Barox L Series User manual
Operating Instructions
19"- RY-Switches of the L-series
- RY-LGS23-26
- RY-LGSO25-24
- RY-LGSO25-28
- RY-LGSP16-10
- RY-LGSP23-10G
- RY-LGSP23-26/xxx
- RY-LGSP23-28/xxx
- RY-LGSP23-52/xxx
- RY-LGSPTR23-26
RY Industrial-Switches of the L-series
- RY-LPIGE-602GBTME
- RY-LPIGE-804GBTME
- RY-LPITE-802GBTME
- RY-LPITE-804GBTME
- RY-804GBTME, without PoE
barox Kommunikation 2
19"-Switches:
Firmware Release v6.54.3133
Hardware Version 1.01
Industrial-Switches:
Firmware Release v7.10.1972
Hardware Version v1.01
Copyright © barox Kommunikation
All rights reserved. The contents of this document may not be reproduced
in any form or by any means without the express authorisation of
barox Kommunikation.
Registered trademark
barox® is a registered and protected trademark of the barox Kommunikation company.
Any other registered trademark or registered brand mentioned in this manual
is the property of the respective manufacturer.
Liability
Information contained in this document may be changed without prior notice.
barox Kommunikation reserves the right to modify the respective devices and/or
this manual without prior notification.
Our products may contain unintentional technical and/or typographical errors.
Modifications are regularly carried out to improve our products.
The latest operating instructions are available on our website.
www.barox.ch
Published by:
barox Kommunikation AG
Im Grund 15
CH-5405 Baden-Daettwil
Switzerland
www.barox.ch
Publication Date: August 2019
Version: 1.3
barox Kommunikation 3
T A B L E O F C O N T E N T S
1INTRODUCTION 5
1.1 Contents 5
1.2 About Us 5
1.3 Website 5
1.4 Support 5
2Short Description 5
2.1 Special Features for Video Networks 5
2.2 DMS (Device Management System) 6
3Commissioning 6
3.1 Factory Default and Login 6
3.2 System Information 7
3.3 Set a Static IP Address or use DHCP 8
3.4 Gateway Configuration 9
3.5 Time Configuration 9
3.5.1. Local Settings 9
3.5.2. NTP (Network Time Protocol) 10
3.5.2.1. NTP Server 10
3.5.2.2. Time Settings 11
3.6 Port Configuration 12
3.6.1. SFP Port 12
3.7 Change of User Name and Password 13
3.8 Loop Protection 14
3.9 Ring Configuration 15
3.9.1. Ring Master 15
3.9.2. Port Configuration 16
3.10 VLAN Configuration 18
3.11 Power over Ethernet (PoE) 18
3.11.1.PoE Configuration 19
3.11.2.PoE Power Delay 20
3.11.3.PoE Schedule 21
3.11.4.PoE Auto Checking 21
3.11.5.PoE Chip Reset Schedule 22
3.12 Saving and Retrieving the Configuration 22
3.12.1.Download Configuration 23
3.12.2.Upload Configuration 23
4DMS Device Management System 24
4.1 Management 24
4.2 Graphical Monitoring 26
4.3 Maintenance 30
5Switch Management in the Security Focus 32
5.1 Management and Security on Switch Level (Layer 1 and 2) 32
5.1.1. Bandwidth Settings and Restrictions 32
5.1.2. Information regarding the general consideration of the bandwidth demand 33
5.1.3. Securing the ports using MAC configuration settings 33
5.1.4. Port Security with Limit Control Settings 34
5.2 Use and Protection of IP Functions (Layer 3) 35
5.2.1. DHCP Server 35
5.2.2. Protection of DHCP by ARP Inspection 37
5.2.3. IP Source Guard 40
5.3 Protection of the Switch Management and Network Administration (Layer 3–7) 41
5.3.1. User Management and Configuration 41
barox Kommunikation 4
5.3.2. Deployment and Authentication Settings using the Switch Management 42
5.3.3. Access Management and Use of HTTPS 43
5.3.4. Configuration and Use of Certificate-based Access to the Management 44
5.4 SNMP –Monitoring- and Administration Function 45
5.4.1. Configuration of SNMP v2c 45
5.4.2. SNMP Trap Configuration 46
5.4.3. Supplementary Information regarding the Sending of SNMP Traps 49
5.5 SNMP v3 Configuration 51
5.5.1. Activation of the SNMP v3 Function 51
5.5.2. SNMP Trap Configuration 55
5.5.3. Supplementary Information regarding the Sending of SNMP Traps 59
5.6 Reading SNMP Traps 60
5.7 Use of MIB Files for Reading-out and Control of the Switches 62
5.8 Control of Switch Functions via SNMP and MIB using the „SET“ Operation 64
6Firmware Upgrade 66
7Factory Defaults 67
8Server Report 68
9WARRANTY 69
barox Kommunikation 5
1I N T R O D U C T I O N
These Operating Instructions describe the commissioning of the switches and the configuration
of the most important basic functions.
All persons using this manual should have the following skills:
•Knowledge of how to install and operate electronic devices
•Experience with using computer systems
•Knowledge of Local Area Networks (LANs) and a general knowledge of IP communications
•Knowledge on working with web browsers
1.1 Contents
This Operating Manual is divided into the following chapters:
1. Introduction
2. Commissioning of the switches
3. Diagnostic tools and firmware upgrades
1.2 About Us
In all situations where a network is required to transmit high-quality video content fast and
securely, barox Kommunikation’s range of POWERHAUS switches guarantee pioneering
connections.
barox Kommunikation designs, coordinates and supplies everything from a simple, point-to-point
connection to a large area network running multicast applications.
1.3 Website
Information on our full range of switches as well as download links to our data sheets,
documentation and the latest firmware are available on our website: www.barox.ch.
1.4 Support
Our POWERHAUS Partners are available to help you should you have any problems or
questions regarding the configuration of your switches.
2S h o r t D e s c r i p t i o n
All our RY switches are manageable, full Gigabit IP switches with layer 2/2+ functionality. We
offer a range of different models with a varying number of optical and electrical ports which −
depending on the model −can support anything up to PoE++.
2.1 Special Features for Video Networks
•Active Camera Monitoring
Cameras powered via a PoE connection from the switch are continually monitored. In the case of
a camera failure, the switch automatically restarts the camera all by itself. Should this operation
fail, the switch automatically sends out an alarm via SNMP.
•Active Monitoring of the PoE Power Supply
Should the amount of power requested from the switch be too high, e.g. through a defective
camera, the switch will automatically send out an alarm via SNMP.
•Active Management of the Level of PoE Power Supplied
When the switch is started up, the individual PoE ports can be started up one after another to
avoid overloading the PoE power supply.
barox Kommunikation 6
•Other Useful Features
Jumbo Frames up to 9,600Bytes are supported at 1 Gbits and also 100 Mbits.
Port security by means of MAC address restriction and IP identification
Readability and provision of certificates, resp.
Extra high backplane performance for smooth video transmission at full port utilisation
Ports using PoE can be detected at the push of a button (front panel).
2.2 DMS (Device Management System)
The switch is equipped with an integrated network monitoring and control system that uses
a very simple method to provide the user with an excellent overview of the whole network.
The network Topology View provides a quick overview of all the switches and terminal equipment
in the network, e.g. IP cameras and servers, together with information on their respective IP
addresses, device types and device descriptions. Plans showing the floor layout and the local
environment can be stored as background images. These allow the user to quickly access
specific network equipment −even without special knowledge of the IP structure.
Finalised plans can then be exported and included in the documentation.
3C o m m i s s i o n i n g
The switches can be configured using a web browser. To do this, a PC/laptop can be connected
to any desired RJ45 port. Care should be taken to ensure that the IP address of the PC/laptop
belongs to the same network segment as the switch. For example: 192.168.1.111.
Alternatively, the switches can also be configured via a CLI (console port). In this document, the
switch is configured using a web browser.
3.1 Factory Default and Login
The switches are supplied with the following factory default settings:
IP address: 192.168.1.1
Subnet mask: 255.255.255.0
User: admin
Password: admin
A connection can be made to the switch by entering the IP address of the switch (192.168.1.1)
straight into a web browser. To log in, the user simply enters the user name and password listed
above.
Once the login process has been successfully completed, the “System Information” page is
automatically displayed showing the most important information on the switch.
barox Kommunikation 7
3.2 System Information
This page displays the most important information on the switch.
Key:
1. Name of the switch model
2. Firmware version
3. Hardware version
4. MAC address
1
3
2
4
1
5
barox Kommunikation 8
3.3 Set a Static IP Address or use DHCP
The first step is to allocate an IP address to the switch. To do this, go to the
“Configuration/System/IP”menu in the navigation tree.
Static IP Address
In the above image, one can see that the IP address of the switch is 192.168.1.1, that the subnet
mask is 24 (255.255.255.0) and that it belongs to VLAN 1. This means that VLAN 1 is the
management VLAN.
If the switch is to be allocated a new IP address, the existing IP address is simply overwritten
and then confirmed by clicking on the “Apply” icon. The same applies, if the subnet mask needs
to be changed.
DHCP
If the switch is to be integrated into a network where a DHCP server allocates the IP addresses,
the check box underneath “IPv4 DHCP” needs to be checked.
The DHCP server will then allocate an IP address to the switch within the pre-defined range.
There are now two ways of finding out which IP address has been allocated.
a) Software tool, e.g.: SoftPerfect Network Scanner
https://www.heise.de/download/product/network-scanner-13270
b) Console port
This method requires using the console cable supplied with the switch. The console port of the
switch is an RS232 interface, i.e. a PC/laptop with a serial interface or a USB-RS232 adapter is
required.
To configure the switch via the CLI port, we recommend using the “PuTT Y” software.
http://www.chip.de/downloads/PuTTY_12997392.html
barox Kommunikation 9
The factory default settings of the CLI interface are as follows:
Bit rate: 115,200
Data bits 8
Parity: None
Stop bits: 1
Flow control: None
If the serial interface is used to connect up to the switch, the user needs to log on using the user
name and password.
The following command can be used to show the IP address:
RY-LGSP23-26# show ip interface brief
➔Important: This change now needs to be permanently saved.
To do this, access the switch by entering the new IP address in the web browser and then click
on the diskette symbol at the top right-hand corner.
3.4 Gateway Configuration
If a new IP address is allocated to the switch, it is also mandatory to modify the gateway address
accordingly.
To change the gateway address, the respective line first needs to be deleted and then re-created
using the right address. The network address must be set to “0.0.0.0” and the mask length to “0”.
Then all that needs to be done is to rewrite the gateway address using one that corresponds to
the network.
3.5 Time Configuration
The system time used by barox Kommunikation switches can either be configured manually or
via an NTP server. The whole purpose of defining the time is to use it in the log file. If an error
message is generated, a date stamp is added to the respective entry in the log file so that the
downtime and/or the time when the error occurred is accurately recorded which helps to localise
the possible cause.
3.5.1. Local Settings
In the “Configuration/System/Time” menu, select “Use Local Settings” as “Clock Source”. The
date and time are then manually entered in the specified format in the field next to “System Date”
and then confirmed using the “Apply” button.
➔If the switch is restarted, the time is deleted and needs to be re-configured as the switch
does not have its own backup battery.
barox Kommunikation 10
3.5.2. NTP (Network Time Protocol)
The Network Time Protocol is a standard for synchronising clocks in computer systems using
packet-based communication networks.
Configuration is done in two steps.
3.5.2.1. NTP Server
The first step is to tell the switch where it needs to go to get the time.
If the time is to be retrieved directly from the DHCP server, the entry in the “Automatic” field has
to be set to “Enabled”. The IP address of the DHCP server is then displayed in the line below.
However, if the time is to be retrieved from another specific source, for example from a time
server, NTP server, firewall etc., the respective IP address must be entered in the “Server
address 1” field. This is the only way of ensuring that the switch can actually contact the
respective IP address. Up to 5 sources can be defined.
If there is no time source available in one’s own network and the time is to be retrieved from an
external source via the Internet, it is possible to enter the external NTP server details directly, e.g.
213.209.109.45 at http://www.pool.ntp.org/de/
barox Kommunikation 11
3.5.2.2.Time Settings
Now the “Clock Source” must be set to “Use NTP Server” in the “Configuration/System/Time”
menu.
As time servers generally broadcast Greenwich Mean Time, the “Time Zone” must be selected
accordingly to ensure that 1) the time is correct and 2) the system switches correctly between
summer and winter time.
As soon as the switch can access the time and date, the correct date is shown in the “System
Date” field.
barox Kommunikation 12
3.6 Port Configuration
The ports are set to Auto mode when they leave the factory. Auto-negotiation is the procedure
which allows two connected Ethernet network ports to independently negotiate and configure the
highest-possible transmission speed as well as the duplex mode. This procedure only applies to
twisted pair cables −not to fibre optic connections.
Nevertheless, in some cases the terminal device may not be correctly recognised. This
sometimes occurs when using a camera with a 100 Mbps interface. In this case, the port
must be manually set to 100 Mbps.
If a port is not to be used for security reasons, this can be disabled completely. In this case,
the configuration mode should be set to “Disabled”.
3.6.1. SFP Port
The SFP ports are also equipped with an Auto mode. This is different to the auto-negotiation
procedure used by copper ports. SFP ports are only capable of recognising the transmission
speed through auto-negotiation and only support full duplex mode.
In some cases, a switch may not correctly detect whether an SFP is a 100 Mb or 1000 Mb model
which will prevent the latter from functioning. In such cases, the port data rate needs to be set
manually.
The SFP ports of the switches are not coded. This means that SFPs supplied by other
manufacturers can be used −whereby no guarantee is supplied that these will function properly.
The barox Kommunikation product range includes SFPs for multi and single mode fibres with
transmission speeds of 100 Mbps, 1 Gbps and 10 Gbps. Distances of between 550 m and
120 km can be achieved depending on the type of fibre and transmission speed.
➔Please also refer to http://www.barox.ch/cm/produkte/product/ip-produkte/zubehoer/ac-sfp
barox Kommunikation 13
3.7 Change of User Name and Password
barox Kommunikation switches offer the option of generating a number of users with different
rights. Up to 15 different levels can be defined.
Level 15 is the highest level and is intended to be used by the administrators.
Another user can be generated by clicking on “Add New User”. Then the “User Name”,
“Password” and “Privilege Level” need to be defined.
The exact range of rights applying to the new user can now be defined in the “Privilege Level”
menu.
In the following example, the technician concerned has a privilege level of 10, i.e. he/she is
allowed to configure everything based on his/her Read/Write rights. However, this technician’s
“Debug” rights are so limited that he/she cannot even read “Debug” data.
barox Kommunikation 14
This table is highly complex which allows extremely precise rights to be granted. For example,
it is possible to define a user who can only read the MAC table.
3.8 Loop Protection
In larger networks, it is very easy to accidentally, resp. unintentionally, make physical
connections that result in a loop. If no loop protocol (e.g. RSTP) has been activated,
the whole network hangs and becomes inoperative.
The “Loop Protection” feature was specially designed to handle such situations. Once this
feature has been activated, it is possible to define whether the respective port should be
shut down, merely an entry made in the log file or both (“Shutdown Port and Log”), if a loop
is accidentally created.
➔Ports already actively running RSTP must not additionally be monitored using the
Loop Protection feature. This would lead to massive malfunctions within the network.
“Shutdown Time” shows how long a port is to remain disabled, should a l oop be detected.
Possible time entries: 0 –604,800 s (7 days). If “0” is entered here, the port will remain
deactivated until the switch is rebooted.
barox Kommunikation 15
3.9 Ring Configuration
To guarantee redundancy within the network, it is crucial to set up a ring topology. To ensure
that the network is not overloaded by a broadcast storm, a protection mechanism is required.
RSTP (Rapid Spanning Tree Protocol) is one of the fundamental protocols used in an Ethernet
network. It ensures that no network loops are created within individual network segments. Unlike
an IP packet, an Ethernet frame does not have a maximum Time to Live (TTL) and, therefore,
may potentially go around in circles for an indefinite period of time. This, in turn, could overload
the network and, in the worst case, bring the network to a standstill.
How the Rapid Spanning Tree Protocol works is explained in detail in Wikipedia.
https://de.wikipedia.org/wiki/Spanning_Tree_Protocol
3.9.1. Ring Master
In a ring topology, one switch must be defined as the master which then assumes the task of
monitoring the ring. In the event that a connection is interrupted, this master then notifies all
the other switches in the ring so that the alternative connection can be activated. The switch
with Priority 0 is the ring master.
The RSTP protocol is designed to automatically make the switch with the lowest MAC address
the ring master, if no ring master has been defined.
The desired protocol version must be selected in the “Spanning Tree/Bridge Settings” menu.
RSTP is supported by all switch manufacturers - making it compatible with third-party
manufacturers.
The switch factory default is set to “Bridge Priority” 32768. If the switch is to act as master,
the Bridge Priority must be set to “0”. All the other values can be left as they are.
Ring master has Priority “0”.
barox Kommunikation 16
3.9.2. Port Configuration
The factory default for all ports is “STP Enabled”. This means that, in theory, the ring can be
created using any desired port. To optimally distribute the load across the network, it is possible
to define that the data packet flow be channelled using Path Cost. The term “ Path Cost”
originates from the time when lines were leased for A to B connections which meant that they
were expensive.
Example:
In a larger ring with numerous terminal devices and larger data volumes it makes sense to
channel the data flow within the ring to distribute the load evenly across the switches (load-
sharing). To achieve this, the path cost needs to be defined.
In the above example, the network consists of two central switches (A+B) and 5 other switches
that form the ring. All in all, 21 cameras have been installed −each supplying 5 Mbps of video
data, i.e. a total of over 100 Mbps of data.
Data flow
Data flow
Path Cost
20000
barox Kommunikation 17
Scenario 1: Only RSTP is active on all the switches
The switch with the lowest MAC address functions as the master. This may be the smallest
switch in the ring with the lowest CPU performance. The direction of data flow is not known.
In the case of an interruption, the switch-over may take a little longer as this small switch
cannot process the data so quickly.
Scenario 2: RSTP is active on all the switches, switch A has Prio 0 and switch B Prio 4096
In this case, switch A has been defined to assume the role of master. If this switch fails,
switch B will take over the role of master. Switch A monitors the ring. Should network traffic
be interrupted, switch A’s CPU has enough power to be able to react quickly. Port 21 of
switch A may be marked as being “Blocked”. The data from all the video cameras will then
be provided via port 22. Small switch C then has to process the data from all the video cameras,
causing a bottleneck.
Scenario 3: RTSP active, the master and Path Cost have been defined
This configuration precisely defines how the data should flow. The load is distributed on two
sides. None of the switches is pushed to the limit. As the Path Cost of switch D, port 10 and
switch E, port 9, is higher than that of all the other ports in the ring, this route will only be
activated, if network traffic is interrupted.
Path Cost −default setting:
The cost depends on the distance from the root bridge (master) and the available uplink to the
target. Normally, the Path Cost of reaching the target via a 100 Mbps uplink is higher than that
of a 1 Gbps uplink. In this case, the 100 Mbps link would be blocked from being used as a
redundant path. Although Path Costs have been standardised according to the IEEE provisions,
different values can be manually specified, for example, to select a preferred uplink where the
speeds are identical so as to reflect the real cost of a dedicated line.
➔Wherever possible, one should aim to realise a configuration that corresponds to
the one illustrated in the above image.
barox Kommunikation 18
3.10 VLAN Configuration
VLAN configuration is effected on one single page.
All the VLAN numbers requiring configuration must be listed in the field “Allowed Access VLANs”.
Once the VLAN numbers have been entered, the individual ports can be allocated to a specific
function and VLAN.
Mode VLAN Function
AccessNo. A terminal device is to be connected to this port
Trunk --- Connection between two switches
Hybrid --- Connection between two switches or to a terminal device
The allowed VLANs can be defined in the “Allowed VLANs” column both in “Trunk” and “Hybrid”
mode.
3.11 Power over Ethernet (PoE)
With respect to PoE, the switch has numerous options for optimising PoE implementation. Power
can be controlled, resp. turned on or off, on a time or event-triggered basis. In addition, powered
devices (e.g. PoE cameras) can be monitored and rebooted, if required. The PoE chip in the
camera can also be reset. This makes sense, for example, in cases where a camera shows no
picture although it can be pinged.
barox Kommunikation 19
3.11.1. PoE Configuration
Every switch has a pre-defined performance capacity. This describes how much power can be
supplied via the PoE ports. The crucial component here is the power supply installed in the
switch. In the above example using an RY-LGSP16-10 switch with 8 PoE+ ports, a maximum
of 130 W can be supplied. This means that it is impossible to connect a 30 W terminal device
to each of the 8 ports as this would require a total of 240 W. The integrated power unit cannot
supply this much power.
This means that it is important to keep track of how much power is being supplied per port.
POE appliances are divided into various categories depending on their respective consumption.
Class
Power available to the powered device
Classification signature
0
0.44 –12.96 W
0 to 4 mA
1
0.44 –3.84 W
9 to 12 mA
2
3.84 –6.49 W
17 to 20 mA
3
6.49 –12.95 W
26 to 30 mA
4
12.95 –25.50 W (only 802.3at/Type 2)[4]
36 to 44 mA
https://de.wikipedia.org/wiki/Power_over_Ethernet
Reserved Power determined by
One can define how the maximum amount of power to be supplied is determined in the section
“Reserved Power determined by”.
- Class = corresponds to the class to which the terminal device says it belongs
- Allocation = according to the value stated in the “Maximum Power (W)” column
- LLDP-Med = ditto Class mode, pulls the information via LLDP (where possible)
If the terminal device exceeds the predefined power limit, the port turns PoE off.
barox Kommunikation 20
Power Management Mode
This is where one defines how the switch should behave should the maximum possible power
level be exceeded.
- Actual Consumption
Should the amount of power demanded by the devices exceed the maximum possible amount
of power that the switch can provide, PoE is turned off completely. If the power limit is only
exceeded by one single port, PoE is only turned off to this port.
The importance of the individual ports is defined in the “Priority” column. Ports set to “ Low” are
turned off immediately, whereas ports set to “Critical” are turned off last s hould the maximum
power level be exceeded.
- Reserved
Ports set to “Reserved” are only turned off, if the power reserved for them in the
“Maximum Power (W)” column is exceeded.
PoE Schedule
Each individual port can be allocated to a time schedule. A total of 16 time schedules
can be created.
3.11.2. PoE Power Delay
As already mentioned, the switch can provide a limited amount of power.
However, today’s IP cameras require an ever-increasing amount of power. If a pan/tilt camera
with an integrated heater and IR emitter is used, the amount of power required will climb even
higher.
When rebooting, switching between day and night mode, turning on the heater or IR emitter etc.,
a camera needs considerably more power (peak power supply) than during steady, uninterrupted
operation.
Should several cameras connected to one switch all log in at the same time, the maximum
amount of power that can be supplied by this switch might be exceeded. Exceeding this
maximum power level will cause the switch to immediately log itself back off and may also
cause damage to the power supply, if numerous unsuccessful attempts are made.
To avoid this problem, one can configure the individual ports to start up one after the other
in the following menu. In the example below, ports 1 and 2 are immediately activated −with
2 more ports then being activated every 10 seconds after that.
This manual suits for next models
14
Table of contents
Other Barox Switch manuals
Barox
Barox RY-LGSO25-24 User manual
Barox
Barox LT-804GBTME User manual
Barox
Barox RY-LGSP28-52 Series User manual
Barox
Barox PC-IA100 Series User manual
Barox
Barox PC-PIGE500-GBTE User manual
Barox
Barox LT-802GBTME User manual
Barox
Barox LT-PIGE-804GBTME Series User manual
Barox
Barox LT-PIGE-802GBTME User manual
