Chapter 4: Remote Management HTTP and SNMP
The following methods may be used to determine a gateway's IP address if lost or forgotten. Note that once
determined, management communication with the unit may only be possible from a host configured to the
same IP subnet address if the unit's default router address is invalid.
To manually discover a unit's IP address, unplug all LAN and BNC cables from the gateway and power
cycle the unit. 30 seconds after powerup, the gateway will begin blinking out its IP address on the leftmost
LED. Each digit is counted up as an orange blink with a pause between digits and a short blink for a 0. A
decimal in the IP address is indicated with a green blink. For example, <orange><orange><pause><short-
orange><pause><green>... would be an IP address that begins “20.”
For those with access to packet sniffers, upon power-up, the gateway will broadcast several gratuitous ARP
packets on its network ports which can be examined with a sniffer or packet monitoring software to
determine a unit's IP address. The source Ethernet MAC address of such packets and E3Switch gateways is
00:50:C2:6F:xx:xx. Tcpdump or Wireshark are two readily available software packages to examine
network packets.
Additionally, examination of the MAC address table of an attached LAN switch or router may provide the
IP address if the E3Switch MAC address prefix (00:50:C2:6F:xx:xx) can be located.
Management Passwords
The HTTP management statistics page is initially accessible without a password. The HTTP settings page
is initially modifiable within the first several minutes after powerup with username
admin
and no password.
If the unit has not had its default password changed, after several minutes the settings page will be locked
for security reasons. It is desirable to change the default password of the unit. For security reasons,
changing the default password of the unit must be done within the first several minutes of any powerup. If
the HTTP management password is lost or forgotten, it may be reset by accessing the HTTP management
settings within the first minute after powerup and with no BNC cables attached to the unit.
SNMP statistics may initially be accessed using the read-only community name
public
. Write-community
names and variable access authorization may be set through the HTTP management interface.
Security
Please also refer to the password section above.
HTTP Interface Security
Access to the HTTP management interface statistics and settings pages can be selectively limited to users
knowing the HTTP management password, which is transmitted securely on the network using MD5
encoding. New values of management settings, or modifications of the administrator password are not
encrypted and are visible to users monitoring network packets, as is statistical data requested by an MD5
authorized user or any information visible on a HTTP page.
When logging out from any secure webpage, the browser window should always be closed!
Browsers
typically continue to send administrator credentials continuously even after apparent logout.
SNMP Security
The gateway implements SNMPv2c, which is inherently an insecure protocol; however, the gateway
enhances security by implementing view-based access management (VACM), which can restrict read or
write access to specific management settings and statistics. When shipped, the gateway allows read access
to “safe” SNMP statistics and prohibits read and write access to statistics and settings which could allow
determination of network topology or interfere with normal link traffic. The VACM configuration can be
updated through the HTTP management interface to meet the user's needs, and most SNMP variables can
also be set through the HTTP management interface in a more secure manner than SNMP allows.
9
