 In my YouTube comments someone had mentioned that TP link maker of network equipment made an inexpensive managed switch And I thought you know I'll give it a try so I just you know threw it in the Amazon cart Got it here and said I'm curious about this now if you're not favorite TP link They make a lot of We'll call it lesser price network equipment we've used in the past We've actually never had a problem with their equipment their switches and that generally worked really well But I've never tried Any of their managed switches, so I thought you know why not order one now this box if you can't notice is Super shiny, and I'm carefully touching it because I didn't want to get fingerprints on it We even made a joke that we would only touch it wearing gloves that we would not sure why we have these what look like mine gloves But this switch is got such a shiny box. I'll put the gloves on real quick to touch it here That it's just super reflective, and I don't know I mean ten out of ten on super shiny box But of course that's not what really matters. We really want to know does it work? Well, I haven't opened it yet I think we took the outer plastic off, and I'm just and I managed to finger print it up So let's open it up and see what's inside, and then we'll get to the software testing that you know the real part, but Box wise ten out of ten definitely cool. I mean, I don't know why you throw a box I don't really keep them unless I plan to resell things. So yeah, we can take the gloves off now. That was that was my Yeah, the these super shiny and pretty box So this actually kind of heavy got an instruction manual one of those mini CDs Hopefully I don't need that to install anything the Five slash eight port gigabit smart switch. I'm assuming that's manual for either the five or the eight port these come in a couple varieties The switch itself is nice metal. Well, it looks like it's got a Kensington lock and a mount Over here. So we got that going for it What else is in the box here? Now I do know they make a Powered POE version of this as well. So that's an that's an option. So I like the fact that we have on the back here the screw hole mounts to mount it like on a flush mount and we also have the Screws here, or I'm sorry that screws the feet here So when you've went on a bottom so it doesn't slide around so you got some sticky feet a little basic power adapter Wow, that power brick is small That is really tiny But I guess it doesn't take a lot. It must be super efficient. This is only 9 volt at point 6 amps. So yeah, wow, that's it doesn't take much to run up a boy That is that is a intriguingly small adapter for this but Obviously, let's take a look inside and see how it looks inside and then we'll actually get to the software part So only two screws here on the bottom And it just slides apart here You can't get much more basic on the inside just a couple chips a heat sink. It's completely passively cool Not a lot in here a little reset switch So yeah, the reset switch is pretty easy access right there. Nice little quick quick switch to master reset this But yeah, not much inside. See is that glued on good? Yeah, there's no wiggle to this So they use they use good glue. They didn't use just like a sticky pad that might fall off later This seems really glued well to the board here But yeah, not many circuits on here So I like the simple design so that we can move on from that and actually get into the software and Does it route does it actually manage to VLANs properly? So now that I have the switch hooked up. I updated the firmware on it The default IP address for this is 192.168.0.1 I have logged in and changed that I think that's kind of a dumb IP address It should be something I don't know Let's say 20 at the end and the reason I say that is if a lot of your networking And I think some of the networking devices from TP link come at a default IP address of 192.168.0.1 for like your routing devices. It would immediately conflict So before plugging anything else into this I plug my laptop in you set it static because this doesn't assign any addresses It does not have a DHCP server nor really should it And set my IP to be in the same range to change your IP address this is currently set to 192.168.1.2 and My pfSense box over here is 192.168.1.1 And we're going to walk through first the physical layer of how we get it set up Then I'll walk you through the software a little bit here I have on the first port here the purple goes into IGB 1 on the pfSense so that is my LAN port and it's coming into port 1 on here And that's going to matter because this is going to have VLANs coming over So this is really what we want to do is test the VLANs. So this is Kind of like a trunk port which means all the trunks come in here All the VLANs are going to come in here no matter which ones we create We're going to create one for this demo so you get an idea of how the switch works and that it works And we're going to talk about little issues with the switch port 2 is my laptop and that is plugged in right now To the second port right to my laptop now my laptop is going to get an IP address assignment based on port 2 Being tied to the main LAN and we're going to leave ports 7 and 8 are open at the moment But we're going to move my laptop over there and I'll show you how to do an untagged port Now we have another tagged port right here Which is port 4 and we have a unify plugged in there because the goal is going to be to get the unify To pick up the the VLAN tag for both LAN and the second One we called crap LAN And that's going to pull over to there So we're going to go through this is the physical layer So we have only one cable coming out of the pfSense box One physical cable going into port one and then we'll split out everything else to where it needs to go using VLANs and tagging in here and we'll try to hop the VLAN to that's part of the demo here Is it something a switch shouldn't let you do and that's an important aspect and something we're going to talk about Okay, we're going to start at the pfSense side so you can see what is feeding into this switch So right here. We have the VLAN. We have the Vlanlies edit it real quick. I've covered other videos on how to do the VLANs In pfSense so IGB one we have it tied to the LAN VLAN tag of 30 VLAN 30 for craptastic devices Interfaces assignments. There's our LAN 30, which is the craptastic VLAN for devices Once again, like I said tied to IGB one to the same as the LAN It has an assignment of 192.168.30.1 and we're going to go to your services DGP server So our LAN being the 192.168.11 and LAN 30 is 192.168.30.1 and both of these are being pushed out of that purple cable and into the TP link So that's all the configuration We really need to do on the pfSense side to have two separate lands and just so you know in terms of the firewall rules I do have whoops rules I do have the LAN and LAN 30 allowed to talk to each other So I have not set up a restriction between them That's just for the demo of this because most I want to show you that the VLAN tags come through and it assigns the proper DHCP ranges toward for them So we're going to go over here and to our switch now. This is the assignment I can set out of the box is 192.168.0.1 and we change it to 1.2. This is the TL SG108E It's got the hardware revision of 3.0 and the firmware is 2017-12-14 this is the latest firmware and it's weird because it starts to 2017 when you go to the website It says it was released in January of 2018 was a release date. Maybe it's just a weird numbering scheme They have I don't know but I did update it to the latest firmware IP settings are pretty straightforward. It does support DHCP But you may not may or may not want to do that. So here I have the IP address set pretty straightforward there User account by default it's admin and admin, but you can change both the username and password, which is great because You may have noticed Connection is not secure. That's because this doesn't support HTTPS I found that to be interesting. It doesn't for whatever reason even have an option to switch to it So definitely a concern there backup restore system reboot save config on reboot And let's talk about how this switch works now. This is common with a lot of your commercial switches Any effect anything you change will apply, but may not apply on restart There is a running config and a read any config on restart and what that means is anytime you make changes You want to go over here to save config? Are you sure you want to save to config config sec? It says that's fully saved. So even though you may change it all these are running now But if you lose power to this without having clicked that save this system will lose those settings And this has caused confusion before with some switches I've run to this for people who I thought I had set up right and had a power outage and it all went wrong What did I do? And I'm like, well, you probably didn't save the running config You had it configured to work right this also will save you From oopses if you accidentally are plugged into a port and you tagged that port wrong so you can't access it anymore Then unpower power back in and because you weren't as long as you didn't save that setting It'll just reboot and have the last known working config. So save often So as you're doing things and once you verify that thing you're doing is working go ahead and save Switching port settings will go through this real quick. It does have options for status duplex and flow control So you can force things to certain settings on here. So configed actual configed actual for the flow control Supports IGMP snooping If you don't know it is go ahead and read about it. I didn't want to test this because I have time But it does support lag which is cool. So it'll create up to two lag groups So that's a link aggregation for ports. That's kind of novel and what this will allow you to do it I'm nice. I'm not going to actually apply it. You can aggregate ports together And as long as you have something and we're going to talk like say free NAS for to be an example that supports it Actually, so does pfSense and you can tie the ports together to act as one almost like one physical port and it's a good It's a bandwidth enhancement. So I can only get a gigabit If I have a gigabit card, but it has two ports on there I can take both of those gigabit ones plug it into the lag interface Lag them together and now I have a two-gigabit connection and then I can have another If I have another computer that supports lag I can tie that together and then it has a two gig connection or four gig if you have Four ports enabled and so on and so forth. So that is a Supporting feature in here, which is pretty cool. Like I said, I didn't test it, but I'm sure it works Monitoring Port statistics. So if there's bad packets transmit Receive good packet bad packet. So if there's any problems, it does let you know And it has a couple bad packets on the receive because let's do it some testing with it Port mirroring this is a popular feature if you want to just listen on a port and what a port mirror is is You take one port and you just say replicate all the data that goes this port to this other port Sometimes that's used when you're doing like wire Using a tool like wire shark to do packet sniffing and things like that you want a mirror port So the same data comes over here and maybe you want it for logging purposes and things like that Now this is weird this I thought was an odd feature This is cable testing and it doesn't just support cable testing. It supports and I'll I don't play moving things So I'll show you real quick. I took a screenshot of when I plugged in a hundred foot cable Well a 31 meter cable 30.5 meters to be exact. It just rounds up. It doesn't do decimals if you have an open-ended cable And you plug it in it will tell you the length of the cable odd feature. I think for Being inside of a switch the fact that it has that it seems to not understand the cable length if it's plugged in though So it only works when the cable is open-ended. So if you plug an open-ended cable in it will display the length of that cable I don't I didn't test exactly how record but it did measure my hundred foot one quite well it measured it to be the hundred foot or 30.5 meters for the rest of us who aren't inside the US So that is a interesting feature that it does support so that you can see that and It's showing right now cable fault distance of one and zero So we let you know which ports are open which ports are normal as in in use. So kind of novel Loop prevention and it's off by default But loop prevention is spanning tree protocol, but they've just called a loop prevention If you're not familiar with that that means don't plug a loop into a network look up spanning tree protocol And now here's the V lands Now it supports a couple things this works the the multi-tenant V land which is this I'm not as familiar with that It creates its own V lands if you use port beast V land where you can just say segment these ports and these ports So you can kind of divide it into a couple logical switches. It's got that so if you don't have a managed or a Router like PF sense that supports V lands. You can just create your own network segments with it Which is kind of neat. We're gonna use 801 to Q V lands on here and show you how that works Last couple features it does is bandwidth control So you can individually set the ingress and egress rates of each port And it does support storm control as well. So kind of neat that it has that and some real basic QOS I didn't really test any of this. I don't know how great the QOS is going to be but you can't set some priorities in this So neat that it has it so let's focus though because this is what a lot of people ask is, you know What's an inexpensive router for what are doing V lands? And let's show how this works. This is a little bit weird. I found to set up So we have here Vlan ID one once you enable 80 Q 80 to one Q Vlan Enable it it creates this one here and you can't do anything with it Vlan tag one is default Vlan on here I've seen some people complaining about this by the way Each one of these if we switch over to like an MTU Vlan or a port based Vlan it Disables the other option so MTU each one of these is exclusive MTU is exclusive port Vlan or 802 1Q Vlan Each one are exclusive and disable the others when you turn them on so If we go here to one and this is what this is why I said about being a little weird It's not as intuitive we put the one here and it fills in and You can now start messing with all the ports and changing things So we're gonna leave the port one at default and we're gonna put 30 here Now when I type it in it pulls over what we had so this is how this works And like I said, this is maybe a little confusing The tagged ports Mean allow all the Vlan traffic to come through so port one is plugged into our PF sense And that's where the Vlan traffic comes from so we have to tag that port for port 30 to work We have port two and port three. They're ignoring anything Vlan 30 I just just for testing purposes. I did that you can change it Port four is where we have the P the unify plugged in So we want that to pull the tags and bring them over to here and send them out Then we have port seven and eight now What we're gonna do with seven and eight is we want them part of the members was it is a member But it's an untagged member what that means is we strip off the Vlan tag and forward over So if I plug in a my laptop and we'll do this in the demo here to port seven or eight Untagged my laptop will get an IP address because it's gonna come in here It's gonna have the tag of 30 and it's gonna get an IP address from port seven or eight of the 192 168 dot 30 network versus when I plug it in here because everything else is a member of this Network the other ports will get that now There's one more step to being able to do that and also if you want to create a new port Let's say if we had another Vlan you actually just type it in and hit add and it shows up down here Kind of weird how that works, but to make the ports work You have to go over here then and then assign a PV ID setting Now this is a port Vlan ID and what we're doing here These ports all have the default of one, but we took port seven and eight and assigned them up 30 And with that that is the final follow-through so ports seven and eight will get to dot 30 address So it's kind of weird because they should I think this could be done in one menu, but they've chosen to do it too So we're gonna go here. We put in 30 We have an untagged port up here because we want the tags removed because we want physical devices plugged into those Land ports versus when you have it tagged here that's because we want both Vlands the main Vlan the main land and then the Vlan 30 to be forwarded to the unify so we have to have this one tagged But these are the untagged ones because if these were tagged that means they could switch back in for three either so you only want to plug in devices that are smart enough to Delegate Vlands where they're supposed to go to be on a tagged port and untag port is for dumb devices that are just going to Get an IP address based on the Vlan tag. So there's our setup port seven at 30 port eight at 30 So they're going to pull the 192 168 dot 30 network So pretty straightforward. I have tested the Unify and we'll pull that up real quick here just to show you the unify settings So here's that unify plugged in it's at 192 168 102 We're gonna go over here to settings Wireless networks. Here's our craft Wi-Fi Vlan 30 and I've covered this before in other videos You just create it pull that same Vlan and now the tagged port brings over all the Vlands I've tested this it works perfectly fine. So if I kept to the crap things it gets that But this is where I found kind of a flaw in the switch. So we're gonna take my laptop and open up the terminal So here's my adapter that's plugged into the network And right here is my 192 168 1.100 Like I said, this is plugged into port 2 on this. So if we look at what port 2 is set at Port 2 carries all the traffic and gives me the 192 168 1 and then we're gonna go switch over to port 8 here which carry which should change my IP address to match the dot 30 network and now we look and I've got a 30 dot 100 address So it does work, but that's only part of it. Let's talk about Vlan hopping real quick So the question is and I'm not gonna do a full-blown attack. There's lots of different attacks You can read about this for brevity here. We're just gonna show that Normally I should not be able to Get back to the other Vlan without a firewall rule that allows me to do so And I do have a firewall rule enable that does allow me to get back to the PF sense box But I shouldn't be able to hop this Vlan to a different IP address So by default I have via DHCP one nine two six eight thirty dot one hundred from plugged in there But let's go ahead and change my static IP address settings Now what I'm doing here is assigning my system one nine two one six eight one dot nine But leaving it plugged into port eight, which is D dot 30 network now a smart switch should protect me from doing this And let's check it out here. So I am at one nine two one six seven nine I have forced my way on to the network and this is what an attack vector is to Try different IP blocks, and then I'm gonna try and ping one two one six one dot one So this would be going in through port eight out through port one Where that's located and I can't ping it. So good. I'm not Jumping out of the Vlan now. I like I didn't try all kinds of different attack vectors I'm not gonna think that this switch is gonna really hold up to anything really scrutinous here But I will point out this I Can ping the management interface and I should not be able to do that So I it would appear the management interface. I can only speculate without having a design Spec of this that the management interface is simply tied to the backplane as a virtual extra port on this and Doesn't look through the Vlan rules before allowing me to get to it So by simply forcing my computer to be the same address as whatever the management address Ranges by putting myself in that same network. I'm able to get to it and I can prove that Here so it does recognize me as a different IP address. It doesn't make me login again But I'm in so that's kind of interesting to me And I point this out to a security friend and he asked well, how are you gonna threaten me to get this? I'm like I'm gonna tell people not to put 30 dot $39 switches in their corporate network but but if you want to get a switch that's affordable and We'll get Vlan started or be able to do lag and port mirroring and especially if you're if you're into digging into how networks work Great thing to start playing with I wish it had enough to say trouble I can get him behind the scenes and really start playing with it. I didn't find anything open If I find anything later, I'll update this but so far I didn't find I didn't spend a whole lot of time trying to hack it Maybe there's someone out there who did if I do find that I will do and follow up video on it But I would say this is not a bad for the price If you're a home user and you want to start understanding how VLANs and tags work and start experimenting with networks It's still like I said, I've recommended by I would definitely Think it's a great place to start if you plan to use it for your own little storage network and use some lag interfaces on there I may do some testing with that later I just don't have anything handy that I can take apart to do that with at the moment But I'm sure it would be good for that as well So like I said, maybe you want to do a failover or you need that kind of manage and set up the lag on there Might be fun. It's a fun thing to play with. The price is very reasonable on this But the security you know less than reasonable if you have a good password on there I probably still could be brute force them like I said it doesn't support any HTTPS it's a HTTP only to get to it So they don't even have a self-sign certificate in this thing But hopefully this was helpful and like I said if I don't think it's bad for the price But it's certainly not an advanced piece of networking equipment and certainly don't install this in your corporate network It will probably cause some headache at some point down the road. All right. Thanks Thanks for watching if you liked this video go ahead and click the thumbs up Leave us some feedback below to let us know any details what you like and didn't like as well because we love hearing a feedback Or if you just want to say thanks leave a comment If you wanted to be notified of new videos as they come out go ahead and subscribe and the bell icon that lets YouTube know That you're interested in notifications. Hopefully they send them as we've learned with YouTube Anyways, if you want to contract us for consulting services You go ahead and hit Lawrence systems calm and you can reach out to us for all the projects that we can do and help you We work with a lot of small businesses it companies even some large companies and you can farm different work out to us Or just hire us as a consultant to help design your network Also, if you want to help the channel in other ways, we have a patreon We have affiliate links you'll find them in the description You'll also find recommendations to other affiliate links and things you can sign up for on Lawrence systems calm once again Thanks for watching and I'll see you in the next video