Cisco Support Community
HyperText Transfer Protocol Secure (HTTPS) is a transfer protocol that is more secure than HTTP. The access point can be managed through both HTTP and HTTPS connections when the HTTP/HTTPS servers are configured. Some web browsers use HTTP while others use HTTPS. An access point must have a valid Secure Socket Layer (SSL) certificate to use HTTPS services.
Why do we need to configure the HTTP/HTTPS Service Task?
This feature is useful to keep out rogue hosts from accessing the web-based utility. Using the Management Access Control List, it allows you to specify up to 10 IP addresses, five for IPv4 and five for IPv6 to have access to the web-based utility.
The objective of this document is to show you how to fortify your network by showing you how to configure the HTTP/HTTPS Service Task on the WAP125.
Gather the Support Information
Step 1. Log in to the web-based utility and choose System Configuration > Management.
Step 2. In the Maximum Sessions field under Connect Session Settings, enter a value from 1 to 10 to set the maximum number of simultaneous web sessions. A session is created each time a user logs on to the device. If the maximum session is reached then the next user who attempts to log on into the device with HTTP or HTTPS service is rejected. The default is 5.
Step 3. In the Session Timeout field, enter a value between 2 and 60 minutes to set the time the web session can remain idle. The default value is 10 minutes.
Note: In this example, 13 is used.
Step 4. Check the Enable HTTP Service check box to allow web sessions to be connected through HTTP.
Step 5. (Optional) Click More to view more options and configure a port number.
Step 6. In the HTTP Port field, enter a logical port number to use for HTTP connections. The port value ranges from 1025 to 65535. The default well-known port for HTTP connections is 80.
Step 7. (Optional) Check the Redirect HTTP to HTTPS check box to allow the browser to redirect you to a more secure protocol, HTTPS upon establishing a web session.
Note: This option is only available if HTTP Service check box is disabled in Step 4. In this example, this option is checked.
Step 8. Click OK to return to the Management page and continue with the configuration.
Step 9. Check the Enable HTTPS Service check box to allow web sessions to be established through a secured protocol, HTTPS. This option is enabled by default.
Note: If this option is disabled, any existing connections using the HTTPS are disconnected.
Step 10. Click More to define a port to be used by HTTPS and to choose Transport Layer Security Versions to be used on HTTPS.
Step 11. Under the HTTPS Port area, check the check boxes of the following security protocols that are used over HTTPS:
- TLSv1.0 — Transport Layer Security version 1 (TLSv1) is a cryptographic protocol that provides security and data integrity for communication over the Internet.
- TLSv1.1 — An improved version of the first version of the TSLv1, improves the data security and integrity for communication.
- SSLv3 — Secured Socket Layer version 3 (SSLv3) is a protocol that is used over HTTPS to establish secured sessions and communication over the Internet.
Note: In this example, all check boxes are checked.
Step 12. In the HTTPS Port field, enter a logical port number to use for HTTPS connections. The default well-known port is 443.
Step 13. Click OK to continue.
Step 14. Check the Enable ACL Mode check box to specify an Access Control List (ACL) of IP addresses that are permitted to access the web-based utility. If this feature is disabled, then this grants access to the web-based utility.
Step 15. Click More to specify a list of IPv4 and IPv6 addresses permitted to access the web-based utility.
Step 16. In the IPv4 and IPv6 address fields, enter the administrative IP addresses in the respective formats that will be granted access to the web-based utility.
Tip: Assign static IP addresses to the administrative IP addresses.
Note: In this example, 192.168.2.123 is used as the IPv4 administrative address and fdad:b197:cb72:0000:0000:0000:0000:0000 is used as the IPv6 administrative address.
Step 17. Click OK.
Step 18. Click .
You should now have successfully configured the HTTP/HTTPS Service Task on the WAP125.