EdgeSwitch - Management Access Methods
Overview
Readers will learn which management methods are available by default to monitor and manage an EdgeSwitch.
This article does not apply to the EdgeSwitch X (ES-X) and EdgeSwitch XP (ES-XP) models.
Table of Contents
- Available Management Methods
- Accessing the EdgeSwitch on firmware v1.7.4 and up
- Accessing the EdgeSwitch on older firmware releases
- Related Articles
Available Management Methods
The management methods that are enabled by default differ between EdgeSwitch firmware versions and models:
-
SSH
Allows secure management of the switch using the CLI. SSH is enabled by default starting from the v1.7.4 firmware release. -
HTTPS
Allows secure management of the switch using the web UI. HTTPS is enabled by default starting from the v1.7.4 firmware release. -
Console
Many EdgeSwitch models can be managed using the serial console port. See the How to Connect to Serial Console article. -
HTTP
Non-secure management method to access the web UI. HTTP is enabled by default on older (pre v1.7.4) firmware releases. -
Telnet
Non-secure management method to access the command line. Telnet is enabled by default on older (pre v1.7.4) firmware releases. -
UNMS
The Ubiquiti ISP (UISP) Network and Business Management software (UISP) allows you to configure, upgrade and monitor multiple EdgeSwitches at once.
See the UISP Adoption article for more information. UISP support for EdgeSwitches started from the v1.7.3 firmware release.
Accessing the EdgeSwitch on firmware v1.7.4 and up
The following methods that are enabled by default on EdgeSwitch firmware v1.7.4 and up:
-
SSH
Accessible on TCP port 22. -
HTTPS
Accessible on TCP port 443.
To log into the EdgeSwitch, navigate to the DHCP assigned IP address or the default 192.168.1.2 IP address using either HTTPS or SSH.
The following methods that are disabled by default on EdgeSwitch firmware v1.7.4 and up:
UISP
HTTP
Telnet
Accessing the EdgeSwitch on older firmware releases
The following methods that are enabled by default on EdgeSwitch firmware v1.7.3 and lower:
-
HTTP
Accessible on TCP port 80. -
Telnet
Accessible on TCP port 23.
The following methods that are disabled by default on EdgeSwitch firmware v1.7.3 and lower:
SSH
HTTPS
To log into the EdgeSwitch, navigate to the DHCP assigned IP address or the default 192.168.1.2 IP address using either HTTP or Telnet.
Follow the steps below to enable HTTPS/SSH access on older firmware releases:
1. Generate the DSA and RSA keys for SSH.
System > Management Access > SSH
- Click on the icon under 'RSA Key Status' to generate a new RSA key.
- Click on the icon under 'DSA Key Status' to generate a new DSA key.
2. Enable SSH and optionally tweak the parameters.
System > Management Access > SSH
SSH Admin Mode: Enable
SSH Port: 22
SSH Version: 2
Maximum number of SSH Sessions Allowed: 2
SSH Session Timeout: 5
RSA Key Status: Present
DSA Key Status: Present
3. Generate the certificate for HTTPS.
System > Management Access > HTTPS
- Click on the icon under 'Certificate Status' to generate a new certificate.
4. Enable HTTPS and optionally tweak the parameters.
System > Management Access > HTTPS
HTTPS Admin Mode: Enable
TLS Version 1: Enable
SSL Version 3: Enable
HTTPS Port: 443
HTTPS Session Soft Time Out (Minutes): 5
HTTPS Session Hard Time Out (Hours): 24
Maximum Number of HTTPS Sessions: 4
Certificate Status: Present
7. Disable HTTP and Telnet access.
System > Management Access > System
HTTP Admin Mode: Disable
Telnet Server Admin Mode: Disable
The above configuration can also be set using the CLI:
1. Enter privileged mode.
enable
2. Enter configuration mode.
configure
3. Generate the DSA and RSA keys for SSH.
crypto key generate rsa
crypto key generate dsa
4. Generate the certificate for HTTPS.
crypto certificate generate
5. Exit to privileged mode.
exit
6. Enable SSH and optionally tweak the parameters.
ip ssh server enable
ip ssh protocol 2
ip ssh port 22
sshcon maxsessions 2
sshcon timeout 5
7. Enable HTTPS and optionally tweak the parameters.
ip http secure-server
ip http secure-protocol TLS1 SSL3
ip http secure-port 443
ip http secure-session hard-timeout 24
ip http secure-session soft-timeout 5
ip http secure-session maxsessions 4
8. Disable HTTP and Telnet access.
no ip http server
no ip telnet server enable
9. Exit back to privileged mode.
exit
10. Write the changes to the startup configuration.
write memory
Related Articles
EdgeSwitch - How to Connect to Serial Console