we would like to use NMS300 to save the config of our 40 Netgear Switches (M4100 series, different models) automatically every night, but this requires telnet to be enabled on all switches (confirmed by Netgear Expert Bruce_G: https://community.netgear.com/t5/Managed-Switches/
I think that transmitting a password for administrative access in cleartext over the network isn't best practice, especially for a product which claims to be enterprise ready.
Would you please implement an option for a scheduled config saving and other mass actions like firmware update for all switches via an encrypted conection? It should be possible to disable telnet on the switches without disabling any funcionality (apart from logging in via telnet of course..) ;-)
Thanks in advance!
This in regards to the Traffic Meter monitoring function of the SRX5308 VPN Firewall. However this would apply to any device in Netgear's product lineup that monitors the amount of IP traffic per month.
Currently the traffic meter can set a monthly traffic limit of up to a maximum of 256000 MB (~250 GB). However, this is insufficient for those who are using Comcast as an ISP where the monthly traffic limit is set to 1 Terabyte (1024 Gb).
Request that the montly traffic limit setting be adjustable in the Terabyte range. Perhaps an increase of the montly limit up to and including 250 Tb should be sufficient in the foreseeable future. Thank you in advance!
L2TP with IPSEC is for sure easy to setup, but even more convenient would be to use Active Directory authentication, such as one for SSL VPN and admin role setup. Windows internal VPN client offers domain credentials as on option for authentication, that would ease the setup. Of course there would be need for group membership checking or explicitly define, which users are allowed to login. Also, DH should allow use of 2048-bit keys.
I've had an unfair share of trouble when trying to restore saved configuration files (.cfg config) to GS108Ev2 running firmware 1.00.12. Eventually, I gave up and reprogrammed 3 switches from scratch. I had to go through the whole building to locate them. Brought with myself a laptop and had a phone handy to talk to a guy in the control room.
I think I found out what happened: Older versions of the Plus Utility do not support the password encryption required by V1.00.10 firmware. The old config files had unencrypted passwords (I checked with a hex editor). The new firmware expects its password encrypted, so it couldn't load the old password. I was locked out of the switches.
A cleartext header in the config file could help, so the switch (or the user!) knows which firmware version saved the config. If you want to make it really functional, have the firmware perform appropriate checks at load (restore) time, so old unencrypted passwords keep on working on new firmware versions.
Do you plan to write Wifi Analytics for IOS Iphone / Ipad ? I know that this has been asked before but I could not find a solution. I'm trying to find the best channel for 5Ghz. Since a Wi-Fi analytics tool can be used to identify the local networks surrounding me and determine which channels are congested and which are lesser used, I can determine the optimum wireless channel. My 5ghx keeps dropping and it's making me crazy.
It has been suggested that I submit this increased functionality request to improve the switches capability on its accessing frequency when updating its system time from an SNTP server.
Most other manufacturers allow access times up to 1000's of hours. I normally update various network appliances either once a day or once a month, which is fine for most instances. However, this doesn't appear possible with my GS724T switches. The maximum polling time results, in my case, with a Kiss Of Death response due to too many update requests. The only work around is possibly using a DNS access to an SNTP server pool, as opposed to accessing a fixed time server IP address.
I would have just put up with this problem but
DaneA from the NETGEAR Community Team suggested I raise this as a functionality request!
I did look into having my own SNTP server but the cost is prohibitive.
Last update from the NETGEAR Community Team shown below for info.
Since there is no option to manually configure the frequency of when the GS724Tv3/4 will access the SNTP servers, I suggest that you post this concern as feature request in the Idea Exchange board for Business here. Be reminded that adding kudos to the ideas will help as the development team will be reviewing the post that has the most kudos and it might be considered to be added on the future functionality of the product.
NETGEAR Community Team
Hello to anyone taking the time to read this.
I have close to a dozen netgear GS1xxE switches at my home and various family member's homes by now and swear by the things. Vlan tagging is a must for our various setups and these switches haven't disapointed yet.
However , when it comes to configuring them, the fact one is incapable of selecting the vlan on which the things do their DHCP negotiating forces me to use fixed IP's.
In essence this isn't all that bad. But adding this to the firmware isn't something unreasonable to ask I would think.
Thanks in advance for taking the time to reply. If you also think this slight oversight should be rectified please do reply.
Hello my name is Peter and I posted some requests about essential functions on the GS1xxE series of switches.
It seems there have been some ideas posted here but there is no respons whether these things are being
implemented or not or any timeframe given.
I personally had a request about adding a menu in the GS1XXE switches to enter some allowed mac addresses to prevent
a user to connect some rogue equipment on the network.
Could it be that the chipset does not support such functionality!
Couldn't you post back that the engineers are working with this, this and this function and it will be ready in 1-3 months or something.
Anyways a definitive answer would be appreciated so that I may peruse other brands that has similar 5-port switches.
Using from a long time FVS338 without problems and for some customers using content filtering, some of them want more, like line backup, and more keyword in contents so i look to the next, FVS336G, and tere is the same number of keywords, 64, is there a way to expand this in a futur firmware ?
I know but 256 should be a good idea 64 is really to short with any internet site at this time.
When do you plan to implement this application wifi analytics on ios ?
My ipad would like it, my iphone also, I will accept to pay for this application
please include the rogue detection
Philippe CUVILLIER Orange Presales Engineer
I just got a certificate which the hash algorithm is SHA256.
But my vpn firewall only allows SHA1.
Can you please fix this?
Thank you very much.
Hello there my name is Peter.
I would like a function to be added to these series of switches that prevents a rouge user to connect equipment to any port and gain access to the network or disturb/bring it down with maybe a CAM overflow attack.
It would work such that if an unreasonable amount of connection attempts with different mac adresses occurs - it disables that port or something.
A better idea would be to use DHCP snooping in the switch so we could enter allowed MAC and IP adresses in the router instead.
I know that switches like GS108Tv2 probably supports this however there is no GS105T small 5-port version available so I am forced using GS105Ev2 instead which is a nice little switch indeed.
If DHCP snooping is too complex maybe you could add a little menue instead so we could enter a couple of MAC adresses allowed on each port.
Can you add the possibility to set a port descrition inside the switch?
Its a new access point which we purchase last month and we had a internal audit the security manager found the below vulnerablity, Can some one please help us to configure the following configurations Netgear WNDAP360 access point.
Thanks in advance for valuable reply,
M. Muhammed Iliyas.