xyxel gs1900 16 setup - plembo/onemoretech GitHub Wiki

Setting up the Xyxel GS1900-16

October 27, 2016

Managed switch. With telnet.

To get on the network I first wired it up to a laptop whose interface I'd set up to use 192.168.1.2, since the Xytel defaults to 192.168.1.1 out of the box. I then changed the IP to an address on my desired subnet, hit "Apply", and hit "Save" in the upper right corner of the gui (failing to hit "Save" will result in any changes being lost on reboot).

First upgraded firmware to latest (V2.20(AAHJ.1, 9/02/2016).

System Name: switch3.example.com
Model Name: GS1900-16
Revision: A1
Firmware Version: V2.20(AAHJ.1) | 09/02/2016

To enable telnet, sign in and then go to url:

http://192.168.3.254/cgi-bin/dispatcher.cgi?cmd=538

Select "enabled" and Apply.

Always be sure to "Save" from web console.

You could also export (backup) the config to a text file, add the line "ip telnet" and then reload (restore) the now modified config from that file.

List commands by hitting ? at a command prompt (just like in Cisco IOS):

  clear Clear configuration
  clock Manage the system clock
  configure Configuration Mode
  copy Copy from one file to another
  debug Debug Options
  delete Delete a file from the flash file system
  disable Turn off privileged mode command
  end End current mode and change to enable mode
  exit Exit current mode and down to previous mode
  no Negate command
  ping Send ICMP ECHO_REQUEST to network hosts
  reboot Halt and perform a cold restart
  restore-defaults Restore to default
  save Save running configuration to flash
  show Show running system information
  ssl Setup SSL host keys
  terminal Terminal configuration
  traceroute Trace route to network hosts

Some commands have sub-commands. Like show:

  aaa AAA (Authentication, Authorization, Accounting)
  arp Show the IP ARP translation table
  backup-config Backup configuration
  board board information
  cable-diag Cable Diagnostics
  clock Display the time and date from the system clock
  custom Custom Module configuration
  debugging debugging information
  dos DoS information
  dot1x 802.1x configuration
  errdisable Error Disable
  fiber-transceiver Fiber ports diagnositics
  flash Flash Operations
  history list the last several history commands
  info Basic information
  interfaces Interface status and configuration
  ip IP information
  ipv6 Set IPv6 Configuration
  lag Link Aggregation Group Configuration
  line To identify a specific line for configuration
  lldp LLDP global configuration
  logging Log Configuration
  loop-guard Loop-guard configuration
  mac MAC configuration
  management Specify management restrictions configuration
  management-vlan Management VLAN configuration
  mirror Mirror configuration
  port-security Port security
  privilege Local user privilege level
  process process information
  qos Enable/Disable QoS on the device and enter the QoS mode (ad
  vance/basic).
  radius RADIUS server information
  rate-limit Bandwidth control configuration
  running-config Running configuration
  snmp SNMP information
  sntp Simple Network Time Protocol (SNTP) information
  spanning-tree Displays spanning-tree information
  startup-config Startup configuration
  storm-control Storm control configuration
  tacacs TACACS+ server information
  time-range Display time-range configured on the switch
  username Local User
  users Display information about users
  version System hardware and software status
  vlan VLAN configuration
  voice-vlan Voice VLAN configuration

Rooting the switch:

https://jantore.net/hardware/rooting-zyxel-gs1900/

Installing a custom TLS/SSL key and certificate:

http://hansmi.ch/articles/zyxel-gs1900-tls-cert

Above article mis-copied previous one's command for getting a root shell, this is the right one:

ping -h;sh${IFS}-a${IFS}telnet

Basically followed directions in article after that to cat a pasted copy of my key and self-signed cert (whose CA cert has been imported into all my browsers).

Key and cert are under /mnt/ssh and named ssl_key.pem and ssl_cert.pem, respectively.

Once in shell need to enable CTL-D:

stty icanon

Then do invoke cat to write out a new file:

Paste in key text (you won't see anything in console).

cat > ssl_key.pem.new

Hit CTL-D.

Repeat for cert.

Then mv .new files over originals.

Could not interactively disable https, so I rebooted switch.

Copyright 2004-2019 Phil Lembo