Guest

Cisco CSS 11500 Series Content Services Switches

Enabling Web Management and Maintenance on the CSS 11000

Cisco - Enabling Web Management and Maintenance on the CSS 11000

Document ID: 26202

Updated: Dec 27, 2007

   Print

Introduction

Cisco CSS 11000 series switches version 4.0 and greater have the capability to be monitored through a Web browser. Other ways of monitoring the CSS are through the management port (this would require the port to be configured to a local IP segment in the network) and through Simple Network Management Protocol (SNMP). This document describes how to configure the Cisco CSS11000 for Web Management.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on the software and hardware versions:

  • Cisco CSS 11000/11500 series services with WebNS version 4.0 in a lab environment with cleared configurations

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, see the Cisco Technical Tips Conventions.

How to Enable Web Management on the CSS 11000 Series Switch

To enable web management on the CSS 11000 series switch, issue the following commands:

CS100(config)# no restrict web-mgmt<cr> 
CS100(config)# web-mgmt state enable<cr> 

To verify the configuration, issue the following command:

CS100(config)# show running-config<cr> 
*************************** GLOBAL ***************************
no restrict web-mgmt 

To test the configuration, perform the steps below:

  1. Launch any HTTP version 1.1 browser from your PC.

  2. Navigate to the circuit VLAN address that you normally use while attempting a console or Telnet session. The CSS series switch uses port 8081 as its Web management port.

  3. Input your username (your administrator login) and your password (your administrator password).

    css11000_mgt-A.jpg

    After a successful login, the following System Information screen appears:

    css11000_mgt-B.gif

  4. On the left menu above, double-click Configuration | Getting Started.

  5. On the list below, click Circuit.

    css11000_mgt-D.jpg

  6. From this menu, you can monitor the CSS configuration and overall system health. Below is an example of selecting a circuit VLAN number.

    css11000_mgt-C.jpg

Recommendations

Administrative access to the CSS 11000 series switch should be limited to the administrative and technical staff. It is recommended that you use access control lists (ACLs) to restrict users.

The following ACLs are necessary to deny all attempts to access the web console, assuming the switch is set up for port 80 traffic only:

CS100(config)# acl 99 <cr> 
CS100(config-acl [99])# clause 200 permit <source IP> destination <circuit VLAN1> eq any <cr> 
CS100(config-acl [99])# clause 199 permit any any destination eq 80 <cr> 
CS100(config-acl [99])# apply circuit-(VLAN1)<cr> 
CS100(config)# acl enable <cr> 

Note: Updates to either the command line interface (CLI) or to the Web interface will be released as changes are made.

Other Management Options

Management Port

The CSS 11000 is also equipped with a management interface typically located on the back of the CSS 11000. The management interface ships with address 1.1.1.1 already configured.

Note: The management interface on the CSS 11000 is an out-of-band address, which means that your Telnet client must be on the same subnet as the management interface. For example, if your management interface is on 1.1.1.1 with a subnet mask of 255.255.255.0, you need to configure your Telnet client to an IP address in the 1.1.1.x subnet (such as 1.1.1.2 ). In addition, the subnet on which the management interface resides is not routable. This means that if you have a management interface with an IP address of 1.1.1.1 and a subnet mask of 255.255.255.0, then the entire 1.1.1.x subnet is unable to contact any device outside of the 1.1.1.x subnet.

SNMP Management

Refer to Configuring Simple Network Management Protocol (SNMP) for more information.

Related Information

Updated: Dec 27, 2007
Document ID: 26202