NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

ProSAFEr's avatar
ProSAFEr
Aspirant
May 11, 2019
Solved

Access restrictions on a GS108Ev3 ProSAFE Plus switch

Hello.   I am trying to restrict web access to a few authorized management stations on a NETGEAR ProSAFE GS108Ev3 Plus Switch.  This switch has the most recent firmware (V2.06.03EN) and bootloade...
  • schumaku's avatar
    schumaku
    May 11, 2019
    ProSAFEr wrote:
    Is there any way to restrict access to the web management interface on this switch to only a few workstations, an address pool or a VLAN?

    No.*

     

    ProSAFEr wrote:
    I do not want to serve an unencrypted (HTTP only) web interface to the world.

    The service processors for the Smart Managed Plus switches - almost unmanaged - have a marginal resources, even the availability of the Web UI in plain http is kind of "magic" for these switches.

     

    *The release notes show that the processing capabilities are limited, e.g when it comes to the flow control or exact timely ICMP multicast handling.

     

     

schumaku's avatar
schumaku
Guru - Experienced User
May 11, 2019
ProSAFEr wrote:
Is there any way to restrict access to the web management interface on this switch to only a few workstations, an address pool or a VLAN?

No.*

 

ProSAFEr wrote:
I do not want to serve an unencrypted (HTTP only) web interface to the world.

The service processors for the Smart Managed Plus switches - almost unmanaged - have a marginal resources, even the availability of the Web UI in plain http is kind of "magic" for these switches.

 

*The release notes show that the processing capabilities are limited, e.g when it comes to the flow control or exact timely ICMP multicast handling.

 

 

ProSAFEr's avatar
ProSAFEr
Aspirant
May 12, 2019

Thank you for your detailed answer.  I know this device has an underpowered service processor.  A service processor like this one is not so bad as it sounds; the device draws only between three and four watts and runs really cold.  I am not against an unencrypted management interface either iff it can be restricted to a few ports, a single management VLAN or a few authorized IP addresses.  Even the cheaper GS105Ev2 supports an access control table.

 

Ok, it is time to look for another use for these switches that obviously should not be connected to public or untrusted networks.  We are running a few air gapped networks where these switches would fit better.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More