WS-X4148 JAB023402QH Hw : 1.03 6 WS-X4306 JAB024000YY Hw : 0.2DRAM FLASH NVRAMModule Total Used Free Total Used Free Total Used Free------ ------- ------- ------- ------- ------- ------- ----- ----- -----1 65536K 37206K 28330K 12288K 10639K 1649K 480K 82K 398KUptime is 88 days, 21 hours, 40 minutesDisplaying the CWI Configuration
To display the CWI configuration, perform this task in privileged mode:
This example shows how to display the CWI configuration:
Console> (enable) show config...................begin!# ***** NON-DEFAULT CONFIGURATION *****!!#Time: Thu Sep 2 1999, 01:56:01!#version 5.4(0.74)MIA7-Eng# System Web Interface Version 8.1(1)!! #!#ipset interface sc0 1 1.10.11.212/255.255.255.0 1.10.11.255set ip route 192.168.242.0/255.255.255.0 1.10.11.1!#set boot commandset boot config-register 0x100set boot system flash bootflash:cat6000-sup.5-2-1-CSX.bin# HTTP commandsset ip http server enableset ip http port 1922!#module 1 : 2-port 1000BaseX Supervisor!#module 2 empty!#module 3 : 48-port 10/100BaseTX (RJ-45)set spantree portfast 3/8 enable!#module 4 empty!#module 5 : 48-port 10/100BaseTX (RJ-45)!#module 6 empty!endConfiguring the Authentication Login
The set authentication login command includes the HTTP, Telnet, and console-session login options. For the HTTP option, you can configure the RADIUS, TACACS, or Kerberos authentication methods. If you configure the RADIUS authentication method for your HTTP session, then your username and password are validated using the RADIUS protocol. By default, the HTTP login is validated with the local login password.
To configure the authentication login for the HTTP option, perform this task in privileged mode:
This example shows how to configure the authentication login for the HTTP option:
Console> (enable) set authentication login tacacs enable http primaryTacacs authentication set to enable for HTTP sessions as primary authentication method.Console> (enable) set authentication login radius disable http primaryTacacs authentication set to disable for HTTP sessions.Displaying the Authentication
To display the authentication for the HTTP option, perform this task in privileged mode:
This example shows how to display the HTTP authentication:
Console> (enable) show authenticationLogin Authentication: Console Session Telnet Session Http Session--------------------- ---------------- ---------------- ----------------tacacs disabled disabled disabledradius disabled disabled enabled (primary)kerberos disabled disabled disabledlocal enabled(primary) enabled(primary) enabledEnable Authentication: Console Session Telnet Session---------------------- ----------------- ----------------tacacs disabled disabledradius disabled disabledkerberos disabled disabledlocal enabled(primary) enabled(primary)Obtaining Documentation
Cisco provides several ways to obtain documentation, technical assistance, and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation on the World Wide Web at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
International Cisco websites can be accessed from this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation CD-ROM
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which may have shipped with your product. The Documentation CD-ROM is updated regularly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual or quarterly subscription.
Registered Cisco.com users can order a single Documentation CD-ROM (product number DOC-CONDOCCD=) through the Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/ordering_place_order_ordering_tool_launch.html
All users can order annual or quarterly subscriptions through the online Subscription Store:
http://www.cisco.com/go/subscription
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•
http://www.cisco.com/en/US/partner/ordering/index.shtml
•
Documentation Feedback
You can submit comments electronically on Cisco.com. On the Cisco Documentation home page, click Feedback at the top of the page.
You can send your comments in e-mail to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance.
Cisco TAC Website
The Cisco TAC website ( http://www.cisco.com/tac) provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year.
Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:
http://tools.cisco.com/RPF/register/register.do
Opening a TAC Case
The online TAC Case Open Tool ( http://www.cisco.com/tac/caseopen) is the fastest way to open P3 and P4 cases. (Your network is minimally impaired or you require product information). After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using these recommendations, your case will be assigned to a Cisco TAC engineer.
For P1 or P2 cases (your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.
To open a case by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete listing of Cisco TAC contacts, go to this URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
TAC Case Priority Definitions
To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.
Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•
http://www.cisco.com/en/US/products/products_catalog_links_launch.html
•
•
http://www.cisco.com/go/packet
•
http://www.cisco.com/go/iqmagazine
•
http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html
•
http://www.cisco.com/en/US/learning/index.html
Posted: Thu Nov 10 11:38:23 PST 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
