FEATURE REQUEST: null default gateway

drsmooth
Member
 
Posts: 7
Joined: Fri Feb 10, 2017 2:20 pm
Has thanked: 1 time
Been thanked: 0 time

FEATURE REQUEST: null default gateway

Mon Mar 06, 2017 12:34 pm

For security reasons I'd rather leave out a default gateway and DNS servers. Is that currently supported or on the roadmap? My WS-10-250-AC running v1.4.6 won't let me do this via the web interface. thanks

-chris

User avatar
sirhc
Employee
Employee
 
Posts: 7422
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1609 times
Been thanked: 1326 times

Re: FEATURE REQUEST: null default gateway

Mon Mar 06, 2017 1:23 pm

If you are leaving out a default gateway and DNS I would assume this is an INVALID IP address?
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

drsmooth
Member
 
Posts: 7
Joined: Fri Feb 10, 2017 2:20 pm
Has thanked: 1 time
Been thanked: 0 time

Re: FEATURE REQUEST: null default gateway

Mon Mar 06, 2017 1:25 pm

it's an RFC1918 reserved address, but I wouldn't say it's invalid. I simply don't want my device reachable to hosts outside its network, especially the interwebz

User avatar
sirhc
Employee
Employee
 
Posts: 7422
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1609 times
Been thanked: 1326 times

Re: FEATURE REQUEST: null default gateway

Mon Mar 06, 2017 1:44 pm

Those are non routable IP ranges which means no one outside your network could reach them even if you put in a gateway and a route in your router(s).

A DNS setting has nothing to do with being reached from outside your network range.

If your worried about people inside your network getting to the device use the "Access Control List" in Device/Control List.
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

drsmooth
Member
 
Posts: 7
Joined: Fri Feb 10, 2017 2:20 pm
Has thanked: 1 time
Been thanked: 0 time

Re: FEATURE REQUEST: null default gateway

Mon Mar 06, 2017 2:00 pm

I understand your position and I am familiar withIP routing (cisco certified etc.), but I'm sure you can understand the utility of denying a device a default gateway (inability to say, TFTP configs to a bad actor, unforseen exploits etc.). It is just an idea. Most switching gear I've used (HP, Cisco, Foundry, Dell, Extreme, Juniper) doesn't require a default gateway much less DNS servers.

AFAICT DNS is only useful to this box for the NTP client, but I could be wrong....

User avatar
sirhc
Employee
Employee
 
Posts: 7422
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1609 times
Been thanked: 1326 times

Re: FEATURE REQUEST: null default gateway

Mon Mar 06, 2017 2:09 pm

The switch DNS service can be used to resolve URLs for TFTP, NTP, SNMP, Syslog, Radius, and SMTP services.

The better way is to use the Access Control List to limit what IPs can talk to the switch.

The Access control list block all communications to the switch except for those in the allowed list of IPs. (Make sure you have the latest RC firmware as this was recently fixed)
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 121 guests