EdgeSwitch - Management Access Using HTTPS and SSH


Overview


This article describes the steps needed to enable SSH and HTTPS management methods on an EdgeSwitch (ES). By default, the switch is accessible using either HTTP (TCP port 80) or Telnet (TCP port 23).  You can use a terminal client such as PuTTY to connect using Telnet or the console port (dependent on the EdgeSwitch model).

NOTES & REQUIREMENTS:
Applicable to the latest EdgeSwitch firmware on all EdgeSwitch models. Knowledge of the Command Line Interface (CLI) and basic networking knowledge is required. Please see the Related Articles below for more information and see the attachments for the configuration used in this article.
 
Devices used in this article:

Table of Contents


  1. Frequently Asked Questions (FAQ)
  2. Enable HTTPS and SSH via Web-Management (GUI)
  3. Enable HTTPS and SSH via the Command Line Interface (CLI)
  4. Related Articles

FAQ


Back to Top

1. What management methods are enabled on a factory default EdgeSwitch?

The following management methods are enabled by default:

  • HTTP (TCP port 80)
  • Telnet (TCP port 23)

 

Depending on the EdgeSwitch model, you can also access the device using the console port. The console settings are:

Buad rate: 115200
Data bits: 8
Parity: None
Stop bits: 1
Flow control: Off
2. What management methods can I add or remove on an EdgeSwitch?

You can add the following management methods:

  • HTTPS (TCP port 443)
  • SSH (TCP port 22)

 

All management methods except the console port can be explicitly disabled.

3. What is the default management IP address on a factory default EdgeSwitch?

A factory default EdgeSwitch will first try to obtain an address via DHCP. If that fails, the ES will revert to using the 192.168.1.2 address.


Enable HTTPS and SSH via Web-Management (GUI)


Back to Top

GUI: Access the Graphical User Interface (GUI).

1. Generate the DSA and RSA keys for SSH.

System > Management Access > SSH

  • Click on the  icon under 'RSA Key Status'  to generate a new RSA key.
  • Click on the  icon under 'DSA Key Status'  to generate a new DSA key.
NOTE: The generation of these keys can take some time to complete. 

2. Enable SSH and optionally tweak the parameters.

System > Management Access > SSH

SSH Admin Mode: Enable 
SSH Port: 22
SSH Version: 2
Maximum number of SSH Sessions Allowed: 2
SSH Session Timeout: 30
RSA Key Status: Present
DSA Key Status: Present

3. Generate the certificate for HTTPS.

System > Management Access > HTTPS

  • Click on the  icon under 'Certificate Status'  to generate a new certificate.
NOTE: The generation of this certificate can take some time to complete. 

4. Enable HTTPS and optionally tweak the parameters.

System > Management Access > HTTPS

HTTPS Admin Mode: Enable 
TLS Version 1: Enable
SSL Version 3: Enable
HTTPS Port: 443
HTTPS Session Soft Time Out (Minutes): 30
HTTPS Session Hard Time Out (Hours): 1
Maximum Number of HTTPS Sessions: 2
Certificate Status: Present

7. (Optional) Disable HTTP and Telnet.

System > Management Access > System

HTTP Admin Mode: Disable 
Telnet Server Admin Mode: Disable

Enable HTTPS and SSH via the Command Line Interface (CLI)


Back to Top

CLI: Access the command line interface (CLI). You can do this by using a program such as PuTTY.

1. Enter privileged mode.

enable

2. Enter configuration mode.

configure

3. Generate the DSA and RSA keys for SSH.

crypto key generate rsa
crypto key generate dsa

4. Generate the certificate for HTTPS.

crypto certificate generate

5. Exit to privileged mode.

exit

6. Enable SSH and optionally tweak the parameters.

ip ssh server enable
ip ssh protocol 2
ip ssh port 22
sshcon maxsessions 2
sshcon timeout 30

show ip ssh
Administrative Mode: .......................... Enabled
SSH Port: ..................................... 22
Protocol Levels: .............................. Version 2
SSH Sessions Currently Active: ................ 0
Max SSH Sessions Allowed: ..................... 2
SSH Timeout: .................................. 30
Keys Present: ................................. DSA RSA
Key Generation In Progress: ................... None

7. Enable HTTPS and optionally tweak the parameters.

ip http secure-server
ip http secure-protocol TLS1 SSL3
ip http secure-port 443
ip http secure-session hard-timeout 1
ip http secure-session soft-timeout 30
ip http secure-session maxsessions 2

show ip http
HTTP Mode (Secure)............................. Enabled
Secure Port.................................... 443
Secure Protocol Level(s)....................... TLS1 SSL3
Maximum Allowable HTTPS Sessions............... 2
HTTPS session hard timeout..................... 1 hours
HTTPS session soft timeout..................... 30 minutes
Certificate Present............................ True
Certificate Generation In Progress............. False

8. (Optional) Disable HTTP and Telnet.

no ip http server
no ip telnet server enable

Related Articles


Back to Top

EdgeSwitch - How to Connect to Serial Console

EdgeSwitch - Backup and Restore Configuration

EdgeSwitch - Firmware Upgrade


We're sorry to hear that!