SG 200-08P Secure lockdown question/s
I have an SG 200-08P. I need to restrict access to the web interface for security. Unfortunately I have found this nearly impossible.
- Is there any way to restrict access to HTTPS? Seems simple but I haven't found a method of doing so. IIRC this is required for compliance with some security standards.
- How can I set the switch to only allow management from a single port (it seems like this is an option but I haven't figured out how). Every time I try to set up a VLAN for administration the switch ends up locking out all connections or something similar and I have to reset it.
- As far as I can tell the 'cisco' user can not be deleted, disabled, or removed from administration under any circumstances. Is that really correct? Seems like a horrific security hole to me.
Thanks in advance for your time.
I finally got things configured so only one phisical port can be used for administration.
I am still not happy with Cisco for disallowing the re-naming of the default user and especially for leaving HTTP open no matter what.
Similar Messages
-
Do you know what the applications of the following may be?
We are using a Cisco smart switch (model # SG 200-08P) and pinging the WK2 to check for Ethernet communication. When “DHCP auto configuration” is enabled the Cisco switch generates a consistant TFTP read request:
Opcode: Read Request (1)
Source File: fp-net.cfg
Type: octet
This subsequently locks up the WK2 for a few seconds at a time and disables Ethernet communication. If the “DHCP auto configuration” is disabled on the Cisco switch, then there are no problems.
Test Results:
DHCP Auto Config Enabled:
6ft/Direct PCB – Fail
100m/Direct PCB –Fail
6ft/ Jumper –Fail
100m/ Jumper –Fail
DHCP Auto Config Disabled:
6ft/Direct PCB – Pass
100m/Direct PCB –Pass
6ft/ Jumper –Pass
100m/ Jumper –PassHi Jens-Peter,
I would try disabling smartports and green ethernet on the SG200 switches. Then you will need to hardcode each of the ports to have the necessary settings. Often times when a reboot is required to restore functionality smartports is the cause.
As for the 6921 phones, you need to be sure to have auto voice vlan enabled. Otherwise the phones will not be able to pick up the correct VLAN via CDP. Let me know, if you have any questions.
-Trent Good
** Please rate useful posts! ** -
SG 200-08P - connecting PCs and Phones
Hello,
we have a serious problem over here with some new SG 200-08P switches firmware: 1.0.6.2
They are setup behind 2 SG-200 50 layer 2 switches - actual firmware 1.3.2.02.
We have 4 VLANs: 1 for DATA and 2 for PHONE, 10 fpr MGMNT and 20 for GUESTS - on the 08-P only VLAN 1+2 is needed. CDR protocoll is active.
Ports 1-7 on the 08-P is setup as "Trunk, 1U, 2T", parameter: Auto Negotiation ON. We tried FlowControl ON and OF - makes no difference. Port 8 is setup as "Trunk, 1U, 2T, 10T" to the floor switch. The connecting port on the floor switch SG-200 50-switch ist setup as "Trunk, 1U, 2T, 10T".
One of the problem switches: on port 1-4 of the 08-P there are connected 4 Cisco 6921 phones . On Port 5-7 there are connected 1 HP Z400 and 2 Elite 7200 PCs. One of the 6921 phones is switching to a DELL Latitude 6420 laptop.
So it happens every morning, that the first staring PC ist working fine, then the switch has to be switched off and on to get the next PCs connected to the network. The switching 6921 phone does not connect at all. But after some more switching off/on it works.
We thried another 08-P hardware with the same config, we tried an older firmware level ... we setup the PoE-phone ports as GENERAL 1U, 2T. We gave external power to the phones so that PoE is not overloaded ... nothing helps. Only some switching off/on helps and the PC gets its IP address from DHCP and the phones all come up an find the CU 6000.
Is there someone outside who may give a helping hand on this?
Thanks so far...Hi Jens-Peter,
I would try disabling smartports and green ethernet on the SG200 switches. Then you will need to hardcode each of the ports to have the necessary settings. Often times when a reboot is required to restore functionality smartports is the cause.
As for the 6921 phones, you need to be sure to have auto voice vlan enabled. Otherwise the phones will not be able to pick up the correct VLAN via CDP. Let me know, if you have any questions.
-Trent Good
** Please rate useful posts! ** -
Not able to get rid of security-related questions in runtime
Hi,
I am simply using NetBeans 6.0.1 and the emulator QwertyDevice and the emulator platform WTK 2.5.2 for CLDC.
I have chosen Alias as trusted in the signing option in the project configuration page. however still I am getting security confirmation questions in runtime to access the local files for instance.
Would anyone please advise me how to get rid of that?
Also I have deployed the application on SonyEricsson k800i and would like to get rid of the security confirmations on that device as well. What is the guideline?
Thank youRight clicking on it is not even an option, just hovering over it seems to induce a "nuclear" reset of the whole desktop and graphic card on the iMac.
Have meanwhile found a possible solution by erasing the dock preference file in the user/library/preferences folder to reset the dock to it's default state. Will try this out through a Skype conversation with that Buddy.
Was seen here :
https://discussions.apple.com/message/16447109#16447109
Thank you for stepping in. Good to know that people are still willing to help in this community.
Greetz to the UK from France -
Security upgrade question - Getting 6.1.6 downloaded to iphone.
Security upgrade question - I have a 4S phone v6.01 with an upgrade to IOS 7.04 already downloaded and ready for install. I would like to install the 6.1.6 security upgrade instead. How do I delete the ios7 in the queue or have the 6.1.1 pushed as an option to the phone?
You can't install iOS 6.1.6 on that device and must update it to 7.0.6.
(101120) -
I foreget my security answer questions. --app store
I foreget my security answer questions . --app store
I can not buy any thing without answeing this questions
Pls help me to repair this problemQ - Can I change the answers to the security questions for my Apple ID?
A - Yes. You can change the answers to the security questions provided when you originally signed up for your Apple ID. Go to My Apple ID and click Manage your account.
http://support.apple.com/kb/he37
Manage your Apple ID -
https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/ -
PoE does no work for my SG 200-08P ?
Hi,
I've bought two SG 200-08P which have their 1-4 ports who can delivered PoE.
Whatever the PoE equipments I plug into those ports, it doesn't work.
If I plug a non PoE equipment in the 1-8 ports it's working fine.
I can log into the web interface of the switch, and when I go to "Port Management > PoE > Properties", I can see the following screen:
I don't know how switch the "Power" option to "On"...
I have the exactly same issue with a second and new SG 200-08P.
I've changed the firmware and I am now in the 1.0.6.2 version but I have the problem with the original version.
I also try to reset the switch several times, but it doesn't change anything.
Is anyone has a idea to what can I do or test ?
Thanks.Hi Tom,
For now, I only try to connect differents Siemens IP phones (1 or 2 or 3 PoE classes) : OpenStage 20,
OpenStage 40 and OpenStage 60.
Those Siemens phones are working fine with other PoE switches like linksys, HP, catalyst, 300 series, Netgear ...
I've just noticed something interesting, in the "Status and Statistics > View Log > RAM Memory" menu :
When I clear the logs, only my computer is connected on port 8...
I'll try to find other PoE devices, to test with.
Regards. -
Hi,
I have some security/session questions for you guys.
My application uses flex, blazeds and spring. I use RemoteObjects to initiate calls from flex to java. The application consists of a login screen and 'other screens' available only to authenticated users after login. When the user logs in the server stores user credentials on the FlexContext (FlexContext.getFlexSession().setAttribute). So if the server timeout is reached and the user presses 'refresh' the user is thrown out and the login screen appears.
Question 1: How can I check if the timeout is reached when the user makes a call to the server, without checking manually against the FlexContext. Are there any config parameters to set?
Question 2: Is it necesssary to check against the user credentials in the session for every flex-to-server call? (I guess someone can omit the login screen and do a manual call)
Question 3: If the answer to question 2 is yes, how can I check against the session credentials? The only way I can think of is calling a method which checks the session attribute manually, but then I have to remember to add this method call to each of the methods called from flex through Blazeds. Is it, for example, possible to call the user-logged-in method before the method given in the RemoteObject is called? (If not authenticated, do not run method).
Hope someone got the time to help me out.I appreciate your answer, but as you yourself write, I think there must be a blazeDS way. But as nobody with extensive BlazeDS knowledge answers this post, I probably have to google this topic even more.
Following are the main changes in my application: (Introducing spring security)
Everything seems to be working as it should. But as already stated, I'm a newbie. So if anybody see something suspicious, let me know.
The main problem I had implementing Spring Security was something that should be easy, but somehow it was not: the loading of the context files. Before introducing the spring security I only had one application-context file, and this was loaded by the DispatcherServlet. When introducing security I tried to add this to the same file. It did not work. Then I tried splitting up the files, and loading both using DispatcherServlet. It did not work. Then I tried loading both using ContextLoaderListener. It did not work. Finally I found the solution. Flex settings must be loaded by the DispatcherServlet, and spring security settings must be loaded by ContextLoaderListener. This work. I don't know if this is the only solution.
On the server:
web-xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/config/web-application-config.xml
/WEB-INF/config/web-application-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/config/flex-application-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
flex-application-context:
<flex:message-broker>
<flex:secured/>
</flex:message-broker>
web-application-context:
I had to implement my own authentication mechanism. Had to compare the username/password against an object attribute. So this bean is not mandatory, but I think you have to write down username/password/role in flex-application-context if not provided.
<bean id="customAuthenticationProvider" class="packagename.CustomAuthenticationProvider">
<security:custom-authentication-provider/>
</bean>
web-application-security:
<http entry-point-ref="preAuthenticatedEntryPoint" />
<beans:bean id="preAuthenticatedEntryPoint"
class="org.springframework.security.ui.preauth.PreAuthenticatedProcessingFilterEntryPoint " />
<!-- Securing the service layer -->
<global-method-security>
<protect-pointcut expression="execution(*package.ServiceImpl.*(..))" access="ROLE_USER"/>
</global-method-security>
On the client:
private function login():void {
var cs:ChannelSet = ServerConfig.getChannelSet(loginRemoteObject.destination);
var token:AsyncToken;
token = cs.login(username, password);
// Add result and fault handlers.
token.addResponder(new AsyncResponder(loginResultHandler, loginFaultHandler));
private function logout():void {
var cs:ChannelSet = ServerConfig.getChannelSet(loginRemoteObject.destination);
var token:AsyncToken = cs.logout();
// Add result and fault handlers.
token.addResponder(new AsyncResponder(logoutResultHandler, logoutResultHandler)); -
Forget security answer question
im forget the security answer question
If you have a rescue email address (which is not the same thing as an alternate email address) set up on your account then go to https://appleid.apple.com/ and click 'Manage your Apple ID' on the right-hand side of that page and log into your account. Then click on 'Password and Security' on the left-hand side of that page and on the right-hand side you should see an option to send security question reset info to your rescue email address.
If you don't have a rescue email address (you won't be able to add one until you can answer 2 of your questions) then you will need to contact iTunes Support / Apple to get the questions reset.
Contacting Apple about account security : http://support.apple.com/kb/HT5699
When they've been reset (and if you don't already have a rescue email address) you can then use the steps half-way down this page to add a rescue email address for potential future use : http://support.apple.com/kb/HT5312 -
Hi. I have a configuration whereby I use a SG-200-08P to power a SG-200-08 (no PSU connected) which in turn is connected to another SG-200-08 that is powered via PSU. It seemed to work but recently I've been getting connectivity issues. The Ethernet cable from the non PSU powered SG-200-08 to the PSU powered SG-200-08 is 100m. Are there any ways to configure these switches in order to resolve the connectiviy issues? Thanks.
Tom, many thanks for the response. I definitely think it's a power issue as the connection to my laptop keeps trying to connect/identify for a few seconds, then stops, then trys again/again and 100m is quite a long run from a switch that's powered by POE. Configuration is as follows:-
Router -->>--SG-200-08P -->>-- 100m -->>-- SG-200-08 (no PSU) -->>-- 100m -->>-- SG-200-08 (with PSU) -->>-- Laptop
My first thoughts were to attach the PSU to the SG-200-08 in the middle that's running off POE at present. Although because a power source isn't easily available there I was hoping I could perhaps divert more power to the port in the SG-200-08P that's powering the SG-200-08. Thanks. Guy -
SG 200-08p Wont upgrade firmware
I have a fleet of the SG-200-08P switches which are way behind on firmware. I went to upgrade them to the newest firmware available:
"sx200_fw_1.3.7.18.ros"
After about a 5-7 minute wait, the web interface returned the message (tired multiple times):
"Firmware Image download through HTTP failed. Wrong File Type."
I reset the router, same results. I went and installed the second most recent verson, "SG200-08x_FW_1.0.7.4.stk", which installed without any issues. Then tried the "sx200_fw_1.3.7.18.ros" file and again with the same result:
"Firmware Image download through HTTP failed. Wrong File Type."
I then did a factory reset and tried again, same results. It seems that none of my routers want to use the .ros files, it preferes the .stk files. What am I doing wrong?
I'm accessing the upgrade feature via "Main Menu -> Administration -> Upgrade/Backup firmware" and have it set to:
X - via Http
X - Upgrade
X - Firmware image
Please HELP!!!Thanks for the info. I was working off another post where someone laid claim to installing the 1.3.x firmware on their sg200 to enable SNMP protocols for Spiceworks Management software.
Does this mean there is no SNMP options for the SG200-08P switches? -
HT201413 forgot my itunes security secret questions for purchase music
Iforgot my itunes security secret questions for to purshase music how do i get to redo it again plz
same thing is happening to me aswell please i dont know what to do
-
HT5699 I forgot my security support question and answer, what should i do?
I forgot my security support question and answer, what should i do
See Kappy's great User Tips.
See my User Tip for some help: Some Solutions for Resetting Forgotten Security Questions: Apple Support Communities https://discussions.apple.com/docs/DOC-4551
Rescue email address and how to reset Apple ID security questions
http://support.apple.com/kb/HT5312
Send Apple an email request for help at: Apple - Support - iTunes Store - Contact Us http://www.apple.com/emea/support/itunes/contact.html
Call Apple Support in your country: Customer Service: Contacting Apple for support and service http://support.apple.com/kb/HE57
Cheers, Tom -
HT5312 i forgot my security my question . i need to send my security a gain .
i forgot my security my question . i need to send my security a gain .
Try calling your country number from http://support.apple.com/kb/HE57 and ask to speak with Account Security.
-
I am not receiving security rest question from apple
i am not receiving security rest question from apple, i need to buy some app. please help
Read here > Apple ID: All about Apple ID security questions
If necessary
1) See Here > Apple ID: Contacting Apple for help with Apple ID account security
Ask to speak with the Account Security Team...
2) Or Email Here > Apple Support iTunes Store Contact
Note:
You can only set up a Rescue Email BEFORE you forget the questions/answers.
Maybe you are looking for
-
Safari cannot open webmail server page
Even after Yosemite update problem not fixed. Still cannot access emails on server webmail page.
-
Itunes "Ignoreing" some of the MP3 files
Afterthe latest issue of Itunes that i have slapped into my system a while ago, I realize that Itunes won't recognize some of the properly tagged, legally bought, or ripped mp3 files from my own collection. I am a year old Itunes and Vista user didn'
-
Comprehensive integration approach for photos across multiple computers?
Hi All-- I've been wading through the discussion boards and have multiple partial pieces of info. However, I am looking for a state-of-the-art solution to an old problem because I want to integrate all of my photos onto a single drive and (probably)
-
Hai.. I am in need of this code.. I have n number of flash files(swf). Each file contains n number of frames. I need to get the totalframes of that flash files in Actionscript 3.0. Please help me through Actionscript.
-
Adobe Reader XI I cannot open pdf documents, change or delete the program
Hi, After installing Reader XI I cannot open pdf documents, change or delete the program! please help