Web Server Commands 161585Web Server CommandsIf enabled, the PowerConnect is manageable via industry standard webbrowsers. User privilege levels are the same as for the CLI. Over 95% of themanagement functions are available via the web interface, includingconfiguration and firmware upgrades.Web SessionsThe HTTP protocol does not provide support for persistent connections.Connections are constantly made and broken so there is no way to know whois accessing the web interface or for how long they are doing so. Additionally,with the use of basic authentication the user authorization is handled by theclient browser. This means that once entered, the user name and password arecached in the browser and given to the server on request. Effectively, once auser logs in to the switch, they have access until the browser closes, evenacross reboots of the switch. This poses a security threat.The Web Sessions feature makes use of cookies to control web connections,sessions. Cookies must be enabled on the browser. The Set-Cookie directive issent only once at initiation of the session. With the introduction of WebSessions the client connections can be monitored and controlled. WebSessions put the authentication control in the PowerConnect instead of theclient browser resulting in a more efficient implementation that allows webaccess while using Radius or TACACS+ for authentication.The web login is implemented in the login page itself instead of a clientbrowser popup. Additionally, there is a logout button, always present on theweb interface. There are various commands that have been modified or addedto support Web Sessions. Similarly there are modifications to some of theweb pages. Support of SNMP configuration for Web Sessions is also available.When the authentication method set for web login authentication is set toTACACS+, the exec shell configuration on the TACACS+ server is used todetermine user permissions (read-only or read/ write). If the configured valueon the server is 15, the user is given read-write permissions. Any other value isread-only. If exec shell feature is not enabled on the server, the user is givenread-only permissions.
