Page 1 of 1
CLI but no GUI access
Posted: Tue Oct 18, 2016 8:43 am
by Brough
I have a deployed WS-12-250-AC switch that I can reach via SSH but can no longer reach via the GUI. When I attempt to access the GUI at "https://10.9.162.3/", I get the login screen but after correctly entering the username & password and hitting login, the browser hangs trying to access "https://10.9.162.3/main.html". This is the case with both Firefox and Chrome browsers.
Using Putty to login via SSH works. I tried going into configure and then doing "https-server port 443", exit followed by Enter to apply configuration, but that didn't fix the problem.
I then used cmdline to drop down to Busybox and "ps" to get a list of processes. From experience with other devices using Busybox embedded Linux, I expected to see "lighttpd ..." in the process list. Here I see three entries "<#> netonix <#> S lighttpd -f /etc/lighttpd.conf" with only the PID and VSZ numbers differing! Why three http processes?
I tried using "kill -9 <ps#>" to kill each lighttpd process. Each time another lighttpd process restarts, as expected, so when I'm done I still have three lighttpd processes. But going back to the browser, there is no change.
I can't reboot the device until 4am tomorrow as it appears to be working correctly in all other regards and it's carrying substantial customer traffic.
Is there any explanation? or suggestion for how to proceed?
Re: CLI but no GUI access
Posted: Tue Oct 18, 2016 12:36 pm
by Eric Stern
What firmware version?
You can try running "/etc/init.d/lighttpd restart".
A reboot will probably fix it.
Are there any files in /root? (ls /root)
There are multiple lighttpd processes because lighttpd is a single threaded process, it requires multiple processes to be able to handle more than 1 request at a time.
Re: CLI but no GUI access
Posted: Tue Oct 18, 2016 1:08 pm
by sirhc
Also you should upgrade to v1.4.5rc4 as soon as possible as there was a bug that spawned multiple threads when certain things occurred such as a mis configured SMTP server.
Re: CLI but no GUI access
Posted: Fri Nov 04, 2016 1:32 pm
by Brough
Sorry for the multi-week delay here. Traffic is still passing, so I haven't had a moment to come back to this until now.
Now I need to power cycle a radio...
We are running firmware 1.3.9 on all our switches. We hesitate to go to 1.4.x until there is a feature we absolutely need... :)
No files in /root, i.e. nothing from an "ls /root" command.
ps shows three lighttpd processes at the moment.
/etc/init.d/lighttpd restart returns "2016-11-04 13:24:50: (log.c.97) server started" however a new attempt to access the GUI still fails in the same way (allows you log in but then hangs with a blank screen).
I will reboot the device at 4am on Monday morning. (Don't want to risk anything before the weekend).
Note I have managed to power cycle the radio in question via the CLI. I.e. your help messages are pretty good, thanks.
Re: CLI but no GUI access
Posted: Fri Nov 04, 2016 1:51 pm
by Brough
A more adventuresome colleague just rebooted the switch. Everything came back OK, but the GUI still asks for a login credentials and then hangs when you hit login.
Re: CLI but no GUI access
Posted: Fri Nov 04, 2016 2:30 pm
by sirhc
Brough wrote:A more adventuresome colleague just rebooted the switch. Everything came back OK, but the GUI still asks for a login credentials and then hangs when you hit login.
1) You will probably need to swap this switch out
2) Factory default it
3) Upgrade to v1.4.5rc8
If this switch was on a valid IP address there is a chance it was hacked as there were security patches to fix this exploit.
v1.3.8 is very OLD firmware and many exploits for Linux and the modules we use such as our web server have happened since v1.3.8.
If you know what your doing you might get away with upgrading the switch via SSH but I do not remember if that was an option in v1.3.8 once again OLD firmware.
To do an upgrade via SSH you need to have a TFTP server to deliver the firmware.
But I would go swap it out and play with it on a bench not in service.
Re: CLI but no GUI access
Posted: Mon Nov 07, 2016 1:07 pm
by Brough
This switch is only available via 10.x management address in a private space that is pretty secure.
In any event, we've swapped the switch.
Playing with the unit back in the office, we did a full factory default (10 secs while powering up) and then reloaded 1.3.9 firmware.
That appears to have resolved the problem.
Re: CLI but no GUI access
Posted: Mon Nov 07, 2016 1:11 pm
by sirhc
Brough wrote:This switch is only available via 10.x management address in a private space that is pretty secure.
In any event, we've swapped the switch.
Playing with the unit back in the office, we did a full factory default (10 secs while powering up) and then reloaded 1.3.9 firmware.
That appears to have resolved the problem.
Please load v1.4.5rc8
There are security patches and other bad bugs fixed since that OLD firmware.
If you are running v1.3.8 your switch can be hacked and the symptoms are reporting match that of a hacked device.
Re: CLI but no GUI access
Posted: Fri Aug 17, 2018 4:03 am
by geolinks
Seeing this same issue and wondering if there is a known fix. We're currently experiencing this issue on Firmware Version: 1.4.6 Model: WS-10-250-AC
Re: CLI but no GUI access
Posted: Fri Aug 17, 2018 12:29 pm
by Stephen
Firmware is very old.
Try upgrading
viewtopic.php?f=17&t=240You may need to do a console recovery
viewtopic.php?f=17&t=1073