Configuring and Accessing the Web User Interface

The Cisco ASR 1000 Series Routers introduce a web user interface that expands on the functionality of web user interfaces available in other Cisco routers.

This chapter is about this web user interface and covers the following topics:

Web User Interface Overview

This section covers the following topics:

Web User Interface General Overview

The web user interface is available on Cisco ASR 1000 Series Routers starting in Cisco IOS XE Release 2.1.1. The web user interface is not available in Cisco IOS XE Release 2.1.0.

The Cisco ASR 1000 Series Routers can be accessed using a web user interface. This web user interface allows users to monitor router performance using an easy-to-read graphical interface. Most aspects of a Cisco ASR 1000 Series Router can be monitored using the web user interface.

The web user interface has the following features:

  • An interface that presents information in an easy-to-read graphical format.
  • An interface that allows users to monitor most software processes, including processes related to the IOS and nonIOS subpackages within the Cisco IOS XE consolidated package.
  • An interface that allows users to monitor most hardware components, including all RPs, ESPs, SIPs, and SPAs installed in the router.
  • Access to the legacy web user interface in addition to the enhanced web user interface.
  • The ability to gather the output of show commands from the web user interface.

Legacy Web User Interface Overview

Previous Cisco routers have a legacy web user interface that can be used to monitor the router. This legacy web user interface presents information in a straightforward manner without using any graphics. On the Cisco ASR 1000 Series Routers, this interface is part of the larger web user interface and can be accessed by clicking the “IOS Web UI” option in the left-hand menu.

On the Cisco ASR 1000 Series Routers, the legacy web user interface can only be used to configure and monitor the IOS subpackage. In some scenarios, most notably when an ip http command has been successfully entered to enable the HTTP or HTTPS server while a properly configured web user interface transport map has not yet been applied on the Cisco ASR 1000 Series Router, the legacy web user interface will be accessible while the graphics-based web user interface will be inaccessible.

See the following figure for an example of the legacy web user interface home page.

Figure 1. Legacy Web User Interface Home Page

Graphics-Based Web User Interface Overview

The web user interface on the Cisco ASR 1000 Series Routers expands the legacy web user interface available on other platforms by presenting information in easy-to-read graphics-based tables, graphs, or charts, depending on the information presented. The web user interface on the Cisco ASR 1000 Series Routers is also able to present monitoring information stored in both the IOS and nonIOS subpackages, allowing for a complete view of the router using the web user interface.

See the following figure for an example of the graphics-based web user interface home page.

Figure 2. Graphics-Based Web User Interface Home Page

Persistent Web User Interface Transport Maps Overview

To enable the graphics-based web user interface, a persistent web user interface transport map must be configured. The persistent web user interface transport map, when successfully configured and applied to the router, defines how the router handles incoming web user interface requests. In the persistent web user interface transport map, users define whether the graphics-based web user interface can be accessed through HTTP, HTTPS, or both protocols. Only one persistent web user interface transport map can be applied to a Cisco ASR 1000 Series Router at a time.

The persistent web user interface transport map configuration must be performed in addition to the legacy web user interface configuration, which is configured using the ip http command set. The ip http command settings define which ports are used by HTTP or HTTPS for both the legacy and graphics-based web user interface.

Configuring the Router for Web User Interface Access

The ability to access either web user interface on the Cisco ASR 1000 Series Routers is disabled by default.

The legacy web user interface must be configured before the graphics-based web user interface can be enabled.


Note

The web user interface will not work if the Management Ethernet interface has not been configured or is not working; specifically, the default route must be specified in the Management Ethernet VRF before the web user interface can be configured.

To enable the entire web user interface, perform the following tasks:

SUMMARY STEPS

  1. (Optional) Ensure the clock setting on your router is accurate by entering the show clock command.
  2. Connect to your router and enter the configure terminal command to enter global configuration mode.
  3. Set the HTTP server authentication method to local by entering the ip http authentication local command.
  4. Enable the legacy web user interface by entering one of the following global configuration commands:
  5. Create and name a persistent web user interface transport map by entering the transport-map type persistent webui transport-map-name command.
  6. Enable HTTP, HTTPS, or both by entering the following commands in transport map configuration mode:
  7. (Optional) Enter the show transport-map name transport-map-name privileged EXEC command to verify that your transport map is properly configured.
  8. Enable the transport map by entering the transport type persistent webui input transport-map-name global configuration command.

DETAILED STEPS


Step 1

(Optional) Ensure the clock setting on your router is accurate by entering the show clock command.

Example:


Router# show clock
*13:56:59.257 DST Mon May 5 2008

If the router time is not properly set, use the clock set and clock timezone commands for setting the router clock.

Step 2

Connect to your router and enter the configure terminal command to enter global configuration mode.

Step 3

Set the HTTP server authentication method to local by entering the ip http authentication local command.

Step 4

Enable the legacy web user interface by entering one of the following global configuration commands:

  • ip http server —Enables HTTP on port 80, which is the default HTTP port.
  • ip http port port-number —Enables HTTP on the nondefault user-specified port.
  • ip http secure-server —Enables HTTPS on port 443, the default HTTPS port.
  • ip http secure-port port-number —Enables HTTPS on the nondefault user-specified port.

The legacy web user interface becomes available at this point of the procedure. Users attempting to access the web user interface after this step is completed will see the legacy web user interface only.

To enable the graphics-based web user interface, proceed to Step 5 and complete the remaining steps in this procedure.

Step 5

Create and name a persistent web user interface transport map by entering the transport-map type persistent webui transport-map-name command.

Step 6

Enable HTTP, HTTPS, or both by entering the following commands in transport map configuration mode:

  • server —Enables HTTP.
  • secure-server —Enables HTTPS.

Port numbers cannot be set within the transport map. The port numbers defined in Step 4 are also used with these settings in the persistent web user interface transport map.

Step 7

(Optional) Enter the show transport-map name transport-map-name privileged EXEC command to verify that your transport map is properly configured.

Step 8

Enable the transport map by entering the transport type persistent webui input transport-map-name global configuration command.


What to do next

Examples

In the following example, the HTTP server authentication method is set to local:


Router# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# ip http authentication local

Router(config)# exit

In the following example, the web user interface using the default HTTP port is enabled:


Router# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# ip http server
Router(config)# transport-map type persistent webui http-webui
Router(config-tmap)# server
Router(config-tmap)# exit
Router(config)# exit
Router# show transport-map name http-webui
Transport Map:
  Name: http-webui
  Type: Persistent Webui Transport
Webui:
  Server:        enabled
  Secure Server: disabled
Router# configure terminal
Router(config)# transport type persistent webui input http-webui
*Apr 22 02:43:55.798: %UICFGEXP-6-SERVER_NOTIFIED_START: R0/0: psd:  Server wui has been notified to start  

In the following example, the web user interface using the default HTTPs port is enabled:


Router# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# ip http secure-server
Router(config)# transport-map type persistent webui https-webui
        
Router(config-tmap)# secure-server
Router(config-tmap)# exit
Router(config)# transport type persistent webui input https-webui
*Apr 22 02:38:43.597: %UICFGEXP-6-SERVER_NOTIFIED_START: R0/0: psd:  Server wui has been notified to start

In the following example, the web user interface using the default HTTP and HTTPS ports is enabled:


Router# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# transport-map type persistent webui http-https-webui
Router(config-tmap)# server
Router(config-tmap)# secure-server
Router(config-tmap)# exit
Router(config)# transport type persistent webui input http-https-webui
*Apr 22 02:47:22.981: %UICFGEXP-6-SERVER_NOTIFIED_START: R0/0: psd:  Server wui has been notified to start

Authentication and the Web User Interface

Users attempting to access the web user interface for a router are subject to the same authentication requirements configured for that router. The web browser prompts all users for a name and password combination, and the web browser then looks to the router configuration to see if a user should or should not be granted access to the web user interface.

Only users with a privilege level of 15 can access the web user interface. Otherwise, authentication of web user interface traffic is governed by the authentication configuration for all other traffic.

To configure authentication on your router, see {start cross reference} Configuring Authentication {end cross reference}. {start hypertext} http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html {end hypertext}

Domain Name System and the Web User Interface

The Domain Name System (DNS) is a distributed database in which you can map hostnames to IP addresses through the DNS protocol from a DNS server.

If the router is configured to participate in the Domain Name System, users can access the web user interface by entering http:// <dns-hostname > as the web browser address.

For information on configuring DNS, see {start cross reference}Configuring DNS{end cross reference}. {start hypertext}http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_config_dns_ps6922_TSD_Products_Configuration_Guide_Chapter.html{end hypertext}

Clocks and the Web User Interface

Requests to view the web user interface can be rejected by certain web browsers if the time as seen by the web browser differs from the time as seen by the router by an hour or more.

For this reason, we recommend checking the router time using the show clock command before configuring the router and, if the router time is not properly set, use the clock set and clock timezone commands for setting the router clock.

Similarly, the web browser’s clock source, which is usually the personal computer, must also have an accurate time to properly access the web user interface.

The following message appears when the web browser and the router clocks are more than an hour apart:


Your access is being denied for one of the following reasons:. Your previous session has timed-out, or. You have been logged out from elsewhere, or. You have not yet logged in, or. The resource requires a higher privilege level login.

If you see this message and fixing the other possible causes of the issue still does not make the web user interface accessible, check both the router clock and the PC clock to ensure both clocks reflect the accurate day and time and then retry your connection to the web user interface.

Also note that if one clock changes at daylight savings time while another clock does not, clock-related issues can occur.

Accessing the Web User Interface

To access the web user interface, perform the following tasks:

SUMMARY STEPS

  1. Open your web browser. The web user interface supports the following web browsers:
  2. Enter the address of the router in the address field of the web browser. The format for the address of the router in the address field is http:// <routername or management-ethernet-ip-address> : http-port ] or https:// <routername or management-ethernet-ip-address> : https-port ] , and the addresses that are acceptable depend upon your web browser user interface configurations and whether your router is participating in DNS.Following are some examples of acceptable address field web browser entries:
  3. If prompted, enter your username and password. The username and password combination required to enter the web user interface is the same combination required to access the router.
  4. The graphics-based web user interface similar to should appear in your web browser.

DETAILED STEPS


Step 1

Open your web browser. The web user interface supports the following web browsers:

  • Microsoft Internet Explorer 6 or later
  • Mozilla Firefox 2.0 or later
Step 2

Enter the address of the router in the address field of the web browser. The format for the address of the router in the address field is http:// <routername or management-ethernet-ip-address> : http-port ] or https:// <routername or management-ethernet-ip-address> : https-port ] , and the addresses that are acceptable depend upon your web browser user interface configurations and whether your router is participating in DNS.Following are some examples of acceptable address field web browser entries:

Example:


HTTP Using Default Port Example
http://172.16.5.1
HTTPS Using Default Port Example
https://172.16.5.1
HTTP Using NonDefault Port Example
http://172.16.5.1:94
HTTPS Using NonDefault Port Example
https://172.16.5.1:530/
HTTP Using Default Port Participating in DNS Example
http://router1
HTTPS Using Default Port Participating in DNS Example
https://router1
HTTP Using NonDefault Port Participating in DNS Example
http://router1:94
HTTPS Using NonDefault Port Participating in DNS Example
https://router1:530/
Step 3

If prompted, enter your username and password. The username and password combination required to enter the web user interface is the same combination required to access the router.

Step 4

The graphics-based web user interface similar to should appear in your web browser.


Using Auto Refresh

The web user interface does not refresh content automatically by default.

To set an auto-refresh interval, follow these steps:

SUMMARY STEPS

  1. Check the Refresh every check box on the graphical web user interface home page. A check mark appears in the check box.
  2. Set the frequency of the auto-refresh interval using the drop-down menu.
  3. Click the Start button to the right of the drop-down menu. After hitting this button, the Start button becomes the Stop button and a countdown timer placed to the right of the Stop button begins to increment.

DETAILED STEPS


Step 1

Check the Refresh every check box on the graphical web user interface home page. A check mark appears in the check box.

Figure 3. Checking Auto Refresh Check Box
Step 2

Set the frequency of the auto-refresh interval using the drop-down menu.

Step 3

Click the Start button to the right of the drop-down menu. After hitting this button, the Start button becomes the Stop button and a countdown timer placed to the right of the Stop button begins to increment.

Figure 4. Auto Refresh Counter Example

The web user interface screen refreshes every time this counter reaches 0 seconds.

If you would like to stop the auto-refresh update, click the Stop button to return to the default setting of no auto-refresh update.


Web User Interface Tips and Tricks

This section provides some useful information about using the web user interface once the interface has been accessed:

  • If you know a Cisco IOS command-line interface command to gather information that you are unable to gather using the web user interface, you can click IOS Web UI followed by Monitor the Router to enter commands.
  • If you know a diagnostic mode command to gather information that you are unable to gather using the web user interface, you can click WebCLI to enter show commands.
  • The WebCLI command line has a context-sensitive help feature that shows the options available in a certain keyword sequence using a drop-down menu.The following figure shows an example of this drop-down menu context-sensitive help feature.
Figure 5. Web CLI Drop-Down Menu

Configuring Web User Interface in Cisco IOS XE 16 Releases

Web User Interface

The Web User Interface (Web UI) is a graphical user interface that allows you to provision, monitor, and optimize your device. These sections explain how to access the web user interface and bring up the device:

Setting Up Factory Default Device Using Web UI

Quick Setup Wizard allows you perform the basic router configuration. To configure the router:


Note

Before you access the Web UI, you need to have the basic configuration on the device.


Procedure


Step 1

Connect the RJ-45 end of a serial cable to the RJ-45 console port on the router.

Step 2

After the device initial configuration wizard appears, enter No to get into the device prompt when the following system message appears on the router.

Would you like to enter the initial configuration dialog? [yes/no]: no

Step 3

From the configuration mode, enter the following configuration parameters.

!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1

username admin privilege 15 password 0 default
!
interface gig 0/0/1
ip address 192.168.1.1 255.255.255.0
!
Step 4

Connect the PC to the router using an Ethernet cable to the gig 0/0/1 interface.

Step 5

Set up your PC as a DHCP client to obtain the IP address of the router automatically.

Step 6

Launch the browser and enter the device IP address in your browser’s address line. For a secure connection, type https://192.168.1.1/#/dayZeroRouting. For a less secure connection, enter http://192.168.1.1/#/dayZeroRouting.

Step 7

Enter the default username (admin) and the password as default.


Using Basic or Advanced Mode Setup Wizard

To configure the router using the basic or advanced mode setup:

Procedure


Step 1

Choose the Basic Mode or Advanced Mode and click Go To Account Creation Page.

Step 2

Enter the username and password. Reenter the password to confirm.

Step 3

Click Create and Launch Wizard.

Step 4

Enter the device name and domain name.

Step 5

Select the appropriate time zone from the Time Zone drop-down list.

Step 6

Select the appropriate date and time mode from the Date and Time drop-down list.

Step 7

Click LAN Settings.


Configure LAN Settings

Procedure

Step 1

Choose the Web DHCP Pool/DHCP Pool name or the Create and Associate Access VLAN option.

  1. If you choose the Web DHCP Pool, specify the following:

    Pool Name—Enter the DHCP Pool Name. Network—Enter network address and the subnet mask.
  2. If you choose the Create and Associate Access VLAN option, specify the following:

    Access VLAN—Enter the Access VLAN identification number. The range is from 1 to 4094. Network—Enter the IP address of the VLAN. Management Interfaces—Select the interface and move to the selected list box using the right and left arrows. You can also double click or drag and drop to move the interface to the selected list box.
Step 2

Click Primary WAN Settings.


Configure Primary WAN Settings

Procedure

Step 1

Select the primary WAN type. You con configure Serial, 3G/4G, Ethernet, or Broadband (xDSL) as primary WAN depending on the WAN types supported by the router.

Step 2

Select the interface from the drop-down list.

Step 3

Check the Get DNS Server info directly from ISP check box to get the DNS server information directly from the service provider. You can also manually enter the Primary DNS and Secondary DNS.

Step 4

Check the Get IP automatically from ISP check box to get the IP address information directly from the service provider. You can also manually enter the IP address and subnet mask.

Step 5

Check the Enable NAT check box to enable NAT. It is recommended to enable NAT.

Step 6

Check the Enable PPPOE check box to enable PPPoE. If you have enabled PPPoE, select the required authentication mode. The options are: PAP and CHAP.

Step 7

Enter the user name and password provided by the service provider.

Step 8

Click Security / APP Visibility WAN Settings.


Configure Secondary WAN Settings

For advanced configuration, you should configure the secondary WAN connection.

Procedure

Step 1

Select the secondary WAN type. You con configure Serial, 3G/4G, Ethernet, or Broadband (xDSL) as a secondary WAN depending on the WAN types supported by the router.

Step 2

Select the interface from the drop-down list.

Step 3

Check the Get DNS Server info directly from ISP check box to get the DNS server information directly from the service provider. You can also manually enter the Primary DNS and Secondary DNS.

Step 4

Check the Get IP automatically from ISP check box to get the IP address information directly from the service provider. You can also manually enter the IP address and subnet mask.

Step 5

Check the Enable NAT check box to enable NAT. It is recommended to enable NAT.

Step 6

Check the Enable PPPOE check box to enable PPPoE. If you have enabled PPPoE, select the required authentication mode. The options are PAP and CHAP .

Step 7

Enter the user name and password provided by the service provider.

Step 8

Click Security / APP Visibility WAN Settings.


Configure Security Settings

Procedure

Step 1

Check the Enable Cisco Recommended Security Settings check box to ensure that all passwords are not shown in plain text. The passwords are encrypted.

Step 2

Click Day 0 Config Summary.

Step 3

To preview the configuration, click CLI Preview to preview the configuration.

Step 4

Click Finish to complete the Day Zero setup.