The price difference between cheaper \"smart managed\" and the higher priced \"fully managed\" switches is often made up by removing a) serial console access and b) disabling access to a remote CLI. After working more often with managed switches I really appreciate a CLI access since most GUIs I've so far used (Netgear, HP-H3C Comware, Cisco IOS) were not much of a pleasure and most often slow. Serial console was less of use but it becomes very handy if the device doesn't want to boot or for initial configuration.<\/p>\n
Some vendors restrict or hide CLI access on their larger smart switches - maybe for support or developer purpose - one that I know about was the HP 1910's<\/a> that I've used (formerly H3C-based 3Com 2928). It was during a port scan on my GS110TP where I realized there were more than the expected HTTP and HTTPS ports responding. After increasing the scope to a full TCP\u00a0 scan I saw 2 ports in the upper range that took my interest:<\/p>\n For sure the default telnet and ssh didn't return anything interesting, but there were TCP 4242 and TCP 60000 remaining. Apparently 4242 isn't to much use, possibly a management interface for Netgear but it seems to have been detected by others for a couple of Netgear switches. During a quick search I came across a post from Koos van den Hout<\/a> who had detected a telnet server on a larger, rackmount GS716T using an older firmware, thus at least there was a trace for Netgear to have a \"hidden\" CLI access for some of their larger smart switches. I tried my luck using a telnet client on my tiny 10-Port switch and what I got resembled much to Koos' GS716T.<\/p>\n I continued as follows: Since GS110TP doesn't allow defining different users nor RADIUS-based management authentication tried what Koos suggested and used the default 'admin' user as found on larger switches that do have user name for login.\u00a0 This resulted in a password prompt. To get full access, enter 'enable' and enter twice (Cisco IOS - anyone?).\u00a0 Now I can confirm that this works for the GS110TP running version 5.4.2.10, and likely the GS108Tv2 (uses same firmware image):<\/p>\n As you can see at the end, even going into config mode is possible. If you are familiar with the Cisco IOS CLI you'll realize how similar things are on the Netgear switches (Google tells us FASTPATH is from Broadcom). Also you can have a look at Netgear's M4100 or M5300 CLI guides to get a closer idea of the CLI command usage, though not all commands are available on this box. If you change things via CLI, remember to save the running config to the NVRAM's startup config which is what the web UI automatically does for you. (#copy system:running nvram:startup-config)<\/p>\n Warning: Some commands cause instant reboot<\/strong> The price difference between cheaper “smart managed” and the higher priced “fully managed” switches is often made up by removing a) serial console access and b) disabling access to a remote CLI. After working more often with managed switches I really appreciate a CLI access since most GUIs I’ve so far used (Netgear, HP-H3C Comware, … more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[1],"tags":[48,30,47],"class_list":["post-398","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cli","tag-netgear","tag-telnet"],"_links":{"self":[{"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/posts\/398","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/comments?post=398"}],"version-history":[{"count":0,"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/posts\/398\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/media?parent=398"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/categories?post=398"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.simweb.ch\/blog\/wp-json\/wp\/v2\/tags?post=398"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}# nmap -p 1-65535 -T4 -A -v <ip>\r\n[...]\r\nCompleted NSE at 08:44, 35.57s elapsed\r\nNmap scan report for myswitch.net.example.org (<ip>)\r\nHost is up (0.011s latency).\r\nNot shown: 65528 closed ports\r\nPORT STATE SERVICE VERSION\r\n22\/tcp filtered ssh\r\n23\/tcp filtered telnet\r\n80\/tcp open http?\r\n|_http-methods: HEAD GET OPTIONS\r\n|_http-title: NETGEAR GS110TP\r\n161\/tcp filtered snmp\r\n443\/tcp open ssl\/https?\r\n| ssl-cert: Subject: commonName=<removed>\r\n[...]\r\n4242\/tcp open vrml-multi-use?\r\n60000\/tcp open unknown\r\n[...]<\/pre>\n
(Broadcom FASTPATH Switching) Applying Interface configuration, please wait ...<\/pre>\n
(Broadcom FASTPATH Switching)\r\nApplying Interface configuration, please wait ...admin\r\nPassword:*******************\r\n(Broadcom FASTPATH Switching) >\r\n(Broadcom FASTPATH Switching) >?\r\n\r\nenable Enter into user privilege mode.\r\nhelp Display help for various special keys.\r\nlogout Exit this session. Any unsaved changes are lost.\r\npasswd Change an existing user's password.\r\nping Send ICMP echo packets to a specified IP address.\r\nquit Exit this session. Any unsaved changes are lost.\r\nshow Display Switch Options and Settings.\r\n\r\n(Broadcom FASTPATH Switching) >enable\r\nPassword:\r\n(Broadcom FASTPATH Switching) #show version\r\nSwitch: 1\r\n\r\nSystem Description............................. GS110TP\r\nMachine Type................................... GS110TP\r\nMachine Model.................................. GS110TP smartSwitch\r\nSerial Number.................................. [...]\r\nFRU Number.....................................\r\nPart Number.................................... BCM53312\r\nMaintenance Level.............................. A\r\nManufacturer................................... 0xbc00\r\nBurned In MAC Address.......................... [...]\r\nSoftware Version............................... 5.4.2.10\r\nOperating System............................... ecos-2.0\r\nNetwork Processing Device...................... BCM53312_B0\r\n[...]\r\nAdditional Packages............................ FASTPATH QOS\r\n FASTPATH IPv6 Management\r\n i\u00de\u00e4\u00b0c\u00fc\u00e5|\u00d8\r\n\r\n(Broadcom FASTPATH Switching) #configure\r\n(Broadcom FASTPATH Switching) (Config)#<\/pre>\n
\nHowever, as Koos for the GS716T already confirmed, certain commands don't seem to be recognized and may cause an instant reboot of the switch without saving to the NVRAM (i.e. #ip ssh server enable). That might be the cause why Netgear preferred disabling regular CLI access on this firmware since they didn't want to support it. Still it can be quite useful to know that even on such a small entry-level manageable switch, there is still a\u00a0 CLI available in case you need it.<\/p>\n","protected":false},"excerpt":{"rendered":"