VNS3:ms Setup


When launching a VNS3:ms instance or VM, it is recommended a static public IP (e.g. Elastic IP) is associated and used. The use of the static IP allows remapping during instance version upgrades or DR failover scenarios.

VNS3 MS Login Page - extrasmall

Login to the VNS3:ms Web UI at https://your-vns3-ms-ip. UI is served over https (port 443). The default user is admin and the default password is [instance-id] in AWS or changeme in other environments.

VNS3 MS Dashboard Page

Change VNS3:ms password

VNS3:ms now includes safety features that restrict some functionality until the password is changed from its default. As VNS3:ms can control your VNS3 deployments (and potentially your Cloud VLAN), it is important to select strong passwords and manage your API tokens carefully to ensure the system is secure.

Cohesive Networks also recommends using two factor authentication for UI access.

Resetting the UI password:

  • Click the admin menu in the top right corner of the VNS3:ms UI.
  • Select Account settings and navigate to the Password tab.
  • Change the VNS3:ms UI password and click Update Password.

Prior to version 2.5, you change the password by selecting “Change Password” from the admin menu.

VNS3ms Update Password

API Access

VNS3:ms initializes with an API token with a 1 year lifetime. You can generate as many API tokens as you like. To retrieve the default API token:

  • Click the admin menu in the top right corner of the VNS3:ms UI.
  • Select Account settings and navigate to the User Access tab.
  • From here you can copy the token, disable it, or generate a new one

VNS3ms API Tokens

To construct an API request with the token you will use it in a header like this:


curl -k -X GET -H 'api-token: $apitoken' https://$host/api/system/status

API Tokens also have some other nice features:

  • Set a lifetime for each token
  • Tokens can be refreshable, meaning their lifetime counter will reset each time the token is used. For example, you can have an API token with a lifetime of 24 hours that is refreshable. This can be used in your automation. If your automation does not make a request for longer than 24 hours, then token automatically expires, preventing the security threat of long lived API tokens

View the latest VNS3:ms specification.

Versions Prior to 2.5

Prior to version 2.5, VNS3:ms used a multiple step API Key and Token generation process. Since then we have simplified the authentication and standardized on the VNS3 method of API authentication. However, if you are using VNS3:ms v2.3.6 or earlier you will need to do the following to access the API:

  • Click the admin menu in the top right corner of the VNS3:ms UI.
  • Select Change password.
  • Click Regenerate Key.

VNS3 MS Passwords API Key

This key can now be used to generate a token:

curl -X POST -H "application/json" \
    -d '{"username": "admin", "api_key": "yourapikeystring"}' \

# GET request with API token returned above
curl -X GET -H "api-token:bdfac681b375e4306b8cd3280b4387700cc3ee5" \

NOTE: Cohesive Networks does not have any key access or remote access to your VNS3 Controllers unless provided by you. If you forget these passwords we cannot recover them for you.

System Status

Click Systems Status to view instance specific status information for the particular VNS3:ms device. In addition to instance utilization information there are counts for the number of virtual networks, topologies, controllers, etc. that are being monitored.

VNS3 MS Admin System Status Page