6
Votes

TL-SG105E / TL-SG108E How to Block Management VLAN

 
6
Votes

TL-SG105E / TL-SG108E How to Block Management VLAN

23 Reply
Re:TL-SG105E / TL-SG108E How to Block Management VLAN
2024-03-12 07:34:41

  @Clive_A 

 

I've just bought the Zyxel switch. Thank you for encouraging me not to buy TP-Link products anymore.

 

This thread is a perfect example of how TP-Link deals with customers. I've been using TP-Link products for many years while having used D-Link, Zyxel and other brands as well. Telling me to "go somewhere else" when trying to affirm feedback to improve your products is just ridiculous.

 

I'd assess the missing feature like management VLAN as security vulnerability. The management interface should never be accessible e.g. via a guest VLAN. This should have been implemented right from the beginning.

 

To answer your point regarding "Easy Smart" != "Smart Managed": These are marketing terms coined by TP-Link. D-Link uses for the suggested product line "Simple. Easy. Smart". They are comparable in features and price, but the DGS-1100 series allows for setting a dedicated management VLAN.

 

The Zyxel GS1900 series is indeed more feature-rich at a small price premium, giving TLS/SSL web-ui as well.

#12
Options
Re:TL-SG105E / TL-SG108E How to Block Management VLAN
2024-03-12 08:34:58

Hi @imoula

imoula wrote

  @Clive_A 

 

I've just bought the Zyxel switch. Thank you for encouraging me not to buy TP-Link products anymore.

 

This thread is a perfect example of how TP-Link deals with customers. I've been using TP-Link products for many years while having used D-Link, Zyxel and other brands as well. Telling me to "go somewhere else" when trying to affirm feedback to improve your products is just ridiculous.

 

I'd assess the missing feature like management VLAN as security vulnerability. The management interface should never be accessible e.g. via a guest VLAN. This should have been implemented right from the beginning.

 

To answer your point regarding "Easy Smart" != "Smart Managed": These are marketing terms coined by TP-Link. D-Link uses for the suggested product line "Simple. Easy. Smart". They are comparable in features and price, but the DGS-1100 series allows for setting a dedicated management VLAN.

 

The Zyxel GS1900 series is indeed more feature-rich at a small price premium, giving TLS/SSL web-ui as well.

I am not interested in arguing the naming format. It is not my decision as well and I cannot change it. If you don't believe it, I recall some websites have explanations on our router, switch, and AP naming format. I came across that site and was amazed at its accuracy for a non-employee to conclude the naming format accurately like that. That's basically right on most parts.

The internal training materials have mentioned the naming format and it is a fact. Yet, I cannot share that training material with you. But it does nothing good to me to lie on this matter.

If you believe they are equal, so be it. But we divide them into four tiers and they are equipped with the features the dev team thinks are right. It is also something you or I can change. Yet, thank you for your feedback on it. You think that might be wrong, that's your opinion. And I make sure it's heard but if there is a change or not, it is not guaranteed. (Every request I have explained is not guaranteed and will go through evaluation. Or you should have an expectation it may fail the evaluation. Not every request seems to make sense when you put in the whole product line and stratification.)

 

As there is no constructive result from this, I discussed this and explicitly and inexplicitly recommend you move to Omada series which supports Management VLAN or other solutions to resolve the problem instead of complaining here. It's your choice and freedom to either consider the Omada series or a different brand while things are in dilemma or stagnant.

It is really impossible to foresee everyone loves a brand. You can move along and forward as you dive further into the networking.

 

Some of your opinions are subjective and only for your benefit, that's beyond my worries.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#13
Options
Re:TL-SG105E / TL-SG108E How to Block Management VLAN
2024-08-28 07:29:06

Due to the security issues with such a design, the marketing behind such products with limited feature sets and faulty/incomplete implementations, and users such as @Clive_A defending the product and marketing segments, I must draw attention to the issues affecting switches like the TL-SG108E which are not readily admitted and which this thread seems to suggest are never to be resolved:

 

  • No HTTPS
  • No SSH
  • DHCP influenced by/traffic leaked to every VLAN accessible to the switch
  • Management address and HTTP interface are available to every VLAN accessible to the switch

 

These seem to be significant issues for security and present simple/obvious operational implications should a DHCP server exist on more than one VLAN.  I do not care what the products are named or how they are marketed.  I care when the ability to use VLANs for security and isolation is crippled by faulty/incomplete implementation and questionable design choices - the sort of things that turn any defects in the web UI (and any ability to reveal the management password sent via HTTP) into exploits that can be used from (again) every VLAN accessible to the switch.

 

At this point, the posts so far at least acknowledge products by TP-Link and rival brands that may have proper functionality and suggests that the problematic behavior is "working as intended".  Along with that conclusion based on messages so far and lack of evidence to the contrary, I challenge TP-Link as a company and every developer involved in such behavior to defend this behavior and the decisions that led to it.  There is "no constructive result from this" defense of the product and naming strategy by Clive_A, and possibly no defense of the vulnerabilities in production firmware, the marketing strategy, lack of interest by the developers, and the continued sale of the products as if they fully implement VLANs in a useful and secure way.  I expect, though, that it is at least worth asking if the problems could be fixed with a firmware update or if the hardware has been released in a way that dooms buyers to having hardware that can only give them risks they would not reasonably expect from the advertised feature list.

 

--Baker_DSP

#14
Options
RE:TL-SG105E / TL-SG108E How to Block Management VLAN
2024-09-19 15:17:56
nice security feature to have.
#15
Options
RE:TL-SG105E / TL-SG108E How to Block Management VLAN
2024-09-22 11:56:05 - last edited 2024-09-22 12:09:03

Self-explanatory.. this is a security issue if this is NOT implemented.  Even for basic switch-gear.  If it's sold as "managed" in any capacity, this needs to be there.

#16
Options
RE:TL-SG105E / TL-SG108E How to Block Management VLAN
2024-09-23 01:14:09

Hi @utilsvcllc 

Thanks for posting in our business forum.

utilsvcllc wrote

Self-explanatory.. this is a security issue if this is NOT implemented.  Even for basic switch-gear.  If it's sold as "managed" in any capacity, this needs to be there.

This is not a managed switch in terms of the switch hierarchy. It is not reaching that level of management in our plan.

We recommend you consider the Omada Easy Smart switch as we are shifting the resources to the Omada product line. If you plan to get this feature, please consider the integrated Omada Easy Smart switch which works with the Omada Controller.

As you can see the official website has listed several Omada Easy Smart switches and Unmanaged switches.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#17
Options
RE:TL-SG105E / TL-SG108E How to Block Management VLAN
2024-09-23 01:24:31 - last edited 2024-09-23 01:27:49

  @Clive_A I'm well aware of TP-Link's products.. You're not picking up what I'm puttin' down bud.  Conceptualize my point at a big-picture level, and try again.  This is an outright defective reply.  Also, if you're going to be a p*ick, be a useful p*ick.  And FFS, why are you people censoring stuff lol.  I cant even type something that's remotely not even a swear word in here.. this is hilarious.  If y'all want to be a real functional compeditor to Ubiquity, you need to GET REAL.

#18
Options
RE:TL-SG105E / TL-SG108E How to Block Management VLAN
2024-09-23 01:38:09

Hi @utilsvcllc 

Thanks for posting in our business forum.

utilsvcllc wrote

  @Clive_A I'm well aware of TP-Link's products.. You're not picking up what I'm puttin' down bud.  Conceptualize my point at a big-picture level, and try again.  This is an outright defective reply.  Also, if you're going to be a p*ick, be a useful p*ick.  And FFS, why are you people censoring stuff lol.  I cant even type something that's remotely not even a swear word in here.. this is hilarious.  If y'all want to be a real functional compeditor to Ubiquity, you need to GET REAL.

You can stick to this model as I am internally informed that this was not considered recently. The full dev resources are shifting and this is an order from the head office and basically has the highest priority as I am aware. I will not further discuss and explain this.

As you are well aware of our products and how we have developed in the past decade, I think you'll understand what it means for us to catch up with the Omada solution full product line and shift from the old naming and subbrands. The update will gradually stop for these models over time.

 

We are multi-tasking to catch up not only with UBNT but also with Mikrotik and other giants. UBNT is not considered the biggest threat now. We are not only targeting the small and home users. Other platforms of ours are providing better solutions for the business users and it is expanding.

 

Note that I am not obliged to reply and explain what happens internally or if there is no further news or update to this. Merely for the sake of your interests.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#19
Options
Re:TL-SG105E / TL-SG108E How to Block Management VLAN
2024-09-23 01:39:59

  @imoula Bro here's just trash, don't worry.. I'm sure they're not all like him.   The bigger issue is the fact this is sold on Amazon and other places as literally a Managed Switch, when it is in-fact, NOT.    It ruins the reputation of some actually GREAT TP-Link products.  I'm going to have a chat with my MSP rep an see if we can get this dude away from us on these forums maybe.  This is impacting TP-Link's reputation in our industry, and I'm sure TP-Link doesn't want that.

#20
Options
RE:TL-SG105E / TL-SG108E How to Block Management VLAN
2024-09-23 01:42:50 - last edited 2024-09-23 01:43:09

  @Clive_A I don't even USE this switch model.. The issue is you're selling this/letting this be sold as a managed product when it isn't, not properly.  I'm surprised TP-Link's US division allows this to be sold.. usually troublesome SKU's like this are gatekept away so only the Asian etc markets get this less-than-stable/desireable etc stuff.  Again, you miss my (and other's) entire point and it's concept.

#21
Options