Zyxel XGS1210-12 - capable small switch, but I need help

I am dedicating a thread on the Zyxel XGS1210-12, a small 12 port switch that is basically a Swiss army knife.

Harware

  • 8x RJ45 1 Gbps ports
  • 2x RJ45 2.5 Gbps ports
  • 2x SFP+ 10 Gbps ports
  • Managed
  • Link Aggregation
  • VLAN support
  • QoS support

All of the ports are independent of one another, so no the copper ports aren’t shared with the SFP+ ones, you can connect 12 devices to it. Not much I can say about the specs and features that can’t be found in the manual or in more serious reviews. But this is a rant, so let’s go to software.

Software

Oh my God, it sucks ass. Zyxel really did it this time. They do advertise that is a “Web-Managed” switch, but I didn’t expect it to be so limited. The software is pure insanity, I tell you.

You have a few options available for the initial setup. Assign your PC a static IP address, connect it to the switch and go to 192.168.1.3, or plug the switch into a network that has a DHCP server on it, find its IP using “Zyxel One Network” (ZON) utility, which is only available for Windows. You can only download the utility by registering with an email address. Just for the lolz, I tried registering with guerillamail, I didn’t expect this to work, but it did. Thank you Zyxel programmers / sysadmins for making humanity a better place and not locking stuff away from anonymized email services. Link to download is https://www.zyxel.com/zyxel-file/ZON_Utility.zip if you feel like installing potential malware on your system.

(btw, when I downloaded this image, it was called “9fu**ing11.jpg” for some reason).

Anyway, I believe you can find its IP by looking at your DHCP leases, but I didn’t try it.

Moving on to even more dumb stuff. The welcome screen makes you insert the password 1234. Not too bad in itself, just don’t connect this switch to the internet when you configure it first time or when you reset it and you should be fine. But that’s not all, oh no boys. The switch asks you to reset the password the first time, ok fine, but the password can only be between 8 and 15 characters long. At first, I didn’t read that, I just generated a 30+ long password and tried using it, only to be met by an error pop-up repeating the message. If your software can’t use at the very least 32 characters for a password, you are doing something wrong.

I poked around on the web interface, just for the sake of it. The interface is decent and somewhat simple, which is good user experience, you cannot get lost into endless submenus. But the GUI is so limiting that it’s not even funny.

For example, for LAgg, you only have 7 defined groups: {1, 2}, {3, 4}, {5, 6}, {7, 8}, {9, 10}, {11, 12} and {1, 2, 3, 4}. It does make sense from a manageability standpoint, but you cannot mix and match ports for some odd reason, or do a LAgg on 3 ports. I’m not using this, so I don’t care, but it’s certainly a limitation that I saw nobody online talking about, everyone is just praising this switch.

VLAN setup is hot garbage. By default, when you create a new VLAN, all the ports get into tagged mode for said VLAN. You have to manually click on each port and the ports can have one of 3 colors: Orange (tagged / mode trunk), Green (untagged / mode access) and Grey (not using the vlan at all). If you want to create 5 VLANs and only tag 3 ports and leave the rest unused, you have to click 2 times on each port that you don’t want to have anything to do with the VLAN, each time, for a total of 90 mouse clicks. Who thought this was a good idea, Zyxel?

Sick of clicking on ports to assign (or rather not assign) VLANs, I moved to the Management tab, where I wanted to go from the beginning, but I saved it for last. I wanted to enable SSH, but there was no SSH option. I thought that maybe it’s just not advertised, so I just went to a terminal and tried to nc to the switch on port 22. And it worked, SSH server is up and running. I try to ssh with user admin @ switch and it fails authentication.

Looking again in the management tab, there is no user set-up. Reading online, it looks like this switch is only intended to be managed by a single user. You what now? Ok, fine, just hide the SSH server config and only allow 1 connection on it at a time, that’s so easy even I could do it! I look online for zyxel usernames, I try different ones, like admin-username, administrator, root, webmanagement, webadmin, user, zyxel, ZyXEL… none of them works. I even tried admin/1234 and 2 or 3 other combinations. The SSH server is active, but I cannot find the credentials to login as.

Here’s where I need your help

I need to find the SSH user for this Zyxel switch. I tried looking into the html & JS code on the web interface, but it looks like there is no hidden username (or I couldn’t find it, I don’t know how to analyze all the code), so it may be that the user is baked right in the web server. Which would be the dumbest thing ever.

I purposely did not connect the switch to the internet, just in case it would phone home and update itself. From what I can tell, it shouldn’t, you have to upload the firmware images yourself on it. Looking on the internet, it looks like this switch in particular is very vulnerable to a lot of attacks, including remote shell execution. So maybe we can use this to reset the root password on it, or create a SSH user.

Whatever the option, I want to SSH into the switch and use the command line. If it’s not possible, it’s not exactly the end of the world, I could script all my network restarts / VLAN changes in case a port or switch goes down on the routers-only, but I would have liked to have the option to automate some stuff via CLI. Obviously Zyxel thought about this and did not allow “enterprise features” to mere mortal plebs. Sh*t move, Zyxel!

I don’t know if I want to return this switch, in all honesty, it fits my requirements quite well and it’s decently priced at $210. In the future I plan to expand my network with another one just like it and have a form of redundant networking on the cheap. It could have been done cheaper, but not with VLAN support, or if it had, then with a lot more power consumption.


Some noteworthy notes:

I know that Zyxel switches have a lot more capabilities. It’s just that, with this model, Zyxel decided to strip it down as much as possible and offer the bare minimum, which is a real shame, because their usual switches are really good. I really want to find a way to SSH into it and unlock its full potential.

2 Likes