NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

MWCLOUD's avatar
MWCLOUD
Aspirant
Jan 11, 2018
Solved

XS716T100NES Can we disable HTTP

Is there a way via CLI or GUI to disable HTTP from listening?. We would like to lock down the switch where only the ports we are using are open.
http
management
Security
  • LaurentMa's avatar
    LaurentMa
    Jan 11, 2018

    Hi MWCLOUD

     

    Thanks for asking. No, there is no way to disable Management CPU (Web GUI access via HTTP) on our XS716T 16-port 10G Smart Managed Pro switch. In fact, the per-port lock down is not very common. But Smart Managed switches don't offer management access control.

     

    Instead, Fully Managed switches provide either Out of band management (OOB - you can deactivate inband CPU management access, and only access the switch CPU for GUI, telnet etc. via the 1G service port - this is useful if you have a separate management network); or Management ACLs for protecting inband access (for instance, restricting HTTP GUI access to certain IP addresses or subnets, restricting Telnet to certain other IP addresses, etc.).

     

    If you require these features, you should look at our M4300 series. They offer both OOB management and Management ACLs:

     

     

    Regards,

     

7 Replies

  • LaurentMa's avatar
    LaurentMa
    NETGEAR Expert
    Jan 11, 2018

    Hi MWCLOUD

     

    Thanks for asking. No, there is no way to disable Management CPU (Web GUI access via HTTP) on our XS716T 16-port 10G Smart Managed Pro switch. In fact, the per-port lock down is not very common. But Smart Managed switches don't offer management access control.

     

    Instead, Fully Managed switches provide either Out of band management (OOB - you can deactivate inband CPU management access, and only access the switch CPU for GUI, telnet etc. via the 1G service port - this is useful if you have a separate management network); or Management ACLs for protecting inband access (for instance, restricting HTTP GUI access to certain IP addresses or subnets, restricting Telnet to certain other IP addresses, etc.).

     

    If you require these features, you should look at our M4300 series. They offer both OOB management and Management ACLs:

     

     

    Regards,

     

    • schumaku's avatar
      schumaku
      Guru - Experienced User
      Jan 12, 2018

      Hi LaurentMa,

       

      Plase consider to push in at least a control to set (and limit) the manaement VLAN to a defined VLAN on all Smart Managed Plus and Smart Managed Pro with the firmware revisions.

      Example? The new XS724EM Smart Managed Plus 



      This does allow certain mitigation by limiting this access to a sinlge 802.1Q VLAN.

      Regards,
      .Kurt



       

      • schumaku's avatar
        schumaku
        Guru - Experienced User
        Jan 12, 2018

        Oh sorry, my previous post wasn't really finished LaurentMa. Of course, the Smart Managed Pro already support a management VLAN setting (it's in Management -> IP Configuration).

    • MWCLOUD's avatar
      MWCLOUD
      Aspirant
      Jan 11, 2018

      Thanks for the quick response.  This is good to know for future purchases.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More