EdgeSwitch - Management Access using HTTPS and SSH

Overview


This article describes the steps needed to enable SSH and HTTPS management methods on an EdgeSwitch (ES). By default, the switch is accessible using either HTTP (80) or Telnet (23).  You can use a terminal client such as PuTTY to connect using Telnet or the console port.

book_25x25white.png

NOTES & REQUIREMENTS:

Applicable to the latest EdgeSwitch firmware on all EdgeSwitch models. Knowledge of the Command Line Interface (CLI) and basic networking knowledge is required. Please see the Related Articles below for more information and see the attachments for the configuration used in this article.

 

Equipment used in this article:

- ES-8-150W

Table of Contents


  1. Enable HTTPS and SSH via the Web-Management (GUI)
  2. Enable HTTPS and SSH via the Command Line Interface (CLI)
  3. Related Articles

Enable HTTPS and SSH via the Web-Management (GUI)


Back to Top

GUI: Access the Graphical User Interface.

1. Generate the DSA and RSA keys for SSH.

System > Management Access > SSH

  • Click on the  icon under 'RSA Key Status'  to generate a new RSA key.
  • Click on the  icon under 'DSA Key Status'  to generate a new DSA key.
info_i_25x25white.png

NOTE: The generation of these keys can take some time to complete. 

2. Enable SSH and optionally tweak the parameters.

System > Management Access > SSH

SSH Admin Mode: Enable 
SSH Port: 22
SSH Version: 2
Maximum number of SSH Sessions Allowed: 2
SSH Session Timeout: 30
RSA Key Status: Present
DSA Key Status: Present

3. Generate the certificate for HTTPS.

  • Click on the  icon under 'Certificate Status'  to generate a new certificate.
info_i_25x25white.png

NOTE: The generation of this certificate can take some time to complete. 

4. Enable HTTPS and optionally tweak the parameters.

HTTPS Admin Mode: Enable 
TLS Version 1: Enable
SSL Version 3: Enable
HTTPS Port: 443
HTTPS Session Soft Time Out (Minutes): 30
HTTPS Session Hard Time Out (Hours): 1
Maximum Number of HTTPS Sessions: 2
Certificate Status: Present

7. (Optional) Disable HTTP and Telnet.

System > Management Access > System

HTTP Admin Mode: Disable 
Telnet Server Admin Mode: Disable

Enable HTTPS and SSH via the Command Line Interface (CLI)


Back to Top

CLI: Access the Command Line Interface. You can do this using a program such as PuTTY.

1. Enter privileged mode.

enable

2. Enter configuration mode.

configure

3. Generate the DSA and RSA keys for SSH.

crypto key generate rsa
crypto key generate dsa

4. Generate the certificate for HTTPS.

crypto certificate generate

5. Exit to privileged mode.

exit

6. Enable SSH and optionally tweak the parameters.

ip ssh server enable
ip ssh protocol 2
ip ssh port 22
sshcon maxsessions 2
sshcon timeout 30

show ip ssh
Administrative Mode: .......................... Enabled
SSH Port: ..................................... 22
Protocol Levels: .............................. Version 2
SSH Sessions Currently Active: ................ 0
Max SSH Sessions Allowed: ..................... 2
SSH Timeout: .................................. 30
Keys Present: ................................. DSA RSA
Key Generation In Progress: ................... None

7. Enable HTTPS and optionally tweak the parameters.

ip http secure-server
ip http secure-protocol TLS1 SSL3
ip http secure-port 443
ip http secure-session hard-timeout 1
ip http secure-session soft-timeout 30
ip http secure-session maxsessions 2

show ip http
HTTP Mode (Secure)............................. Enabled
Secure Port.................................... 443
Secure Protocol Level(s)....................... TLS1 SSL3
Maximum Allowable HTTPS Sessions............... 2
HTTPS session hard timeout..................... 1 hours
HTTPS session soft timeout..................... 30 minutes
Certificate Present............................ True
Certificate Generation In Progress............. False

8. (Optional) Disable HTTP and Telnet.

no ip http server
no ip telnet server enable

Related Articles


Back to Top