|
|
This installation and configuration note describes how to configure the Hypertext Transfer Protocol (HTTP) server and authentication login for the Catalyst Web Interface (CWI). It also describes how to download the Catalyst version of CiscoView 5.0 (Catalyst CV) to your client.
 |
Note For the Catalyst 5000 and Catalyst 6000 family switches, the CWI is bundled with an online software image on CCO. If your software image includes CWI, the name of the image contains "cv" appended to the supervisor. For example, cat5000-supcv.5-4-2.bin. |
|
Note For the Catalyst 4000 family switches, the CWI is not bundled with an online software image on CCO. The CWI is a totally separate image that can be downloaded independent of the supervisor software. |
|
Note Because the CWI image is 8 MB, you need to download the image to the PCMCIA card as it will not fit on the bootflash. You must also manually synchronize the CWI image to the standby supervisor engine. This applies to Catalyst 5000 family switches only. |
This document contains these sections:
The CWI is a browser-based tool that you can use to configure the Catalyst 6000, 5000, and 4000 family switches. It consists of a graphical user interface (GUI) that runs on the client (Catalyst CV) and an HTTP server that runs on the switch.
A GUI alternative to the CLI and SNMP interfaces, the CWI provides a real-time graphical representation of the switch and detailed information, such as port status, module status, type of chassis, and modules.
The CWI uses HTTP to download Catalyst CV from the server to the client. HTTP is the TCP/IP protocol that the World Wide Web uses to exchange HTML documents.
Communication between the client and server usually occurs on a TCP/IP connection. The TCP/IP port number for HTTP is 80. In this client-server mode, the client opens a connection to the server and sends a request. The server receives the request, sends a response back to the client, and closes the connection.
The HTTP server supports the following requests:
The HTTP server responds to a simple request with a simple response and to a full request with a full response.
In the default state, the HTTP server is disabled. To enable the CWI, you must enable the HTTP server. After you enable the HTTP server, it listens for requests on port number 80. You can change the TCP/IP port number to any port number from 1 to 65,535 at the CLI.
Although the system uses HTTP 1.0, it also supports HTTP 1.1 messaging.
Following a successful download, Catalyst CV opens and displays switch information in your browser. The CWI obtains this information from the switch using SNMP requests.
Table 1 shows the CWI hardware and software requirements.
| Hardware and Software | Requirements |
|---|---|
Supported Platforms | Catalyst 6000 family-All supervisor engines |
| Catalyst 5000 family-Supervisor Engine III and Supervisor Engine III F |
| Catalyst 4000 family-Supervisor Engine I, |
| Supervisor engine software release 5.4(2)or later. |
Supported Browsers | Internet Explorer-Software version 5.0 or later |
| Netscape Navigator-Software version 4.61 or later |
| Java Plugin 1.2.2 must be installed on the client. |
Required Memory |
|
DRAM | 3.5 MB for the switch image. |
| Not a significant amount for the HTTP server. Usage (and performance impact) depends on the number of concurrent HTTP sessions. The switch supports a maximum of three concurrent HTTP sessions. |
FLASH | 3.5 MB for the Catalyst CV files (in addition to the switch image). |
| 40 KB for the HTTP server (in addition to the switch image). |
NVRAM | Not a significant amount for the CWI. |
Required Disk Space | 3.5 MB for the CWI (in addition to the switch image). |
Table 2 shows the CWI default configuration.
| Feature | Default Value |
|---|---|
HTTP server | Disabled |
TCP/IP port number | 80 |
Authentication | Enabled |
HTTP trace | Disabled |
Before you can access the Catalyst CV, you need to perform the tasks in these sections:
To configure the HTTP server, perform this task at the CLI:
| Task | Command | |
|---|---|---|
Step 1 | Assign an IP address to the switch, if necessary. | set interface sc0 [ip_addr / netmask] |
Step 2 | Enable the HTTP server on the switch. | set ip http server enable |
Step 3 | Configure the HTTP port (TCP/IP port default is 80; perform this step only if you need to change the default). | set ip http port port_number default |
Step 4 | Verify the HTTP server and CWI support. | show ip http11 |
Step 5 | Display the CWI version. | show version |
Step 6 | Display the CWI configuration. | show config |
Step 7 | Configure trace monitor to debug, if necessary. | set trace |
Step 8 | Display trace. | show trace |
| 1The show ip http command displays the CWI status. If the switch supports the CWI, the "Web Interface" status field shows "Supported," otherwise, the field shows "Not Supported." |
Catalyst switch software allows you to configure authentication for console and Telnet logins using the RADIUS/TACACS/KERBEROS/Local database. With software release 5.4(2) or later, you can also configure authentication for HTTP users.
When you log into the switch using HTTP, a dialog box appears and prompts you for your username and password. After you provide your username and password, the system authenticates your login with the HTTP user-authentication method. The system denies access unless the username and password are valid.
In the default configuration, verification is enabled for all users of the CWI. The system validates the login password against the local login password.
Authentication for the CWI occurs at these two security levels:
To configure authentication, perform this task at the CLI:
| Task | Command | |
|---|---|---|
Step 1 | Configure authentication login. | set authentication login |
Step 2 | Display authentication. | show authentication |
This example shows how to set the authentication login for the HTTP option:
Console> (enable) set authentication login tacacs enable http primary Tacacs authentication set to enable for HTTP sessions as primary authentication method. Console> (enable) set authentication login radius disable http primary Tacacs authentication set to disable for HTTP sessions.
For detailed information on configuring authentication login, refer to the "Controlling and Monitoring Access to the Switch Using Authentication, Authorization, and Accounting" chapter of the Software Configuration Guide for your switch.
To download the Catalyst CV from your browser, follow these steps:
http://172.20.14.89
In this examples, 172.20.14.89 is the switch IP address.
After you connect to the switch, a login dialog appears and prompts for your username and password.
Step 2 Provide your username and password.
The home page of the switch appears on your browser.
Step 3 Click the Switch Manager link to download the Catalyst CV.
The switch downloads the Catalyst CV, and your browser opens with a real-time view of the switch chassis.
|
Note The CWI communicates with the switch through SNMP requests. If the IP permit feature is enabled, you must set the IP address of the browser to "permitted" in the IP permit list for SNMP. For detailed information on configuring IP permit lists, refer to the "Configuring IP Permit List" chapter of the Software Configuration Guide for your switch. |
The Catalyst CV is a subset of the CiscoView 5.0 Network Management System. Most of the monitoring features that are available in CiscoView 5.0 are not available in the Catalyst CV. For example, you cannot monitor CPU or memory usage in the Catalyst CV. However, the Catalyst CV does provide a clear view of which ports are up and running and which are not.
The primary purpose of the Catalyst CV is to provide a GUI to configure the switch for those customers who do not want to purchase the CiscoView 5.0 Network Management System. For information on how to configure a Catalyst switch with the Catalyst CV, refer to "Configuring Devices" in the CiscoView 5.0 documentation.
For documentation on how to use the Catalyst CV, refer to the CiscoView 5.0 documentation on CCO.
These sections describe how to use the CWI commands:
Table 3 is an overview of the CLI commands for the CWI:
| Command | Functions |
|---|---|
set ip http server {enable | disable} | Configures the HTTP server on the switch. |
set ip http port port_number | default | Configures the HTTP port. |
show ip http | Displays the HTTP server information. |
show version | Displays the CWI version number. |
show config | Displays the CWI configuration. |
set trace | Configures the CWI trace. |
show trace | Displays the CWI trace. |
set authentication login | Configures the CWI authentication. |
show authentication | Displays the CWI authentication. |
In the default state, the HTTP server is disabled on the switch. To configure the HTTP server, perform this task in privileged mode:
| Task | Command |
|---|---|
Configure an HTTP server. | set ip http server {enable | disable} |
This example shows how to enable an HTTP server:
Console> (enable) set ip http server enable HTTP server is enabled on the system.
This example shows the message that you receive when your switch does not support the CWI:
Console> (enable) set ip http server enable Feature not supported on the system.
This example shows how to disable the HTTP server:
Console> (enable) set ip http server disable HTTP server is disabled on the system.
You do not need to use this command unless you want to change the default setting. In the default state, the TCP/IP port number on the server is 80. To configure the port number for the HTTP server, perform this task in privileged mode:
| Task | Command |
|---|---|
Configuring the IP port number. | set ip http port port_number | default |
This example shows how to configure the TCP/IP port number to the default of 80.
Console> (enable) set ip http port default HTTP TCP port number set to 80.
This example shows how to configure the TCP port number to 2398:
Console> (enable) set ip http port 2398
HTTP TCP port number set to 2398.
To display the HTTP server information, perform this task in normal mode:
| Task | Command |
|---|---|
Display the HTTP server information. | show ip http |
This example shows how to view information on the HTTP server and shows a CWI that is supported:
Console> show ip http
HTTP Information:
------------------------------
HTTP Server: enabled
HTTP port: 80
Web Interface: Supported
Web Interface SW Information:
-----------------------------
File: applet.html
CV stats: file /applet.html is padded, deducting
size: 4791
File: cvadp.jar
CV stats: file /cvadp.jar is padded, deducting
size: 2164875
File: cvadp_splash.jar
CV stats: file /cvadp_splash.jar is padded, deducting
size: 19401
File: cvadp_error.html
CV stats: file /cvadp_error.html is padded, deducting
size: 401
version: 5.0(0.26)
date: 10/9/99
Active Web Interface Sessions: 1
Session 1:
----------
Client IP Address: 192.20.20.45
Request Type: GET
Request URI: /all-engine.jar
This example shows how to display information on the HTTP server and shows a CWI that is not supported:
Console>(enable) show ip http HTTP information: ----------------------- HTTP Server: disabled HTTP port: 80 Web Interface: Not Supported HTTP active sessions: Console> (enable)
To display the CWI version number, perform this task in normal mode:
| Task | Command |
|---|---|
Display the CWI version number. | show version |
This example shows how to display the CWI version number:
Console> show version
WS-C6509 Software, Version Imposer: 5.3(0.74)MIA7-Eng
Copyright (c) 1995-2000 by Cisco Systems
NMP S/W compiled on Aug 31 1999, 12:59:28
System Bootstrap Version: 5.2(1)
System Web Interface Version: 5.0(0.25)
Hardware Version: 1.0 Model: WS-C6509 Serial #: SCA032100T8
Mod Port Model Serial # Versions
--- ---- ------------------- ----------- --------------------------------------
1 2 WS-X6K-SUP1-2GE SAD03232101 Hw : 4.0
Fw : 5.2(1)
Fw1: 4.2(0.24)VAI78
Sw : 5.3(0.74)MIA7-Eng
Sw1: 5.3(0.74)MIA7
3 48 WS-X6248-RJ-45 SAD03257164 Hw : 1.1
Fw : 4.2(0.24)VAI78
Sw : 5.3(0.74)MIA7
5 48 WS-X6248-RJ-45 SAD03257171 Hw : 1.1
Fw : 4.2(0.24)VAI78
Sw : 5.3(0.74)MIA7
DRAM FLASH NVRAM
Module Total Used Free Total Used Free Total Used Free
------ ------- ------- ------- ------- ------- ------- ----- ----- -----
1 65408K 24747K 40661K 16384K 14543K 1841K 512K 203K 309K
Uptime is 2 days, 0 hour, 41 minutes
To display the CWI configuration, perform this task in privileged mode:
| Task | Command |
|---|---|
Display the CWI configuration. | show config |
This example shows how to display the CWI configuration:
Console> (enable) show config ..... .............. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #Time: Thu Sep 2 1999, 01:56:01 ! #version 5.3(0.74)MIA7-Eng # System Web Interface Version 5.0(0.25) ! ! #! #ip set interface sc0 1 1.10.11.212/255.255.255.0 1.10.11.255 set ip route 192.168.242.0/255.255.255.0 1.10.11.1 ! #set boot command set boot config-register 0x100 set boot system flash bootflash:cat6000-sup.5-2-1-CSX.bin # HTTP commands set ip http server enable set ip http port 1922 ! #module 1 : 2-port 1000BaseX Supervisor ! #module 2 empty ! #module 3 : 48-port 10/100BaseTX (RJ-45) set spantree portfast 3/8 enable ! #module 4 empty ! #module 5 : 48-port 10/100BaseTX (RJ-45) ! #module 6 empty ! end
In the default state, HTTP trace is disabled. To configure trace information, perform this task in privileged mode:
| Task | Command |
|---|---|
Configure trace to obtain debug information. | set trace |
This example shows how to configure the trace information:
Console> (enable) set trace
Usage: set trace <category> [level]
set trace monitor <enable|disable>
(category = acct|acl|all|bdd|cdp|config|dhcp|diag|dns|drip|dtp|dupflash|
dupnvram|dynvlan|earl|envmon|eobc}epld|essr|evmgr|fcp|fddi|
filesys|garp|gvrp|hamgr|http|inband|ipc|kerberos|l3age|
l3sup|lane|ld|llc|ltl|mbuf|mcast|mdg|memdbg|mls|mlsm|ntp|
oob|pagp|protfilt|pruning|qos|radius|redundancy|rsfc|rsvp|
runtimecfg|scp|slp|snmp|span|spantree|synfig|syslog|tacacs|
test|tftp|tftpd|udld|verb|vmps|vtp
level = 0..15, 0 to disable, default is 1
level = 0..255 for inband only)
Console> (enable)
To display the trace level, perform this task in normal mode:
| Task | Command |
|---|---|
Display trace level. | show trace |
This example shows how to display the trace level:
Console> (enable) show trace Trace Category Level -------------- ----- HTTP 3 SYNFIG 5
The set authentication login command includes the HTTP, Telnet, and console-session login options. For the HTTP option, you can configure the RADIUS, TACACS, or KERBEROS authentication methods. If you configure the RADIUS authentication method for your HTTP session, then your username and password are validated using the RADIUS protocol. By default, the HTTP login is validated with the local login password.
To configure the authentication login for the HTTP option, perform the following task in privileged mode:
| Task | Command |
|---|---|
Configure the authentication login for the HTTP option. | set authentication login |
This example shows how to configure the authentication login for the HTTP option:
Console> (enable) set authentication login tacacs enable http primary Tacacs authentication set to enable for HTTP sessions as primary authentication method. Console> (enable) set authentication login radius disable http primary Tacacs authentication set to disable for HTTP sessions.
To display the authentication for the HTTP option, perform this task in privileged mode:
| Task | Command |
|---|---|
Display authentication for the HTTP option. | show authentication |
This example shows how to display the HTTP authentication:
Console> (enable) show authentication Login Authentication: Console Session Telnet Session Http Session --------------------- ---------------- ---------------- ---------------- tacacs disabled disabled disabled radius disabled disabled enabled (primary) kerberos disabled disabled disabled local enabled(primary) enabled(primary) enabled Enable Authentication: Console Session Telnet Session ---------------------- ----------------- ---------------- tacacs disabled disabled radius disabled disabled kerberos disabled disabled local enabled(primary) enabled(primary)
You can access the most current Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly. Therefore, it is probably more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Registered CCO users can order the Documentation CD-ROM and other Cisco Product documentation through our online Subscription Services at http://www.cisco.com/cgi-bin/subcat/kaojump.cgi.
Nonregistered CCO users can order documentation through a local account representative by calling Cisco's corporate headquarters (California, USA) at 408 526-4000 or, in North America, call 800 553-NETS (6387).
Cisco provides Cisco Connection Online (CCO) as a starting point for all technical assistance. Warranty or maintenance contract customers can use the Technical Assistance Center. All customers can submit technical feedback on Cisco documentation using the web, e-mail, a self-addressed stamped response card included in many printed docs, or by sending mail to Cisco.
Cisco continues to revolutionize how business is done on the Internet. Cisco Connection Online is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
CCO's broad range of features and services helps customers and partners to streamline business processes and improve productivity. Through CCO, you will find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online support services, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on CCO to obtain additional personalized information and services. Registered users may order products, check on the status of an order and view benefits specific to their relationships with Cisco.
You can access CCO in the following ways:
You can e-mail questions about using CCO to cco-team@cisco.com.
The Cisco Technical Assistance Center (TAC) is available to warranty or maintenance contract customers who need technical assistance with a Cisco product that is under warranty or covered by a maintenance contract.
To display the TAC web site that includes links to technical support information and software upgrades and for requesting TAC support, use www.cisco.com/techsupport.
To contact by e-mail, use one of the following:
| Language | E-mail Address |
|---|---|
English | tac@cisco.com |
Hanzi (Chinese) | chinese-tac@cisco.com |
Kanji (Japanese) | japan-tac@cisco.com |
Hangul (Korean) | korea-tac@cisco.com |
Spanish | tac@cisco.com |
Thai | thai-tac@cisco.com |
In North America, TAC can be reached at 800 553-2447 or 408 526-7209. For other telephone numbers and TAC e-mail addresses worldwide, consult the following web site: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:
Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate and value your comments.
Posted: Mon Jun 26 12:32:40 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.