Which 8-port switch?

There are a few switches which are supported with OpenWRT, With the 21-release there will be support for RTL8380M, devices are release candidates already.

Netgear GS108T v3 and ZyXEL GS1900-8 could fit my needs, but both are confusing me, when searching the net.

Netgear wants an annoying registration and LED are not supported.
Do I have to register before, if I want to flash OpenWRT?
Looks like no:

https://openwrt.org/toh/netgear/netgear_gs108t_v3 The switch will prompt you to create a Netgear cloud account to manage the device and offer you 'limited access' to the device until you do so. According to the Netgear knowledge base, however, this 'limited access mode' should still allow you to update the firmware.

supports PoE
easier to install with OEM - https://openwrt.org/toh/netgear/netgear_gs108t_v3

There is the GS308T v1 too, looks like to be a GS108 without PoE.and is listed: https://openwrt.org/toh/hwdata/netgear/netgear_gs308t_1
A little bit strange, that LEDs are supported, or maybe forgotten to mention. Also not understandable whiy the 108 is rc, while the 308 not.

ZyXEL stock firmware should have problems with VLAN
does not support PoE
not so easy to install: Installation method(s): U-Boot TFTP + serial recovery
bigger size

Are there any known differences in function using OpenWRT?

2 Likes

The lines you quote literally state the limited access mode, which is what you get until you register with Netgear, will still allow you to update the firmware. I already explained the GS308T v1 support in your other topic. You shouldn't be spreading your related questions over separate topics. Only makes it more confusing (or you as well). As for the GS1900-8, it has a PoE sibling, the GS1900-8HP, which supports PoE if you need it. Note the GS108T v3 doesn't do PoE either. It only supports PoE PD (it can be powered over PoE).

1 Like

Definitely no if you install from console. But you'll have to solder a header on the Netgears. Not sure if registration is required for install from stock web GUI. I did register my GS108Tv3 at some point to see what I got from the Netgear UI. Don't remember if I tried the firmware upgrade before that or not.

The ZyXEL models are much friendlier in every way - not requiring any such registration for stock firmware and also having a presoldered console header accessible without opening the case.

EDIT: eh, looks like the last comment applies to the GS1900-10HP I have but not the GS1900-8. It has a header, but the case must be opened to access it.

The ZyXEL GS1900-xx can definitely be upgraded to OpenWrt from stock web GUI without console. Just flash the OpenWrt initramfs image to "Flash Partition 0" (first system partition), boot into it and then sysupgrade to the OpenWrt sysupgrade image to get a writable rootfs.

You can keep a version of the stock firmware in "Flash Partition 1" (second system partition). OpenWrt won't interfere with it, and you can easily switch back by simply changing the bootpartition variable using fw_setsys bootpartition 1

1 Like

I am not experiecend with such things.

Without soldering and without serial cable?

https://firmware-selector.openwrt.org/?version=21.02.0-rc1&target=realtek%2Fgeneric&id=netgear_gs108t-v3
offers sysupgrade only with 21.02.0-rc1 (r16046-59980f7aaf)

So how do I need to start with stock FW?

Sorry, thought, it are very specific question with a newly supported device.

Yes. Although I would recommend having the cable at hand in case of unexpected issues. The header is already soldered on the ZyXELs.

The realtek target is very new, and test coverage is relative to the total number of users over time. You can easily end up doing something which has never been tried before. The support in 21.02 is limited for the same reason. Both devices and features have been added after the branching. You might be better off with a snapshot/master image.

2 Likes

I don't have one, that is why I try to find a simple install.

The 1st goal is to flash openwrt via oem. Still don't know which image I can flash from oem the 1st time?

The initramfs images are the only ones safe to flash from oem.

You can't flash the wrong image on a ZyXEL switch since they use a trailer to validate the images, and we only add that trailer to the correct images.

This is a bit harder with other vendors where we don't have this safety net. But you will be fine as long as you make sure you use the model specific initramfs.

Note that you should do a sysupgrade after booting OpenWrt for the first time. The initramfs images cannot store any persistent config or additional packages. And also note the weird default network config of. the realtek target: "LAN" is defined as VLAN 100 on port 1. This has fooled most of us.... Everything else is "WAN" and therefore firewalled. So you can only access OpenWrt using a tagged VLAN 100 on port 1 until you have installed the sysupgrade image and configured networking as you want it. Very annoying, and something to be aware of when doing a console-less installation.

4 Likes

Can't find the download for the ZyXEL GS1900-8. Please post a link.

Note that you should do a sysupgrade after booting OpenWrt for the first time

Ok, so maybe to flash version 19 first and do a sysupgrade with 21?

So you can only access OpenWrt using a tagged VLAN 100 on port 1

This is not clear for me. I cannot access OpenWrt, wo where do I have to setup VLAN 100 on port 1?

To avoid this VLAN-problem, the alternative is to use a console and I need a cable, which I don't have. Could it be, that this changes with the stable release? A tftp-installation via Ethernet would be fine for me.

Available only in snapshot: https://downloads.openwrt.org/snapshots/targets/realtek/generic/openwrt-realtek-generic-zyxel_gs1900-8-initramfs-kernel.bin

No... It's a new target. It didn't exist in 2019. It was barely there in february 2021. The absolute oldest you can expect to run is 21.02. And that is only on a limited number of models and with severe usability limitations (no fw_setsys by default for example)

Configure a tagged vlan 100 on the other end of the link connected to port 1. I.e. on the system you use for installation and initial configuration of the switch. The switch is already configured like this, so you have to match that config to be able to talk to it.

Networking is not enabled by default in the bootloader and must be turned on with
rtk network on
before you can tftp anything. So you need console for that.

1 Like

Is there a chance that this is getting easier in a future release?

Could be that the UART of the -8HP is accessible without opening the case, but not the -8 without PoE.

Can you recommend a cable? Which voltage do I need? There are a lot of offers at Amazon, USB on the one side and the other side varies.

Sturdy metal case, 3 standard phillips head screws, populated 4 pin header (2.54mm, 3.3 V), in all cases.

2 Likes

The questions are more and more related to the installation and not a switch decision, so please go on here, if it is related to the installation:

What are the advantages of OpenWRT on a switch as most of these are "smart" switches with decent features?

You could ask the same question replacing "switch" with "router" or "access point". The reasons to replace the vendor firmware are pretty much the same.

OpenWrt gives you timely updates, more features, better configuration system, infinite flexibility, and freedom from any cloud lock-in etc. Whether any of that is required will of course be up to you as the user. There is no doubt that most users are completely satisfied with the vendor firmware on both switches and routers, even if I believe OpenWrt is so much better. That's a personal view.

Coming back to the switches. In my home network I have two realtek based switches - a Netgear GS108Tv3 and ad ZyXEL GS1900-10HP. I also have 3 other switches - a Cisco WS-3560CX-12PD-S, a Cisco/Linksys SLM2008 and a Cisco SG250-08. All 5 are small (8-16 ports) managed switched working perfectly fine with the vendor firmware. Ehey are all as cheap as they get without dropping features, except for the 3560 which is over-priced, . The vendor firmwares have all the features I really need, and most of what I consider nice to have.

So why am I running OpenWrt on the two realtek-based switches?

Well, the Netgear is easy: You can't access the full management UI without registering an account with Netgear. This is an artificial lock-in. There are no cloud features involved It's all local UI. TBH, I haven't explored much of the vendor firmware of this one. It was bought to run OpenWrt, and works nicely with that.

I did use the ZyXEL GS1900-10HP. with the vendor firmware for a while, and it was "good enough". But there were a couple of annoying issues. It crashed/rebooted occasionally. Not very often, but often enough to be noticeable. Maybe twice a moth or so. Been running OpenWrt on it for 6 months now and haven't seen a single unexpected reboot. Another problem was that the fiber link always needed a helping hand on reboot. The switch failed to bring it up unless I did an down/up toggle on the other end. This bug might be related to the dual-rate SFP+ I have in the other end, possible causing a rate confusion. But OpenWrt has never had any problems with the same hardware. All ports, including the SFP ports, are brought up just on reboot. The hardware is exactly the same in both ends. So the vendor firmware issue was definitely just a software bug.

Yes, minor issues only. But still: OpenWrt is significantly better - for me and my use case at least.

Personally I also find it much easier to manage an OpenWrt device using ssh, than having everything hidden behind a device specific web UI or a Cisco IOS-like configuration language. But I guess that depends on what you are most familiar with.

Then there is long term maintainability. A switch is not something you replace every second year. I bought the SLM2008 in 2009 and I see no reason to replace it yet. It's probably been 10 years since the last firmware release. That exact model has been replaced with a similar one based on newer chips several times since then. The SG250-08 is actually a newer version of the same, based on entirely different hardware. Sure, these are switches and I don't want the world to hammer on their management interface in any case. But I would have felt better if it was possible to keep them updated, like OpenWrt allows.

The vendor firmwares are definitely feature packed. But that's nothing compared to the flexibility offered by all available OpenWrt packages. There obviously isn't a CPU capable of running heavy stuff, but there are lots of small things you can make your switch do. Only limited by imagination.

I could continue forever. But I've probably long lost everyone, so I'll stop here for now :slight_smile:

7 Likes

It's also very convenient to have the same configuration/ -system (both luci as user visible webinterface and uci/ the raw configuration files underneath) on a wide variety of different devices. I replicate the same configuration (to the extent possible) both on my primary router (nbg6817/ ipq806x) and a (cold-standby) backup device (map-ac2200/ ipq40xx), just waiting to switch over to ax3600/ ipq807x (hopefully) soon. If necessary, I can also tie in lantiq or ath79 devices easily (not fast enough to deal with my WAN anymore, but still fully functional).

Extending this eco-system to the switches (and updating them from kernel 2.6.19 to 5.4, 5.10, ...) is just great (and allows one to actualy rely on their security support). Yes, the realtek target still has some rough edges and some more switch specific luci integration is easily conceivable, but it works astonishingly well (and the rtl838x SOCs are fast enough to run luci nicely and snappy).

3 Likes

Good info. Do you know if anyone does a community build with most regular smart/managed switch features for any of those switches or for all of the ones that have that realtek chip?

14 posts were split to a new topic: Which USB to serial adapter should I buy?

I don't understand this forced Netgear account stuff, as I just let my new GS308T and GS308E boot and get a DHCP address, check which address handed to them on my RPi4 and http to that address.

Both routers logged in with what I would think is full functionality OEM firmware, of course less features are on the GS308E which cost CAD $33 compared to the GS308T which cost CAD $80.

I never created a Netgear account, so there is no need for such in any case. Here's the support page to the GS308T and GS808E manuals :

S350 Series 8-Port Gigabit Ethernet Smart Managed Pro Switch User Manual, Models GS308T and GS310TP (netgear.com)

Gigabit Ethernet Smart Managed Plus Switches User Manual (netgear.com)

Although I am a switch Newbee, I just started going through the manuals, but it seems I have access to everything in the manuals... Without any Netgear account setup, as I hate vendor accounts to access devices, Linksys tries same, but there's a local option.

I would hope to move the GS308T (not the GS308E) to OpenWrt soon, but I am hesitant on how to reproduce the functionality of the OEM firmware.

Anyone have indications on how to get there ?

For me, it would be security, mostly. Most of the cheaper smart switches have questionable security, to say the least. Often, security updates are not provided in a timely fashion (or not at all) and configuration options to reduce the attack surface are sometimes missing, like the possibility to isolate the switch management GUI or console by putting it on a distinct VLAN or switch port, separate from all other VLANs like your DMZ, for instance.

At the time I bought my Cisco SG250-08, there were no 8-port switches supported by OpenWrt, unfortunately. So my main reasons for buying the Cisco as opposed to cheaper options were:

  1. Cisco provides somewhat regular updates, at least for a few years.
  2. The management interface can be put on a distinct, isolated VLAN.
  3. The web interface is optional. I can manage the switch over SSH wit public key authentication and can disable the web interface (and other network services) which reduces the attack surface greatly.
  4. I'm not forced to use any cloud service and the management interface or switch itself doesn't require any internet access.

Now, if I were to buy a new switch nowadays, I would definitely go for an OpenWrt-supported device. This would provide even better security support over a prolonged period of time. And as mentioned before, I could use the same UCI syntax to manage the switch that I can use, e.g., on my access point running OpenWrt.

4 Likes