Netgear GS108T Smart Switch Notes

I have a couple Netgear GS108T 8-port gigabit switches around, so I decided to learn more about them.

The GS108T switch is interesting from a number of perspectives:

  • it’s all-singing and dancing: quite full-featured managed switch with port mirroring, counters, jumbo frames (1,518 to 9,728 bytes, though Netgear standard is 9216 bytes for other devices), syslog, SNMP (OID aka ng700smartswitch, but only 32-bit counters – will overflow daily with even moderate gigabit traffic), VLANs, MAC filtering, IP filtering, etc.
  • original version had telnet and HTTP admin access. Since 3.x firmware, just web administration. Actually, there’s 2 web servers in firmware: one in the Netgear firmware, and another in the Broadcom “loader” firmware fail-safe mode.
  • adequate performance for small offices
  • low power – around 8-12 watts
  • cheap – around $100 retail
  • this version is supposedly immune to the defective Chinese capacitor problems that plagued the 10/100 models earlier.
  • comes with a PC management software CD, but you can ignore that and use a linux or Mac web browser.

Although you can just treat it like an unmanaged switch and just plug cables into it, you really should at least change the default password first and ensure SNMP is filtered, especially if it could face the Internet. Besides bricking your switch, somebody could sniff all traffic using port mirroring, read your password with SNMP, or deny access to your network with the port, MAC and IP filters.

The drawbacks with Netgear switches in general are lackluster customer support, and their bizarre relationship with the NTP community (in the past, Netgear hard-coded the IP addresses for time servers. Then they provided a time server, only to yank it later. Now they still don’t document how to configure their switches for time the right way with

The web UI is quite comprehensive, but uses frames and extensive JavaScript, so does not work at all by default in elinks or lynx. A workaround to login and get a read-only listing of settings is to save the login.htm screen, add a regular submit button, and point the form tag to your switch URL.

<form name="login" action="" method="post">
Password: <input type=password name=passwd value=password>
<input type=submit> <input type=hidden name=rtime> </form> </body> </html>

After logging in, this form can reset the switch:

<form name="reset" action="" method="post">
<input name="confirm" type="hidden" value="yes">
<input type=submit>

One of my units has an older firmware version, with telnet support. It was discontinued likely because it got out of date compared to the web version, and possibly ecos is not used now for maintenance or GPL-license issues. There don’t seem to be that many options compared to the web UI, though the load configuration command could be a work-around for that.

$ telnet

login: admin
password: ********

 Welcome to ECOS shell
ecos> factorycfg
       factorycfg show
       factorycfg get 
       factorycfg write  = ...
            where magic is FCFG (to prevent accident)
ecos> factorycfg show
ecos> ifconfig
  eth0: off
  eth1: DHCP failed; fallback to static
ecos> help
counters		  Displays CPU counter
exit		  exit shell
factorycfg		  Factory configurables
help		  Displays Help information
httpd		  Enable/disable HTTPd at startup
lacp		  lacp configuaration
load		  Load configurations
logger		  Logger configurations
showlog		  Show logs
nvram		  nvram utility function
reboot		  Reboot System
rstp		  Displays/configure RSTP
save		  Save configurations
showMem		  displays memory info
showThreads		  Displays running threads information
telnetd		  Enable/disable telnet daemon
ifconfig		  configure interface
ecos> counters
################# Counter #################
end : rx counter 1440
end : tx counter 709  --  bc 21   mc 0   uc 688
discovery : rx counter 0
discovery : tx counter 0
ecos> showlog
Usage: showlog  []
       NOTE: logs are shown from latest entry to oldest entry
             except that starting index is specified.
ecos> showMem
Memory Information:  Total 10587360  Free 8904556  Max 8837100
ecos> showThreads
ID: 0003 name: Network alarm support pri: 6 state: 1
ID: 0004 name:      Network support pri: 7 state: 1
ID: 0005 name:             Main App pri: 8 state: 1
ID: 0006 name:              monitor pri: 3 state: 1
ID: 0007 name:             flashlog pri: 8 state: 1
ID: 0008 name:               bcmDPC pri: 7 state: 1
ID: 0009 name:       FactoryDefault pri: 5 state: 1
ID: 000a name:             bcmARL.0 pri: 8 state: 0
ID: 000b name:              impprot pri: 8 state: 0
ID: 000c name:           tCOUNTER.0 pri: 8 state: 0
ID: 000d name:                bcmTX pri: 7 state: 1
ID: 000e name:         multiAsyncTX pri: 8 state: 1
ID: 000f name:            bcmLINK.0 pri: 8 state: 0
ID: 0010 name:                httpd pri: 8 state: 0
ID: 0011 name:          httpd_timer pri: 8 state: 0
ID: 0012 name:                snmpd pri: 8 state: 1
ID: 0013 name:         rmon_counter pri: 8 state: 0
ID: 0014 name: rmon_resource_reclaim pri: 8 state: 1
ID: 0015 name:              bcmRX.0 pri: 7 state: 1
ID: 0016 name:         timer_thread pri: 8 state: 0
ID: 0017 name:            Dot1X_rad pri: 8 state: 0
ID: 0018 name:              telnetd pri: 8 state: 1
ID: 0019 name:            discovery pri: 8 state: 1
ID: 0001 name:          Idle Thread pri: 31 state: 0
ID: 001c name:        telnet client pri: 8 state: 0
ecos> save
Usage: save name|group|all|factory [|]
ecos> save all
ecos> nvram show
ecos> nvram get STARTUP
boot -z -elf vflash0.os: ; boot -z -elf vflash0.os2: ; ifconfig eth1 -addr= -mask= -gw=
ecos> exit

The ecos terminal program understands semi-colon as a command separator, but quoting seems to be a syntax error. Thus you can change commands that originally contained embedded spaces to something new, but cannot change the value back to the original.

If the switch default admin IP address of doesn’t match your network settings, you can do this in linux:

# ip addr add dev eth0

Using the linux ip command allows you to add this address on top of your existing address, so you can still be connected to your network.

If you configure jumbo frame support on your switches and hosts, you can test that with the ip route get command:

# ip route get dev eth0 src
cache mtu 9000 advmss 1460 hoplimit 64

Bricking the Netgear GS108T

If the GS108T cannot successfully load the Netgear firmware at boot time, then it remains in Broadcom loader mode.

(A careful reader of this blog post can figure out how to do that in about 5 minutes.)

Effectively loader mode is the same as “bricked”, since there are no end-user tools available to fix the switch configuration with, and resetting the switch or re-installing Netgear-provided firmware doesn’t fix the loader problem – those actions only reset the Netgear-specific settings. Thus time to RMA the unit for a replacement.

Here are some images showing what loader mode looks like:

Netgear GS108T web admin showing Broadcom firmware upload form

Netgear GS108T web admin showing Broadcom firmware upload form

Netgear GS108T in loader mode according to the SmartWizard utility

Netgear GS108T in loader mode according to the SmartWizard utility Default Password for NETGEAR Devices What is the Jumbo Frame Supported by Switches and Adapters? Reset and Restore the NETGEAR device to Factory Default Settings Defining Terms: Power Cycle, Boot, Reboot, Restart, Reset, and Hard Reset Where to Get TFTP for Managed Switch and Access Point Upgrades

A Switch Even a Penguin Can Love
Netgear KB: GS108T 8-Port Gigabit Smart Switch
Linux Configure Jumbo Frames to Boost Network Performance / Throughput Jumbo frames? Yes!
Linux Configure Jumbo Frames to Boost Network Performance / Throughput
Dr. Joe: Jumbo Frame Clean Networking Gear

This entry was posted in Business, Open Source, Tech, Toys. Bookmark the permalink.

7 Responses to Netgear GS108T Smart Switch Notes

  1. mike says:

    James could you provide an example of a syslog record entry in full DEBUG mode from the gs108t?

  2. Hi Mike.

    My 1.x firmware version (the command-line fw one) got bricked, and it will be a while before I get another one.

    Next time I play with a 2.x fw version I’ll see what’s available.

    Any reason you’re specifically interested in syslog output?

    Thanks, James.

  3. Chris says:

    This manageable switch is a shit !

    I have buy a V2 version because I am using VoIP protocol.
    When I phone, the switch hang, then restart, making loosing all connection.

    As it’s a bad prototype, I have loose 100 Euro !
    There is a new firmware all week, that means all.

  4. Rao says:

    Hi James, I was just wondering, is it possible to add static routes for the Vlan’s created in this switch. It is sort of useless to have Vlans without having the option to define routes. Would appreciate the answer. Besides that, nice post :-9

  5. Anonymous says:


    The GS108T is strictly a Layer 2 switch, so you will need to use a separate Layer 3 Router if you want to route IP traffic between your different VLANs.

    Many Routers support defining multiple VLANs on a single NIC interface, so your existing router may already have this support built in.

  6. For those of you who found this while googling “netgear loader mode” or some such thing; try using the SmartWizard discovery tool to restore the firmware. The one gotcha I found is that the tool will want a password when you push the firmware file, but it is not the password you set on your device, it is the default (in my case for a GS748T switch: password 😒)

    It’s quite possible that James is right for the model he’s talking about here, and loader mode is effectively bricked, but I was able to get my 48port gigabit switch back up and running.

    Pretty sure its just sending a tftp PUT command with a password and some kind EOL that makes the Broadcom loader aware there’s a FW to run from now.

  7. gewt says:

    Old post I know…but I just bought a v2 and decided to binwalk the firmware.

    Running `strings` on the extracted archive shows…enough to indicate the CLI is still present.

    Also, there’s a UART somewhere inside according to the firmware:

    %s at 0x%X
    NS16550 UART

    Invalid U-Boot image
    Unpacking U-Boot image at 0x%08lx ….
    Unsupported Architecture
    length is %d
    LINUX_CMDLINE doesnt match initd=@ format

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.