Bought Netgear GS108T and need to block 8.8.8.8

Bought Netgear GS108T and need to block any and all access to 8.8.8.8 on my RPi4 as referenced here :

The goal here is to prevent this switch from forcing me to setup a Netgear account in order to fully use and configure it.

My Firewall rules are unmodified as per fresh 21.02.0-rc4 install on my RPi4 router.
Would require strait forward instructions to accomplish this.

Many thanks in advance !

1 Like

Go to firewall, add new rule, drop outgoing traffic to wan from the netgear IP, or all traffic to 8.8.8.8.

The latter might however break some apps.

I had done exactly that before, but it didn't change the maximum of successful 3 logins until the switch disabled most advanced features and kicked into very basic config/reset/erase mode only.

So this only left three successful logins until the next reset/erase cycle. Netgear are real losers for forcing network switches to call home and spy on you in order to work properly.

Ended up upgrading GS108T OEM firmware from 7.0.4.8 to 7.0.7.1 and the 3 successful login limitation is now replaced to 30-days registration in order to honor their warranty or else you no longer have a warranty.

Let's see if that's legal in most countries, but at least now you can use all of the switch features without login (3x) limitations.

I guess the 8.8.8.8 phone home may have changed over the course of firmware versions...

1 Like

Thanks for the information. I have a Netgear GS108Tv2 that's great. But I won't buy a new Netgear switch.

1 Like

Well I have v3 and it can be upgraded to OpenWrt 21.02.0-rc4, but info is still very scarce right now.

I wanted to get familiar with the OEM firmware before I performed The Switch :grimacing:

Information is still very fluid at this point, I think I will wait some more until more info on a clear and easy "Upgrade"...

rc4 runs fine on the v3. I had to reset it once to get the VLAN set up correctly in Luci.

afaik... the 108e i got recently just pops up once asking for online-rego... (no function limit)... still not really happy about that... but maybe it could they are scaling the mothership-dependency back overall?

imho... its a breach of consumer rights...

if everyone returns these units immediately it may motivate them better :wink:

@murraydr44 would you be so kind to outline step by step guide from stock to rc4, please ?

@anon50098793 in my jurisdiction, registration for warranty is illegal, warranty is a must regardless, hopefully same elsewhere...
I'm OK with stupid 30-day registration for warranty message, as long as I have full access...

1 Like

@mikma GS108Tv3 is probably best path to rc4, hopefully @murraydr44 will kindly assist with step by step guide, please ?

Warning, only the gs108t v3 is supported!
Having a (3.3V based!) serial console handy is strongly advised, even if you may not need it. Be aware of the management VLAN only listening on port 1 and VID 100 by default on OpenWrt (Support for RTL838x based managed switches - #367 by slh).

If you are unsure about any of the steps involved, after reading the supplied information - don't do it.

1 Like

@slh I have read these, however the OEM firmware and OpenWrt has evolved since, I was wondering if anything safer/easier was now a reasonable path ?

That's the documented information, and was apparently working when support for this device was merged in january. Personally I don't own this device (but other rtl838x based ones, working roughly similarly).

So this is ONLY a soldering iron serial upgrade ?

That's not what the information says, but I strongly recommend to be prepared to use the serial console (because if anything fails, you will need it).

return it as not fit for purpose (due to firmware requiring a login) and buy a tplink instead. Add a shitty review as well. Netgear deserve all the hate they get for this retroactive forcing of subscriptions. Its on their enterprise switches and they added it to consumer ones and caused a damn riot. They are firmly on my banned list for hardware.

1 Like

No, I have successfully flashed OpenWrt on my GS108Tv3 from the OEM gui. I did have a console connection, though. It is not required unless something goes wrong. And things can go wrong. So you should at least be prepared to add a console in the unlikely case that there is some unexpected problem.

  1. Flash the GS108Tv3 initramfs image from the OEM gui. Do NOT use the sysupgrade image.

I prefer flashing OpenWrt to image1 (the first system partition), leaving image2 for the OEM firmware, since the final OpenWrt installation always will overwrite image1. But this is optional. Either will work, and there is no way to switch back to OEM unless you are able to boot and log into OpenWrt annyway. So this is not a failsafe option.

  1. Log in to OpenWrt, observing the odd VLAN ID 100 on port lan1 restrictions mentioned by @slh, and run sysupgrade with the OpenWrt sysupgrade image.

Explanation; The reason you can't write the sysupgrade image directly from OEM is that the OEM flash tool silently drops everything after the end of the U-Boot image. This is the root filesystem in a sysupgrade image. Booting a kernel without a root filesystem means a bricked device. The initramfs image works fine because the root file system is part of the U-Boot image there.

Note the the bricking I talk about here is a soft-brick, which is easily fixed with console. And it is also easily avoided by following the instructions.

6 Likes

@mercygroundabyss My understanding is that TP-Link gear phones home regardless without your knowledge or consent...
The Linksys registration issue is fixed with latest firmware as they only threaten to require it within 30 days in order to honour their warranty, illegal in many jurisdictions including mine.

@bmork Many thanks for tips, I'm used to Linksys easy failover partitions and removable media of RPi4, I'm trying to gather the courage to upgrade, but I'm still hesitant. I've never performed soldering before and I know some someone who killed a board doing so.

There is a lot of functionality in the OEM firmware :slight_smile:
8-Port Gigabit (PoE+) Ethernet Smart Managed Pro Switch with (2 SFP Ports and) Cloud Management Models GS108Tv3, GS110TPv3, and GS110TPP User Manual (netgear.com)

Am I wrong to presume most is not reproduced in OpenWrt ?

I'm not sure how things are 'fluid' and what information is 'scarce'. The GS108T v3 is well documented and all in all rather easy to flash. I've been a rather early adopter and it's been running fine here from pre-RC 21.02 code (now on 21.02 HEAD).

I'm unsure what snag @stintel ran into that made him add the warning about the brick, as the OEM installation section was test driven before being committed to the wiki page, and I know of other people following those very instructions and successfully installing OpenWrt.

Oh, and for the record: the wiki page also clearly states you don't need to register to be able to install OpenWrt.

I'm unsure but I think the VLAN ID 100 issues should be gone now as well for default setups.

@mercygroundabyss I do understand your motivation, and I'd fully agree if one wanted to use the OEM firmware, but given what I said above, combined with the fact people on these forums do buy hardware to run OpenWrt on, not software, it makes little sense in this context.

2 Likes