Secure Web Login Access
Summit 300-48 Switch Software User Guide 113
Secure Web Login Access
The existing web server in Extremeware allows HTTP clients to access the VISTA pages (for
management) and access the network login page (for network login users). By using HTTPS on the web
server, wireless clients can securely access the network login page using a HTTPS enabled web
browser.
1
HTTPS access is provided through Secure Socket Layer (SSLv3) and Transport Layer Security (TLS1.0).
These protocols enable clients to verify the authenticity of the server to which they are connecting,
thereby ensuring that wireless users are not compromised by intruders. SSL supports encryption of the
data exchanged between the server and the client, preventing the network login credentials from
exposure on the wireless channel.
A default server certificate is provided in the factory default configuration. The following security
algorithms are supported:
• RSA for public key cryptography (generation of certificate and public-private key pair, certificate
signing). RSA key size between 1024 and 4096 bits
• Symmetric ciphers (for data encryption): RC4, DES and 3DES
• Message Authentication Code (MAC) algorithms: MD5 and SHA
Table 53 presents the commands for HTTP and HTTPS access.
shared mac-radius Choices:
• wep64
• wep128
1. HTTPS is allowed only in an SSH build with the appropriate license enabled.
Table 53: HTTP and HTTPS Access Commands
Command Description
enable web Enables both HTTP and HTTPS access.
disable web Disables both HTTP and HTTPS access.
enable web http Enables HTTP access to the switch on the default HTTP
port (80). HTTP is enabled by default.
disable web http Ddisables HTTP access to the switch on the default
HTTP port (80). HTTP is enabled by default.
enable web https Enables HTTPS access to the switch (port 443). HTTPS
is disabled by default. HTTPS is allowed only in an SSH
build.
disable web https Disables HTTPS access to the switch (port 443).
enable web http access-profile < [ none |
<access-profi
le > ] > port <port numb
er>
Allows HTTP access non the specified (non-default) port.
enable web https access-profile < [ none |
<access-profi
le > ] > port <port numb
er>
Allows HTTPS access to the switch on the specified
(non-default) port.
show session Displays session information that includes HTTPS
sessions.
Table 52: Security Configuration Options (continued)
Dot11 Authentication Network Authentication Encryption
To Next Page
Loading...
