Access Settings allows users to view or edit settings mainly related to accessing the Avi Load Balancer Controller from the outside.

Navigate to Administration > System Settings > EDIT > Access.



The following options are classified as System Access Settings:

  • Enable HTTP Access to System: It allows HTTP access to the Avi Load Balancer web interface and REST API. This option is insecure and not recommended.

  • Enable HTTPS Access to System: Enables SSL/TLS access to Avi Load Balancer GUI and REST API. When the option is enabled, the SSL Profile and SSL/TLS Certificate fields must be populated.

  • Redirect HTTP to HTTPS: When HTTP Access to System is disabled, enabling this option will automatically redirect administrators to the HTTPS interface for the web interface and API.

  • SSL Profile: Select an SSL Profile to complete the HTTPS Access. This profile is from Templates > Security > SSL Profiles, which is also referenced by SSL-enabled virtual services.

  • SSL/TLS Certificate: Select an SSL certificate from SSL/TLS Certificate drop-down menu to present to clients connecting to the web interface. RSA and Elliptic Curve (EC) are supported.

  • Allow Basic Authentication: Uses HTTP to prompt the Avi Load Balancer user for a username and password and to return the values to Avi Load Balancer for authentication and authorization.

  • Allowed Ciphers: List of the ciphers supported for HTTP basic authentication.

  • Allowed HMACs: List of the HMACs supported for HTTP basic authentication.

The following option is related to SNMP:

  • SNMP: Select None, SNMP V2, or SNMP V3 as required. The string to be furnished by an external SNMP v2c manager wishing to query the SNMP daemon running on the Avi Load Balancer Controller leader. For more information, see SNMP Support in Avi Load Balancer.

The Client Management Access to Avi Load Balancer Controller lists four different client types that are authorized system users:

  1. SSH Clients

  2. CLI Shell Clients

  3. External HTTP(S) Clients

  4. External SNMP Clients

Note:

Enter the controller management IPs for HTTP(s) settings using the field Allowed External HTTP(S) Clients. Internal Analytics APIs will fail if the management IPs of the cluster nodes are not included in the list of IPs allowed for external HTTP(s).

Each one can flexibly specify clients by IP address and/or string/IP groups.

The following options govern two Banners that Avi Load Balancer will display if set:

  • Message of the Day: Displayed to users after a successful login, be it through the UI, CLI, or SSH.

  • Login Banner: Displayed before logging in through SSH or UI.