TP-LINK Smart Switches anyone?
-
Yes, the management interface is opened to the web.
-
Thats the entire problem most likely. Close it to the web and access it via SSH socks proxy or via vpn. I prefer vpn.
Never EVER expose ANY management interface for anything directly to the web.
Interfaces for routers and switches and other stuff can have a million flaws and thats ok as long as they are behind a firewall/vpn that is kept up to date.
But exposing directly to internet. Bad. Very very bad.
-
-
We use a couple TP-LINK switches in our company also.
1xTL-SG1016DE, 1x TL-SG3424 and 3x TL-SG5428
Great bang for buck!
Uptime from one of our switches without any issues: 765 day - 21 hour - 42 min - 46 sec
Can't say we put heavy loads on them, but so far no issues.Have to say I only use the web interface, as CLI is made way too complicated in these switches (TL-SG5428)
-
I thought I would throw my two cents in here. When I first arrived at my old company they have very little "enterprise" hardware deployed (over 1200 locations maybe 15% of our switches were no consumer based). I took a gander at my old db where I tracked this stuff and we have 116 TP-Link switches of various kinds spread out across all of our locations (one of many consumer/prosumer brands/models). Based on some metrics we ran over the course of years the TP-Links did just fine in relatively low traffic office environments (mid range if you consider any type of unit failure). The best performers for us (again just units that have no type of issue or hardware failure) were HP, Cisco (small sample) and some older 3Com (there was no purchase history just time in service so I am taking an educated guess on the age of these).
I think for standard day to day use you should have no issues. For me I went with what I had the best experience with. The HP 18xx-24G models were tanks, we had ONE port go bad in nearly 150 switches and not a single failure over many years of a 24x7 environment (we had these at the core/production). For some time we had been smoking the Cisco smoke and had wanted these to fail so we took turns hitting them with hammers and they would not quit (yes I'm joking).
So when I had a chance to pick up two of these (1800-24G) really cheap I jumped (and can live with no CLI) and have been very happy. They replaced some 3 yo Netgear and TP-Link switches I had in my house.
-
Nothing beats a CLI when you're in trouble.
Why did you change-out the other switches if they were not broken? -
ok, first of all thanks for your answers.
So, after thinking a bit I setup a vpn server on one machines that is connected to the switch.
I setup a vpn on my local pc and connect ok to the vpn server.
Then I mount a virtual bridge to get to the switch (cos i don't wanna use a public ip anymore as we talk here).
Change the ip/netmask/gateway on the switch to the same network than the vpn.I cannot access de switch anymore.
I think I made the mistake to setup the switch network in the same than the vpn. It should be a diferent network than the vpn and public network and setup vpn bridge virtual inteface and switch both on the same local network.
Anyway, I have to get to the data center to reset the thing and try again.
I'll write over when I have results.ops, one last thought, I did not restart the switch, I could not do it. That may do the trick.
-
haha - I'm laughing with you…
Short term pain in the butt. Long term you will be much better off.
-
jaja, yeah kejianshi, your wellcome to the party :-)
-
You have a pfsense, a switch and a bunch of hosts running behind the switch? Is this correct?
If so, you can put your TPlink management interface/subnet/ip on the same subnet as your pfsense lan.
Then you can set up openvpn running on the pfsense wan.
Just be sure you have an allow all rule on openvpn firewall interface.
Really, its not hard. I'm sure you will get it working.
So, lets say the lan is 10.11.12.0/24 and lan interface IP is .1, you can make your management interface for tplink .2 on same subnet.
just make sure openvpn is running on some subnet not in use, like 10.12.13.0/24 (or whatever)
-
Anyway, I have to get to the data center to reset the thing and try again.
Don't forget to take a serial cable for the CLI to the data center (and have a copy of the the CLI guide with you as well).
Should get you off the ground in minutes. -
I have done a few jobs about vpn's and my setup should work one or another way.
I just try with a vpn client that should let me ping the switch's ip, but not. So I think the switch needs to be rebooted to get the new ip.
Have to say that this TL-SL2428_V1 don't have serial port.
Thanks for all the advice anyway :-) -
Ok the post was started early of the year 2014 and
today other models and prices where in the game, but
if someone is looking forward to buy a managed switch
from the lower end or SMB area I would also consider
to the SG series (200,300,500) from Cisco they would
be running well and offering a wide asset of functions and
options, thats must be searched in many other switches.But owed to the circumstance that two switches must be
bought and that this two switches should be connected together
I would also have look on the D-Link DGS-1510-20! Compared
against the TL-SG2216 it comes with 16 RJ45 GB ports and
2 SFP & 2 SFP+ ports, so it would be offering 10 GBit/s for
only ~70 € more for each switch then the TL-SG2216 comes (110 €). -
Nothing beats a CLI when you're in trouble.
Why did you change-out the other switches if they were not broken?I agree but for my use I'm OK without it (I work 15 mins from my house) and it was a great price. There were lots of reasons, mostly due to increasing number of issues (things like devices rebooting, hanging, ports going bad, wanting to move to management, replacing 10/100 for gigabit, etc…).
-
I just bought a TP-Link TL-SG2424 switch yesterday and I am using it now. All I can say is it is pretty awesome.
-
Ok, after more than 90 days I did not have problems connecting to the web interface anymore.
What I did was to connect the switch to a PC with two interfaces:eth0 -> public interface
eth1 -> private interface to the switchThen I setup iptables to allow incoming connections only from my admin ips to eth0 through eth1.
eth1 and the switch's ip must be in the same range (eth1: 192.168.0.10 switch: 192.168.0.5)
The switch gateway must be the eth1's ip (192.168.0.10) and is advisable to change the web port in the switchThen connect like this: http://public_ip_eth0:port
Hope this help some one.
Thanks for all. -
When I looked for switches with:
- 24x 1Gbe
- fanless
- IGMPv3 snooping capabilities
the usual big one vendors didn´t offer any device. Therefor I also looked for TPLink switches, but then purchased a bunch of Zyxel GS1910-24
- Note: They work
- But: Zyxel doesn´t provide software updates that often. Any open security bugs? Who knows. They don´t provide any information. That´s the problem with those smaller vendors in my opinion. You get what you pay for that´s all
-
…the usual big one vendors didn't offer any device.
I doubt that.
Cisco SG300-28; HP 1810-24G, … -
I had severe issues with Zyxel and pfSense connecting to each other using VLAN-tagged connections. The symptom was: after changing any VLAN-interface-related config in pfSense, communication would completely stop between the Zyxel GS1910-24 switch and the pfSense box on that VLAN. The only solution was to unplug and re-plug the cable (!) into the very same port of the switch.
Never had anything even similar with any TP-Link or other switch. -
the usual big one vendors didn´t offer any device.
There are many other switches out, but not really in the same price range.
Cisco SG200-xx
Cisco SG300-xx
Cisco SG500-xx
D-Link DGS-1510-xx
