web

Required Command-Line Mode = Configure

Use the web command and its arguments to enable and configure the GigaVUE H Series node’s onboard Web server used for GigaVUE‑FM access to the node. GigaVUE‑FM is Gigamon’s Web-based GUI for the GigaVUE H Series node, providing graphical user interface configuration.

The web command has the following syntax:

web
   auto-logout <number of minutes>
   client
      ca-list <none | default-ca-list>
      cert-verify
   enable
   http
      enable
      port <port number>
      redirect
   httpd listen
      enable
      interface <interface>
   https
      certificate
         default-cert
         name <cert-name | system-self-signed>
         regenerate
      enable
      port <port number>
      require-dod-cert
   logs <access | error> upload <current | log file number> <upload URL>
   proxy
      auth
         authtype <none | basic>
         basic <password <password>> | <username <username>>
      host <IPv4 or IPv6 address> [port <port number>]
   server ssl min-version <tls1 | tls1.1 | tls1.2>
   session
      auto-logout <number of minutes>
      renewal <number of minutes>

The following table describes the arguments for the web command.

Argument

Description

auto-logout <number of minutes>

Specifies the maximum duration of user inactivity before a Web session is logged out automatically. For example:

(config) # web auto-logout 30

The minimum value is one (1) minute.

client
   ca-list <none | default-ca-list>
   cert-verify

Specifies Web client settings as follows:

ca-list none—Specifies that supplemental certificates are not used.
ca-list default-ca-list—Specifies that any certificates added to the default supplemental CA list will be used by default.
cert-verify—Turns off the verification of server certificates for HTTPS file transfers. (Verification is on by default.)

enable

Enables the availability of the Web-based GigaVUE‑FM GUI for GigaVUE‑OS nodes. For example:

(config) # web enable

http
   enable
   port <port number>
   redirect

Configures HTTP access to the Web-based GigaVUE‑FM GUI with the following settings:

enable—Enables the availability of HTTP for Web access to GigaVUE‑FM. If this is disabled, only HTTPS connections will be accepted (and only then if the HTTPS argument is turned on).
port—Specifies the port to be used for HTTP access. The default is port 80.
redirect—Specifies whether incoming HTTP connections to GigaVUE‑FM should be redirected to the secure HTTP port (either the custom port specified with the https argument or the default HTTPS port of 443 if none is specified).

httpd listen
   enable
   interface <interface>

Enables or disables the use of a restricted list of interfaces on which the Web server will accept connections:

If the enable option is turned on and at least one statically-configured interface is specified in the list created with the interface argument, HTTP and HTTPS connections are only accepted on those specified interfaces.
If the enable option is turned off, HTTP and HTTPS requests are accepted on any interface.

https
   certificate
      default-cert
      name <cert-name | system-self-signed>
      regenerate
   enable
   port <port number>
   require-dod-cert

Configures HTTPS access to the Web-based management console, including the following settings:

certificate default-cert—Configures the Web server to use the specified certificate from the certificate database for HTTPS communications. This is the default.
certificate name—Specifies a named certificate already defined in the database with a private key already configured.
certificate system-self-signed—Specifies the system-self-signed certificate, which is automatically generated.
certificate regenerate—Regenerates the system-self-signed certificate used with HTTPS communications.
enable—Enables the use of HTTPS for access to GigaVUE‑FM. This setting does not turn on the Web server generally, but allows HTTPS connections.
port—Specifies the TCP port number to be used for GigaVUE‑FM connections using HTTPS. The default is 443.
require-dod-cert—Configures the Web server to only accept certificates from a Department of Defense (DoD) authorized certificate authority. The default is disabled.

logs <access | error> upload <current | log file number> <upload URL>

Configures information to upload the following types of Web log files to a remote host from a GigaVUE node:

access—Specifies a Web access log file to upload to a remote host. Specify either the keyword current or a log file number, followed by the upload URL.
error—Specifies a Web error log file to upload to a remote host. Specify either the keyword current or a log file number, followed by the upload URL.

The current log file is not compressed. The numbered log files are compressed.

One current log file and up to eight access and error log files are archived. Numbered log files are named as follows:

web_access_log.1.gz to web_access_log.8.gz
web_error_log.1.gz to web_error_log.8.gz

Use one of the following formats for uploading: FTP, TFTP, SCP, or SFTP.

Examples:

(config) # web logs error upload current scp://user1:mypw@1.1.1.1:/home/temp/logfilecurrent.txt

(config) # web logs access upload 2 ftp://myuser:mypass@192.168.1.1/ftp/logfile2.txt

proxy
   auth
      authtype <none | basic>
      basic <password <password>> | <username <username>>
   host <IPv4 or IPv6 address> [port <port number>]

Configures Web proxy settings to be used for HTTP or FTP downloads.

First, set a proxy to be used with the web proxy host <IPv4 or IPv6 address> command. If you do not specify a port, the default is 1080.

Once you have configured a proxy, use the auth authtype argument to specify whether a username and password is required to log in to the proxy (basic) or not (none).

If web proxy auth authtype is set to basic, configure the actual username and password to use with the web proxy auth basic username and web proxy auth basic password commands.

server ssl min-version <tls1 | tls1.1 | tls1.2>

Specifies a minimum TLS version for the Web server. The following can be specified:

tls1—Specifies TLS1.0 (or higher). This is the lowest TLS version and is the default.
tls1.1—Specifies TLS1.1 (or higher).
tls1.2—Specifies TLS1.2. This is the highest TLS version.

For example:

(config) # web server ssl min-version tls1.2

session
   auto-logout <number of minutes>
   renewal <number of minutes>

Configures session settings:

auto-logout—Specifies the maximum lifetime of a Web session cookie.
renewal—Specifies the length of time before a session expires that the Web server will issue a new cookie and renew the session. This should be set at least as long as the auto-logout setting so that sessions do not expire before they have a chance to be renewed.

For example, with an auto-logout of 20 minutes and a renewal setting of 5 minutes, a session will be renewed 15 minutes (20-5) after it starts.

The following error message is displayed if the session renewal is greater than the auto-logout:

(config) # web session auto-logout 12Session renewal threshold must be at least 5 sec less than session auto-logout. Resetting it to 11 min 55 sec.

Related Commands

The following table summarizes other commands related to the web command:

Task

Command

Displays Web-based management console configuration settings and status.

# show web

Disables auto-logout, so users are not automatically logged out due to inactivity.

(config) # no web auto-logout

Deletes supplemental CA certificates from the HTTPS client.

(config) # no web client ca-list

Disables verification of server certificates during HTTPS file transfers.

(config) # no web client cert-verify

Disables the availability of the Web-based GigaVUE‑FM GUI for GigaVUE‑OS nodes.

(config) # no web enable

Disables HTTP access to the Web-based management console.

(config) # no web http enable

Resets the HTTP port to the default port number (80).

(config) # no web http port

Disables redirection to HTTPS.

(config) # no web http redirect

Disables Web interface restrictions on access to this system.

(config) # no web httpd listen enable

Deletes the specified interface from the Web server access restriction list.

(config) # no web httpd listen interface eth1

Deletes a specified Web server certificate from use and revert to the certificate configured with the crypto certificate default-cert command.

(config) # no web https certificate name <cert-name>

Disables HTTPS access to the Web-based management console.

(config) # no web https enable

Resets the HTTPS port to the default port number (443).

(config) # no web https port

Allows certificates issued from any authority.

(config) # no web https require-dod-cert

Disables Web proxy.

(config) # no web proxy

Resets the Web proxy authentication type to the default (none).

(config) # no web proxy auth authtype

Clears the password.

(config) # no web proxy auth basic password

Clears the username.

(config) # no web proxy auth basic username

Resets the time so that a Web session never expires.

(config) # no web session auto-logout

Resets the time to wait to renew a session before it expires.

(config) # no web session renewal