Hasivo managed 2.5g switches
- Thread starter istwok
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
I have no idea who the ODM is, what reference implementation they use or what ASIC they contain. So unless you can figure out those factors, I'd recommend against those.
The STH review for the unmanaged version: https://www.servethehome.com/the-ultimate-cheap-2-5gbe-poe-unmanaged-switch-hasivo-s1100p-8gt/
Edit: a little bit of digging later, it seems like it might be using a lower-end version of this: RTL9302C-CG - REALTEK
The STH review for the unmanaged version: https://www.servethehome.com/the-ultimate-cheap-2-5gbe-poe-unmanaged-switch-hasivo-s1100p-8gt/
Edit: a little bit of digging later, it seems like it might be using a lower-end version of this: RTL9302C-CG - REALTEK
Last edited:
Sadly, I do not. If you are personally not bothered by running a MIPS core based Realtek switch in your network, you can still get the one you linked to. To me, the issues with VLAN hopping because the switch doesn't care is enough to not bother with them.
I think some (Netgear?) firmwares for Realtek chips tried to fix it by slowing down the boot process and disabling all ports pre-boot so they don't come up in a pass-anything state before the software has time to load the actual settings, but I'm not sure that is the case for Hasivo.
I think some (Netgear?) firmwares for Realtek chips tried to fix it by slowing down the boot process and disabling all ports pre-boot so they don't come up in a pass-anything state before the software has time to load the actual settings, but I'm not sure that is the case for Hasivo.
Do you have documentation to link to on the VLAN hopping issue? So far i can only find issues with RTL819xD based devices
I don't have the references stored anywhere as it's been a while since I have seen them in the wild but IIRC most cases can be found via the TL-SG101xE reference because TP-Link also uses the same reference designs and white label software. Those must have been around the RTL8367 ASIC era with 8051 CPU cores. (which ironically is better than most MIPS cores due to them being so limited that exploitation is harder)
There were two main issues and a third side-effect:
1. Some cases VLAN1 could not be removed from a port and not from the management plane, even if the UI said so.
2. Some cases all ports would start up in pass-anything mode before the VLAN table was loaded.
3. Most cases you could DoS the switch causing it to get reset by the WDT, combined with #2 you could connect to any device.
Since the devices (or rather the ASICs) are designed for home and prosumer use nobody really cares about manufacturing them to baseline security standards making them not suitable for their purpose (which is: multiple separate logical networks on the same physical hardware).
This was mostly misconfiguration in the reference design (hardware and software) which is usually how you'd find the devices to be out of the box. At some point people started rewriting the flash chips to make the ASIC boot with ports disabled, then load the user configuration and only then enable the ports, which is what it should have done to begin with. Same was done with the VLAN1 hangup, the configuration binaries could be downloaded, modified, re-checksummed and uploaded to actually disable global VLAN1 forwarding unless explicitly enabled per port.
In a way, this at least allows you to be sure of the actual configuration of the ASIC since its limited hardware (and software) makes for easy disassembly and verification for any reverse-engineer. Ironically, that makes a low-end management ASIC more transparent than a higher-end ASIC, but less useful for the general user than it should have been.
What do you think of the unmanaged, Hasivo, 2.5g switches (the ones STH reveiwed and seemed to like)? If I had to, I could get by with an unanaged switch as my current VLAN needs are all 1g devices and I have a switch that could handle that. The immediate think is I now have 3 devices with 2.5g NICs and would like to be able to take advantage of the extra speed.
Unmanaged should be fine, at worst it might be vulnerable to some ARP spoofing but if that was a problem, it wouldn't be at the top of any list ;-) The great thing about not having to 'trust' a switch is that all it needs to do is forward frames, and as long as it does that, it's all good.