- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: MS510TXPP - locked myself out of admin UI
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MS510TXPP - locked myself out of admin UI
So, I had the brilliant idea of disabling HTTP access to my switch, because in 2024 there just isn't a reason to use HTTP for anything.
Since there isn't an option to disable the HTTP UI, I figured I'd just add a deny rule under security->access.
Thought I'd start carefully, with deny HTTP, IP=10.1.10.22, Netmask=255.255.255.255.
Well, apparently "deny HTTP" means "deny HTTP *and* HTTPS, and "netmask 255.255.255.255" means "block the entire 10.1.10.X subnet". Thanks a lot, Netgear!
So, bottom line, I can't access the UI any more. Do have any other chance than a factory reset?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: MS510TXPP - locked myself out of admin UI
@therealmrfox wrote:
Since there isn't an option to disable the HTTP UI, I figured I'd just add a deny rule under security->access.
This is the only officially supported way.
No matter which brand is printed on your Broadcom-based switch (Dell, FS, Cisco SMB,.. or Netgear just to mention a few), there is no way to disable the http service ... most likely, because they depend internally on the http, and have just implemented a https proxy on top.
@therealmrfox wrote:
Thought I'd start carefully, with deny HTTP, IP=10.1.10.22, Netmask=255.255.255.255.
Well, apparently "deny HTTP" means "deny HTTP *and* HTTPS, and "netmask 255.255.255.255" means "block the entire 10.1.10.X subnet". Thanks a lot, Netgear!
Works for me as designed, certainly on the MS510TXUP, v1.0.5.17
Only the single host 10.10.1.230 does get the HTTP access denied.
Keep in mind - because this is yet another ACL - with this configuration shown, the HTTP access remains active for any other host in the 10.10.1.0/24 subnet, .27 is explicitly allowed, and .230 is denied.
Had done extensive Beta testing back in 2017/18 on the MS510TXPP before the release. Was not aware anything like this was sliding through my own test cases, bust sometimes *** happens.
@therealmrfox wrote:
So, bottom line, I can't access the UI any more. Do have any other chance than a factory reset?
Have not retained any other alternate access paths, like SSH?
Regards,
-Kurt.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: MS510TXPP - locked myself out of admin UI
Thanks @schumaku for the detailed response!
Works for me as designed, certainly on the MS510TXUP, v1.0.5.17
I guess I might've messed it up? I thought I was careful 🙂
Have not retained any other alternate access paths, like SSH?
Nope... In the end, I just did a factory reset and restored from backup, which was fairly painless.
Hit one little snag as I had just upgraded the FW before locking myself out. The backup from the older FW didn't work with the new FW, which isn't great. The dual-image feature saved my ass (reboot to older FW, apply backup, reboot to new image).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: MS510TXPP - locked myself out of admin UI
Hello @therealmrfox
And welcome to the NETGEAR Community! 🙂
I am glad you were able to get access again to your switch with your backup config. Were your issues addressed by schumaku? For this case would you accept his post as a solution to make it more visible for other users?
Have a lovely day,
Erwin
Netgear Team