NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

marktpalmer's avatar
marktpalmer
Aspirant
Jan 22, 2017
Solved

Default SNMP v1/v2 returns after new config loaded or reboot

Confrimed on GS108Tv2

Software 5.4.2.19, 5.4.2.22 & 5.4.2.25

 

Issue - Default SNMP v1/v2 settings return after uploading a canned config that does not have the default SNMP v1/v2 settings.  When removed, the public and private SNMP v1/v2 strings return to defaults (enabled).  This is bad for securing switches (defaulting to "any any" public and private SNMP strings.

 

What does Netgear recommend as a solution to prevent the SNMP v1/v2 defaults to return after the switch is rebooted or after a configuration is uploaded?

Installation
Security
Solutions
  • DaneA's avatar
    DaneA
    Jan 24, 2017

    marktpalmer,

     

    Thank you for the updates.  I  have inquired your concern to a higher tier of NETGEAR Support and it was suggested that you open an online case with NETGEAR Support for a deeper investigation.

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

5 Replies

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Jan 22, 2017

    Hi marktpalmer,

     

    As far as I know, there is no issue logged yet on the GS108Tv2 switch that exactly describes what you have posted.  Kindly answer the questions below:

     

    a. Have you tried to perform a factory reset on the GS108Tv2 using the firmware versions you have mentioned then reconfigure it from scratch and check if same problem will occur?

    b. Have you tried using the latest firmware v5.4.2.27?  If not yet, you may download it here then upload it to the GS108Tv2 switch.  Be reminded to perform a factory reset on the GS108Tv2 after upgrading the firmware in order for the switch to have a clean start using the latest firmware version then reconfigure it from scratch.

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

    • marktpalmer's avatar
      marktpalmer
      Aspirant
      Jan 22, 2017

      Per your recommended process, I did the following on two different GS108Tv2s, tested the process twice on both, and I get same results all 4 times.

      1. Downloaded the current firmware v5.4.2.27 (only performed this process once).
      2. Enabled 5.4.2.27 to be active (only performed this process once).
      3. Factory reset the switch.

      4. Logged back into switch.
      5. Crafted my expected configuration (deleted both factory default public and private SNMP v1/v2).
      6. Uploaded the Maintenance>>Upload>>HTTP File Upload>>File Type = Text Configuration so it can be utilized as a "canned" config for other switches at a later time. (See note below).
      7. Rebooted switch.
      8. Logged back into the switch and observe and confirmed; 
           a. the switches are operating on v 5.4.2.27,
           b. the factory defaults for the SNMP v1/v2 returned after the reboot to the switch.

       

      ScreenShots

      01.png

      02.png

      03.png

      04.png

       

      NOTE

      I opened the uploaded configuration where I had deleted the two SNMP v1/v2 Community Configurations.  The uploaded configuration indicates the uploaded configuration contains the factory default SNMP community configurations in it:

       

      snmp-server community ""

      snmp-server community ""

       

      POSSIBLE WORKAROUND

      I tested a possible workaround where I DISABLED (rather than deleted) the factory default v1/v2 SNMP Community Configurations.  I proceeded to reboot the switch.  The factory default v1/v2 SNMP Community Configurations are still present (as expected since I left them there), BUT at least they remained DISABLED

       

      DESIRED OUTCOME

      There are three things I'd expect as desired outcomes to reporting this security issue.  The possible workaround is insufficent long term due to strict security and compliance requirements (remove all default parameters from hardware).

       

      1.  Because this issue creates an unknown threat vector within a user's networking environment, alert GS108Tv2 users of this unexpected condition.  The factory default v1/v2 SNMP Community Configurations are both un-encrypted and well known.  Both SNMP strings give non-authoized individuals read & write access to the switch (default strings are "public" and "private").

       

      2.  Expected behavior when deleting factory default v1/v2 SNMP Community Configurations is the factory default v1/v2 SNMP Community Configurations will remain deleted even after a switch reboot.

       

      3.  The Maintenance>>Upload>>HTTP File Upload>>File Type = Text Configuration must *NOT* include factory default v1/v2 SNMP Community Configurations if the user has deleted the factory default v1/v2 SNMP Community Configurations from the switch.   

       

      HTH

      • marktpalmer's avatar
        marktpalmer
        Aspirant
        Jan 23, 2017

        I reviewed the fleet of switches I manage and have discovered GS716Tv2 switches have this same situation (deleting factory default SNMP community configurations does not really delete them since the configurations return after the switch is rebooted).  

         

        These models are confirmed to not have this situation:

        GS724Tv4

        GS748Tv5

         

        HTH.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More