This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Default SNMP v1/v2 returns after new config loaded or reboot
Confrimed on GS108Tv2
Software 5.4.2.19, 5.4.2.22 & 5.4.2.25
Issue - Default SNMP v1/v2 settings return after uploading a canned config that does not have the default SNMP v1/v2 settings. When removed, the public and private SNMP v1/v2 strings return to defaults (enabled). This is bad for securing switches (defaulting to "any any" public and private SNMP strings.
What does Netgear recommend as a solution to prevent the SNMP v1/v2 defaults to return after the switch is rebooted or after a configuration is uploaded?
Thank you for the updates. I have inquired your concern to a higher tier of NETGEAR Support and it was suggested that you open an online case with NETGEAR Support for a deeper investigation.
Re: Default SNMP v1/v2 returns after new config loaded or reboot
Hi marktpalmer,
As far as I know, there is no issue logged yet on the GS108Tv2 switch that exactly describes what you have posted. Kindly answer the questions below:
a. Have you tried to perform a factory reset on the GS108Tv2 using the firmware versions you have mentioned then reconfigure it from scratch and check if same problem will occur?
b. Have you tried using the latest firmware v5.4.2.27? If not yet, you may download it here then upload it to the GS108Tv2 switch. Be reminded to perform a factory reset on the GS108Tv2 after upgrading the firmware in order for the switch to have a clean start using the latest firmware version then reconfigure it from scratch.
Re: Default SNMP v1/v2 returns after new config loaded or reboot
Per your recommended process, I did the following on twodifferent GS108Tv2s, tested the process twice on both, and I get same results all 4 times.
1. Downloaded the current firmware v5.4.2.27 (only performed this process once). 2. Enabled 5.4.2.27 to be active (only performed this process once). 3. Factory reset the switch.
4. Logged back into switch. 5. Crafted my expected configuration (deleted both factory default public and private SNMP v1/v2). 6. Uploaded the Maintenance>>Upload>>HTTP File Upload>>File Type = Text Configuration so it can be utilized as a "canned" config for other switches at a later time. (See note below). 7. Rebooted switch. 8. Logged back into the switch and observe and confirmed; a. the switches are operating on v 5.4.2.27, b. the factory defaults for the SNMP v1/v2 returned after the reboot to the switch.
ScreenShots
NOTE
I opened the uploaded configuration where I had deleted the two SNMP v1/v2 Community Configurations. The uploaded configuration indicates the uploaded configuration contains the factory default SNMP community configurations in it:
snmp-server community ""
snmp-server community ""
POSSIBLE WORKAROUND
I tested a possible workaround where I DISABLED (rather than deleted) the factory default v1/v2 SNMP Community Configurations. I proceeded to reboot the switch. The factory default v1/v2 SNMP Community Configurations are still present (as expected since I left them there), BUT at least they remained DISABLED.
DESIRED OUTCOME
There are three things I'd expect as desired outcomes to reporting this security issue. The possible workaround is insufficent long term due to strict security and compliance requirements (remove all default parameters from hardware).
1. Because this issue creates an unknown threat vector within a user's networking environment, alert GS108Tv2 users of this unexpected condition. The factory default v1/v2 SNMP Community Configurations are both un-encrypted and well known. Both SNMP strings give non-authoized individuals read & write access to the switch (default strings are "public" and "private").
2. Expected behavior when deleting factory default v1/v2 SNMP Community Configurations is the factory default v1/v2 SNMP Community Configurations will remain deleted even after a switch reboot.
3. The Maintenance>>Upload>>HTTP File Upload>>File Type = Text Configuration must *NOT* include factory default v1/v2 SNMP Community Configurations if the user has deleted the factory default v1/v2 SNMP Community Configurations from the switch.
Re: Default SNMP v1/v2 returns after new config loaded or reboot
I reviewed the fleet of switches I manage and have discovered GS716Tv2 switches have this same situation (deleting factory default SNMP community configurations does not really delete them since the configurations return after the switch is rebooted).
These models are confirmed to not have this situation:
Thank you for the updates. I have inquired your concern to a higher tier of NETGEAR Support and it was suggested that you open an online case with NETGEAR Support for a deeper investigation.
I believe NETGEAR Support was able to help you on your concern and your online case is now closed. It seemed that the beta firmware provided to you resolved the problem.
Since the issue is now resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
