Axis T8504-E User manual

AXIST8504–EOutdoorPoESwitch

UserManual

AXIST8504–EOutdoorPoESwitch

Tableofontents

Aboutthismanual..........................................3

Objectives.....................................................3

Intendedaudience...............................................3

Relateddocumentation...........................................3

Abbreviations...................................................3

Generalinformation.........................................5

Features.......................................................5

Useraccessandsecurity..........................................5

First-timeconguration..........................................7

UnitidenticationoverIPnetork.................................8

Webinterface..............................................9

Webinterfacemenu.............................................9

SSHserialinterface.........................................15

Mainmenu....................................................15

SNMPmonitoringandconguration...........................18

EnableSNMP...................................................18

SNMPMIBs....................................................18

SysLogMessage............................................20

Troubleshooting............................................22

Support.......................................................22

Learnmore!....................................................23

AXIST8504–EOutdoorPoESwitch

Aboutthismanual

Objectives

AXIST8504–EisanoutdoorPoEsitch.Themajorbenetsofthisproductisitsoutdoorcapabilitiesandthecapabilitytoextend

themaximumreachofthenetorkbyanadditional100meters,toatotalof200meters,beteenthesitchandthepoered

devices,hileprovidingupto2x60Wand2x30Wtoitsnetork-poeredPoEdevices.

ThisusermanualprovidesinformationonhotomanageAXIST8504–EthroughAXISIPv4/IPv6,VLAN,RADIUS,TACACS+,eb

interface,SNMPandSHH.

Intendedaudience

Thisusermanualisintendedfornetorkadministrators,supervisorsandinstallationtechniciansithknoledgeabout:

•Basicconceptsandterminologyofnetorking

•NetorktopologyincludingVLAN

•Netorkprotocols

•UserauthenticationprotocolsincludingRADIUSandTACACS+

Reateddocumentation

Foradditionalinformation,seethefolloingdocumentation:

•Productinstallationguide

•RFC3621SNMPMIBandprivateMIB

•CreatingcerticateforT8504–Esecuredebserver

Abbreviations

Abbreviationescription

8021.QSameasVLAN

DESDataEncryptionStandard

DGWDefaultGateWay

DHCPv4DynamicIPv4HostCongurationProtocol

DHCPv6DynamicIPv46HostCongurationProtocol

IPv432–bitlongIPaddress

IPv6128–bitlongIPaddress

MD5Messagedigestalgorithm

MDIMediaDependentInterface

MIBManagementInformationBase

PoEPoeroverEthernet

RADIUSRemoteAuthenticationDial-inUserService

SFPFiberinterface,smallform-factorplug

AXIST8504–EOutdoorPoESwitch

Aboutthismanual

SHAMessagedigestalgorithm

SNMPSimpleNetorkManagementProtocol

SSHSecureShell

SSLSecureSocketsLayer

SysLogSystemLog

TACACS+TerminalAccessControllerAccess-Control

TFTPTrivialFileTransferProtocol

TLSTransportLayerSecurity

VLANVirtualLocalAreaNetork

AXIST8504–EOutdoorPoESwitch

Generalinformation

Features

Anumberoffeaturesareprovidedthroughsystemnetorkmanagement.

•EasysoftareupdateduringruntimeithoutaffectingactivePoEports

•Congurationandreal-timemonitoringusinggraphicalrepresentationoftheremotedevice

•Systemstatusdisplay

•SysLogreportingonPoEevents,invalidremoteuseraccess,initialDHCPv4/v6addressetc.

•SNMPtrapsreportingonvariousPoEeventssuchasPoEpoereddeviceinsertionorremoval

Ethernetswitchnetworkcapabiities

•FoureathersealedRJ45Ethernetportscapableof10Mbit,100Mbit,1000Mbithalf-duplexand1000Mbitfull-duplex

Ethernetspeed

•SingleeathersealedSFPEthernetport

•8KinternalMACaddresslookupengine

•VLAN—Access,TrunkandFilteredtrunk

•AutoMDIX

•10KBjumboframes

PoEcapabiities

ThefolloingPoEoptionsareavailable:

•Two4PairPoEportshichdeliverupto60Wperport

•TwoIEEE802.3atPoEportshichdeliverupto30Wperport

•PoEenable/disabletoenableordisablePoEportspoeroutput.Ethernetdataisalaysenabled.

•Remotedeviceresettoresetattachedpoereddevice.Thedeviceistemporarilypoeredoffandthenturnedbackon.

Supportednetworkprotocos

Thefolloingnetorkprotocolsaresupported:

•IPv4–32–bitlongIPaddress(static/DHCPv4)

•IPv6–128–bitlongIPaddress(static/DHCPv6)

•VLAN–Access,TrunkandFilteredtrunk

Useraccessandsecurity

Accessoptions

Youcanaccesstheunitthroughdifferentinterfaces:

•Webinterfaceviaawebbrowser–tovietheunitPoEstatus,netorkstatus,unitcongurationandunitproduction

information

AXIST8504–EOutdoorPoESwitch

Generalinformation

HTTPisaeb-basedfriendlycongurationinterface.

HTTPS-TLSisasecuredeb-basedfriendlycongurationinterface.

•SNMPviaanSNMPmanagerapplication–tomonitortheunitoverthenetork(MIB-IIRFC1213)andtomonitoror

conguretheunitPoEcapabilities(RFC3621)

SNMPv2cfornon-securedSNMPmanagement

SNMPv3forsecuredandencryptedmanagement

RFC1213MIB-IIfornetorkstatistics

RFC3621forPoESNMPMIBs

PrivateMIBextensionforRFC3621PoEMIB

VariousinfrastructureandnetorkMIBssuchasIP-MIB,TCP-MIB,UDP-MIBetc.

•SSHviaanSSHclient–tovietheunitPoEpoerreport,netorkstatus,unitcongurationandproductioninformation;

toupdatesoftare,enableordisablePoEfunctionalityandtopingremotenetorkdevicesforconnectivitytests

Remoteuserauthentication

Useraccesscanbemanagedinthefolloingays:

•Local–Usernameandpassordismanagedlocallybythedevice

•RAIUS–UsernameandpassordisauthenticatedbyRADIUSserveroverthenetork

•TACACS+–UsernameandpassordisauthenticatedbyTACACS+serveroverthenetork

Security

WebHTTPandHTTPS,SNMPv2,SNMPv3andSSH,usedforaccessingtheunit,offerdifferentlevelsofsecuritystrength.AlsoRADIUS

andTACACS+,usedforremoteuserauthentication,offerdifferentsecuritylevels.

SNMPv1andSNMPv2usecommunitystringforGet/Set/Trapauthentication.SNMPv1andSNMPv2areconsideredasunsecured

protocolsincethecommunitystringpassordcaneasilybeinterceptedbyanynetorksnifngdevice.

SNMPv3resolvesSNMPv1/v2securityissuesbyaddingauthenticationandencryptionlayerontopofSNMPpackets.

DefautunitIP,usernameandpassword

Theunitisshippediththefolloingfactorydefaultusernamesandpassords:

UnitdefaultIPv4address

IP=192.168.0.254

Mask=255.255.255.0

WebHTTP/HTTPSandSSH

Username=root

Passord=pass

SNMPv2

GETcommunitystring=public

SETcommunitystring=rite

Readcommunity=public

Writecommunity=rite

Trapcommunity=public

SNMPv3

Username=admin

AXIST8504–EOutdoorPoESwitch

Generalinformation

Authenticationpassord(MD5)=passord

Privacypassord(DES)=passord

Authenticationandencryptionmode=MD5+DES

SNMPv3notication

Username=trap

Authenticationpassord=passord

Privacypassord=passord

Authenticationandencryptionmode=None

Forinformationabouthotorecoverusernameandpassord,seeRecoverusernameandpasswordonpage7.

Recoverusernameandpassword

Note

TherecoveryprocedurecanonlybeperformedfromthelocalLANandnotoverInternetorfromanotherIPnetork.The

usershouldbeabletoturnofftheunitpoerhenneeded.AllPoEportsmustbedisconnectedandtheunitmusthave

onlyonesingleactiveEthernetlink.

Note

YoumightneedtoaddaTelnetclientservicetoWindos7orWindos8.

Note

Theentirerecoveryprocedurefromunitpoeronuntiltheusernameandpassordisappliedmusttakelessthan120seconds.

1.DisconnectallPoEportsfromtheunitexceptforoneEthernetcable.OnlyonesingleEthernetportshouldbeactive.

2.TurnoffthereallorenableUDPport514.ThenrunIPv4capableSysLogServeronyourcomputer.

3.Turnofftheunit.Wait10seconds,thenturntheunitbackon.

4.ASysLogmessageappearsafterapproximately15seconds.IdentifytheunitLink-localIPv6address.ALink-localIPv6

addressalaysstartsithFE80.

5.Openacommandindoonyourcomputer.

-ForWindos7,gotoStartandtypecmd.

-ForWindos8,presstheWINDOWSkeyandtheRkey,thentypecmd.

6.TypeipcongtoidentifythevirtualinterfaceindexofLink-localIPv6address.Thevirtualinterfaceindexisindicatedbya

numberafter%.Example:fe80::9c39:db8b:62de:7bv4%17

7.PreparetheSSHconnectionbytypingTelnet[unitLocal-linkIPv6address][%virtualinterfacenumber]2525,butdon’t

pressENTER.Example:Telnetfe80::9c39:db8b:62de:7bv4%172525

8.Turnofftheunit.Wait10seconds,thenturntheunitbackon.

9.Wait30seconds,thenpressENTERtostarttheTelnetsessiononTCPport2525.

10.Typeaxispasswordrecoveryasusernameandaxispasswordrecoveryaspassord.Arecoveryoptiontorestoretheentire

unittocompletefactorydefaultincludingunitnetorkcongurationispresented.PressYtorestoretheunit.Theunit

restartsithdefaultIPv4192.168.0.254,usernamerootandpassordpass.

First-timeconguration

Whenconguringtheunitforthersttime,follothestepsbelo:

1.CongureyourPCEthernetnetorkinterfacetothefolloingIPv4parameters:

AXIST8504–EOutdoorPoESwitch

Generalinformation

PCIPv4address:192.168.0.40

PCIPv4mask:255.255.255.0

2.ConnectyourPCEthernetnetorkinterfacetoanyoftheunit’sEthernetports.

3.Openaebbroserandtype192.168.0.254intheaddresseld.

4.Loginiththedefaultusernameandpassord.SeeDefaultunitIP,usernameandpasswordonpage6.

5.Conguretheunit.Itisrecommendedtochangetheusernamesandpassordstootherthanthedefaultvalues.

UnitidenticationoverIPnetwork

TolocatetheunitovertheIPnetork,theunitsendsIPv4SysLogmessage#0inbroadcastformat255.255.255.255uponpoer-up.

AnySysLogserverconnectedoverLANreceivesthisSysLogmessage.ThesameSysLogmessageisalsosenttotheoptionalSysLog

servers1and2,iftheyarecongured.

Theunitsendsthemessagetice.ThisistoensurethattheSysLogmessageisreceivedbytheSysLogservers,regardlessofnetork

conguration.ThemessageisrstsentbeforeVLANcongurationismadeandlateragainafterVLANcongurationisdone.

SysLogmessage#0containsalltheinformationhichisrequiredtobeabletoprovideaccesstotheunitoverthenetork.

Example:MsgID#000-SystemUP.APP:v3.51.06BOOT:v3.16RST:Power-OnBOOT:0=[APP

OK]Host:axis-00055A034B49MAC:00:05:5a:03:4b:49VLAN:YESVLAN_MNGR:5

VLAN_UPLINK_PORT:3VLAN_UPLINK_MODE:TRUNKDHCPv4:NoIP1v4:192.168.0.254/24DHCPv6:No

IP1v6:2345::205:5AFF:FE03:4B49/64IP2v6:FE80::205:5AFF:FE03:4B49/64

FieldValueescription

MsgID#000-SystemUPSysLogmessagenumber

APP:v3.51.06Unitapplicationsoftareversion

BOOT:v3.16Unitbootversion,usedforsoftare

update

RST:Power-OnResetreason

BOOT:0=[APPOK]

Host:axis-00055A034B49axisfolloedbyunitMACaddress

MAC:00:05:5a:03:4b:49UnitMACaddress

VLAN:YESVLANstatusenabledordisabled

VLAN_UPLINK_PORT:3Ethernetportnumberusedforunit

management

VLAN_UPLINK_MODE:TRUNKManagementportisconguredasAccess

orTrunk

DHCPv4:NoDHCPv4YesorNo

IP1v4:192.168.0.254/24UnitIPv4address

DHCPv6:NoDHCPv6YesorNo

IP1v6:2345::205:5AFF:FE03:4B49/64UnitIPv6address

IP2v6:FE80::205:5AFF:FE03:4B49/64Unitlink-localIPv6address

AXIST8504–EOutdoorPoESwitch

Webinterface

Webinterfacemenu

Status

GotoStatustovietheunitstatus.Thepageisupdatedautomaticallyeveryfeseconds.

Note

TheEthernetnetorklinkisalaysenabled,regardlessofPoEconguration(enabledordisabled).

Parameterescription

Bluesymbol—PoEpoerisprovided

Graysymbol—NoPoEpoer

Bluesymbol—PoEportisenabled

Graysymbol—PoEportisdisabled

Bluesymbol—Ethernetlinkison

Graysymbol—NoEthernetlink

Bluesymbol—SFPmoduleisinsertedintotheuplinkport

Graysymbol—UplinkporthasnoSFPmoduleinserted

NetorkReportstheEthernetlinkspeed(10/100/1000MB)andifthenetorkconnectionisupordon

StatusReportsthePoEportstatus,ifitisenabled,disabled,deliveringpoer,etc.

PoerusageReportstheactualpoerconsumptionandthemaximumpoeritcandeliver

PoEresetClickResettoturnoffthePoEportpoerandrestorethePoEpoerbackon.

Note

APoEporthichisdisabledbySSHorSNMPillbeenabledafteraPoEreset.

TotalpoerusageReportstheaggregatedpoerconsumedbyallPoEportsandthepercentageoftheconsumed

poerrelativetotheinternalpoersupplypoercapabilities.

Basic

GotoBasictoviebasicinformationabouttheproduct.

IPaddressinuse-GotoIPaddressinusetovieinformationaboutIPv4andIPv6addresses,masks,defaultgateaysand

DomainNameServers(DNS).

Productinformation-GotoProductinformationtoviegeneralproductinformationsuchasproductname,serialnumber,

softareversionandPoErmareversion,andSFPmoduleinformationsuchasSFPtype,vendor,partnumberandserialnumber.

AXIST8504–EOutdoorPoESwitch

Webinterface

Networkconguration-GotoNetworkcongurationtoenableordisableDHCP,congureIPv4,IPv6andnetorkhostname.

HostnameisusedbybothIPv4andIPv6toregistertheunitnameinDHCPv4/v6server.NotethatIPv6usestheFQDNterminology

ashostname.

NetworkservicesIPv4/IPv6-GotoNetworkservicesIPv4/IPv6tocongureDNSandSysLogservers.

PoEconguration-GotoPoEcongurationtocongurePoEportpoer.FourPoEpoerschemesofferdifferentpoer

distributionsbeteenthefourPoEports.Allfouroptionscomplyiththeunitmaximumpoercapacities.

•60W:DeliverpoeroverfourpairsinsidetheEthernetcable.Eachpairdeliversupto30W.

•30W:DeliverpoerovertooutoffourpairsinsidetheEthernetcable

•15.4W:DeliverpoerovertooutoffourpairsinsidetheEthernetcable

•––:NoPoEpoer.Ethernetportisenabledandfunctional,butPoEisdisabled.

Security

Securityconguration

GotoSecuritycongurationtoconguretheunitusernameandpassordforremoteeborSSHaccess.

Note

OnlyASCIIcharacters33–90and94–122canbeusedfortheusernameandpassordelds.

HTTPS

GotoHTTPStocongurehetherHTTPorHTTPS(securedeb)shouldbeused.WhenHTTPSisenabled,TLSv1.2isusedtoencrypt

ebnetorktrafc.

Note

ToeliminateebbroserarningheneveraccessingtheunitoverHTTPS,addanexceptionruletotheebbrosertelling

theebbroserthattheebsiteislegitimateoruploadaunitself-signed/CA-signedcerticate.

RADIUS/TACACS+

RADIUS/TACACS+enablesremoteuserauthenticationhenuseraccessestheunitovereborSSH.Usernameandpassordarethen

authenticatedbytheRADIUS/TACACS+server.

TheadvantagesithRADIUS/TACACS+isthatusernameandpassordareeasytoupdate,especiallyifmanynetorkdevices

aretobemanaged.

ThedisadvantageithRADIUS/TACACS+isthattheunitisnotaccessibleifbothRADIUS/TACACS+serversaredon.Itispossible

toenableLocalloginfallbackhichallostheunittouseitslocalusernameandpassordheneverthereisnoreplyfrom

RADIUS/TACACS+servers.

RADIUS/TACACS+commonparameters

Parameterescription

EnableauthenticationCongureifRADIUS/TACACS+shouldbeenabledordisabled.WhenRADIUS/TACACS+isdisabled,

localusernameandpassordareused.

EnablelocalloginfallbackWhenlocalloginfallbackisenabled,localusernameandpassordareusedheneverthereisno

replyfromRADIUS/TACACS+servers.Thiscanhappenhentheserversaredonorincaseof

anetorkproblem.

AuthenticationprotocolSelecteitherRADIUSorTACACS+authenticationprotocol.

SharedsecretThesameprivatekeystringmustbeconguredonboththeunitandtheRADIUS/TACACS+server.

Other manuals for T8504-E

Table of contents

Popular Switch manuals by other brands

URC

URC Total Control MFS-8 installation manual

Azbil

Azbil HPQ-D11 user manual

Sony

Sony DFS-900M operating instructions

SICK

SICK i17S operating instructions

F&F

F&F SZR-277 quick start guide

Shure

Shure UAMS/BK user guide

Dräger

Dräger X-zone Switch Off Instructions for use

Asco

Asco Joucomatic 349 Series manual

BT Mini Hub user guide

D-Link

D-Link DES-1226G manual

Johnson Controls

Johnson Controls FS80-C installation instructions

Alcatel-Lucent

Alcatel-Lucent 7450 ESS-12 Configuration guide

MicroNet

MicroNet SP1200A user manual

Ruijie

Ruijie RG-PF2920 Series Hardware installation and reference guide

Altinex

Altinex DA1914SX user guide

MiLAN

MiLAN MIL-SM2401M user guide

RJM

RJM MASTERMIND PBC/6X user manual

Atlas

Atlas MMK-KVM8 owner's manual