HyperText Transfer Protocol Secure (HTTPS) is a transfer protocol that is more secure than HTTP. The access point can be managed through both HTTP and HTTPS connections when the HTTP/HTTPS servers are configured. Some web browsers use HTTP while others use HTTPS. An access point must have a valid Secure Socket Layer (SSL) certificate to use HTTPS services.
Why do we need to configure the HTTP/HTTPS Service Task?
This feature is useful to keep out rogue hosts from accessing the web-based utility. Using the Management Access Control List, it allows you to specify up to 10 IP addresses, five for IPv4 and five for IPv6 to have access to the web-based utility.
The objective of this document is to show you how to fortify your network by showing you how to configure the HTTP/HTTPS Service Task on the WAP125.
Step 1. Log in to the web-based utility of your WAP. The default username and password is cisco/cisco.
Note: If you already have changed the password or created a new account, enter your new credentials instead.
Step 2. Choose System Configuration > Management.
Note: The available options may vary depending on the exact model of your device. In this example, WAP125 is used.
Step 3. In the Maximum Sessions field under Connect Session Settings, enter a value from 1 to 10 to set the maximum number of simultaneous web sessions. A session is created each time a user logs on to the device. If the maximum session is reached then the next user who attempts to log on into the device with HTTP or HTTPS service is rejected. The default is 5.
Step 4. In the Session Timeout field, enter a value between 2 and 60 minutes to set the time the web session can remain idle. The default value is 10 minutes.
Note: In this example, 13 is used.
HTTP Service
Step 5. Check the Enable HTTP Service check box to allow web sessions to be connected through HTTP.
Step 6. (Optional) Click More to view more options and configure a port number.
Step 7. In the HTTP Port field, enter a logical port number to use for HTTP connections. The port value ranges from 1025 to 65535. The default well-known port for HTTP connections is 80.
Step 8. (Optional) Check the Redirect HTTP to HTTPS check box to allow the browser to redirect you to a more secure protocol, HTTPS upon establishing a web session.
Note: This option is only available if HTTP Service check box is disabled in Step 4. In this example, this option is checked.
Step 9. Click OK to return to the Management page and continue with the configuration.
HTTPS Service
Step 10. Check the Enable HTTPS Service check box to allow web sessions to be established through a secured protocol, HTTPS. This option is enabled by default.
Note: If this option is disabled, any existing connections using the HTTPS are disconnected.
Step 11. Click More to define a port to be used by HTTPS and to choose Transport Layer Security Versions to be used on HTTPS.
Step 12. Under the HTTPS Port area, check the check boxes of the following security protocols that are used over HTTPS:
Note: In this example, all check boxes are checked.
Step 13. In the HTTPS Port field, enter a logical port number to use for HTTPS connections. The default well-known port is 443.
Step 14. Click OK to continue.
Management ACL Mode
Step 15. Check the Enable ACL Mode check box to specify an Access Control List (ACL) of IP addresses that are permitted to access the web-based utility. If this feature is disabled, then this grants access to the web-based utility.
Step 16. Click More to specify a list of IPv4 and IPv6 addresses permitted to access the web-based utility.
Step 17. In the IPv4 Address and IPv6 Address fields, enter the administrative IP addresses in the respective formats that will be granted access to the web-based utility.
Tip: Assign static IP addresses to the administrative IP addresses.
Note: In this example, 192.168.2.123 is used as the IPv4 administrative address and fdad:b197:cb72:0000:0000:0000:0000:0000 is used as the IPv6 administrative address.
Step 18. Click OK.
Step 19. Click Save button to save the configured settings.
You should now have successfully configured the HTTP/HTTPS Service Task on your WAP125 or WAP581 access point.