EdgeSwitch - Management Access using HTTPS and SSH

 Overview


This article describes the steps needed to enable SSH and HTTPS management methods on an EdgeSwitch (ES). By default the switch is accessible using either HTTP (80) or Telnet (23).  You can use a terminal client such as PuTTY to connect using Telnet or the console port.

 book_25x25.png  Notes & Requirements:

Applicable to EdgeSwitch 1.7.1 + firmware in all EdgeSwitch models. Knowledge of the Command Line Interface (CLI) and basic networking knowledge is required. Please see the Related Articles below for more information and see the attachments for the configurations used in this article.

 

Equipment used in this article:

- EdgeSwitch-8-150W (ES-8-150W)

 


Table of Contents


  1. Enable HTTPS and SSH via the Web-Management (GUI)
  2. Enable HTTPS and SSH via the Command Line Interface (CLI)
  3. Related Articles


Enable HTTPS and SSH via the Web-Management (GUI)


Back to Top

www.png   GUI STEPS: Access the switch Web-Management Portal (GUI).

1. Generate the DSA and RSA keys for SSH.

System > Management Access > SSH

  • Click on the  icon under 'RSA Key Status' to generate a new RSA key.
  • Click on the  icon under 'DSA Key Status' to generate a new DSA key.
info_i_25x25.png Note: The generation of these keys could take some time to complete. The process should be complete when 'Present' appears in the text box.

2. Enable SSH and optionally tweak the parameters.

System > Management Access > SSH

SSH Admin Mode: Enable 
SSH Port: 22
SSH Version: 2
Maximum number of SSH Sessions Allowed: 2
SSH Session Timeout: 30
RSA Key Status: Present
DSA Key Status: Present

3. Generate the certificate for HTTPS.

  • Click on the  icon under 'Certificate Status' to generate a new certificate.
info_i_25x25.png Note: The generation of this certificate could take some time to complete. The process should be complete when 'Present' appears in the text box.

4. Enable HTTPS and optionally tweak the parameters.

HTTPS Admin Mode: Enable 
TLS Version 1: Enable
SSL Version 3: Enable
HTTPS Port: 443
HTTPS Session Soft Time Out (Minutes): 30
HTTPS Session Hard Time Out (Hours): 1
Maximum Number of HTTPS Sessions: 2
Certificate Status: Present

7. (Optional) Disable HTTP and Telnet.

System > Management Access > System

HTTP Admin Mode: Disable 
Telnet Server Admin Mode: Disable

Enable HTTPS and SSH via the Command Line Interface (CLI)


Back to Top

CLI_circle.png  CLI STEPS: Access the command line interface (CLI). You can do this by using a program such as PuTTY to connect via Telnet or the console.

1. Enter privileged mode.

enable

2. Enter configuration mode.

configure

3. Generate the DSA and RSA keys for SSH.

crypto key generate rsa
crypto key generate dsa

4. Generate the certificate for HTTPS.

crypto certificate generate

5. Exit to privileged mode.

exit

6. Enable SSH and optionally tweak the parameters.

ip ssh server enable
ip ssh protocol 2
ip ssh port 22
sshcon maxsessions 2
sshcon timeout 30

show ip ssh
Administrative Mode: .......................... Enabled
SSH Port: ..................................... 22
Protocol Levels: .............................. Version 2
SSH Sessions Currently Active: ................ 0
Max SSH Sessions Allowed: ..................... 2
SSH Timeout: .................................. 30
Keys Present: ................................. DSA RSA
Key Generation In Progress: ................... None

6. Enable HTTPS and optionally tweak the parameters.

ip http secure-server
ip http secure-protocol TLS1 SSL3
ip http secure-port 443
ip http secure-session hard-timeout 1
ip http secure-session soft-timeout 30
ip http secure-session maxsessions 2

show ip http
HTTP Mode (Secure)............................. Enabled
Secure Port.................................... 443
Secure Protocol Level(s)....................... TLS1 SSL3
Maximum Allowable HTTPS Sessions............... 2
HTTPS session hard timeout..................... 1 hours
HTTPS session soft timeout..................... 30 minutes
Certificate Present............................ True
Certificate Generation In Progress............. False

7. (Optional) Disable HTTP and Telnet.

no ip http server
no ip telnet server enable

Related Articles


Back to Top