This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
we would like to use NMS300 to save the config of our 40 Netgear Switches automatically every night, but it seems that this requires telnet to be enabled on all switches. Is this by design or did I miss something? Transmitting a password for administrative access in cleartext over the network isn't best practice - to say the least...
Your testing result is right, telnet is required when do M4100 backup/restore (M4100 is a special case). However your idea (using encrypted protocol to do backup) is a very good. What you can do is to post suggestions and ideas at the Idea Exchange board. Adding kudos to the ideas will help as development team will be reviewing the post that has the most kudos for considering it to add to the product's future release.
NMS300 support device credential via SNMPv1, SNMPv2c, SNMPv3, Telnet, SSH, HTTP and HTTPS, for Netgear Switches, we recommend to use SNMP and HTTP, then telnet has no need to enable because of security concern. That means, if you alreay select Telnet for device credential, it has to be enable when run a schedule backup task.
On NMS300, you can add one time or schedule task to backup devices configuration, get User Manual (page120) for more detail.
The new NMS300 build v1.5.0.18, which support to manage M4300 series switch:
Bruce, thanks for your feedback, but it doesn't solve the problem for me.
I know that NMS300 offers the configuration of device credentials for several protocols including ssh and that I can associate an ssh credential with my switches, but when I run a config backup profile for these switches I get the error message "No valid Telnet credential". I guess this means that I have to configure a Telnet credential for these switches because the config backup does work only via Telnet, right?
If it's possible to configure a config backup profile to use an encrypted connection (http and snmp are also unencrypted an therefore offer no advantage regarding security when compared to telnet) please let me know how this is possible...
I guess you associate telnet credential to device, however disable it on switch device side, that might be the reason to see the error message "No valid Telnet credential" (please login NMS300, go to Resources->Devices, click device to see "Device Detail View", select "credential" at the bottom, to view which credential are associated). Back to your question, Telnet is not required to backup/restore configuration file most time.
Which protocols to implement backup and restore? it depends on the type of devices, most Managed Switch use SNMP, most smart switch use HTTP or HTTPS, some Prosafe Firewall use HTTPS.
In out testing lab, we tried M6100 (Managed Switch, only associate SNMPv3) and S3300-52X (Smart Switch, associate SNMPv2 and HTTPS), schedule backup/restore on both devices working well.
If you have concern the unencrypted connection when do backup/restore, you can select SNMPv3 or HTTPS (please note that not all devices support backup/restore via HTTPS).
The latest NMS300 build fixed a schedule backup bug, please upgrade and try with my suggestion. If still can't resolve your issue, let me know the model of your Netgear switch.
- upgraded our NMS300 installation to version 1.5.0.18
- enabled SNMPv3, HTTPS and ssh and disabled telnet on one test switch of type M4100-50G-PoE+, Firmware 10.0.2.20
- created credentials for SNMPv3, HTTPS and ssh
- cretated a config backup profile with the above test switch included
- deleted telnet from the associated credentials of this switch
- associated the SNMPv3 credential to the test switch, executed the backup profile -> "No valid Telnet credential"
- associated the HTTPS credential to the test switch, executed the backup profile -> "No valid Telnet credential"
- associated the ssh credential to the test switch, executed the backup profile -> "No valid Telnet credential"
- enabled telnet on that switch
- associated the telnet credential to the test switch, executed the backup profile -> OK
So, if telnet is not required for a configuration backup profile, please let me know how to use an encrypted connection. I have no idea what could be wrong in my configuartion. Thanks!
Your testing result is right, telnet is required when do M4100 backup/restore (M4100 is a special case). However your idea (using encrypted protocol to do backup) is a very good. What you can do is to post suggestions and ideas at the Idea Exchange board. Adding kudos to the ideas will help as development team will be reviewing the post that has the most kudos for considering it to add to the product's future release.
