[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Enabling Remote Users to Access the C-Web Interface

You can make the C-Web interface accessible to remote users through secure HTTP (HTTPS) or HTTP. You can configure access through the C-Web interface or by using the SRC CLI.

Accessing the C-Web Interface Through Secure HTTP

Before you configure access to the C-Web interface through HTTPS, obtain a digital security certificate on the system.

See Chapter 26, Managing Security Digital Certificates.

To make the C-Web interface accessible to remote users through HTTPS:

  1. Click Configure, expand System>Services>Web Management, and then click HTTPS.

The HTTP pane appears.

  1. Click Create.
  2. To configure HTTPS for an Ethernet port:
  1. Select the Ethernet port from the list.
  2. To configure a TCP port, type the value in the Port box, and click Apply.
  1. To configure HTTPS for an interface:
  1. Type a list of incoming network interfaces in the Interface box.
  2. To configure a TCP port, type the value in the Port box, and click Apply.

Accessing the C-Web Interface Through HTTP

Although you can configure access to the C-Web interface through HTTP rather than HTTPS, be aware of the following restrictions:

To make the C-Web interface accessible to remote users through HTTP:

  1. Click Configure, expand System>Services>Web Management, and then click HTTP.

The HTTP pane appears.

  1. Click Create.
  2. To configure HTTP for an Ethernet port:
  1. Select the Ethernet port from the list.
  2. To configure a TCP port, type the value in the Port box, and click Apply.
  1. To configure HTTP for an interface:
  1. Type a list of incoming network interfaces in the Interface box.
  2. To configure a TCP port, type the value in the Port box, and click Apply.

Configuration Statements for Accessing the C-Web Interface Through Secure HTTP

Before you configure access to the C-Web interface through HTTPS, obtain a digital security certificate on the system.

See Chapter 26, Managing Security Digital Certificates.

To make the C-Web interface accessible to remote users through HTTPS:

  1. From configuration mode, access the hierarchy level for Web-management HTTPS.
  2. [edit]
    
    user@host# edit system services web-management https
    
    
    
  3. Specify which TCP port is to receive incoming connection requests for the C-Web interface.
  4. [edit system services web-management https]
    
    user@host# set port port
    
    
    

The default port for HTTPS is 443.

  1. Specify the interface to be used for Web browser connections to the C-Web interface.
  2. [edit system services web-management https]
    
    user@host# set interface interface 
    
    
    

You can specify an interface for SRC installations on Solaris platforms as well as on C-series Controllers. On a C-series Controller, use eth0; you can use eth2 or eth3 if installed.

On C-series Controllers, specifying an interface is important if your C-series Controller has eth2 and eth3 interfaces and you want to restrict C-Web interface access to one or both of these interfaces.

  1. Specify the name of the certificate on the local system.
  2. [edit system services web-management https]
    
    user@host# set local-certificate local-certificate
    
    
    
  3. Configure logging for the C-Web interface.

See SRC-PE Monitoring and Troubleshooting Guide, Chapter 3, Configuring Logging for SRC Components with the CLI.

  1. (Optional) Configure user accounts to allow specified users to log in to the C-Web interface.

Users who have privileges to log in to the SRC CLI also have privileges to log in to the C-Web interface.

NOTE: Like access to the SRC CLI, we recommend that you not use root access. If you do use root access, it must be through a secure terminal on a C-series Controller. On Solaris platforms, root login is allowed through Telnet.


See Chapter 19, Configuring User Access.

Configuration Statements for Accessing the C-Web Interface Through HTTP

Although you can configure access to the C-Web interface through HTTP rather than HTTPS, be aware of the following restrictions:

To make the C-Web interface accessible to remote users through HTTP:

  1. From configuration mode, access the hierarchy level for Web-management HTTP.
  2. [edit]
    
    user@host# edit system services web-management http
    
    
    
  3. (Required if you use redirect server) Specify which TCP port is to receive incoming connection requests for the C-Web interface.
  4. [edit system services web-management https]
    
    user@host# set port port
    
    
    

The default port for HTTP is 80. Use another port if you use the redirect server.

  1. (Optional) Specify the interface to be used for Web browser connections to the C-Web interface.
  2. [edit system services web-management https]
    
    user@host# set interface interface 
    
    
    

You can specify an interface for SRC installations on Solaris platforms as well as on C-series Controllers. On the C-series Controller, use eth0; you can use eth2 or eth3 if installed.

On C-series Controllers, specifying an interface is important if your C-series Controller has eth2 and eth3 interfaces and you want to restrict C-Web interface access to one or both of these interfaces.

  1. Configure logging for the C-Web interface.

See SRC-PE Monitoring and Troubleshooting Guide, Chapter 3, Configuring Logging for SRC Components with the CLI.

  1. (Optional) Configure user accounts to allow specified users to log in to the C-Web interface.

Users who have privileges to log in to the SRC CLI also have privileges to log in to the C-Web interface.

NOTE: Like access to the SRC CLI, we recommend that you not use root access. If you do use root access, it must be through a secure terminal on a C-series Controller. On Solaris platforms, root login is allowed through Telnet.


See Chapter 19, Configuring User Access.


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]