Choose any of these login options:

Example for Configuring Device Login Through the Web System (Secure Mode)

Here is an example for configuring device login through the web system(secure mode), this configuration can be applied for all the huawei switches.

Networking Requirements

The device functions as an HTTPS server (an HTTPS IPv4 server is used as an example here) and is reachable to the PC. The management IP address of the HTTPS server is 192.168.0.1/24.
Users want to manage and maintain the device through the web system and have high security requirements. They have obtained the server digital certificate 1_servercert_pem_dsa.pem and private key file 1_serverkey_pem_dsa.pem from the CA.

Configuration Roadmap

NOTE:
Loading an independent web page file is used as an example here.
The configuration roadmap is as follows:
1.      Upload necessary files to the server, including the web page file, server digital certificate, and private key file. Upload these files through SFTP to ensure security.
2.      Load the web page file and digital certificate.
3.      Bind an SSL policy and enable the HTTPS service.
  1. Configure a web user and enter the web login page.

Procedure

  1. Upload files to the device through SFTP.
# Generate a local key pair on the server and enable the SFTP server function.
 > system-view<>
 [HUAWEI] sysname HTTPS-Server
 [HTTPS-Server] dsa local-key-pair create
 Info: The key name will be: HTTPS-Server_Host_DSA.
 Info: The key modulus can be any one of the following : 512, 1024, 2048.
 Info: If the key modulus is greater than 512, it may take a few minutes.
 Please input the modulus [default=2048]:2048
 Info: Generating keys
 Info: Succeeded in creating the DSA host keys. 
 [HTTPS-Server] sftp server enable
# Configure the VTY user interface on the server.
 [HTTPS-Server] user-interface vty 0 4
 [HTTPS-Server-ui-vty0-4] authentication-mode aaa
 [HTTPS-Server-ui-vty0-4] protocol inbound ssh
 [HTTPS-Server-ui-vty0-4] quit
# Configure an SSH user, including its authentication mode, service type, service authorized directory and password, user level, and access type.
 [HTTPS-Server] ssh user client001 authentication-type password
 [HTTPS-Server] ssh user client001 service-type sftp
 [HTTPS-Server] ssh user client001 sftp-directory flash:
 [HTTPS-Server] aaa
 [HTTPS-Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789
 [HTTPS-Server-aaa] local-user client001 privilege level 15
 [HTTPS-Server-aaa] local-user client001 service-type ssh
 [HTTPS-Server-aaa] quit
 [HTTPS-Server] quit
# Log in to the HTTPS server through SFTP from the terminal and upload the digital certificate and web page file to the server.
You need to install the SSH client software on the terminal before login. The third-party software OpenSSH and Windows Command Prompt window are used as examples here.
NOTE:
  • Ensure that the OpenSSH version you use is compatible with the terminal's operating system; otherwise, you may fail to log in to the switch through SFTP.
o        For details on how to install OpenSSH, see the instruction of the software.
o        You need to use OpenSSH commands for login through OpenSSH. For details on how to use the OpenSSH commands, see the help document of the software.
o        OpenSSH commands can be used in the Windows Command Prompt window only after the OpenSSH software is installed.
Open the Windows Command Prompt window and run the sftp client001@192.168.0.1 command to enter the working directory of the SFTP server. You can access the device through SFTP. (The following information is for reference only.)
 C:\Documents and Settings\Administrator> sftp client001@192.168.0.1
 Connecting to 192.168.0.1...
 The authenticity of host '192.168.0.1 (192.168.0.1)' can't be established.
 DSA key fingerprint is 46:b2:8a:52:88:42:41:d4:af:8f:4a:41:d9:b8:4f:ee.
 Are you sure you want to continue connecting (yes/no)? yes
 Warning: Permanently added '192.168.0.1' (DSA) to the list of known hosts.
 User Authentication
 Password:
 sftp>
Upload the digital certificate and web page file from the terminal to the server.
 sftp> put web.7z
 Uploading web.7z to /web.7z 
 web.7z                              100%   1308478   4.6KB/s   00:11
 sftp> put 1_servercert_pem_dsa.pem
 Uploading 1_servercert_pem_dsa.pem to /1_servercert_pem_dsa.pem 
 1_servercert_pem_dsa.pem            100%   1302      4.6KB/s   00:02
 sftp> put 1_serverkey_pem_dsa.pem
 Uploading 1_serverkey_pem_dsa.pem to /1_serverkey_pem_dsa.pem 
 1_serverkey_pem_dsa.pem             100%   951       4.6KB/s   00:01
# Run the dir command on the device to check whether the digital certificate and web page file exist in the current storage directory.
NOTE:
If the sizes of the digital certificate and web page file in the current storage directory are different from sizes of those on the server, an error may occur during file transfer. Upload the files again.
# Create the subdirectory security on the server and copy the digital certificate and private key file to the subdirectory.
 mkdir security
 copy 1_servercert_pem_dsa.pem security
 copy 1_serverkey_pem_dsa.pem security
# Run the dir command in the security subdirectory to check the digital certificate.
 cd security
 dir
 Directory of flash:/security/
  
   Idx  Attr     Size(Byte)  Date        Time       FileName
     0  -rw-          1,302  Apr 13 2011 14:29:31   1_servercert_pem_dsa.pem
     1  -rw-            951  Apr 13 2011 14:29:49   1_serverkey_pem_dsa.pem
  
 65,233 KB total (7,287 KB free)
  1. Load the web page file and digital certificate.
# Load the web page file.
 system-view
 [HTTPS-Server] http server load web.7z
# Create an SSL policy and load the PEM digital certificate.
 [HTTPS-Server] ssl policy http_server
 [HTTPS-Server-ssl-policy-http_server] certificate load pem-cert 1_servercert_pem_dsa.pem key-pair dsa key-file 1_serverkey_pem_dsa.pem auth-code cipher 123456
 [HTTPS-Server-ssl-policy-http_server] quit
# After the preceding configurations are complete, run the display ssl policy command on the HTTPS server to check detailed information about the loaded certificate.
 [HTTPS-Server] display ssl policy
  
        SSL Policy Name: http_server
      Policy Applicants: Config-Webs
          Key-pair Type: DSA
  Certificate File Type: PEM
       Certificate Type: certificate
   Certificate Filename: 1_servercert_pem_dsa.pem
      Key-file Filename: 1_serverkey_pem_dsa.pem
              Auth-code: ******
                    MAC:
               CRL File:
        Trusted-CA File: 
  1. Bind an SSL policy to the device and enable the HTTPS service.
# Bind an SSL policy to the device.
 [HTTPS-Server] http secure-server ssl-policy http_server
# Enable the HTTPS service.
 [HTTPS-Server] http secure-server enable
  1. Configure a web user and enter the web login page.
# Configure a web user.
 [HTTPS-Server] aaa
 [HTTPS-Server-aaa] local-user admin password irreversible-cipher Helloworld@6789
 [HTTPS-Server-aaa] local-user admin privilege level 15
 [HTTPS-Server-aaa] local-user admin service-type http
 [HTTPS-Server-aaa] quit
# Enter the web login page.
Open the web browser on the PC, enter https://192.168.0.1 in the address box, and press Enter to enter the web login page.
Enter the web user name and password and click GO or press Enter to enter the web system home page.
  1. Verify the configuration.
After the configurations are complete, you can log in to the device through the web system.
Run the display http server command on the device to check the SSL policy name and the HTTPS server status.
 [HTTPS-Server] display http server
    HTTP Server Status              : enabled
    HTTP Server Port                : 80(80)
    HTTP Timeout Interval           : 20
    Current Online Users            : 1
    Maximum Users Allowed           : 5
    HTTP Secure-server Status       : enabled
    HTTP Secure-server Port         : 443(443)
    HTTP SSL Policy                 : http_server
    HTTP IPv6 Server Status         : disabled
    HTTP IPv6 Server Port           : 80(80)
    HTTP IPv6 Secure-server Status  : disabled
    HTTP IPv6 Secure-server Port    : 443(443)

Configuration Files

Configuration file of the HTTPS server
 #
 sysname HTTPS-Server
 #
 http server load web.7z
 http secure-server ssl-policy http_server
 #
 aaa
  local-user admin password irreversible-cipher %#%##R!d3>ji-.u1+N2gSK>3&2P1AM6jfU:"x/3g[5U,lvqP+sf=70+%^E7,,SF7%#%#
  local-user admin privilege level 15
  local-user admin service-type http
  local-user client001 password irreversible-cipher %#%#L@[C7B11%"H&\fS;qETS`zGI#RyJ%+A2KzP'.k[0tQ{=Cq5s43s&f^L\In6K%#%#
  local-user client001 privilege level 15
  local-user client001 service-type ssh
 #
 sftp server enable
 ssh user client001
 ssh user client001 authentication-type password
 ssh user client001 service-type sftp
 ssh user client001 sftp-directory flash:
 #
 user-interface vty 0 4
  authentication-mode aaa
 #
 ssl policy http_server
  certificate load pem-cert 1_servercert_pem_dsa.pem key-pair dsa key-file 1_serverkey_pem_dsa.pem auth-code cipher %#%#0|:yF=]P~Afis516)rO,3Yu<@/3e]
 KFg.q@LG50%%#%# 
 #
 return
 
More related:
How to Configure PoE for Huawei PoE Switches?
Setting the POE Parameter for Huawei Switches
Obtaining the Equipment Serial Number on Huawei Switches
How to Log In to the Device Through a Console Port on Huawei Switches



share on: Share it! Tweet it! Stumble it! Digg it! Email it!  |  Permalink  |  lookafterpp in Huawei switch | 1 Comment
Reader Comments  (1)

no photo
Rollins Jack   | September 18th 2017 at 1505723444

Web information system, or online information system, is an information system that use Internet web advances to convey information and Assignment Help Online services, to clients or other information systems/applications.

Post a Comment
Author:
Email:
(Optional)
  
lookafterpp
Reputation: 0 (0%)
Member Since:  Jul 2013
Last activity: 5/13/15, 6:05 pm