NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

skids's avatar
skids
Tutor
Sep 13, 2019

Disabling switch uPNP/SSDP service

Trying to lock down an M4300.  With the latest firmware I see SSDP (uPnP) notfiies coming out of the oob interface, which has been set up as the management interface, along with an open http uPnP p...
Retired_Member's avatar
Retired_Member
Sep 17, 2019

Hi skids 

 

Welcome to Community!

 

Yes, UPnP and Bonjour is new feature, there is no related description on old User Manual. You can check on the latest User Manual, please click here (page19: Use UPnP or Bonjour to Find the Switch).

And for UPnP, it not support disable, for Bonjour, it support disable by manual.

 

Hope it helps!

 

Regards,

 

EricZ

skids's avatar
skids
Tutor
Sep 17, 2019

 

I actually did manage to turn it off.  Apparently it can be disabled (perhaps when you disable bonjour) but it

does not actually disabled until after a switch reboot.

 

uPnP and bonjour are not the same thing so they should probably be controlled by different commands, but

whatever... when these switches are used in server rooms we need to remove all unecessary services for

security purposes so enabling a new service by default in an upgrade is something which should carry a caveat

in the release notes.

  • skids's avatar
    skids
    Tutor
    Sep 19, 2019

    Update on this:  I suspect the change which turned off the broadcasts was instead when we

    removed the VLAN1 routing interface from the VLAN database.  After this, we get periodic log

    messages because the uPnP service is running but cannot open an IP interface:

     

    <15>1 1969-12-31T19:03:06.058-5:00Z HVMGMT-1 OpEN tRpcsrv.01000 - :openapi_loggi
    ng.c(1294) 489 %% discAgent: Failed to get router interface of Mgmt Vlan Id 1

     

    I tried creating a dead-end VLAN which does not exist on any port, gave it

    a static nonsense IP address, left the routing interface active on it, and set the management

    VLAN to that.  Then I set the management source-interface back to the serviceport.

    However, even after a reboot the uPNP daemon still complained about "management Vlan Id 1"

    in the log.

     

    Looks like we'll just have to live with those log messages.  Hopefully the uPnP daemon (and

    the rest of the daemons that are running even though their service is disabled) do not slowly

    leak RAM and cause an issue later.

     

    It's getting harder and harder these days to get a switch to be a simple L2 switch :-)

     

     

    • Retired_Member's avatar
      Retired_Member
      Sep 20, 2019

      Hi skids 

       

      Yes, currently UPnP only work on VLAN1 as management VLAN and on ServicePort. If you change non-VLAN1 as management VLAN, it will not work and output this error.

       

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More