8 port Gb/s vlan-aware home switch for $20? ($16.99 on 2020-01-27)

BuckeyeNet · January 19, 2020, 11:12pm

I found out about this from ChessMck on the Ubiquiti forums. Amazon currently has the NetGear GS908E vlan-aware 8 port (plastic case…) switch for $19.99 ASIN B076H9RQTW Tom, you should put an affiliate link to it.

I bought 2 and 2 TP-Link SG108Ev4 and am replacing all the dumb switches at home with vlan-aware switches.

Compared to the TP-Link SG108E v4

TP-Link SG108E advantages: a bit more flexible mirror port (but still rudimentary compared to MikroTik CSS106-5G-1S) If you want port isolation with a single uplink port, the SG108E has what it calls MTU vlan (Multi-Tenant Unit vlans), GS908E does not. Metal case, and smaller size. Easy to get to RJ45 ports.

NETGEAR GS908E advantages: You can name ports, which is useful when configuring vlans and for documentation. More “wife friendly” look (in case you want to put a switch in your bedroom on the nightstand). Has two USB charging (power only) ports. Power supply is beefy 12V 2.5A to support up to 20W for charging devices, but there were some complaints about it getting pretty warm, I assume when charging devices). You can turn the LEDs off, for example if in a bedroom. You can limit access to a specific IP address (but that really isn’t a security feature, more of a deterrent, since it is trivial to change a PC’s IP address.)

Neither of these inexpensive switches is good for a business where you don’t want exposed ports to have access to the management plane, but for learning about vlans, or in a home environment, I don’t see any big disadvantage over dumb switches (but do change the passwords). And neither supports CLI, and no secure communications (only http).

Neither support SNMP or allow you to view the MAC address table, which is a really useful feature when you don’t know which port and cable goes to another device you know the mac address of (from a bundle of cables, all looking the same), so tagging the cables with labels is still a good thing to do.

Both handle vlans, and the setup is similar and not well thought out in my opinion.

See Tom’s youtube video for SG108E vlan setup, here are some screenshots of the vlan-setup on the GS908E

First my chicken scratch diagram I used to setup the lab. Then the screen shots.

The above is an example of poor design, it shows vlans that the port is not a member of, but it offers all defined vlans.

but then gives an error if you choose one that the port is not a member of.

For $20 it gets my “buy for home or learning” recommendation (especially if you are on a budget).

Edit: 2020-02-01 Per @ChessMcK’s suggestion, Here is a photo with some of my lab network devices.

Back left to right: EdgeRouter X SFP with box and power supply, MikroTik RB260GS/CSS106-5G-1S with box and power supply, 11.5 oz (340 ml) beverage can for size reference, TP-Link SG108E with box and power supply, Netgear GS908E with box and power supply

Front left to right: EdgeRouter X box and power supply, Raspberry Pi 4B 4GB with box, 12 inch stainless steel ruler for size reference.

Thedannymullen · January 20, 2020, 12:03am

Thanks! I bought the tp link happy with it so far. It was for home use and learning. So for $27 not bad at all. I like the $20 price point more but I am set for now.

LTS_Tom · January 20, 2020, 10:44am

That is a good price at $20

BuckeyeNet · January 20, 2020, 11:07am

Oh, and if you are using vlans, and connecting to multiple dhcp servers, save yourself headaches and define a static ip address on these cheap switches (GS908E and SG108E). I am sure the SG108E broadcast DHCP discover on at least all untagged vlans, and sets itself to the first offer it gets (which can seem random). I didn’t do too much testing with the GS908E, I just set it to static ip before configuring vlans.

ChessMcK · January 20, 2020, 5:41pm

@BuckeyeNet - Great write-up!

kevdog · January 20, 2020, 10:10pm

I’m not sure I could do as extensive of writeup as you, however I bought in a pinch a [DGS-1100-08] as a managed switch for home for one of the rooms. If was $42 – so about double the price of the switch mentioned here. There is no power ports, however the switch support SNMP and allows you to view the MAC address table. Its 802.1q aware and I don’t believe it supports CLI however I’ve never tried. I like the VLAN identification table better on the SG108E, however that’s probably b/c I find the VLAN identification tables so much different on DLink products compared to Unifi profiles.

BuckeyeNet · January 20, 2020, 10:42pm

These cheap switches are good for segregating the “crap network” from the rest of the network with vlans, but they are not a replacement for a managed switch. But at the current price, I don’t see much advantage of getting a dumb switch (other than it is easier to set up, doing nothing is easier ). It potentially could be less secure if you only take it out of the box and plug it in and don’t at least change the password (someone could use it to tap the port of another device using the mirror port feature).

TP-Link makes a better switch too, but it is around $50 (ssh, mac tables, snmp, https, standard RSTP) I don’t have one. My Lab switch is MikroTik CSS106-5S-1G, and it is very nice for network tap. It has no secure protocols though, and no cli. If you really want to learn something useful in the workplace, you should be using a switch you will find in use. And you really need to know at least basic Cisco IOS, since you will find that in many places. These can be picked up on ebay used cheap. You can even get Gb L3 3750s pretty cheap, but they are power hungry, loud and not something you would want in a living area.

BuckeyeNet · January 28, 2020, 3:20am

How low can they go? Now $16.99. These appear to be closeout prices. I won’t be surprised it they will be dropping them soon. They (Netgear) have to be loosing money at that price.

BuckeyeNet · February 2, 2020, 7:20am

I added a photo to the OP showing the relative size of the Netgear GS908E compared to several other networking gear I use in my lab. Other items include SG108Ev4, CSS106-5G-1S, ER-X, ER-X SFP, and Raspberry Pi 4B 4GB.

BuckeyeNet · February 11, 2020, 5:01am

Price back up to $19.99 as of 2020-02-09

BuckeyeNet · March 1, 2020, 12:23am

New low $14.99 (free shipping if you buy 2 even without prime)

BuckeyeNet · March 14, 2020, 6:51am

No longer on Amazon, so these must have been closeout items.

BuckeyeNet · March 18, 2020, 4:11am

Back on Amazon… don’t know for how long. As of right now, they are $16.99 One thing that has changed is now the Amazon page has only this model, it is no longer “clumped” in with many other models, so the reviews that apply to it are easier to find.

BuckeyeNet · June 16, 2020, 2:59am

B&H shows this as discontinued. And Amazon no longer listing it (only third parties selling at inflated prices). So it seems the TP-Link TL-SG108E or possibly the Zyxel GS1200-8 are now the lowest cost vlan-aware 8 port switches at around $30 currently.

If you are spending that, you should consider the much more feature rich TP-Link T1500G-8T that has CLI (ssh) and Web based GUI (https), viewable mac address table, snmp, limiting management to specific vlan, etc. at $50. I have never used one, but it looks more SMB friendly than the TL-SG108E. Also 8K mac address table instead of 2K, which may be more important in a business setting, as overflowing the mac address table can cause a lot of flooding when the table has to keep relearning mac addresses.

BuckeyeNet · December 3, 2020, 6:12am

I should probably start a new thread, but since I mentioned the T1500G-8T in the last post, and I just bought a TP-Link T1500G-8T switch, I thought I would add a note here.

Why I chose this switch: for isolating a test server at work, where I needed vlans and the ability to limit what devices can connect to the switch’s management interface. I bought it from B&H Photo for $49.99 but it is the same price on Amazon (but B&H had quicker free shipping without prime). What I was shipped and received 2020-12-02:

T1500G-8T v2.0
Firmware Version: 2.0.5 Build 20200109 Rel.34210(s)
Boot Loader Version: TP-LINK BOOTUTIL(v1.0.0)

There is a newer version of firmware, but the only change the release notes mention is that it can be used with the Omada SDN Controller, which I will assume is similar to the Unifi controller or possibly UISP née UNMS.

So far I am pretty impressed by the features for a $50 switch, but haven’t done anything to really push it. It is in a whole different class than the TL-SG108E. It has features you would expect on a managed layer 2 switch. ssh and https supported, the ability to limit what can connect to the switch’s management interface, viewable mac address table, SNMP, STP and MSTP, ability to mirror more than a single port (but only a single port as the output target), etc. More flexible port isolation (but I haven’t used this, I just saw it in the manual (unlike Ubiquiti, there is a manual that is up to date). This can’t provide PoE output, but can be powered by 802.3af PoE or the 12V 1A supply it comes with. The included power supply is a barrel connector similar to what the ER-X has, but does NOT have the nice “no accidental unplugging” threaded barrel connector like the Netgate SG-3100.

The T1500G-8T is significantly larger (125mm x 208mm) than the low end TP-Link TL-SG108E (100mm x 157mm), but smaller than the NetGear GS-908E. It dwarfs the ER-X (75mm x 110mm).

One thing I don’t like from a design standpoint is that they put the LEDs on the opposite edge from where the cables are. I like to be able to plug a cable in and verify the link status comes up, and it is much less convenient when the lights are on the other edge. It is worse than the Ubiquiti ER-X or MikroTik CSS106-5G-1S where the lights are on the top. But I prefer the lights to be on the same edge as the cables, like the TL-SG108E, but that is a personal preference.

BuckeyeNet · December 8, 2020, 12:53am

Just another followup, since I installed the T1500G-8T last Friday (before, it was just in my lab).

The CLI interace is “similar” to Cisco IOS but not quite as polished. For example, it does not allow command output filtering with the pipe character “|” and “include”. So searching for a partial mac address (to limit to a specific OUI for example) isn’t possible as far as I know, at least it wasn’t obvious from the ? help. You can limit mac address output to a specific interface or vlan, and you can enter a mac address (completely) to find what interface it is connected to.

You can disable telnet and http access, and thus force the use of secure protocols. You can also disable ssh v1 and can control what cipher suites can be used, and you can load your own cert for TLS or use the default self signed one.

It also supports port based port isolation, similar to the MK CSS106-5G-1S. (I have not tried this, so just going by what I saw in the WebGUI). The MK visual matrix is much nicer than the way the T1500G-8T does this, in my opinion. In other words, you can specify what other ports each port is allowed to forward to. By default there are no restrictions, but if you want to limit a port to only be able to forward to the port a router/firewall is connected to, you can.

It also supports ACLs, but I haven’t played with those yet.

Port mirroring is pretty flexible, but like most switches, limited to a single mirror destination (monitoring) port. Of note, you can specify the CPU as a source, so things like CPU assisted operations (perhaps dhcp helper, or pings to or generated locally with the tools menu) could be captured too.

And you can add multiple users and delete the default admin user (create new user with administrator privileges first, log out, login with new user, then delete the “admin” user that comes in the factory config). And the config file is “text like”, although not a standard text file, it seems to have null characters in it. I used MetaPad (a free notepad replacement with more features) to open the file and it complained about null characters and offered to remove them and open. So I am not sure how easy it would be to manually edit the “startup-config” and load it. I didn’t try.

The WebGUI is quite extensive. I haven’t spent a lot of time with it, but I haven’t found anything that can only be configured using the CLI. The CLI assumes you are competent, and does not auto save after every change, so you must remember to save. The SG-108E used to have a separate save operation, but the latest firmware added autosave after every change, probably because too many support calls about it not remembering changes that were made (but not saved). I prefer the separate save myself; hopefully this won’t be changed in the T15000G-8T. But I learned on Cisco IOS, which has a running-config and a startup-config.

The KB article says the default https session timeout is 10 minutes and can only be increased to a maximum of 30 minutes. It also says the ssh timeout is max of 120 seconds (2 minutes). The ssh timeout must have been increased to 6 minutes due to customer complaints. But it is 360 seconds max now, but that is still too short in my opinion.

https://www.tp-link.com/us/configuration-guides/configuring_access_security/?configurationId=18232

It find that the default https 10 minute timeout too short, and I saw this too often, so I changed to 30 minutes.