Managing TP-Link easy smart switches from Linux

I’ve recently acquired some TP-Link ‘Easy Smart’ managed switches – cheap, decently built (metal casing), and a lot of features above the usual unmanaged stuff:

  • Effective network monitoring via Port Mirroring, Loop Prevention and Cable Diagnostics
  • Port and tag-based QoS enable smooth latency-sensitive traffic
  • Abundant VLAN features improve network security via traffic segmentation
  • IGMP Snooping optimizes multicast applications

Unfortunately, it uses a windows application to manage the switches – the 5 and 8 port varieties don’t have a usable built-in web server to manage them. Luckely, there’s a way to make that still work on Linux ;) as it seems that it’s just a JavaFX application. The only thing you’ll ever need a windows installation for (or use Wine) is to install the actual application.

After installation, You’ll find a file called “Easy Smart Configuration Utility.exe” in the installation path. Copy that to your Linux installation, rename to .jar, and you’re good to go.

To run it, you’ll also need the Oracle Java distribution, as JavaFX is not yet part of OpenJDK. Install that in your distribution of choice, and you’ll be able to start the application using java -jar “Easy Smart Configuration Utility.jar” and it’ll start right up.

tplink_easysmart

Unfortunately, it doesn’t work out of the box. The tool doesn’t find any devices on the network, but they are there.
Checking with netstat, the tool bound itself on UDP port 29809, on the local ip address.

$ PID=$(pgrep -f "java -jar Easy Smart Configuration Utility.jar"); netstat -lnput | grep -e Proto -e $PID

Proto  Recv-Q  Send-Q  Local Address            Foreign Address  State  PID/Program name 
udp6   0       0       [your ip address]:29809  :::*                    28529/java

Checking with tcpdump showed that the traffic was returning, but since our tool is only listening on the local ip, and not the UDP broadcast address, it never sees anything.

# tcpdump udp port 29809
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlp1s0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:35:48.652235 IP [your ip address].29809 > 255.255.255.255.29808: UDP, length 36
09:35:48.961586 IP [switch ip address].29808 > 255.255.255.255.29809: UDP, length 159

It seems the tool binds to the local IP instead of the ‘any ip’, 0.0.0.0, so you need to locally forward the traffic incoming on the port to your local ip. To do this, execute this command (and/or add it to your local firewall script):

# iptables -t nat -A PREROUTING -p udp -d 255.255.255.255 --dport 29809 -j DNAT --to [your ip address]:29809

And don’t forget to enable IP forwarding

# echo 1 > /proc/sys/net/ipv4/ip_forward

Now you should be able to find and configure the switches in your local network.

Bookmark the permalink.

6 Comments

  1. I am having a problem getting the Easy Smart utility to work under Linux. I am getting this:

    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    udp 0 0 ::ffff:161.77.47.42:29809 :::* 23948/java18

    What kind of address is ::ffff:161.77.47.42 ? It looks like some sort of hybrid IP6 and IP4 address… What sort of rule should I add to iptables (or iptables6?)?

  2. Pingback: BitBastelei #212 - TP-Link TL-SG108E Managed Mini-Switch - Adlerweb

  3. It’s not working for me. Somehow the iptables command doesn’t seem to do anything. After running it (with proper IP-adress) I get this:

    # iptables -L -n -v
    Chain INPUT (policy ACCEPT 28689 packets, 1608K bytes)
    pkts bytes target prot opt in out source destination

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 28842 packets, 1607K bytes)
    pkts bytes target prot opt in out source destination

    Empty!

  4. You need to specify the table: iptables -L -n -v -t nat

  5. I guess that looks the way it should:

    Chain PREROUTING (policy ACCEPT 3645 packets, 1129K bytes)
    pkts bytes target prot opt in out source destination
    0 0 DNAT udp — * * 0.0.0.0/0 255.255.255.0 udp dpt:29809 to:192.168.178.31:29809
    0 0 DNAT udp — * * 0.0.0.0/0 255.255.255.255 udp dpt:29809 to:192.168.178.31:29809
    0 0 DNAT udp — * * 0.0.0.0/0 255.255.255.0 udp dpt:29809 to:192.168.178.32:29809

    Still no switch found.

  6. Did you enable ip forwarding?

Leave a Reply

Your email address will not be published. Required fields are marked *