EdgeSwitch - Management Access Methods


Overview


Readers will learn which management methods are available by default to monitor and manage an EdgeSwitch.

NOTES & REQUIREMENTS:
Applicable to the EdgeSwitch firmware release on all EdgeSwitch models. Please see the Related Articles below for more information.
 
Devices and products used in this article:

Table of Contents


  1. Available Management Methods
  2. Accessing the EdgeSwitch on firmware v1.7.4 and up
  3. Accessing the EdgeSwitch on older firmware releases
  4. Related Articles

Available Management Methods


Back to Top

ATTENTION: Starting from the v1.7.4 release, HTTPS/SSH access are enabled by default and HTTP/Telnet are disabled by default.

The management methods that are enabled by default differ between EdgeSwitch firmware versions and models:

  • UNMS The Ubiquiti Network Management System (UNMS) allows you to configure, upgrade and monitor multiple EdgeSwitches at once. See the UNMS Adoption article for more information. UNMS support for EdgeSwitches started from the v1.7.3 firmware release.
  • SSH Allows secure management of the switch using the CLI. SSH is enabled by default starting from the v1.7.4 firmware release.
  • HTTPS Allows secure management of the switch using the web UI. HTTPS is enabled by default starting from the v1.7.4 firmware release.
  • Console Many EdgeSwitch models allow you to manage the device using the console port. See the How to Connect to Serial Console article for the supported models and console settings.
  • HTTP Non-secure management method to access the web UI. HTTP is enabled by default on older (pre v1.7.4) EdgeSwitch firmware releases.
  • Telnet Non-secure management method to access the command line. Telnet is enabled by default on older (pre v1.7.4) firmware releases.
NOTE: The default session time out value for HTTPS and SSH is 5 minutes. See the section below on how to modify the default timers.

Accessing the EdgeSwitch on firmware v1.7.4 and up


Back to Top

topology.png

The following methods that are enabled by default on EdgeSwitch firmware v1.7.4 and up:

  • SSH Accessible on TCP port 22.
  • HTTPS Accessible on TCP port 443.

To log into the EdgeSwitch, navigate to the DHCP assigned IP address or the default 192.168.1.2 IP address using either HTTPS or SSH.

NOTE: The management methods, ports and UNMS connection can be configured from the Settings  settings.png  tab in the New Web UI.

The following methods that are disabled by default on EdgeSwitch firmware v1.7.4 and up:

  • UNMS
  • HTTP
  • Telnet
NOTE: HTTP access requests are redirected to HTTPS.

Accessing the EdgeSwitch on older firmware releases


Back to Top

The following methods that are enabled by default on EdgeSwitch firmware v1.7.3 and lower:

  • HTTP Accessible on TCP port 80.
  • Telnet Accessible on TCP port 23.

The following methods that are disabled by default on EdgeSwitch firmware v1.7.3 and lower:

  • SSH
  • HTTPS

To log into the EdgeSwitch, navigate to the DHCP assigned IP address or the default 192.168.1.2 IP address using either HTTP or Telnet.


Follow the steps below to enable HTTPS/SSH access on older firmware releases:

GUI: Access the EdgeSwitch Legacy Web UI using HTTP.

1. Generate the DSA and RSA keys for SSH.

System > Management Access > SSH

  • Click on the    icon under 'RSA Key Status'  to generate a new RSA key.
  • Click on the    icon under 'DSA Key Status'  to generate a new DSA key.
NOTE: The generation of these keys can take some time to complete. 

2. Enable SSH and optionally tweak the parameters.

System > Management Access > SSH

SSH Admin Mode: Enable 
SSH Port: 22
SSH Version: 2
Maximum number of SSH Sessions Allowed: 2
SSH Session Timeout: 5
RSA Key Status: Present
DSA Key Status: Present

3. Generate the certificate for HTTPS.

System > Management Access > HTTPS

  • Click on the    icon under 'Certificate Status'  to generate a new certificate.
NOTE: The generation of this certificate can take some time to complete. 

4. Enable HTTPS and optionally tweak the parameters.

System > Management Access > HTTPS

HTTPS Admin Mode: Enable 
TLS Version 1: Enable
SSL Version 3: Enable
HTTPS Port: 443
HTTPS Session Soft Time Out (Minutes): 5
HTTPS Session Hard Time Out (Hours): 24
Maximum Number of HTTPS Sessions: 4
Certificate Status: Present

7.  Disable HTTP and Telnet access.

System > Management Access > System

HTTP Admin Mode: Disable 
Telnet Server Admin Mode: Disable

The above configuration can also be set using the CLI:

CLI: Access the EdgeSwitch Command Line Interface using Telnet.

1. Enter privileged mode.

enable

2. Enter configuration mode.

configure

3. Generate the DSA and RSA keys for SSH.

crypto key generate rsa
crypto key generate dsa

4. Generate the certificate for HTTPS.

crypto certificate generate

5. Exit to privileged mode.

exit

6. Enable SSH and optionally tweak the parameters.

ip ssh server enable
ip ssh protocol 2
ip ssh port 22
sshcon maxsessions 2
sshcon timeout 5

7. Enable HTTPS and optionally tweak the parameters.

ip http secure-server
ip http secure-protocol TLS1 SSL3
ip http secure-port 443
ip http secure-session hard-timeout 24
ip http secure-session soft-timeout 5
ip http secure-session maxsessions 4

8.  Disable HTTP and Telnet access.

no ip http server
no ip telnet server enable

9. Exit back to privileged mode.

exit

10. Write the changes to the startup configuration.

write memory

Related Articles


Back to Top

EdgeSwitch - How to Connect to Serial Console

EdgeSwitch - Backup and Restore Configuration

EdgeSwitch - Firmware Upgrade


We're sorry to hear that!