NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
MS510TXPP - locked myself out of admin UI
So, I had the brilliant idea of disabling HTTP access to my switch, because in 2024 there just isn't a reason to use HTTP for anything.
Since there isn't an option to disable the HTTP UI, I figured I'd just add a deny rule under security->access.
Thought I'd start carefully, with deny HTTP, IP=10.1.10.22, Netmask=255.255.255.255.
Well, apparently "deny HTTP" means "deny HTTP *and* HTTPS, and "netmask 255.255.255.255" means "block the entire 10.1.10.X subnet". Thanks a lot, Netgear!
So, bottom line, I can't access the UI any more. Do have any other chance than a factory reset?
3 Replies
therealmrfox wrote:
Since there isn't an option to disable the HTTP UI, I figured I'd just add a deny rule under security->access.
This is the only officially supported way.
No matter which brand is printed on your Broadcom-based switch (Dell, FS, Cisco SMB,.. or Netgear just to mention a few), there is no way to disable the http service ... most likely, because they depend internally on the http, and have just implemented a https proxy on top.
therealmrfox wrote:
Thought I'd start carefully, with deny HTTP, IP=10.1.10.22, Netmask=255.255.255.255.
Well, apparently "deny HTTP" means "deny HTTP *and* HTTPS, and "netmask 255.255.255.255" means "block the entire 10.1.10.X subnet". Thanks a lot, Netgear!
Works for me as designed, certainly on the MS510TXUP, v1.0.5.17
Only the single host 10.10.1.230 does get the HTTP access denied.
Keep in mind - because this is yet another ACL - with this configuration shown, the HTTP access remains active for any other host in the 10.10.1.0/24 subnet, .27 is explicitly allowed, and .230 is denied.
Had done extensive Beta testing back in 2017/18 on the MS510TXPP before the release. Was not aware anything like this was sliding through my own test cases, bust sometimes *** happens.
therealmrfox wrote:
So, bottom line, I can't access the UI any more. Do have any other chance than a factory reset?
Have not retained any other alternate access paths, like SSH?
Regards,
-Kurt.
Thanks schumaku for the detailed response!
Works for me as designed, certainly on the MS510TXUP, v1.0.5.17
I guess I might've messed it up? I thought I was careful 🙂
Have not retained any other alternate access paths, like SSH?
Nope... In the end, I just did a factory reset and restored from backup, which was fairly painless.
Hit one little snag as I had just upgraded the FW before locking myself out. The backup from the older FW didn't work with the new FW, which isn't great. The dual-image feature saved my ass (reboot to older FW, apply backup, reboot to new image).
Hello therealmrfox
And welcome to the NETGEAR Community! 🙂
I am glad you were able to get access again to your switch with your backup config. Were your issues addressed by schumaku? For this case would you accept his post as a solution to make it more visible for other users?
Have a lovely day,
Erwin
Netgear Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
