Product Documentation

Administrator Interface

Jun 06, 2013

This page has a range of options relating to the browser-based and LCD front-panel interfaces. It is divided into four eight tabs: Web Access, HTTPS Certificate, User Accounts, Radius, TACACS+, SSH Access, Graphing, and Miscellaneous.

Web Access Tab

Figure 1. Web Access Tab
  • Web Access Protocol--Selects between HTTP and secure HTTP (HTTPS).HTTPS is the default.
  • HTTP/HTTPS Ports--Sets the port used for each protocol. The non-selected protocol is greyed out. To access it, select the protocol, press Update, and then change the port number. Setting the port numbers to zero will disable browser-based access (re-enabling browser-based access will require the use of the serial interface or the command-line interface).
  • HTTP Forwarding to HTTPS--If HTTPS is the selected protocol, attempts to reach the interface via HTTP will result in an redirect to the correct protocol and port.

HTTPS Certificate Tab

HTTPS SSL Certificate, HTTPS SSL Private Key. These boxes allow you to paste in your own certificate and private key for SSL security, which is used by HTTPS. The Appliance is delivered with a default SSL key and certificate, which is not particularly secure. To replace it with your own key and certificate, generate these using your organization’s standard procedure, then paste them into the boxes on the UI page and press the Update button.

Figure 2. Configure Settings: UI page, HTTPS Certificate tab

User Accounts Tab

These users accounts are maintained locally by the Appliance. There are two types of accounts: Admin and Viewer.
  • Admin accounts allow the user to view all pages and modify all settings.
  • Viewer accounts allow the user to see only the Main page and pop-up performance graphs.

You can create as many accounts as you like.

The menu page is self-explanatory. Changes take effect as soon as the Update, Delete, or Add buttons are pressed.

Figure 3. User Accounts Tab

RADIUS and TACACS+ Tabs

RADIUS and TACACS+ authentication are also supported. The user interface for the two are similar. Enter the IP address of the authentication server, verify the port number (the default is usually correct), enter the shared secret and press the Update button.

Figure 4. RADIUS Authentication Tab

Note on RADIUS authentication--Radius authentication will succeed if the RADIUS server returns an 'Accept-Access' packet with an appropriate 'Service-Type' attribute. If 'Service-Type' is 'Login,' then the user is granted viewer access. If it is 'Administrative,' then the user is granted admin access. Otherwise, access is denied.

Figure 5. TACACS+ Authentication Tab

Note on TACACS authentication--Administrative privileges are granted if the TACACS user has privilege level 15. Lower levels will be granted viewer access.

Note: For accounts that exist locally on the Appliance, the locally defined password continues to work after Radius or TACACS+ authentication are enabled; the remote server is queried only if the password fails to match the locally stored value.

SSH Access Tab

Two methods of accessing the unit are enabled by default, but can be disabled if desired. One is SSH access, which must be running for the CLI feature to work. It also allows Support access to the Appliance if necessary. The other is 'Web Access,' access to the browser-based user interface.

The two functions have Disable/Enable buttons. However, if you disable web access, you will of course not be able to access the button to re-enable it. To re-enable the browser-based user interface, use the RS-232 or CLI interface.

Figure 6. Security: Manage Users page

Graphing Tab

This tab controls the graphing functions of the acceleration engine, which covers the graphs on the Monitoring pages but not those on the Reports pages or the Dashboard, which are configured separately.

  • Display WAN Side Graph/Display LAN Side Graph--The data flow is not identical on the LAN side of the Appliance and the WAN side. The differences between the two flows can provide useful information. For example, the difference between accelerated line usage and good put should be very low on the LAN side, because LANs usually (but not always) have a low packet-loss rate. But if there is a problem with the local LAN (a failing switch, for example, or a port accidentally configured to half-duplex), losses may be high. By default, both graphs are shown.
  • Combine Send/Recv Graphs--By default, send and receive traffic are added together, but they can be displayed separately. This is useful on busy systems with traffic moving in both directions.
  • Autoscale Graphs--By default, bandwidth graphs are scaled automatically, but they can be scaled to user-specified limits.
  • Graph Refresh Rate--The data displayed on the graphs covers 60 seconds of activity and is collected at one-second intervals. The default refresh rate is ten seconds. Sensible values for the refresh interval are between 1 and 60 seconds.
  • Autorefresh Graph--Unchecking this box means that the reload browser button must be pressed to see an up-to-date graph.

Miscellaneous Tab

Figure 7. Configure Settings: UI page, Miscellaneous tab
  • Lock Changes via LCD--Checking this box prevents system settings from being updated via the front-panel interface. By default, the front-panel is not locked.
  • Max Connections Shown on Connection Page--A busy system may have thousands of open connections. The default is to show the first 800. This may be set to any value desired.
  • GUI Session Timeout--If the Web interface is idle for more than this time (in minutes), you will have to log in again. Setting the value to zero will disable session timeouts.
  • CLI Session Timeout--If the command-line interface is idle for more than this time (in minutes), you will have to log in again. Setting the value to zero will disable session timeouts.
  • Login Failure Limit--If an invalid password is given more than this many times in a row, you will not be able to login until the 'login failure lockout period' has expired.
  • Login Failure Lockout Period--Logins are disabled by this many seconds if the 'login failure limit' has been exceeded.
  • Show SSL Connection Help Guide--Enables some online help text at the bottom of SSL-acceleration related pages. Disabled by default. Because this User’s Guide has much more comprehensive procedures, this help guide is not recommended.