NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

therealmrfox's avatar
therealmrfox
Initiate
May 10, 2024

MS510TXPP - locked myself out of admin UI

So, I had the brilliant idea of disabling HTTP access to my switch, because in 2024 there just isn't a reason to use HTTP for anything.   Since there isn't an option to disable the HTTP UI, I figur...
schumaku's avatar
schumaku
Guru - Experienced User
May 11, 2024
therealmrfox wrote:

Since there isn't an option to disable the HTTP UI, I figured I'd just add a deny rule under security->access.

This is the only officially supported way.

 

No matter which brand is printed on your Broadcom-based switch (Dell, FS, Cisco SMB,.. or Netgear just to mention a few), there is no way to disable the http service ... most likely, because they depend internally on the http, and have just implemented a https proxy on top.

 

therealmrfox wrote:

Thought I'd start carefully, with deny HTTP, IP=10.1.10.22, Netmask=255.255.255.255. 

 

Well, apparently "deny HTTP" means "deny HTTP *and* HTTPS, and "netmask 255.255.255.255" means "block the entire 10.1.10.X subnet". Thanks a lot, Netgear!

Works for me as designed, certainly on the MS510TXUP, v1.0.5.17

 

 

Only the single host 10.10.1.230 does get the HTTP access denied.

 

Keep in mind - because this is yet another ACL - with this configuration shown, the HTTP access remains active for any other host in the 10.10.1.0/24 subnet, .27 is explicitly allowed, and .230 is denied.

 

Had done extensive Beta testing back in 2017/18 on the MS510TXPP before the release. Was not aware anything like this was sliding through my own test cases, bust sometimes *** happens.

 

therealmrfox wrote:

So, bottom line, I can't access the UI any more. Do have any other chance than a factory reset?

Have not retained any other alternate access paths, like SSH?

 

Regards,

-Kurt.

 

 

 

therealmrfox's avatar
therealmrfox
Initiate
May 12, 2024

Thanks schumaku for the detailed response!

 

Works for me as designed, certainly on the MS510TXUP, v1.0.5.17

I guess I might've messed it up? I thought I was careful 🙂

 

Have not retained any other alternate access paths, like SSH?

Nope... In the end, I just did a factory reset and restored from backup, which was fairly painless.

 

Hit one little snag as I had just upgraded the FW before locking myself out. The backup from the older FW didn't work with the new FW, which isn't great. The dual-image feature saved my ass (reboot to older FW, apply backup, reboot to new image).

 

  • ErwinL's avatar
    ErwinL
    NETGEAR Moderator
    May 23, 2024

    Hello therealmrfox

     

    And welcome to the NETGEAR Community! 🙂

     

    I am glad you were able to get access again to your switch with your backup config. Were your issues addressed by schumaku?  For this case would you accept his post as a solution to make it more visible for other users?

     

    Have a lovely day,
    Erwin
    Netgear Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More