Axis T8504-e User manual

AXIST8504–EOutdoorPoESwitch

UserManual

AXIST8504–EOutdoorPoESwitch

Tableofontents

Aboutthismanual..........................................3

Objectives.....................................................3

Intendedaudience...............................................3

Relateddocumentation...........................................3

Abbreviations...................................................3

Generalinformation.........................................5

Features.......................................................5

Useraccessandsecurity..........................................5

First-timeconguration..........................................7

UnitidenticationoverIPnetork.................................8

Webinterface..............................................9

Webinterfacemenu.............................................9

SSHserialinterface.........................................15

Mainmenu....................................................15

SNMPmonitoringandconguration...........................18

EnableSNMP...................................................18

SNMPMIBs....................................................18

SysLogMessage............................................20

Troubleshooting............................................22

Support.......................................................22

Learnmore!....................................................23

AXIST8504–EOutdoorPoESwitch

Aboutthismanual

Objectives

AXIST8504–EisanoutdoorPoEsitch.Themajorbenetsofthisproductisitsoutdoorcapabilitiesandthecapabilitytoextend

themaximumreachofthenetorkbyanadditional100meters,toatotalof200meters,beteenthesitchandthepoered

devices,hileprovidingupto2x60Wand2x30Wtoitsnetork-poeredPoEdevices.

ThisusermanualprovidesinformationonhotomanageAXIST8504–EthroughAXISIPv4/IPv6,VLAN,RADIUS,TACACS+,eb

interface,SNMPandSHH.

Intendedaudience

Thisusermanualisintendedfornetorkadministrators,supervisorsandinstallationtechniciansithknoledgeabout:

•Basicconceptsandterminologyofnetorking

•NetorktopologyincludingVLAN

•Netorkprotocols

•UserauthenticationprotocolsincludingRADIUSandTACACS+

Reateddocumentation

Foradditionalinformation,seethefolloingdocumentation:

•Productinstallationguide

•RFC3621SNMPMIBandprivateMIB

•CreatingcerticateforT8504–Esecuredebserver

Abbreviations

Abbreviationescription

8021.QSameasVLAN

DESDataEncryptionStandard

DGWDefaultGateWay

DHCPv4DynamicIPv4HostCongurationProtocol

DHCPv6DynamicIPv46HostCongurationProtocol

IPv432–bitlongIPaddress

IPv6128–bitlongIPaddress

MD5Messagedigestalgorithm

MDIMediaDependentInterface

MIBManagementInformationBase

PoEPoeroverEthernet

RADIUSRemoteAuthenticationDial-inUserService

SFPFiberinterface,smallform-factorplug

AXIST8504–EOutdoorPoESwitch

Aboutthismanual

SHAMessagedigestalgorithm

SNMPSimpleNetorkManagementProtocol

SSHSecureShell

SSLSecureSocketsLayer

SysLogSystemLog

TACACS+TerminalAccessControllerAccess-Control

TFTPTrivialFileTransferProtocol

TLSTransportLayerSecurity

VLANVirtualLocalAreaNetork

AXIST8504–EOutdoorPoESwitch

Generalinformation

Features

Anumberoffeaturesareprovidedthroughsystemnetorkmanagement.

•EasysoftareupdateduringruntimeithoutaffectingactivePoEports

•Congurationandreal-timemonitoringusinggraphicalrepresentationoftheremotedevice

•Systemstatusdisplay

•SysLogreportingonPoEevents,invalidremoteuseraccess,initialDHCPv4/v6addressetc.

•SNMPtrapsreportingonvariousPoEeventssuchasPoEpoereddeviceinsertionorremoval

Ethernetswitchnetworkcapabiities

•FoureathersealedRJ45Ethernetportscapableof10Mbit,100Mbit,1000Mbithalf-duplexand1000Mbitfull-duplex

Ethernetspeed

•SingleeathersealedSFPEthernetport

•8KinternalMACaddresslookupengine

•VLAN—Access,TrunkandFilteredtrunk

•AutoMDIX

•10KBjumboframes

PoEcapabiities

ThefolloingPoEoptionsareavailable:

•Two4PairPoEportshichdeliverupto60Wperport

•TwoIEEE802.3atPoEportshichdeliverupto30Wperport

•PoEenable/disabletoenableordisablePoEportspoeroutput.Ethernetdataisalaysenabled.

•Remotedeviceresettoresetattachedpoereddevice.Thedeviceistemporarilypoeredoffandthenturnedbackon.

Supportednetworkprotocos

Thefolloingnetorkprotocolsaresupported:

•IPv4–32–bitlongIPaddress(static/DHCPv4)

•IPv6–128–bitlongIPaddress(static/DHCPv6)

•VLAN–Access,TrunkandFilteredtrunk

Useraccessandsecurity

Accessoptions

Youcanaccesstheunitthroughdifferentinterfaces:

•Webinterfaceviaawebbrowser–tovietheunitPoEstatus,netorkstatus,unitcongurationandunitproduction

information

AXIST8504–EOutdoorPoESwitch

Generalinformation

HTTPisaeb-basedfriendlycongurationinterface.

HTTPS-TLSisasecuredeb-basedfriendlycongurationinterface.

•SNMPviaanSNMPmanagerapplication–tomonitortheunitoverthenetork(MIB-IIRFC1213)andtomonitoror

conguretheunitPoEcapabilities(RFC3621)

SNMPv2cfornon-securedSNMPmanagement

SNMPv3forsecuredandencryptedmanagement

RFC1213MIB-IIfornetorkstatistics

RFC3621forPoESNMPMIBs

PrivateMIBextensionforRFC3621PoEMIB

VariousinfrastructureandnetorkMIBssuchasIP-MIB,TCP-MIB,UDP-MIBetc.

•SSHviaanSSHclient–tovietheunitPoEpoerreport,netorkstatus,unitcongurationandproductioninformation;

toupdatesoftare,enableordisablePoEfunctionalityandtopingremotenetorkdevicesforconnectivitytests

Remoteuserauthentication

Useraccesscanbemanagedinthefolloingays:

•Local–Usernameandpassordismanagedlocallybythedevice

•RAIUS–UsernameandpassordisauthenticatedbyRADIUSserveroverthenetork

•TACACS+–UsernameandpassordisauthenticatedbyTACACS+serveroverthenetork

Security

WebHTTPandHTTPS,SNMPv2,SNMPv3andSSH,usedforaccessingtheunit,offerdifferentlevelsofsecuritystrength.AlsoRADIUS

andTACACS+,usedforremoteuserauthentication,offerdifferentsecuritylevels.

SNMPv1andSNMPv2usecommunitystringforGet/Set/Trapauthentication.SNMPv1andSNMPv2areconsideredasunsecured

protocolsincethecommunitystringpassordcaneasilybeinterceptedbyanynetorksnifngdevice.

SNMPv3resolvesSNMPv1/v2securityissuesbyaddingauthenticationandencryptionlayerontopofSNMPpackets.

DefautunitIP,usernameandpassword

Theunitisshippediththefolloingfactorydefaultusernamesandpassords:

UnitdefaultIPv4address

IP=192.168.0.254

Mask=255.255.255.0

WebHTTP/HTTPSandSSH

Username=root

Passord=pass

SNMPv2

GETcommunitystring=public

SETcommunitystring=rite

Readcommunity=public

Writecommunity=rite

Trapcommunity=public

SNMPv3

Username=admin

AXIST8504–EOutdoorPoESwitch

Generalinformation

Authenticationpassord(MD5)=passord

Privacypassord(DES)=passord

Authenticationandencryptionmode=MD5+DES

SNMPv3notication

Username=trap

Authenticationpassord=passord

Privacypassord=passord

Authenticationandencryptionmode=None

Forinformationabouthotorecoverusernameandpassord,seeRecoverusernameandpasswordonpage7.

Recoverusernameandpassword

Note

TherecoveryprocedurecanonlybeperformedfromthelocalLANandnotoverInternetorfromanotherIPnetork.The

usershouldbeabletoturnofftheunitpoerhenneeded.AllPoEportsmustbedisconnectedandtheunitmusthave

onlyonesingleactiveEthernetlink.

Note

YoumightneedtoaddaTelnetclientservicetoWindos7orWindos8.

Note

Theentirerecoveryprocedurefromunitpoeronuntiltheusernameandpassordisappliedmusttakelessthan120seconds.

1.DisconnectallPoEportsfromtheunitexceptforoneEthernetcable.OnlyonesingleEthernetportshouldbeactive.

2.TurnoffthereallorenableUDPport514.ThenrunIPv4capableSysLogServeronyourcomputer.

3.Turnofftheunit.Wait10seconds,thenturntheunitbackon.

4.ASysLogmessageappearsafterapproximately15seconds.IdentifytheunitLink-localIPv6address.ALink-localIPv6

addressalaysstartsithFE80.

5.Openacommandindoonyourcomputer.

-ForWindos7,gotoStartandtypecmd.

-ForWindos8,presstheWINDOWSkeyandtheRkey,thentypecmd.

6.TypeipcongtoidentifythevirtualinterfaceindexofLink-localIPv6address.Thevirtualinterfaceindexisindicatedbya

numberafter%.Example:fe80::9c39:db8b:62de:7bv4%17

7.PreparetheSSHconnectionbytypingTelnet[unitLocal-linkIPv6address][%virtualinterfacenumber]2525,butdon’t

pressENTER.Example:Telnetfe80::9c39:db8b:62de:7bv4%172525

8.Turnofftheunit.Wait10seconds,thenturntheunitbackon.

9.Wait30seconds,thenpressENTERtostarttheTelnetsessiononTCPport2525.

10.Typeaxispasswordrecoveryasusernameandaxispasswordrecoveryaspassord.Arecoveryoptiontorestoretheentire

unittocompletefactorydefaultincludingunitnetorkcongurationispresented.PressYtorestoretheunit.Theunit

restartsithdefaultIPv4192.168.0.254,usernamerootandpassordpass.

First-timeconguration

Whenconguringtheunitforthersttime,follothestepsbelo:

1.CongureyourPCEthernetnetorkinterfacetothefolloingIPv4parameters:

AXIST8504–EOutdoorPoESwitch

Generalinformation

PCIPv4address:192.168.0.40

PCIPv4mask:255.255.255.0

2.ConnectyourPCEthernetnetorkinterfacetoanyoftheunit’sEthernetports.

3.Openaebbroserandtype192.168.0.254intheaddresseld.

4.Loginiththedefaultusernameandpassord.SeeDefaultunitIP,usernameandpasswordonpage6.

5.Conguretheunit.Itisrecommendedtochangetheusernamesandpassordstootherthanthedefaultvalues.

UnitidenticationoverIPnetwork

TolocatetheunitovertheIPnetork,theunitsendsIPv4SysLogmessage#0inbroadcastformat255.255.255.255uponpoer-up.

AnySysLogserverconnectedoverLANreceivesthisSysLogmessage.ThesameSysLogmessageisalsosenttotheoptionalSysLog

servers1and2,iftheyarecongured.

Theunitsendsthemessagetice.ThisistoensurethattheSysLogmessageisreceivedbytheSysLogservers,regardlessofnetork

conguration.ThemessageisrstsentbeforeVLANcongurationismadeandlateragainafterVLANcongurationisdone.

SysLogmessage#0containsalltheinformationhichisrequiredtobeabletoprovideaccesstotheunitoverthenetork.

Example:MsgID#000-SystemUP.APP:v3.51.06BOOT:v3.16RST:Power-OnBOOT:0=[APP

OK]Host:axis-00055A034B49MAC:00:05:5a:03:4b:49VLAN:YESVLAN_MNGR:5

VLAN_UPLINK_PORT:3VLAN_UPLINK_MODE:TRUNKDHCPv4:NoIP1v4:192.168.0.254/24DHCPv6:No

IP1v6:2345::205:5AFF:FE03:4B49/64IP2v6:FE80::205:5AFF:FE03:4B49/64

FieldValueescription

MsgID#000-SystemUPSysLogmessagenumber

APP:v3.51.06Unitapplicationsoftareversion

BOOT:v3.16Unitbootversion,usedforsoftare

update

RST:Power-OnResetreason

BOOT:0=[APPOK]

Host:axis-00055A034B49axisfolloedbyunitMACaddress

MAC:00:05:5a:03:4b:49UnitMACaddress

VLAN:YESVLANstatusenabledordisabled

VLAN_UPLINK_PORT:3Ethernetportnumberusedforunit

management

VLAN_UPLINK_MODE:TRUNKManagementportisconguredasAccess

orTrunk

DHCPv4:NoDHCPv4YesorNo

IP1v4:192.168.0.254/24UnitIPv4address

DHCPv6:NoDHCPv6YesorNo

IP1v6:2345::205:5AFF:FE03:4B49/64UnitIPv6address

IP2v6:FE80::205:5AFF:FE03:4B49/64Unitlink-localIPv6address

AXIST8504–EOutdoorPoESwitch

Webinterface

Webinterfacemenu

Status

GotoStatustovietheunitstatus.Thepageisupdatedautomaticallyeveryfeseconds.

Note

TheEthernetnetorklinkisalaysenabled,regardlessofPoEconguration(enabledordisabled).

Parameterescription

Bluesymbol—PoEpoerisprovided

Graysymbol—NoPoEpoer

Bluesymbol—PoEportisenabled

Graysymbol—PoEportisdisabled

Bluesymbol—Ethernetlinkison

Graysymbol—NoEthernetlink

Bluesymbol—SFPmoduleisinsertedintotheuplinkport

Graysymbol—UplinkporthasnoSFPmoduleinserted

NetorkReportstheEthernetlinkspeed(10/100/1000MB)andifthenetorkconnectionisupordon

StatusReportsthePoEportstatus,ifitisenabled,disabled,deliveringpoer,etc.

PoerusageReportstheactualpoerconsumptionandthemaximumpoeritcandeliver

PoEresetClickResettoturnoffthePoEportpoerandrestorethePoEpoerbackon.

Note

APoEporthichisdisabledbySSHorSNMPillbeenabledafteraPoEreset.

TotalpoerusageReportstheaggregatedpoerconsumedbyallPoEportsandthepercentageoftheconsumed

poerrelativetotheinternalpoersupplypoercapabilities.

Basic

GotoBasictoviebasicinformationabouttheproduct.

IPaddressinuse-GotoIPaddressinusetovieinformationaboutIPv4andIPv6addresses,masks,defaultgateaysand

DomainNameServers(DNS).

Productinformation-GotoProductinformationtoviegeneralproductinformationsuchasproductname,serialnumber,

softareversionandPoErmareversion,andSFPmoduleinformationsuchasSFPtype,vendor,partnumberandserialnumber.

AXIST8504–EOutdoorPoESwitch

Webinterface

Networkconguration-GotoNetworkcongurationtoenableordisableDHCP,congureIPv4,IPv6andnetorkhostname.

HostnameisusedbybothIPv4andIPv6toregistertheunitnameinDHCPv4/v6server.NotethatIPv6usestheFQDNterminology

ashostname.

NetworkservicesIPv4/IPv6-GotoNetworkservicesIPv4/IPv6tocongureDNSandSysLogservers.

PoEconguration-GotoPoEcongurationtocongurePoEportpoer.FourPoEpoerschemesofferdifferentpoer

distributionsbeteenthefourPoEports.Allfouroptionscomplyiththeunitmaximumpoercapacities.

•60W:DeliverpoeroverfourpairsinsidetheEthernetcable.Eachpairdeliversupto30W.

•30W:DeliverpoerovertooutoffourpairsinsidetheEthernetcable

•15.4W:DeliverpoerovertooutoffourpairsinsidetheEthernetcable

•––:NoPoEpoer.Ethernetportisenabledandfunctional,butPoEisdisabled.

Security

Securityconguration

GotoSecuritycongurationtoconguretheunitusernameandpassordforremoteeborSSHaccess.

Note

OnlyASCIIcharacters33–90and94–122canbeusedfortheusernameandpassordelds.

HTTPS

GotoHTTPStocongurehetherHTTPorHTTPS(securedeb)shouldbeused.WhenHTTPSisenabled,TLSv1.2isusedtoencrypt

ebnetorktrafc.

Note

ToeliminateebbroserarningheneveraccessingtheunitoverHTTPS,addanexceptionruletotheebbrosertelling

theebbroserthattheebsiteislegitimateoruploadaunitself-signed/CA-signedcerticate.

RADIUS/TACACS+

RADIUS/TACACS+enablesremoteuserauthenticationhenuseraccessestheunitovereborSSH.Usernameandpassordarethen

authenticatedbytheRADIUS/TACACS+server.

TheadvantagesithRADIUS/TACACS+isthatusernameandpassordareeasytoupdate,especiallyifmanynetorkdevices

aretobemanaged.

ThedisadvantageithRADIUS/TACACS+isthattheunitisnotaccessibleifbothRADIUS/TACACS+serversaredon.Itispossible

toenableLocalloginfallbackhichallostheunittouseitslocalusernameandpassordheneverthereisnoreplyfrom

RADIUS/TACACS+servers.

RADIUS/TACACS+commonparameters

Parameterescription

EnableauthenticationCongureifRADIUS/TACACS+shouldbeenabledordisabled.WhenRADIUS/TACACS+isdisabled,

localusernameandpassordareused.

EnablelocalloginfallbackWhenlocalloginfallbackisenabled,localusernameandpassordareusedheneverthereisno

replyfromRADIUS/TACACS+servers.Thiscanhappenhentheserversaredonorincaseof

anetorkproblem.

AuthenticationprotocolSelecteitherRADIUSorTACACS+authenticationprotocol.

SharedsecretThesameprivatekeystringmustbeconguredonboththeunitandtheRADIUS/TACACS+server.

AXIST8504–EOutdoorPoESwitch

Webinterface

PrimaryserverIPaddressConguretheprimaryIPv4,IPv6orhostnametobeusedtoaccessthemainRADIUS/TACACS+

server.

SecondaryserverIPaddressCongurethesecondaryIPv4,IPv6orhostnametobeusedtoaccessthemainRADIUS/TACACS+

server.

Timout(Sec)Congurethetimeforareplytimeout.

RADIUSextraparameters

Parameterescription

AuthenticationUDPportConguretheUDPportusedbytheRADIUSserver.

TACACS+extraparameters

Parameterescription

AuthenticationTCPportConguretheTCPportusedbytheTACACS+server.

Note

Softareversion3.51.06onlysupportsaccessingRADIUS/TACACS+serversoverIPv4,eitherithanIPv4addressora

hostnametoberesolvedbyDNSserver.

TestRADIUS/TACACS+

GotoTestRAIUS/TACACS+toverifytheRADIUS/TACACS+congurationbeforeactivatingit.

Note

Duringtesting,theEnableauthenticationshouldbedisabled.

1.CongureallRADIUS/TACACS+parameters,leavingtheEnableauthenticationdisabled.

2.Savetheconguration.Ifnot,theparametersillberestoredtosavedvaluesaftereachtest,erasinganyunsavedvalue.

3.Typetheusernameandpassord.

4.ClickTestconguration.Aaitingmessageillappear,folloedbyeitherOKorFAIL.

5.Ifneeded,changeandsavethecongurationandtestagain.

6.WhenthetestresultisOK,setEnableauthenticationtoenabled.Savetheconguration,hichactivatesthe

RADIUS/TACACS+conguration.

VLANconguration

VLANcongurationsanitycheckisdoneuponunitpoer-upandhenaVLANcongurationchangeisrequestedovertheeb.The

sanitycheckistomakesurethattheunitremainsmanageableoverthenetorkafterVLANcongurationisapplied.Incasethene

VLANcongurationmaycausetheunittobecomeunmanageable,anerrormessageappearsontheebpageforrequestsoverthe

eb.Whenaproblemisdetecteduponpoer-up,theunitcongurationillberestoredtofactorydefault.

VLANenable&managementport

Parameterescription

EnableVLANEnableordisableVLANfunctionality.

AXIST8504–EOutdoorPoESwitch

Webinterface

ManagementuplinkportThisparameterhasnoeffectonactualVLANtrafc.Themanagementuplinkportassiststhe

unittoevaluateiftheneVLANcongurationmightblocktheunitfrombeingmanaged

overVLANfromthisport.Ifapossibleconictisdetected,anerrormessageappearsandthe

neVLANcongurationisrejected.

ManagementVLANIDCongurehichVLANIDtobeusedhenmanagingtheunitheneverVLANisenabled.

VLANportsconguration

Parameterescription

VLANmodeSetVLANmodetoAccessorTrunkforeachoftheEthernetports.

Access—VLANisusedonlyinsidetheunittosplitorlimitpacketaccesstospecicports

only.AnyincomingVLANtaggedpacketsreceivedbyVLANaccessportisdiscarded.VLAN

taggingisaddedtotheunitpacketforVLANAccessincomingpackets.UnitinternalVLAN

taggingisstrippedoutforVLANAccessoutgoingpackets.

Trunk—AllEthernetpacketsareVLANtagged.AnyuntaggedVLANpacketsreceivedby

VLANtrunkportisdiscarded.

AccessmodeVLANIDConguretheVLANIDtobeusedhenevertheportisconguredasAccess.Theunit

internalmanagementportactsasaccessonly.Itcanonlybereachedfromasingle

managementVLANID.

TRUNK–FilterunknonVLANConguretheVLANTrunkportaslteredorunltered.

Enabled—OnlydataofromsomeVLANIDs,speciedintheTrunkVLANslist,passes

throughVLANTrunkport.AllotherVLANtaggedtrafcisdiscarded.

Disabled—DataofromallVLANIDspassesthroughVLANTrunkport.

TRUNKVLANsListtheVLANIDsthatmaypassthroughVLANTrunkportheneverTRUNK–Filter

unknownVLANisenabled.

SNMPconguration

GotoSNMPcongurationtocongureparametersapplicabletoSNMPv2candSNMPv3.

SNMPv2c

Parameterescription

EnableSNMPv2cEnableordisableSNMPv2csupport.

ReadcommunityConguretheSNMPv2cGETcommunitystring.Example:public.

WritecommunityConguretheSNMPv2cSETcommunitystring.Example:private.

TrapcommunityConguretheSNMPv2cTrapcommunitystring.Example:public.

Systeminformation(MIB-II,v2c/v3)

Parameterescription

SystemcontactConguretheSNMPMIB-IIsystemcontactOiDstring.Example:John.

SystemnameConguretheSNMPMIB-IIsystemname.Example:MyUnit.

SystemlocationConguretheSNMPMIB-IIsystemlocation.Example:University.

PoEMIB(RFC3621,v2c/v3)

AXIST8504–EOutdoorPoESwitch

Webinterface

Parameterescription

EnablenoticationEnableordisablethefolloingPoEtrapreports:

•PoEpoerasprovided/removedfrompoereddevice

•Unittotalpoerconsumptionexceedsxy%outofmaxunitpoer

•Unittotalpoerconsumptionasrestoredtolessthanxy%outofmax

unitpoer

Notifyexceededpoerusage

(1–99%)

Ifenabled,userisnotiedheneverunittotalpoerconsumption(xy%)percentageout

ofunitmaxpoerexceedsordropsbelospeciedvalue.

SNMPv3

Parameterescription

EnableSNMPv3EnableordisableSNMPv3support.

UsernameCongureSNMPv3usernamestring.

AuthenticationpassordCongureSNMPv3passordtobeusedbyMD5/SHA.

PrivacypassordCongureSNMPv3passordtobeusedbyDES/AES.

AuthenticationandencryptionmodeConguretheSNMPv3authenticationandencryptionmode.

None—noauthenticationorencryption,hichmeansnosecurity.

MD5—MD5authenticationithnoencryption.Packetcanbechanged,bycaneasilybe

analyzedbynetorksniffers.

SHA—SHAauthenticationithnoencryption.

MD5+DES—MD5authenticationandDESencryption

SHA+DES—SHAauthenticationandDESencryption

MD5+AES—MD5authenticationandAESencryption

SHA+AES—SHAathenticationandAESencryption

SNMPv3notication(Trap)

Parameterescription

UsernameCongureSNMPv3noticationusernamestring.

AuthenticationpassordCongureSNMPv3noticationpassordtobeusedbyMD5/SHA.

PrivacypassordCongureSNMPv3noticationpassordtobeusedbyDES/AES.

AuthenticationandencryptionmodeConguretheSNMPv3noticationauthenticationandencryptionmode.

None—noauthenticationorencryption,hichmeansnosecurity.

MD5—MD5authenticationithnoencryption.Packetcanbechanged,bycaneasilybe

analyzedbynetorksniffers.

SHA—SHAauthenticationithnoencryption.

MD5+DES—MD5authenticationandDESencryption

SHA+DES—SHAauthenticationandDESencryption

MD5+AES—MD5authenticationandAESencryption

SHA+AES—SHAathenticationandAESencryption

RemoteIPv4/IPv6SNMPtrapmanagers(v2c/v3)

Parameterescription

Trapmanager#1ConguretherstIPv4/IPv6/DNSnameofremoteSNMPmanagerserverreceivingunit

trapreportssuchasCold-Start,etc.

Trapmanager#2CongurethesecondIPv4/IPv6/DNSnameofremoteSNMPmanagerserverreceiving

unittrapreportssuchasCold-Start,etc.

AXIST8504–EOutdoorPoESwitch

Webinterface

Maintenance

Reset-Therearefourdifferentresetoptions:

•oasaferestartwithoutlosingPoEpowerresetstheinternalnetorkmanagerandtheinternalEthernet

sitch(netorkillbedonforafeseconds),leavingthePoEpoerunchanged.Poereddevicescontinue

normaloperationsasifnoresetisdone.

•oasaferestartresetstheinternalnetorkmanager,internalPoEcontrollerandinternalEthernetsitch.

•RestorethefactoryvaluesbutkeeptheIPsettingsresetsunitcongurationtofactorydefault,leavingIPv4/IPv6

netorkcongurationunchanged.VLANandRADIUS/TACACS+isdisabled.Theoptiontoaccesstheunitoverthe

netorkasbeforeismaintained.

•Restoreallfactoryvaluesrestorestheunittofulldefaultfactorysetting.UnitIPissetto192.168.0.254and

VLANisdisabled.

Firmwareupgrade-Armareupgradeupgradesonlytheinternalnetorkmanager.PoErmareisunchanged.Theupgradecan

takeupto10minutes.Duringthistimenetorksitchingfunctionalityremainsuninterrupted,buttheunitisunmanageable.PoE

functionalityremainsactive,butnetorktrafcmaybeinterruptedforseveralseconds.

Productconguration-GotoProductcongurationtodonloadoruploadaproductcongurationle.Thisfunctionalitycan

beusedtobackupunitconguration,modifyunitcongurationofineortocreateamastercongurationletoeasilycongure

severalunits.

AXIST8504–EOutdoorPoESwitch

SSHserialinterface

TheSSHinterfaceisdesignedforvariousmaintenancetaskssuchasPoErmareupdateetc.Itisdesignedtoprovideaneasyand

convenientinterfaceforITmanagershoarefamiliarithSSH.TosimplifySSHusage,theSSHinterfaceismenu-driven.

SSHispassordprotectedandsharesthesameusernameandpassordasforebaccess.

SSHsupportsRADIUSandTACACS+usernameandpassordauthentication.

Note

OnlyoneremoteuseratatimecanaccesstheunitoverSSH.IncaseasecondremoteSSHusertriestoaccesstheunit

hiletherstSSHuserisstillactive,amessageisshontothesecondSSHuser,requestingtheusertotryandreconnect

overSSHlater.

Note

Non-activeSSHsessions(nokeystrokesbytheremoteuser)areterminatedautomaticallyafterthreeminutes.

Mainmenu

Toeasilyidentifytheaccessedunit,theunithostnamestringisshontotherightoftheMainmenutitle.Thisisespecially

usefulhentheuserhasmultipleunits.

Viewmenu

ViewmenuprovidesinformationonPoEportsstatus,netorkparametersandunitinformation.

Menuitemescription

1.ViePoEportsstatusGotothismenuitemtogetthefolloinginformation:

•Netork—InformationaboutEthernetlinkspeed(10/100/1000)andHD/FD

connectiontype

•PoE—Informationaboutpoerconsumptionforeachconnecteddevice

•Totalpoer—Informationabouttotalpoerconsumptionofallpoered

devicesconnectedtoallactivePoEports.Alsoshosmaximumavailable

poer.

•Poersupply—Informationaboutinternalpoersupplyvoltagefortheunit

AXIST8504–EOutdoorPoESwitch

SSHserialinterface

2.VienetorkparametersGotothismenuitemtogetthefolloinginformation:

•In-useIPv4netorkparameters—ShosifDHCPv4isenabledordisabled.

Alsoshosthein-useIPv4address,IPv4maskandIPv4defaultgateay.

•In-useIPv6netorkparameters—ShosifDHCPv6isenabledordisabled.

Alsoshosthein-useIPv6address,IPv6prexandIPv6defaultgateay.

IPv6canreportseveralIPv6addresseshichereobtainedautomaticallyin

additiontoastatic/DHCPv6IPv6address.

•In-useDNSnetorkparameters—Informationaboutin-useIPv4/IPv6

domainnameserverIPs,hichareconguredstaticallyorobtainedby

DHCPv4/DHCPv6.

•Morenetorkparameters—InformationabouttheunitMACaddress

3.VieunitinformationGotothismenuitemtogetasummaryofunitproductionparameters:

•Partnumber—Informationaboutunitmarketingpartnumber(T8504–E)

•S/N—Informationaboutunitsix-digitserialnumber

•Productnumber—Informationaboutunitproductionnumber(forinternal

useonly)

•Appver—Informationaboutnetorkmanagersoftareversion

•Bootver—Informationaboutnetorkmanagerbootversion

•Firmare—PoErmareversion

•Systemuptime—Informationaboutthetimepassedsincetheunitas

resetorpoeredup

•SystemGMTtime—InformationaboutunitGMTtimeasitasobtainedfrom

anNTPserver.WhenevertheunitisunabletoobtainNTPtimefromanNTP

server,themessage“incorrect”isshon.

•Systemlocaltime—Informationaboutunitlocaltime(GMTplustimezone

shift).WhenevertheunitisunabletoobtainNTPtimefromanNTPserver,

themessage“incorrect”isshon.

Congurationandmaintenancemenu

GotoCongurationandmaintenancemenutocongureorresettheunitortoupdatesoftare.

Menuitemescription

1.Enable/DisablePoEportEnableordisableaPoEport.Ethernetlinkremainsenabledevenhennopoeris

provided.

2.DonloadWEBSSLcerticatefrom

TFTPserver(resetonlyebserver)

Donloadself-signedorCAsignedcerticatesfromaTFTPserver,toallosecureeb

brosingtotheunitithsecurityconrmationbytheebbroser(greenlockinthe

ebbroserURLarea)

3.UpdateunitPoErmare(reset

unit)

UpdatePoErmare.UpdatelesaredonloadedfromaTFTPserver.PoEfunctionalityis

notavailableduringthermareupdate(approximately5–10minutes).

4.Restoreunittosemifactorydefault

(excludingIPconguration)

Restoretheunitcongurationtofactorydefault,butleavestheIPv4/IPv6netork

congurationunchanged.Thismaintainstheoptiontoaccesstheunitoverthenetork

asbefore.

5.RestoreunittofullfactorydefaultRestoretheentireunittofullfactorydefault.

6.ResetonlynetorkmanagerResetonlytheinternalnetorkmanager,hichisresponsibleforunitnetork

managementinterfacessuchastheeb,SSH,SNMP,etc.InternalEthernetsitchisalso

reset;thenetorkillbedonforafeseconds.OnlyPoEpoerisunchanged.Poered

devicescontinuenormaloperationasifnoresetasdone.

AXIST8504–EOutdoorPoESwitch

SSHserialinterface

7.ResetunitResettheentireunitincludingtheinternalnetorkmanager,PoEcontrollerandinternal

Ethernetsitch.

8.Enable/Disableautoping

defaultgateaytoensurenetork

connectivity

Enableordisableautopingtodefaultgateay.Whenenabled,theunitveriesproper

netorkconnectivitybypingingdefaultgateayevery12seconds(IPv4DGWorIPv6

DGW).After10consecutivepingfailures,netorkmanagementmoduleresetsitself

ithoutaffectingPoEports.

Pingremotehost

GotoPingremotehosttotestnetorkconnectivityissues.

AXIST8504–EOutdoorPoESwitch

SNMPmonitoringandconﬁguration

Multipleunitscanbemonitoredandmanagedbyusingthird-partystandardnetorkmanagementtoolssuchasHPOpenvie,

IBMTivoli,SNMPcetc.

EnabeSNMP

ThenetorkmanagerinterfacesupportsSNMPv1,SNMPv2andSNMPv3.TheunitacceptsandrepliestoSNMPv1packets,butsince

SNMPv1isobsolete,SNMPtrapsandnoticationsaresentinSNMPv2,SNMPv3orboth.

Note

Duetosecurityreasons,theunitisshippedithSNMPv2andSNMPv3disabled.PriortoenablingSNMP,itishighly

recommendedtomodifySNMPcommunitystringsbeforeenablingit.

ToenableSNMP:

•GotoSecurity>SNMMPcongurationandenableSNMPv2orSNMPv3.

•MakesurethatSNMPv2communitystringsmatchyourSNMPmanagerconguration.

•MakesureSNMPv3username,authenticationpassord,privacypassordandencryptionmethodsmatchyourSNMP

managerconguration.

Toenabletraps:

•GotoRemoteIPv4/IPv6SNMPtrapmanagersandconguretheremotemanagerIPaddress.

•MakesureSNMPv3noticationusername,authenticationpassord,privacypassordandencryptionmethodsmatchyour

SNMPtrapmanagerconguration.

•GotoPoEMIBandenablePoEnoticationstogetnoticationsaboutchangesinPoEportstatus,unitpoerconsumption

exceedsorfallsbeloacertainleveletc.

SNMPMIBs

SeveralMIBsaresupportedbytheSNMPmanager.

NetworkMIBs-VariousnetorkMIBs,suchasRFC1213MIB-II,canbeusedforprovidingnetorkstatistics.NotethattheseMIBs

arenotintendedtobeusedfornetorkcongurationoverSNMP.

RFC3621-PoeroverEthernet(PoE)MIBhichprovidesvariousPoEcapabilities.SeeRFC3621PoEIBonpage18.

PrivateMIB-EnhancesPoEfunctionalitybeyondRFC3621PoEMIB.SeePrivateIBonpage19.

RFC3621PoEMIB

RFC3621PoEMIBislocatedunderthe1.3.6.1.2.1.105SNMPMIBtree.TheMIBisdividedintothreesections.

Portparameters-TherstsectionhandlesPoEportsandprovidesfunctionalitysuchasenableanddisableports,readportstatus,

class,etc.EachOiDisaccessedasato-dimensionalarraytable.

MainPSEparameters-ThesecondsectionhandlesthepoersourcethatprovidespoertoagroupofPoEports.Itenables

readingthetotalpoerconsumption,poersupplystatus,etc.

PoEtraps-ThethirdsectionenablesanddisablesPoEtrapstobesenttoremoteSNMPmanagers.

AXIST8504–EOutdoorPoESwitch

SNMPmonitoringandconﬁguration

PrivateMIB

ThefolloingSNMPOiDsaresupportedbytheSNMPprivateMIB:

OinameType(R/W)escription

poePortConsumptionPoerRPoEportpoerconsumption[Watt]

poePortMaxPoerRPoEportmaximumavailablepoer[Watt]

poePortTypeRPoEporttype—topair,30[Watt],fourpair,60

[Watt]

mainVoltageRUnitpoersupplyvoltage[Volt]

AXIST8504–EOutdoorPoESwitch

SysLogMessage

TheunitsendsvariouseventreportstoanexternalIPv4/IPv6hostrunningaSysLogdaemonapplication.TheIPv4/IPv6hostlogs

theeventsforfutureuse.CongureSysLogserverIPaddressbybrosingtotheunitcongurationebpageifSysLogevents

aretobesent.

Therearethreecategoriesoflogevents:

BroadcastIPv4SysLogevents-TheselogeventsaretobeinterceptedbyanySysLogserverontheLANregardlessofunitSysLog

conguration.ThisfacilitateslocatingofunitIPonthenetorkandreportingofmajoreventssuchasunitrecoveryfrompoer

failure,etc.

RFC3621PoEtraps-RFC3621PoEtrapsarealsosentasSysLogmessages,hichsimpliesthereadabilityofsucheventsforthe

remoteuser.

ProprietarySysLogevents-Theselogeventsincludepotentialfailuresorpotentialsecuritybreachesashenaremoteuser

triestoaccessithincorrectusernameovereb/SSH,etc.

SysLogmessagetypes

MessageIescriptionInformationprovidedComments

0SystemUPissenthenpoeris

providedtotheunitortheinternal

netorkmanagerresetsitself.

•Applicationversion

•Bootversion

•Resetcause

•Bootstatus

•Unithostname

•UnitMACaddress

•VLAN(Yes/No)

Ifyes,VLANIDisalso

provided.VLANIDis

usedtomanagethe

unit.Whichportandif

theportisconguredas

AccessorTrunk.

•IPv4address

(static/HDCPv4)

•AllIPv6address

(static/DHCPv6)

Messageissentinbroadcastformat

255.255.255.255toanySysLog

serverconnectedoverLANandto

SysLogserver1and2.

1PoEportstatuschangedissent

henPoEportstatusischanged,

suchashenadeviceisinsertedor

removed.

NePoEstateasdenedinRFC3621

(searching,deliveringpoer,fault,

etc.)

RFC3621SNMPPoEMIB,trap

equivalentSysLogreport

2PoEpowerusageexceedsxy%out

ofpowersupplymaximumpower

issenthenthePoEpoerusage

exceedsthesetvalue.

Poerusageinpercentoutofpoer

supplymaximumpoer

RFC3621SNMPPoEMIB,trap

equivalentSysLogreport

3PoEpowerusageislessthanxy%

outofpowersuplymaximum

powerissenthenthePoEpoer

usagegoesbelothesetvalue.

Poerusageinpercentoutofpoer

supplymaximumpoer

RFC3621SNMPPoEMIB,trap

equivalentSysLogreport

6efaultcongurationissent

henunitisrestoredtodefault

conguration

SysLogserverIPisunchanged

hentheunitisrestoredtodefault

conguration.

Other manuals for T8504-E

Table of contents

Popular Switch manuals by other brands

Intel

Intel Express 130T user guide

Califone

Califone 1117 user manual

D-Link

D-Link DIS-RK200G Quick installation guide

HomeSeer

HomeSeer HS-WX300 user guide

Alpha Networks

Alpha Networks SNQ-60x0-320 Series Hardware installation guide

Ozone Solutions

Ozone Solutions ES-600 user manual

Ocean Matrix

Ocean Matrix OMX-07HMHM0002 Operation manual

Phybridge

Phybridge CLEER24 Quick install guide

Equip

Equip 332722 manual

Manhattan

Manhattan 561532 instructions

StarTech.com

StarTech.com MSTDP124DP Quick install guide

Gefen

Gefen Digital Audio Switcher user manual

Gefen

Gefen Digital Audio Switcher user manual

StarTech.com

StarTech.com SV831HD Instruction guide

Linksys

Linksys SR2016 - Cisco - 10/100/1000 Gigabit Switch Product data

Rose electronics

Rose electronics UltraLink 2 Specifications

Radial Engineering

Radial Engineering BigShot ABY instructions

D-Link

D-Link DGS-1216T - Switch product manual

Axis T8504-E User manual

Popular Switch manuals by other brands