Question

ERS 3500 Series Secure Image with modern web browsers

  • 23 February 2021
  • 6 replies
  • 27 views

  • New Member
  • 2 replies

The newest secure firmware I can find for the ERS 3500 series is 5.3.12 which was released relatively recently.  It still has the known issue of being unable to access through any modern web browsers, which is hardly secure at all.  Is there a newer firmware that I’m unaware of and is this going to be resolved? 


6 replies

Userlevel 5

Can you describe the issue please. Or is this issue documented somewhere.   I have an ERS3500 running v5.3.12.009, with SSH enabled.

I am able to access it with safari, chrome and firebox without issue. 

 

(EDIT:  It worked because for me because I didn’t have HTTPS enabled.)

I haven’t actually performed the upgrade yet, but according to the known limitations in the release notes here (https://documentation.extremenetworks.com/release_notes/ERS_Series/ERS3000/ERS3500ReleaseNotes_5.3.12_RN.pdf) up to date web browsers can not connect via secure EDM.  THat is referencing the 3500’s web GUI, correct?

Userlevel 5

@b4b Thanks for showing me this.  I need to correct myself.    My 3500 had SSH enabled but it didn’t have SSH SECURE mode enabled.

 

You are correct,  None of my browsers work once I enabled HTTPS mode. 

Do you happen to know if that will be resolved?  Not being able to use HTTPS is kind of a big issue for a switch still being updated.

Also, how were you able to enable SSH without the full secure mode?  If I put the latest secure image on the 3500 and enable secure mode it seems to force HTTPS.  Is there a way to enable SSH without secure mode?

Userlevel 5

I will ask internally. but you should also reach out to your Extreme SE or open a non-critical ticket.

 

As for enabling SSH but having HTTPS disabled you need to do the following.

Disable SSH.

NO SSH.

Enable SSH password security

SSH PASS-AUTH

Enable SSH

SSH

 

Then DON”T re-enable SSH SECURE mode

SSH SECURE FORCE /////// DON”T DO THIS!!!!!!  This command forces all services to secure mode.

 

Then toggle your browser off/on

NO WEB-SERVER EN

WEB-SERVER EN

 

Your browser will now be open for HTTP and remote login will support SSH.

!!!!!!!!!!!This is undesirable!!!!!!!!!!

I don’t condone this.

 

Userlevel 5

Quick update: i spoke with a colleague.  

 

If you load a signed cert to the switch the browser should start to work.

The root of the issue is that browsers no longer accept self signed certs.  Which is what is loaded on the ERS3500.  

 

 

Reply