Ethernet Switches & Routers

Reply
New Contributor
Posts: 3
Registered: ‎07-08-2012

Enable web management login on ICX6610-24P-E switch

Hi There,

I am new to brocade switch and recently get 1 pc mentioned box, just did some simple congiruation like the the IP address, default gateway as well as the host name setting. I also tried to enable to https web access, after that I tried to launch the IE and put the mangement IP, it popup for login and password, however after I put correct user name and password, it wont log me in. ( I am sure the user name and password are correct)

May I know anywhere I did not wrongly, parts of configuration is here:

clock timezone gmt GMT+08
sntp server x.x.x.x

sntp server x.x.x.x

web-management https

Many thanks in advanced

Shermaine

jG
Occasional Contributor
Posts: 9
Registered: ‎05-27-2010

Re: Enable web management login on ICX6610-24P-E switch

Hi Shermaline,

try to add :

aaa authentication web-server default local

username myuser password mypassword

this will allow authntication through web.

Thank you

Jiri

New Contributor
Posts: 3
Registered: ‎07-08-2012

Re: Enable web management login on ICX6610-24P-E switch

aaa authentication dot1x default radius

Hi, Jiri,

Appreciate your fast reply,

However the following already been configured:

aaa authentication login default radius local

aaa authentication login privilege-mode

aaa accounting exec default start-stop  radius

aaa accounting system default start-stop  radius

enable aaa console

hostname HOSTNAME

ip address X.X.X.X 255.255.255.0

no ip dhcp-client enable

ip default-gateway X.X.X.X

username USERNAME password .....

radius-server host X.X.X.X

radius-server key 1 AAAAA

It seems we already set aaa authenciation is radius server, can I added the command you suggested? if I set this, any reboot of the switches required or service disruption as it is a production switch?

Thanks again

Shermaine

jG
Occasional Contributor
Posts: 9
Registered: ‎05-27-2010

Re: Enable web management login on ICX6610-24P-E switch

Hi Shermaine,

in this situation you don't need what I've mentioned. Can you see authentication attempts in the radius server log ? If not I would run : show aaa and verify what port numbers is your radius server listening on and what is configured.

Jiri

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Enable web management login on ICX6610-24P-E switch

Hi all,

     You still need to set the web management to AAA or it will use SNMP as the username and password.

e.g. the below will allow usernames from radius first then check the lacal DB.

username myuser password mypassword

aaa authentication web-server default radius local

Thanks Michael.

Contributor
Posts: 61
Registered: ‎12-08-2009

Re: Enable web management login on ICX6610-24P-E switch

in order to set https access;


crypto-ssl cert generate

command needs to be entered.

hope this helps

New Contributor
Posts: 3
Registered: ‎07-08-2012

Re: Enable web management login on ICX6610-24P-E switch

Serhat,

Do I need ssl cert to take it effect? I thought the web management will support both http and https, as the user guide told:

'Web-Management http/https', if  Just type 'web-management' without options, both http and https will be enabled.

Have thought is a simple setup, but stopped me for a few days

Anyway thanks a lot, I will try on my test box tomorrow to see how.

Contributor
Posts: 61
Registered: ‎12-08-2009

Re: Enable web management login on ICX6610-24P-E switch


you dont need an ssl cert. this command generates an ssl cert in order for you to use https access.

for authentication the easiest way is to set up snmp community strings as below

snmp-server community readonlypassword ro

snmp-server community  readwritepassword rw

so that you can use "get" for username and "readonlypassword" for password on https welcome screen

for read-write access, you can use "set"  for username and "readwritepassword" for password with the commands above.

so there are 3 steps:

1

web-management https

2-

crypto-ssl cert generate

3-

snmp-server community "anystringforreadonlypassword" ro

snmp-server community  "anystringforreadwritepassword" rw

if you want to use local/remote  user database you need to issue aaa commands.

hope this helps.

Serhat

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Enable web management login on ICX6610-24P-E switch

Hi

     You aare correct in that entering the command ''Web-Management' will enable both HTTP and HTTPS.

The command 'crypto-ssl cert generate' is only required if you want to use HTTPS.

As the rest of your posted config is using RADIUS then the LOCAL DB I wold suggest that you use the below.

username myuser password mypassword <-- you should not need this as you should have created local user base on you config already.

Test(config)# aaa authentication web-server default radius local

If you want to use the username and password based on SNMP then please following the answer from

Newbie

Thanks

Michael.

New Member
Posts: 1
Registered: ‎11-23-2015

Re: Enable web management login on ICX6610-24P-E switch

You can use screen to connect to the switch (default values are fine). The example below is what you would use on most servers with an on-board serial port. If you have two, then port two would be /dev/ttyS1. If you are using a USB to serial adapter, then you will use /dev/ttyUSB0 (or if it is a multi-port adapter, /dev/ttyUSB1, etc). If none of these work, you will need to consult your operating system documentation and/or serial port adapter to determine the proper /dev/ttyX device to use.

screen /dev/ttySO

The screen will be blank until you press <enter>.

ICX6610-48 Switch>

To log in;

ICX6610-48 Switch>enable

No password has been assigned yet...

 

 

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook