Horaco 2.5GbE Managed Switch (8 x 2.5GbE + 1 10Gb SFP+)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

ncage

New Member
Mar 8, 2024
11
1
1
So far dealing with the aliexpress seller is mixed (xikestor). They are definitely nice & cordial but after they found out i had technical chops i think they might be abusing it slightly...but we will see how it goes from here. I have had to jump through a lot of hoops. Ive sent them screenshots of the web interface taking over 8 minutes (yes 8 minutes to come back). Its almost impossible for me to use at this point because its so slow in most cases i can't ever log in (timeout). For example then wanted me to check where STP (Spanning tree protocol) was set on the switch. I know why because they think something on the network is conflicting. So in the end i took the ownest & disconnected everything from the switch except for computer trying to connect to the web management interface (which didn't make a difference of course). Most people wouldn't be able to give them this much information. For anyone curious here you go :)

Anyways they are trying to pressure me to be able to connect remotely to my computer which i am not going to allow. Who wants someone you know connect to your computer from China? No Thanks!!!!

Anways going through all of this i have to disconnect from the internet (because i have to hard code my computer ip so i can connect to the switch). Its starting to drag at this point
 

Attachments

up-n-atom

Neko
May 30, 2019
31
50
18
Canada
www.eleventwentytwo.com
I'm trying to replace flash chip but so far no luck. I'm aware of the UID/OTP protection they have put into the firmware but even after programiinig OTP area with newly generated key, still switch boot-loops with non-orginal chip. So far I only used Winbond chips as replacements. I could find FUDAN FM25Q16 (that's the original one) but only in SO8 150mils case - smaller than originally installed chip and does not fit into the ZIF SO8 208mils socket I installed. FM25Q16's in SO8 208mils version (as installed in the switch) seem to be unavailable. I purchased some Gigadevice GD25Q16 chip and will give it a try.
I'm running with a GD25Q32BSIG (which the B revision doesn't have mention of 4Bh command but responds with constant data). The important part is making sure that the chip supports the commands 4Bh (Read Unique ID) and 48h (Read Security Sector/Register) but also shares the same security topology of 4x256 byte. If those are checked a long with the voltages in the datasheet the flash can likely be used.

As for the FM25Q16 the part no. you want to search for on AliExpress is FM25Q16A-SOB-T-G (SOB = 208mil) or you can buy it on LCSC FM25Q16A-SOB-T-G FUDAN MICRO | C358633 - LCSC Electronics

EDIT: Here's an Ali link https://www.aliexpress.com/item/1005006071453869.html

For those who can't access the WebUI you're likely falling into a https ONLY mode browser feature since these switches are http.

How to Enable HTTPS-Only Mode in Chrome, Firefox, Edge, and Safari a blog post on how to enable the https ONLY feature which is now default on every browser, so do the opposite to disable it or add a URL exception.
 
Last edited:
  • Like
Reactions: blunden

switchfan

New Member
Jan 14, 2024
14
7
3
I have a ZX-SWTGW215AS with a similar issue: After a day or latest after a few days, it loses connectivity to the WebUI entirely.
PowerCycle brings back the WebUI into operation.
Now I just replaced the original 12V/1A PSU with a different one (12V/1,5A) which I found in my spare parts box...
Will report if this changed anything.
With the different PSU, after 2 days of operation, the switch does not respond to the WebUI and turned again into an unmanaged switch.
Power Cycle helped again.
So, unfortunately the root-cause was *not* the PSU and my problem persists.
 

Ozymandias

New Member
Jun 2, 2022
9
7
3
I had an identical problem with my Horaco - it was configured with dhcp and vlans. After a time the Horaco was requesting an ip from one of the vlans and losing connectivity. Setting the Horaco to not using dhcp and having a static ip cured the problem.
 

switchfan

New Member
Jan 14, 2024
14
7
3
Thanks for your input - unfortunately this does not help, since my Horaco switch is configured with a static IP from day one.
 

ncage

New Member
Mar 8, 2024
11
1
1
So the same seller (xistore) is selling the same switch on amazon. I received it today & OMG its like a breath of fresh air. The UI comes back immediately and is relatively fast (especially when your use to waiting for the page to come back 8+ minutes). So it was in fact a bad switch but trying to get them to replace the switch has been not much fun. They have tried & tried to push me to be able to remotely access my machine which i am not going to allow. I should have just lied and said it died and there is a burning smell from it but i'm honest & was telling them the truth.

Anyways the switch even came with the same hardware version (1.1). It came with 1.3 version of the firmware which I immediately updated to 1.9. I am just going to return the bad switch back to amazon to make my return process easier (in the end the seller will replace it whether they want to or not). They should have anyways since i'm well within my 1 year for my warranty.

In the end i think i'm still going to end up replacing it with either a mikrotik or tplink switch but at least i don't have to rush my decision now.
 
  • Like
Reactions: BeefStu

ncage

New Member
Mar 8, 2024
11
1
1
oh another thing if anyone every has this issue. I wasn't sure if you could ping the switch or not. My defective switch i couldn't ping when i was having these issues. The new switch i can ping just fine. So thats one way to find out if your switch has issues.
 

Shonk

Member
Nov 25, 2016
50
25
18
73
oh another thing if anyone every has this issue. I wasn't sure if you could ping the switch or not. My defective switch i couldn't ping when i was having these issues. The new switch i can ping just fine. So thats one way to find out if your switch has issues.
Its a bit slow responding but yeah it reply's
Code:
C:\Windows\system32>ping switch

Pinging switch.shonk.org [192.168.0.253] with 32 bytes of data:
Reply from 192.168.0.253: bytes=32 time=2ms TTL=64
Reply from 192.168.0.253: bytes=32 time=2ms TTL=64
Reply from 192.168.0.253: bytes=32 time=2ms TTL=64
Reply from 192.168.0.253: bytes=32 time=2ms TTL=64

Ping statistics for 192.168.0.253:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 2ms, Average = 2ms

C:\Windows\system32>ping i9-14900ks

Pinging i9-14900ks.shonk.org [192.168.0.16] with 32 bytes of data:
Reply from 192.168.0.16: bytes=32 time<1ms TTL=128
Reply from 192.168.0.16: bytes=32 time<1ms TTL=128
Reply from 192.168.0.16: bytes=32 time<1ms TTL=128
Reply from 192.168.0.16: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.0.16:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 

rkbest13

New Member
Sep 8, 2024
4
0
1
To achieve what you describe (and augment with the diagram) you need something that joins the different networks.
What you pictured is a physical diagram, which is ok, but the logical is what you're missing.

Let's assume that the networt that was already in place is defined as:

LAN1 -> 192.168.0.0/24 ---- Default gateway 192.168.0.1 (I assume is the modem/router that the ISP gives you)

And the second separated network is the one you want to achieve:

LAN2 -> 192.168.1.0/24 --- Default gateway -> This is missing

For that you need something that acts as a router between LAN1 and LAN2

In the Sodola, you need to define 2 VLANs, one for LAN1 (VLAN1) and the other for LAN2 (VLAN2)

So the configuration is similar to this

VLAN2 -> Ports 1 to 4 untagged
VLAN1 -> Port 5 untagged / Port 4 tagged

------
Do the same on the PVID section and assign the correct untagged VLAN to the ports (port 4 needs to accept both)


The key here is that there will be 1 port that can access both VLANs and that's where a router is needed, if you desktop is on 24x7 you could put a vm or if you use linux just enable ip forwarding.

Hope this helps you figure it out.
thanks for your directions, I am trying to setup vlans so that i can use one port for trunk that connects to AP with multiple VLAN SSIDs. I did as you suggested and add VLAN to the 3 VLAN tags i have 50,70,100. I am not familiar whats the use of PVID in this case and how those should be set.

What i want to be able to use the managed switch to connect to my servers VLAN1(default) and have two APs connected to port 7,8 that can allow all traffic, vlan1,50,70,100.
Right now if i connect the AP, the VLAN1 SSID gets internet bit other tagged vlans dont get any connectivity. The switch is behind pfsense and I have the VLAN set in the interfaces.
 

Attachments

Last edited:

ncage

New Member
Mar 8, 2024
11
1
1
Just to give everyone an update the seller (again `xistore`) sent me a message on aliexpress wanting to just give me $10 for the warranty. So take that into account how far the warranty goes with one of these things.
 

joeribl

Active Member
Jun 6, 2021
154
50
28
Just to give everyone an update the seller (again `xistore`) sent me a message on aliexpress wanting to just give me $10 for the warranty. So take that into account how far the warranty goes with one of these things.
Did you threaten them with a 1 star review?
 

binfree

Member
Jul 17, 2024
42
18
8
You can usually ask AliEx to step in. All vendors have requirements to maintain status on the platform.

But, same as most, I'm always apprehensive about spending real money on these kind of things overseas. I've been lucky so far, in that the only uncorrectable problems have been with non-delivery, which makes them clear-cut for refunds.
 
  • Like
Reactions: blunden

m3e

New Member
Jul 25, 2023
11
4
3
thanks for your directions, I am trying to setup vlans so that i can use one port for trunk that connects to AP with multiple VLAN SSIDs. I did as you suggested and add VLAN to the 3 VLAN tags i have 50,70,100. I am not familiar whats the use of PVID in this case and how those should be set.

What i want to be able to use the managed switch to connect to my servers VLAN1(default) and have two APs connected to port 7,8 that can allow all traffic, vlan1,50,70,100.
Right now if i connect the AP, the VLAN1 SSID gets internet bit other tagged vlans dont get any connectivity. The switch is behind pfsense and I have the VLAN set in the interfaces.
I've noticed that you have only port 8 set as tagged for those VLANs. This means that switch expects tagged traffic of those VLANs only on the port 8 and is unable to forward it anywhere else. You should add all ports which should handle this traffic (i.e ports 7,8 for the two APs and the upstream port of the pfSense)
 

rkbest13

New Member
Sep 8, 2024
4
0
1
I've noticed that you have only port 8 set as tagged for those VLANs. This means that switch expects tagged traffic of those VLANs only on the port 8 and is unable to forward it anywhere else. You should add all ports which should handle this traffic (i.e ports 7,8 for the two APs and the upstream port of the pfSense)
Thanks for clarity. Also, is it same to mark those ports as trunk (still need to find that option on the UI).
 

m3e

New Member
Jul 25, 2023
11
4
3
Thanks for clarity. Also, is it same to mark those ports as trunk (still need to find that option on the UI).
Tagged VLAN port is the same as trunk. If you have it setup correctly in the router (with dhcp and firewall rules) it should just work once you configure switch. You can check if pfsense sees the vlan traffic with tcpdump:

Bash:
 sudo tcpdump -i <parent interface name> -e vlan <vlan number>
 

vdroid

New Member
Jul 27, 2024
1
0
1
I recently got a Keeplink KP-9000-9XHPML-X, which is 8x2.5gb 1xSFP+ Managed POE switch with v1.6 and used this firmware to upgrade to v1.9.
It seemed to upgrade fine, but SFP port got completely disabled and VLAN tagging got problematic.

Just to see how it goes, I installed the non-POE v1.9 for 218 series, and it worked quite nicely. The POE related LEDs are not working, and the POE tab in the web managed is gone, but the actual POE functionality is working nicely. It seem that POE is hardware controlled, the software is just for reporting the POE states. The VLAN tagging is also working as expected, so I am keeping this non POE version. I'll try to contact the seller to see if they can provide the right firmware to get back the POE tabs and LEDs.

PS: The POE version 1.9 firmware above, and the default 1.6 I received with the switch does not have the user "hengrui" to get to the factory settings. Looking in the firmware, I found the user "hasivo" with hash "f59f7de1f47f9c66a6126f94566b0c2c", and that is indeed working through the developer console code earlier in the thread.
I recently bought Keeplink KP-9000-9XHPML-X with default firmware v1.9.1 and hardware v1.1 and none of my PoE devices are working. There's no PoE management option in the web portal either. Wondering which firmware build did you end up with?
 

rkbest13

New Member
Sep 8, 2024
4
0
1
Tagged VLAN port is the same as trunk. If you have it setup correctly in the router (with dhcp and firewall rules) it should just work once you configure switch. You can check if pfsense sees the vlan traffic with tcpdump:

Bash:
 sudo tcpdump -i <parent interface name> -e vlan <vlan number>
I could not find a trunk or access option so this is what i did. There is a group trunk setting with static or LACP option but not sure if it will do what you suggested. Does this look like it will do what i am expecting to pass all tagged traffic from port 8-9 (two separate APs with similar SSIDs for each vlan) and the uplink will be port 1.
 

Attachments

Last edited:

rkbest13

New Member
Sep 8, 2024
4
0
1
I could not find a trunk or access option so this is what i did. There is a group trunk setting with static or LACP option but not sure if it will do what you suggested. Does this look like it will do what i am expecting to pass all tagged traffic from port 8-9 (two separate APs with similar SSIDs for each vlan) and the uplink will be port 1.
Update: the configuration works now with my AP assigning right IP address and access to internet.
Two remaining issues/questions:
1. I cant find the switch on my pfsense with the mac address. its just not showing anywhere even though things are working as expected. Is there a way to trace it?
2. I need one single port to be an isolated port without native vlan1 assignment so that my work laptop can be completely isolated
from other subnets and not get vlan1 ip using dhcp.
 
Last edited:

StanG

New Member
Aug 21, 2024
5
0
1
Just set the port to untagged for the VLAN xxx, set the port to not member for all the other VLAN's and set the PVID on the port to VLAN xxx
 

stanleyb7

New Member
Sep 17, 2024
1
0
1
We have series of power outages and voltage drops due to strong winds and floods. Seems that my Horaco ZX-SWTGW218AS is not OK since. It does not respond on the Web interface, indeed on the default IP after reset. Traffic is switched though but with issues...
Any hints? Could re-flashing it over serial help?