Netgear GS108T-200

I’m going to trash what little networking cred I have by stating that I like this unit, the Netgear GS108T switch. It’s a ProSafe, managed switch. It cost $125 or so after tax, which is kind of expensive for a small switch nowadays.

But this is no ordinary switch. It has the features of bigger, more expensive switches from Netgear and many other companies. Generally, management features existed only for the 12-port and up products, but lately have been migrating downward. But even those switches with only 8 ports tended to be expensive, and were housed in large cases to fit in 19″ racks.

Some of these features are vlans, port security, QoS with 4 queues, port mirroring, 4k MAC address space, and protection against arp cache poisoning. Basically, this little box has around 70% of the features found in much nicer switches, making this a good learning tool, and also a nice testing tool when you’re setting up complex networks.

When buying this switch, make sure you get the GS108T model, because Netgear sells a few different models under the ProSafe “smart switch” umbrella, and some are “smarter” than others. Some have only enough smarts to do QoS. Others have enough to do vlans and have simplified interfaces, like the GS108E and are in the “Prosafe Plus” line.

There appear to be two models – the GS108T and the GS108T-200. I’m not sure what the difference is, except the 200 is newer, has better MTBF, a smaller MAC address table, and more of the latest protocols. A used older model might be a good deal.

If you’re not going to be using the switch as a learning tool, or having it participate in complex networks, and are setting up a network without any administrator, you might consider the cheaper models with fewer features. There’s less chance of someone changing a setting and affecting the network. Also, sometimes, the mean time before failure is a bit lower or higher on those models than on the GS108T-200, which has a MTBF around 270,000 hours.

The Prosafe line generally have 3 year or lifetime warranties.

Missing Manual

Now the annoyances: no printed manual. The downloaded manual is not that useful, because it doesn’t explain the technology; it only explains the interface. So in a piecemeal fashion, I’ll start explaining some key features below.

Connecting to the Switch Without the Configuration Tool

Netgear provides a program to find the device, but it doesn’t run on Linux. Here’s how to find the device.

If you don’t plug the switch into your network, it’ll have the default IP address, Set your laptop to use a static IP address on the 192.168.0 network, and connect to .239.

If you plug the switch into your network, it’ll request an IP address over DHCP. You might be able to find the device in your IP-MAC mapping lists on your DHCP server. This is probably your router if this is a home network. On an office LAN, it’s probably one of the servers. The MAC address for the 108T is on a sticker on the underside of the switch.

(To maintain sanity, you should use the MAC address to assign a fixed IP address for the switch. At this time, I’m not to setting the IP address inside the switch, so that the sticker’s information about connecting to it via the default IP can work. To make it work, you reset the router and unplug the uplink cable. The switch then gets the default IP address – and you can connect to the uplink port and configure it.)

Use a web browser to connect to that address. for example. The default password is on the sticker.

The switch takes a while to boot up; you can test connectivity with ping. When you can ping the switch, you can configure it.

PVID, VLAN tagging

A VLAN is a virtual LAN, which is a group of ethernet ports that communicate with each other over a switch, and exclude traffic to and from other ports.

Here’s a story about why we need VLANs.

In an office LAN environment, you might give each floor or large office a switch, which connects to another switch upstream. After some growth, you learn that broadcast traffic is becoming a problem – the chatter causes some performance problems, and also some security and management problems. So, you segment the LAN, and give each it’s own IP range of addresses, and then control the traffic between the segments with a router.

Then you decide you want to segment the network by department, that way, you can control access to resources like printers. The problems emerge when you find that departments are on different floors or in separate parts of the building. To implement your objectives, you need to run long wires across the office.

VLANs to the rescue! Switches that support VLANs allow you to connect all your switches together as if it’s all one LAN, but then define VLANs that isolate groups of ports to behave like an isolated LAN, just as if you had separated network hardware. One switch can behave like multiple switches.
Best of all, a single cable between two switches carries ALL the traffic for all the VLANs, so there’s less wiring.

VLANs are defined by an ID number. VLAN 1 is the default vlan. All the ports on VLAN 1 communicate with each other. All the ports on VLAN 2 communicate with each other, and so forth. VLANs are implemented via tags, which is a little extra data in the Ethernet frame that indicates the VLAN to which the frame belongs.

At this point, we need to introduce some terminology. At times, I’ll go into Cisco terminology, which is a little different from standard terminology.

PVID means Port VLAN ID, and it is the assignment of a VLAN ID number to a physical ethernet port.

A physical port participating in a VLAN is called “untagged” or “tagged”. A port not participating in a VLAN is neither tagged nor untagged.

Untagged ports are also called “access” ports. These ports accept Ethernet frames that contain no VLAN header, and then add a VLAN header, and assign the frame to the PVID. As traffic exits an untagged port, the VLAN header is stripped.

Tagged ports are also called “hybrid” ports. Tagged ports are used as links between switches. These ports expect the frames to have VLAN tags. Generally, a tagged port is configured to carry specified VLANs, and may reject VLANs not specified. (In Cisco parlance, these hybrid ports are called trunks. In standard language, trunk means an aggregated link.)

The reason why tagged and untagged ports are necessary is for compatibility between old switches and new switches – headers with VLAN tags are larger than traditional frames supported by the old hardware. Stripping the tag assures that the frame will make it to its destination.

Designing Around the Default VLANs: Default, Voice, Auto-Video

The Netgear sets up three VLANs when it’s reset. This should be considered when configuring other brand switches, because you want to avoid the situation where someone resets the switch to a default, and then everything defaults to VLAN 1, and stops seeing the rest of the network.

So the main facility should be on VLAN 1. That way, resetting the switch to the default won’t break the network. (Invert my logic if this is a moderate-security network, of course.)

Avoid assigning VLANs 2 and 3 on the other switches. If you use them, use the values picked by Netgear. This extends to things like CoS or DiffServ values.

VLAN 1 is the administration VLAN, so operating the switch requires a computer to be on VLAN 1. If you want admin traffic on a separate VLAN from office traffic, that’s going to be difficult. (I am setting port 1 on all switches to VLAN 1, for administration purposes.)

Attachment Size
gs108t.JPG 131.99 KB