08-19-2021 10:44 PM
I just updated to the recommended IOS version from the downloads page, and now I can't interact with the web UI. I installed IOS version 15.2.2E9(MD), which was the suggested release on the downloads page. It's the universal install with web based dev mgr install. I can login and see the status of stuff, but can't navigate to other pages for configuration. I let the upgrade process finish, and closed the page after it completed to start a new web session as told to do. I even rebooted the computer. Is there any means of rolling this back to an older release? What is the latest release known to work with WS-C2960CG-8TC-L?
08-19-2021 11:27 PM
Use a very old browser.
08-20-2021 12:10 AM
How old of a browser?
08-20-2021 12:14 AM
Windows 7 aged.
08-20-2021 12:22 AM
Are there any good open source firmwares? I just saw a ton of recent security vulnerabilities for Cisco products, and I don't have confidence they're going to update this by October when this switch stops being supported.
08-20-2021 12:48 AM
Not a lot of people use GUI to configure switches, particularly Catalyst 2960 because the GUI only has very, very limited function and slow.
08-20-2021 01:28 AM
Yeah, I'm returning this. I think this is the model with backdoors hackers can get into undetected, which defeats the purpose. Think I might even be able to pick up a normal router, and just turn it into a managed switch with dd-wrt. Maybe, their newer switches running Meraki are better. But, that's probably a $2k switch.
I'm familiar with the command line. I was hoping to get a basic setup going, and then harden the security through the CLI.
Know of which other brands are recommended for security?
08-20-2021 02:36 AM
@grimelog wrote:
I think this is the model with backdoors hackers can get into undetected
Uhhhhh ... Wut?
If you know something, let Cisco PSIRT know.
08-20-2021 02:40 AM
It's a design decision in terms of the hardware, and them putting a backdoor back in 2003 for the US government to use. Have had problems with a ton of their devices for years.
https://www.tomshardware.com/news/cisco-backdoor-hardcoded-accounts-software,37480.html
https://www.schneier.com/tag/cisco/
08-20-2021 03:09 AM - edited 08-20-2021 03:11 AM
OMfG.
Look at the date the date when the articles were published. 2013.
Look at the date when 15.2(2)E9 was released. 15.2(2)E9 is not even the "newest".
Is the switch installed in a defense-related network or a highly-secured environment?
08-20-2021 04:54 PM
The latest article was from 2018.
It's for an operation that needs a high amount of security. I would expect the same from any business storing user data. They still have lawful intercept built into their products, which makes them as bad as just plugging your computer directly into a modem. I don't trust their products to not have this feature built in. I'm expecting to attract hackers, which is why I bought the switch in the first place.
I think it's there as they have a lot of government contractors. I think they might have engineers working for the NSA too. (don't know for sure about that) Besides, I don't like having to sign a bunch of terms, and identify who I am prior to downloading software updates. I would prefer a switch, which I can install open source software on one day.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-mt/sec-usr-cfg-15-mt-book/sec-lawful-intercept.html
08-20-2021 06:29 PM - edited 08-20-2021 09:14 PM
@grimelog wrote:
It's for an operation that needs a high amount of security. I would expect the same from any business storing user data. They still have lawful intercept built into their products, which makes them as bad as just plugging your computer directly into a modem. I don't trust their products to not have this feature built in. I'm expecting to attract hackers, which is why I bought the switch in the first place.
I think it's there as they have a lot of government contractors. I think they might have engineers working for the NSA too. (don't know for sure about that) Besides, I don't like having to sign a bunch of terms, and identify who I am prior to downloading software updates. I would prefer a switch, which I can install open source software on one day.
So the answer is a "no" to my question about the switch being installed in a "defense-related network or a highly-secured environment".
Unless there are more relevant questions, I will refrain from participating any further on particular thread.
I wish you all the best in your search.
08-20-2021 08:48 PM
Using Pfsense, as the router, and finding a non-Cisco switch. Probably whatever Netgate recommends. Thought a secure switch existed. But, I guess not.
08-19-2021 11:28 PM
08-19-2021 11:41 PM - edited 08-19-2021 11:43 PM
I've tried with multiple browsers and it does not work. I've even tried on different computers.
I do get a message that the browser is not supported. How old of browser do I have to use for Firefox, Chrome, or Edge?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide