FEATURE REQUEST: null default gateway

[drsmooth]

For security reasons I'd rather leave out a default gateway and DNS servers. Is that currently supported or on the roadmap? My WS-10-250-AC running v1.4.6 won't let me do this via the web interface. thanks

-chris

[sirhc]

If you are leaving out a default gateway and DNS I would assume this is an INVALID IP address?

[drsmooth]

it's an RFC1918 reserved address, but I wouldn't say it's invalid. I simply don't want my device reachable to hosts outside its network, especially the interwebz

[sirhc]

Those are non routable IP ranges which means no one outside your network could reach them even if you put in a gateway and a route in your router(s).

A DNS setting has nothing to do with being reached from outside your network range.

If your worried about people inside your network getting to the device use the "Access Control List" in Device/Control List.

[drsmooth]

I understand your position and I am familiar withIP routing (cisco certified etc.), but I'm sure you can understand the utility of denying a device a default gateway (inability to say, TFTP configs to a bad actor, unforseen exploits etc.). It is just an idea. Most switching gear I've used (HP, Cisco, Foundry, Dell, Extreme, Juniper) doesn't require a default gateway much less DNS servers.

AFAICT DNS is only useful to this box for the NTP client, but I could be wrong....

[sirhc]

The switch DNS service can be used to resolve URLs for TFTP, NTP, SNMP, Syslog, Radius, and SMTP services.

The better way is to use the Access Control List to limit what IPs can talk to the switch.

The Access control list block all communications to the switch except for those in the allowed list of IPs. (Make sure you have the latest RC firmware as this was recently fixed)