Overview of the Netgear GS Switch Series
Netgear switch models GS728TS, GS728TPS, GS752TS, and GS752TPS (Gigabit Smart Switches) are value-priced edge switches (about $1000 on Amazon for the GS752TPS 48-port model with PoE) with limited Layer 3 routing capabilities. These switches are best deployed as edge switches in a small office environment with a limited budget. The fan noise is annoying but not deafening, so they should be located in a network closet or noise-insulated rack. In the case of budget constraints, the GS7 series could be used as core switches. They can be stacked for high availability, and they support LAGs and bonding to allow equipment with multiple NICs to run one cable to each switch, allowing the equipment to stay up even if one switch unit dies. However, these switches are not really designed for “enterprise” use as core switches.
Pros of the Netgear GS Switch Series
These are pretty much the cheapest switches that will support VLANs, basic Level 3 routing between VLANs, modern POE (TPS models only), and stacking. Other competitors, such as Ubiquiti switches, don’t support stacking, which may lead to a single point of failure in some configurations.
Cons of the Netgear GS Series
- No console port. If you accidentally configure the switch in such a way that you can’t reach a management IP, you’ll be doing a factory reset.
- Flaky HTTP management interface. I always enable the HTTPS management mode and disable HTTP. However, sometimes the interface just stops responding to HTTPS and only responds to HTTP requests. At that point, it’s best to save your config and reboot the stack before the UI stops responding altogether. The switches will keep on switching even if the management UI goes crazy, but a full reboot (that brings down the network) is required to restart the management interface.
- No SSH command-line access.
- Very limited access controls. There’s no username-just a password. You can configure RADIUS and TACACS+ authentication.
- Firmware is very rarely updated.
WARNING: The GS728TS, GS728TPS, GS752TS, and GS752TPS Gigabit Smart Switches have no console port, so if you do anything to the switch that cuts off your network access to the management interface, you must reset the switch to factory defaults (there is a recessed button on the left side of the front panel) Be very careful configuring VLANS and access controls!
The Netgear installation guide guides you to use their “Smart Control Center Utility” on a Windows PC. This step is totally unnecessary. When the switch first boots, its factory default IP address is 192.168.0.239 with gateway 192.168.0.254, and it has a DHCP client that will receive an address from your DHCP server. Simply point your web browser to the appropriate IP address. The Netgear factory default password is “password”.
Management IP Configuration
If you’re using the switch with VLAN routing, this section (System->Management->IP Configuration) is pretty much meaningless. Set the management VLAN to some random, high VLAN that you won’t be using, and set a static link-local IP address that can’t be reached. Once VLAN routing is configured, you can access the switch management interface at the IP address of any VLAN router. If you use a “real” VLAN for management, the switch won’t allow you to create a VLAN router for that VLAN. (https://community.netgear.com/t5/Smart-Plus-Click-Switches/Process-to-create-VLAN-and-route-between-them/td-p/1447498)
Securing the Admin Interface
At this point, anyone on any VLAN can access the switch’s admin interface, which is obviously not a good idea. Go to Security->Access->Access Control and add an access rule to only allow HTTPS from safe subnet(s) that unprivileged users won’t have access to. Be sure that you have the ability to access the switch from that IP range, or you’ll lock yourself out of the switch and have to do a hardware factory reset.
More detail: https://community.netgear.com/t5/Managed-Switches/Management-VLAN-doesn-t-seem-to-do-anything/td-p/1173361
Layer 2 Configuration
This switch fully supports VLANs, though configuration is challenging if you aren’t familiar with Netgear’s UI and terminology. See my upcoming article titled, “What the hell is a PVID?”
Layer 3 Configuration
The GS series of Netgear switches supports the most minimal routing capabilities. It can route between VLANs, and you can enter a default route for IPs outside the local subnets. That’s it.
Power over Ethernet (PoE) Configuration
These switches support modern, “passive” IEEE PoE standards, though the UI is very confusing.
NOTE: only the first 8 ports on each switch support the high-power 802.3at standard! If you try to select “802.3at” on another port, you’ll get a confusing error message.
Here’s a quick reference to the various “High Power” configuration options from the manual:
- Disable: A port is powered in the IEEE 802.3af mode. (Default)
- Legacy: A port is powered using high-inrush current, which is used by legacy powered devices (PDs) with a power requirement greater than 15W from power up.
- Pre-802.3at. A port is powered in the IEEE 802.3af mode initially and switched to the high-power IEEE 802.3at mode before 75 msec. Use this mode if the PD is not performing Layer 2 classification, or if the switch is performing two-event Layer 1 classification.
- 802.3at. A port is powered in IEEE 802.3at mode. If the PD class detected by the switch is not Class 4 (type 2), the port will power up the PD, but only Class 4 PDs can be powered up in the IEEE 802.3at mode.
Saving the Config
You don’t need to save the config on these switches before rebooting. If you want to keep a copy for archival purposes (strongly recommended), go to Maintenance->Upload->HTTP Upload, select File Type: Text Configuration, and save it somewhere safe.