|
Table Of Contents
Using the Web-Browser and CLI Interfaces
Using the Web-Browser Interface
Enabling Wireless Connections to the Web-Browser and CLI Interfaces
Using the Web-Browser and CLI Interfaces
This chapter describes the web-browser and CLI interfaces that you use to configure WLAN controllers. This chapter contains these sections:
• Using the Web-Browser Interface
• Enabling Wireless Connections to the Web-Browser and CLI Interfaces
Using the Web-Browser Interface
The web-browser interface (hereafter called the GUI) allows up to five users to browse simultaneously into the controller http or https (http + SSL) management pages to configure parameters and monitor operational status for the controller and its associated access points.
Guidelines for Using the GUI
Keep these guidelines in mind when using the GUI:
•The GUI is fully compatible with Microsoft Internet Explorer version 6.0 or later on Windows platforms.
•You can use either the service port interface or the management interface to open the GUI. Cisco recommends that you use the service-port interface. Refer to the Configuring the Service Port section on page x for instructions on configuring the service port interface.
•You might need to disable your browser's pop-up blocker to view the online help.
Opening the GUI
To open the GUI, enter the controller IP address in the browser's address line. For an unsecure connection enter http://ip-address. For a secure connection, enter https://ip-address. See the "Configuring the GUI for HTTPS" section for instructions on setting up HTTPS.
Configuring the GUI for HTTPS
You can protect communication with the GUI by enabling HTTPS. HTTPS protects HTTP browser sessions by using the Secure Socket Layer (SSL) protocol. When you enable HTTPS, the controller generates its own local Web Administration SSL certificate and automatically applies it to the GUI. You can also load an externally generated certificate. Follow the instructions in the "Loading an Externally Generated HTTPS Certificate" section for instructions on loading an externally generated certificate.
Using the CLI, follow these steps to enable HTTPS:
Step 1 Enter show certificate summary to verify that the controller has generated a certificate:
>show certificate summary
Web Administration Certificate................. Locally Generated
Web Authentication Certificate................. Locally Generated
Certificate compatibility mode:................ off
Step 2 (Optional) If you need to generate a new certificate, enter this command:
>config certificate generate webadmin
After a few seconds the controller verifies that the certificate is generated:
Web Administration certificate has been generated
Step 3 Enter this command to enable HTTPS:
>config network secureweb enable
Step 4 Save the SSL certificate, key, and secure web password to NVRAM (non-volatile RAM) so your changes are retained across reboots:
>save config
Are you sure you want to save? (y/n) y
Configuration Saved!
Step 5 Reboot the controller:
>reset system
Are you sure you would like to reset the system? (y/n) y
System will now restart!
The controller reboots.
Loading an Externally Generated HTTPS Certificate
You use a TFTP server to load the certificate. Follow these guidelines for using TFTP:
•If you load the certificate through the service port, the TFTP server must be on the same subnet as the controller because the service port is not routable. However, if you load the certificate through the distribution system (DS) network port, the TFTP server can be on any subnet.
•The TFTP server cannot run on the same computer as the Cisco Wireless Control System (WCS) because WCS and the TFTP server use the same communication port.
Note Every HTTPS certificate contains an embedded RSA Key. The length of the RSA key can vary from 512 bits, which is relatively insecure, through thousands of bits, which is very secure. When you obtain a new certificate from a Certificate Authority, make sure the RSA key embedded in the certificate is at least 768 bits long.
Follow these steps to load an externally generated HTTPS certificate:
Step 1 Use a password to encrypt the HTTPS certificate in a .PEM-encoded file. The PEM-encoded file is called a Web Administration Certificate file (webadmincert_name.pem).
Step 2 Move the webadmincert_name.pem file to the default directory on your TFTP server.
Step 3 In the CLI, enter transfer download start and answer n to the prompt to view the current download settings:
>transfer download start
Mode........................................... TFTP
Data Type...................................... Admin Cert
TFTP Server IP................................. xxx.xxx.xxx.xxx
TFTP Path...................................... <directory path>
TFTP Filename..................................
Are you sure you want to start? (y/n) n
Transfer Canceled
Step 4 Use these commands to change the download settings:
>transfer download mode tftp
>transfer download datatype webauthcert
>transfer download serverip TFTP server IP address
>transfer download path absolute TFTP server path to the update file
>transfer download filename webadmincert_name.pem
Step 5 Enter the password for the .PEM file so the operating system can decrypt the Web Administration SSL key and certificate:
>transfer download certpassword private_key_password
>Setting password to private_key_password
Step 6 Enter transfer download start to view the updated settings, and answer y to the prompt to confirm the current download settings and start the certificate and key download:
>transfer download start
Mode........................................... TFTP
Data Type...................................... Site Cert
TFTP Server IP................................. xxx.xxx.xxx.xxx
TFTP Path...................................... directory path
TFTP Filename.................................. webadmincert_name
Are you sure you want to start? (y/n) y
TFTP Webadmin cert transfer starting.
Certificate installed.
Please restart the switch (reset system) to use the new certificate.
Step 7 Enter this command to enable HTTPS:
>config network secureweb enable
Step 8 Save the SSL certificate, key, and secure web password to NVRAM (non-volatile RAM) so your changes are retained across reboots:
>save config
Are you sure you want to save? (y/n) y
Configuration Saved!
Step 9 Reboot the controller:
>reset system
Are you sure you would like to reset the system? (y/n) y
System will now restart!
The controller reboots.
Disabling the GUI
To prevent all use of the GUI, select the Disable Web-Based Management check box on the Services: HTTP-Web Server page and click Apply.
To re-enable the GUI, enter this command on the CLI:
>ip http server
Using Online Help
Click the help icon at the top of any page in the GUI to display online help. You might have to disable the browser pop-up blocker to view online help.
Using the CLI
The CLI allows you to use a VT-100 emulator to locally or remotely configure, monitor, and control a WLAN controller and its associated lightweight access points. The CLI is a simple text-based, tree-structured interface that allows up to five users with Telnet-capable terminal emulators to access the controller.
Logging Into the CLI
You access the CLI using either of two methods:
•A direct ASCII serial connection to the controller console port
•A remote console session over Ethernet through the pre-configured Service Port or through Distribution System Ports
Before you log into the CLI, configure your connectivity and environment variables based on the type of connection you use.
Using a Local Serial Connection
You need these items to connect to the serial port:
•A computer that has a DB-9 serial port and is running a terminal emulation program
•A DB-9 male-to-female null-modem serial cable
Follow these steps to log into the CLI through the serial port:
Step 1 Connect your computer to the controller using the DB-9 null-modem serial cable.
Step 2 Open a terminal emulator session using these settings:
•9600 baud
•8 data bits
•1 stop bit
•no parity
•no hardware flow control
Step 3 At the prompt, log into the CLI. The default username is admin and the default password is admin.
Using a Remote Ethernet Connection
You need these items to connect to a controller remotely:
•A computer with access to the controller over the Ethernet network
•The IP Address of the controller
•A terminal emulation program or a DOS shell for the Telnet session
Note By default, controllers block Telnet sessions. You must use a local connection to the serial port to enable Telnet sessions.
Follow these steps to log into the CLI through the serial port:
Step 1 Verify that your terminal emulator or DOS shell interface is configured with these parameters:
•Ethernet address
•Port 23
Step 2 Use the controller IP address to Telnet to the CLI.
Step 3 At the prompt, log into the CLI. The default username is admin and the default password is admin.
Logging Out of the CLI
When you finish using the CLI, navigate to the root level and enter logout. The system prompts you to save any changes you made to the volatile RAM.
Navigating the CLI
The is organized around five levels:
Root Level
Level 2
Level 3
Level 4
Level 5
When you log into the CLI, you are at the root level. From the root level, you can enter any full command without first navigating to the correct command level. Table 2-1 lists commands you use to navigate the CLI and to perform common tasks.
Enabling Wireless Connections to the Web-Browser and CLI Interfaces
You can monitor and configure controllers using a wireless client. This feature is supported for all management tasks except uploads from and downloads to the controller.
Before you can open the GUI or the CLI from a wireless client device you must configure the controller to allow the connection. Follow these steps to enable wireless connections to the GUI or CLI:
Step 1 Log into the CLI.
Step 2 Enter config network mgmt-via-wireless enable
Step 3 Use a wireless client to associate to a lightweight access point connected to the controller.
Step 4 On the wireless client, open a Telnet session to the controller, or browse to the controller GUI.
Tip To use the controller GUI to enable wireless connections, browse to the Management Via Wireless page and select the Enable Controller Management to be accessible from Wireless Clients check box.
Posted: Thu Sep 15 08:20:50 PDT 2005
All contents are Copyright © 1992--2005 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.