BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
28 Chapter 1: Accessing the Switch BMD00113, September 2009
Configuring BBI Access via HTTPS
The BBI can also be accessed via secure HTTPS connection. By default, BBI access via HTTPS is
disabled on the switch. To enable BBI Access via HTTPS, use the following procedure:
1. Enable HTTPS using the following CLI command:
2. Set the HTTPS server port number (optional)
To change the HTTPS Web server port number from the default port 443, use the following
command:
3. Use the apply and save commands to activate and store the configuration changes.
4. Generate the HTTPS certificate.
Accessing the BBI via HTTPS requires that you generate a certificate to be used during the key
exchange. A default certificate is created the first time HTTPS is enabled, but you can create a new
certificate defining the information you want to be used in the various fields.
5. Save the HTTPS certificate.
The certificate is valid only until the switch is rebooted. In order to save the certificate so that it is
retained beyond reboot or power cycles, use the following command:
When a client (e.g. web browser) connects to the switch, they will be asked if they accept the
certificate and can verify that the fields are what expected. Once BBI access is granted to the client,
the BBI can be used as described in the BBI Quick Guide.
>> # /cfg/sys/access/https/access ena
>> # /cfg/sys/access/https/port <x>
>> /cfg/sys/access/https/generate
Country Name (2 letter code) []: <country code>
State or Province Name (full name) []: <state>
Locality Name (eg, city) []: <city>
Organization Name (eg, company) []: <company>
Organizational Unit Name (eg, section) []: <org. unit>
Common Name (eg, YOUR name) []: <name>
Email (eg, email address) []: <email address>
Confirm generating certificate? [y/n]: y
Generating certificate. Please wait (approx 30 seconds)
restarting SSL agent
>> # /cfg/sys/access/https/certsave