Cisco CSS 11000 series switches version 4.0 and greater have the
capability to be monitored through a Web browser. Other ways of monitoring the
CSS are through the management port (this would require the port to be
configured to a local IP segment in the network) and through Simple Network
Management Protocol (SNMP). This document describes how to configure the Cisco
CSS11000 for Web Management.
There are no specific requirements for this document.
The information in this document is based on the software and hardware
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
For more information on document conventions, see the
Technical Tips Conventions.
To enable web management on the CSS 11000 series switch, issue the
CS100(config)# no restrict web-mgmt<cr>
CS100(config)# web-mgmt state enable<cr>
To verify the configuration, issue the following command:
CS100(config)# show running-config<cr>
*************************** GLOBAL ***************************
no restrict web-mgmt
To test the configuration, perform the steps below:
Launch any HTTP version 1.1 browser from your PC.
Navigate to the circuit VLAN address that you normally use while
attempting a console or Telnet session. The CSS series switch uses port 8081 as
its Web management port.
Input your username (your administrator login) and your password
(your administrator password).
After a successful login, the following System
Information screen appears:
On the left menu above, double-click Configuration | Getting
On the list below, click Circuit.
From this menu, you can monitor the CSS configuration and overall
system health. Below is an example of selecting a circuit VLAN number.
Administrative access to the CSS 11000 series switch should be limited
to the administrative and technical staff. It is recommended that you use
access control lists (ACLs) to restrict users.
The following ACLs are necessary to deny all attempts to access the web
console, assuming the switch is set up for port 80 traffic only:
CS100(config)# acl 99 <cr>
CS100(config-acl )# clause 200 permit <source IP> destination <circuit VLAN1> eq any <cr>
CS100(config-acl )# clause 199 permit any any destination eq 80 <cr>
CS100(config-acl )# apply circuit-(VLAN1)<cr>
CS100(config)# acl enable <cr>
Note: Updates to either the command line interface (CLI) or to the Web
interface will be released as changes are made.
The CSS 11000 is also equipped with a management interface typically
located on the back of the CSS 11000. The management interface ships with
address 126.96.36.199 already configured.
Note: The management interface on the CSS 11000 is an out-of-band address,
which means that your Telnet client must be on the same subnet as the
management interface. For example, if your management interface is on 188.8.131.52
with a subnet mask of 255.255.255.0, you need to configure your Telnet client
to an IP address in the 1.1.1.x subnet (such as 184.108.40.206 ). In addition, the
subnet on which the management interface resides is not routable. This means
that if you have a management interface with an IP address of 220.127.116.11 and a
subnet mask of 255.255.255.0, then the entire 1.1.1.x subnet is unable to
contact any device outside of the 1.1.1.x subnet.
Simple Network Management Protocol (SNMP) for more information.