Cisco CSS 11000 series switches version 4.0 and greater have the capability to be monitored through a Web browser. Other ways of monitoring the CSS are through the management port (this would require the port to be configured to a local IP segment in the network) and through Simple Network Management Protocol (SNMP). This document describes how to configure the Cisco CSS11000 for Web Management.
There are no specific requirements for this document.
The information in this document is based on the software and hardware versions:
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
For more information on document conventions, see the Cisco Technical Tips Conventions.
To enable web management on the CSS 11000 series switch, issue the following commands:
CS100(config)# no restrict web-mgmt<cr>
CS100(config)# web-mgmt state enable<cr>
To verify the configuration, issue the following command:
CS100(config)# show running-config<cr>
*************************** GLOBAL ***************************
no restrict web-mgmt
To test the configuration, perform the steps below:
Launch any HTTP version 1.1 browser from your PC.
Navigate to the circuit VLAN address that you normally use while attempting a console or Telnet session. The CSS series switch uses port 8081 as its Web management port.
Input your username (your administrator login) and your password (your administrator password).
After a successful login, the following System Information screen appears:
On the left menu above, double-click Configuration | Getting Started.
On the list below, click Circuit.
From this menu, you can monitor the CSS configuration and overall system health. Below is an example of selecting a circuit VLAN number.
Administrative access to the CSS 11000 series switch should be limited to the administrative and technical staff. It is recommended that you use access control lists (ACLs) to restrict users.
The following ACLs are necessary to deny all attempts to access the web console, assuming the switch is set up for port 80 traffic only:
CS100(config)# acl 99 <cr>
CS100(config-acl )# clause 200 permit <source IP> destination <circuit VLAN1> eq any <cr>
CS100(config-acl )# clause 199 permit any any destination eq 80 <cr>
CS100(config-acl )# apply circuit-(VLAN1)<cr>
CS100(config)# acl enable <cr>
Note: Updates to either the command line interface (CLI) or to the Web interface will be released as changes are made.
The CSS 11000 is also equipped with a management interface typically located on the back of the CSS 11000. The management interface ships with address 188.8.131.52 already configured.
Note: The management interface on the CSS 11000 is an out-of-band address, which means that your Telnet client must be on the same subnet as the management interface. For example, if your management interface is on 184.108.40.206 with a subnet mask of 255.255.255.0, you need to configure your Telnet client to an IP address in the 1.1.1.x subnet (such as 220.127.116.11 ). In addition, the subnet on which the management interface resides is not routable. This means that if you have a management interface with an IP address of 18.104.22.168 and a subnet mask of 255.255.255.0, then the entire 1.1.1.x subnet is unable to contact any device outside of the 1.1.1.x subnet.
Refer to Configuring Simple Network Management Protocol (SNMP) for more information.