Axis T8504-E User manual

Brand: Axis

Model: T8504-E

Category: Network switches

Type: User manual

Axis T8504-E is an outdoor PoE switch with four weather-sealed RJ45 Ethernet ports and a single SFP Ethernet port. It delivers up to 60W per port on two 4Pair PoE ports and up to 30W per port on two IEEE 802.3at PoE ports, enabling you to power high-power devices such as PTZ cameras and illuminators. The switch supports VLAN, allowing you to segment your network and improve security. Additionally, it features remote device reset, system status display, and SysLog reporting for PoE events and invalid remote user access.

AXIST8504–EOutdoorPoESwitch

UserManual

AXIST8504–EOutdoorPoESwitch

TableofContents

Aboutthismanual..........................................3

Objectives.....................................................3

Intendedaudience...............................................3

Relateddocumentation...........................................3

Abbreviations...................................................3

Generalinformation.........................................5

Features.......................................................5

Useraccessandsecurity..........................................5

First-timeconguration..........................................7

UnitidenticationoverIPnetwork.................................8

Webinterface..............................................9

Webinterfacemenu.............................................9

SSHserialinterface.........................................15

Mainmenu....................................................15

SNMPmonitoringandconguration...........................18

EnableSNMP...................................................18

SNMPMIBs....................................................18

SysLogMessage............................................20

Troubleshooting............................................22

Support.......................................................22

Learnmore!....................................................23

AXIST8504–EOutdoorPoESwitch

Aboutthismanual

Objectives

AXIST8504–EisanoutdoorPoEswitch.Themajorbenetsofthisproductisitsoutdoorcapabilitiesandthecapabilitytoextend

themaximumreachofthenetworkbyanadditional100meters,toatotalof200meters,betweentheswitchandthepowered

devices,whileprovidingupto2x60Wand2x30Wtoitsnetwork-poweredPoEdevices.

ThisusermanualprovidesinformationonhowtomanageAXIST8504–EthroughAXISIPv4/IPv6,VLAN,RADIUS,TACACS+,web

interface,SNMPandSHH.

Intendedaudience

Thisusermanualisintendedfornetworkadministrators,supervisorsandinstallationtechnicianswithknowledgeabout:

•Basicconceptsandterminologyofnetworking

•NetworktopologyincludingVLAN

•Networkprotocols

•UserauthenticationprotocolsincludingRADIUSandTACACS+

Relateddocumentation

Foradditionalinformation,seethefollowingdocumentation:

•Productinstallationguide

•RFC3621SNMPMIBandprivateMIB

•CreatingcerticateforT8504–Esecuredwebserver

Abbreviations

AbbreviationDescription

8021.QSameasVLAN

DESDataEncryptionStandard

DGWDefaultGateWay

DHCPv4DynamicIPv4HostCongurationProtocol

DHCPv6DynamicIPv46HostCongurationProtocol

IPv432–bitlongIPaddress

IPv6128–bitlongIPaddress

MD5Messagedigestalgorithm

MDIMediaDependentInterface

MIBManagementInformationBase

PoEPoweroverEthernet

RADIUSRemoteAuthenticationDial-inUserService

SFPFiberinterface,smallform-factorplug

AXIST8504–EOutdoorPoESwitch

Aboutthismanual

SHAMessagedigestalgorithm

SNMPSimpleNetworkManagementProtocol

SSHSecureShell

SSLSecureSocketsLayer

SysLogSystemLog

TACACS+TerminalAccessControllerAccess-Control

TFTPTrivialFileTransferProtocol

TLSTransportLayerSecurity

VLANVirtualLocalAreaNetwork

AXIST8504–EOutdoorPoESwitch

Generalinformation

Features

Anumberoffeaturesareprovidedthroughsystemnetworkmanagement.

•EasysoftwareupdateduringruntimewithoutaffectingactivePoEports

•Congurationandreal-timemonitoringusinggraphicalrepresentationoftheremotedevice

•Systemstatusdisplay

•SysLogreportingonPoEevents,invalidremoteuseraccess,initialDHCPv4/v6addressetc.

•SNMPtrapsreportingonvariousPoEeventssuchasPoEpowereddeviceinsertionorremoval

Ethernetswitchnetworkcapabilities

•FourweathersealedRJ45Ethernetportscapableof10Mbit,100Mbit,1000Mbithalf-duplexand1000Mbitfull-duplex

Ethernetspeed

•SingleweathersealedSFPEthernetport

•8KinternalMACaddresslookupengine

•VLAN—Access,TrunkandFilteredtrunk

•AutoMDIX

•10KBjumboframes

PoEcapabilities

ThefollowingPoEoptionsareavailable:

•Two4PairPoEportswhichdeliverupto60Wperport

•TwoIEEE802.3atPoEportswhichdeliverupto30Wperport

•PoEenable/disabletoenableordisablePoEportspoweroutput.Ethernetdataisalwaysenabled.

•Remotedeviceresettoresetattachedpowereddevice.Thedeviceistemporarilypoweredoffandthenturnedbackon.

Supportednetworkprotocols

Thefollowingnetworkprotocolsaresupported:

•IPv4–32–bitlongIPaddress(static/DHCPv4)

•IPv6–128–bitlongIPaddress(static/DHCPv6)

•VLAN–Access,TrunkandFilteredtrunk

Useraccessandsecurity

Accessoptions

Youcanaccesstheunitthroughdifferentinterfaces:

•Webinterfaceviaawebbrowser–toviewtheunitPoEstatus,networkstatus,unitcongurationandunitproduction

information

AXIST8504–EOutdoorPoESwitch

Generalinformation

HTTPisaweb-basedfriendlycongurationinterface.

HTTPS-TLSisasecuredweb-basedfriendlycongurationinterface.

•SNMPviaanSNMPmanagerapplication–tomonitortheunitoverthenetwork(MIB-IIRFC1213)andtomonitoror

conguretheunitPoEcapabilities(RFC3621)

SNMPv2cfornon-securedSNMPmanagement

SNMPv3forsecuredandencryptedmanagement

RFC1213MIB-IIfornetworkstatistics

RFC3621forPoESNMPMIBs

PrivateMIBextensionforRFC3621PoEMIB

VariousinfrastructureandnetworkMIBssuchasIP-MIB,TCP-MIB,UDP-MIBetc.

•SSHviaanSSHclient–toviewtheunitPoEpowerreport,networkstatus,unitcongurationandproductioninformation;

toupdatesoftware,enableordisablePoEfunctionalityandtopingremotenetworkdevicesforconnectivitytests

Remoteuserauthentication

Useraccesscanbemanagedinthefollowingways:

•Local–Usernameandpasswordismanagedlocallybythedevice

•RADIUS–UsernameandpasswordisauthenticatedbyRADIUSserveroverthenetwork

•TACACS+–UsernameandpasswordisauthenticatedbyTACACS+serveroverthenetwork

Securityprotocols

WebHTTPandHTTPS,SNMPv2,SNMPv3andSSH,usedforaccessingtheunit,offerdifferentlevelsofsecuritystrength.AlsoRADIUS

andTACACS+,usedforremoteuserauthentication,offerdifferentsecuritylevels.

SNMPv1andSNMPv2usecommunitystringforGet/Set/Trapauthentication.SNMPv1andSNMPv2areconsideredasunsecured

protocolsincethecommunitystringpasswordcaneasilybeinterceptedbyanynetworksnifngdevice.

SNMPv3resolvesSNMPv1/v2securityissuesbyaddingauthenticationandencryptionlayerontopofSNMPpackets.

DefaultunitIP,usernameandpassword

Theunitisshippedwiththefollowingfactorydefaultusernamesandpasswords:

UnitdefaultIPv4address

IP=192.168.0.254

Mask=255.255.255.0

WebHTTP/HTTPSandSSH

Username=root

Password=Findthedefaultpasswordonthelabelonyourdevice

SNMPv2

GETcommunitystring=public

SETcommunitystring=write

Readcommunity=public

Writecommunity=write

Trapcommunity=public

SNMPv3

Username=admin

AXIST8504–EOutdoorPoESwitch

Generalinformation

Authenticationpassword(MD5)=password

Privacypassword(DES)=password

Authenticationandencryptionmode=MD5+DES

SNMPv3notication

Username=trap

Authenticationpassword=password

Privacypassword=password

Authenticationandencryptionmode=None

Forinformationabouthowtorecoverusernameandpassword,seeRecoverusernameandpasswordonpage7.

Recoverusernameandpassword

Note

TherecoveryprocedurecanonlybeperformedfromthelocalLANandnotoverInternetorfromanotherIPnetwork.The

usershouldbeabletoturnofftheunitpowerwhenneeded.AllPoEportsmustbedisconnectedandtheunitmusthave

onlyonesingleactiveEthernetlink.

Note

YoumightneedtoaddaTelnetclientservicetoWindows7orWindows8.

Note

Theentirerecoveryprocedurefromunitpoweronuntiltheusernameandpasswordisappliedmusttakelessthan120seconds.

1.DisconnectallPoEportsfromtheunitexceptforoneEthernetcable.OnlyonesingleEthernetportshouldbeactive.

2.TurnofftherewallorenableUDPport514.ThenrunIPv4capableSysLogServeronyourcomputer.

3.Turnofftheunit.Wait10seconds,thenturntheunitbackon.

4.ASysLogmessageappearsafterapproximately15seconds.IdentifytheunitLink-localIPv6address.ALink-localIPv6

addressalwaysstartswithFE80.

5.Openacommandwindowonyourcomputer.

-ForWindows7,gotoStartandtypecmd.

-ForWindows8,presstheWINDOWSkeyandtheRkey,thentypecmd.

6.TypeipcongtoidentifythevirtualinterfaceindexofLink-localIPv6address.Thevirtualinterfaceindexisindicatedbya

numberafter%.Example:fe80::9c39:db8b:62de:7bv4%17

7.PreparetheSSHconnectionbytypingTelnet[unitLocal-linkIPv6address][%virtualinterfacenumber]2525,butdon’t

pressENTER.Example:Telnetfe80::9c39:db8b:62de:7bv4%172525

8.Turnofftheunit.Wait10seconds,thenturntheunitbackon.

9.Wait30seconds,thenpressENTERtostarttheTelnetsessiononTCPport2525.

10.Typeaxispasswordrecoveryasusernameandaxispasswordrecoveryaspassword.Arecoveryoptiontorestoretheentire

unittocompletefactorydefaultincludingunitnetworkcongurationispresented.

11.PressYtorestoretheunit.TheunitrestartswithdefaultIPv4192.168.0.254,typerootasusernameandusethedefault

passwordprintedonthelabelonyourdevice.

First-timeconguration

Whenconguringtheunitforthersttime,followthestepsbelow:

AXIST8504–EOutdoorPoESwitch

Generalinformation

1.CongureyourPCEthernetnetworkinterfacetothefollowingIPv4parameters:

PCIPv4address:192.168.0.40

PCIPv4mask:255.255.255.0

2.ConnectyourPCEthernetnetworkinterfacetoanyoftheunit’sEthernetports.

3.Openawebbrowserandtype192.168.0.254intheaddresseld.

4.Loginwiththedefaultusernameandpassword.SeeDefaultunitIP,usernameandpasswordonpage6.

5.Conguretheunit.Itisrecommendedtochangetheusernamesandpasswordstootherthanthedefaultvalues.

UnitidenticationoverIPnetwork

TolocatetheunitovertheIPnetwork,theunitsendsIPv4SysLogmessage#0inbroadcastformat255.255.255.255uponpower-up.

AnySysLogserverconnectedoverLANreceivesthisSysLogmessage.ThesameSysLogmessageisalsosenttotheoptionalSysLog

servers1and2,iftheyarecongured.

Theunitsendsthemessagetwice.ThisistoensurethattheSysLogmessageisreceivedbytheSysLogservers,regardlessofnetwork

conguration.ThemessageisrstsentbeforeVLANcongurationismadeandlateragainafterVLANcongurationisdone.

SysLogmessage#0containsalltheinformationwhichisrequiredtobeabletoprovideaccesstotheunitoverthenetwork.

Example:MsgID#000-SystemUP.APP:v3.51.06BOOT:v3.16RST:Power-OnBOOT:0=[APP

OK]Host:axis-00055A034B49MAC:00:05:5a:03:4b:49VLAN:YESVLAN_MNGR:5

VLAN_UPLINK_PORT:3VLAN_UPLINK_MODE:TRUNKDHCPv4:NoIP1v4:192.168.0.254/24DHCPv6:No

IP1v6:2345::205:5AFF:FE03:4B49/64IP2v6:FE80::205:5AFF:FE03:4B49/64

FieldValueDescription

MsgID#000-SystemUPSysLogmessagenumber

APP:v3.51.06Unitapplicationsoftwareversion

BOOT:v3.16Unitbootversion,usedforsoftware

update

RST:Power-OnResetreason

BOOT:0=[APPOK]

Host:axis-00055A034B49axisfollowedbyunitMACaddress

MAC:00:05:5a:03:4b:49UnitMACaddress

VLAN:YESVLANstatusenabledordisabled

VLAN_UPLINK_PORT:3Ethernetportnumberusedforunit

management

VLAN_UPLINK_MODE:TRUNKManagementportisconguredasAccess

orTrunk

DHCPv4:NoDHCPv4YesorNo

IP1v4:192.168.0.254/24UnitIPv4address

DHCPv6:NoDHCPv6YesorNo

IP1v6:2345::205:5AFF:FE03:4B49/64UnitIPv6address

IP2v6:FE80::205:5AFF:FE03:4B49/64Unitlink-localIPv6address

AXIST8504–EOutdoorPoESwitch

Webinterface

Webinterfacemenu

Status

GotoStatustoviewtheunitstatus.Thepageisupdatedautomaticallyeveryfewseconds.

Note

TheEthernetnetworklinkisalwaysenabled,regardlessofPoEconguration(enabledordisabled).

ParameterDescription

Bluesymbol—PoEpowerisprovided

Graysymbol—NoPoEpower

Bluesymbol—PoEportisenabled

Graysymbol—PoEportisdisabled

Bluesymbol—Ethernetlinkison

Graysymbol—NoEthernetlink

Bluesymbol—SFPmoduleisinsertedintotheuplinkport

Graysymbol—UplinkporthasnoSFPmoduleinserted

NetworkReportstheEthernetlinkspeed(10/100/1000MB)andifthenetworkconnectionisupordown

StatusReportsthePoEportstatus,ifitisenabled,disabled,deliveringpower,etc.

PowerusageReportstheactualpowerconsumptionandthemaximumpoweritcandeliver

PoEresetClickResettoturnoffthePoEportpowerandrestorethePoEpowerbackon.

Note

APoEportwhichisdisabledbySSHorSNMPwillbeenabledafteraPoEreset.

TotalpowerusageReportstheaggregatedpowerconsumedbyallPoEportsandthepercentageoftheconsumed

powerrelativetotheinternalpowersupplypowercapabilities.

Basic

GotoBasictoviewbasicinformationabouttheproduct.

IPaddressinuse-GotoIPaddressinusetoviewinformationaboutIPv4andIPv6addresses,masks,defaultgatewaysand

DomainNameServers(DNS).

Productinformation-GotoProductinformationtoviewgeneralproductinformationsuchasproductname,serialnumber,

softwareversionandPoErmwareversion,andSFPmoduleinformationsuchasSFPtype,vendor,partnumberandserialnumber.

AXIST8504–EOutdoorPoESwitch

Webinterface

Networkconguration-GotoNetworkcongurationtoenableordisableDHCP,congureIPv4,IPv6andnetworkhostname.

HostnameisusedbybothIPv4andIPv6toregistertheunitnameinDHCPv4/v6server.NotethatIPv6usestheFQDNterminology

ashostname.

NetworkservicesIPv4/IPv6-GotoNetworkservicesIPv4/IPv6tocongureDNSandSysLogservers.

PoEconguration-GotoPoEcongurationtocongurePoEportpower.FourPoEpowerschemesofferdifferentpower

distributionsbetweenthefourPoEports.Allfouroptionscomplywiththeunitmaximumpowercapacities.

•60W:DeliverpoweroverfourpairsinsidetheEthernetcable.Eachpairdeliversupto30W.

•30W:DeliverpowerovertwooutoffourpairsinsidetheEthernetcable

•15.4W:DeliverpowerovertwooutoffourpairsinsidetheEthernetcable

•––:NoPoEpower.Ethernetportisenabledandfunctional,butPoEisdisabled.

Security

Securityconguration

GotoSecuritycongurationtoconguretheunitusernameandpasswordforremoteweborSSHaccess.

Note

OnlyASCIIcharacters33–90and94–122canbeusedfortheusernameandpasswordelds.

HTTPS

GotoHTTPStocongurewhetherHTTPorHTTPS(securedweb)shouldbeused.WhenHTTPSisenabled,TLSv1.2isusedtoencrypt

webnetworktrafc.

Note

ToeliminatewebbrowserwarningwheneveraccessingtheunitoverHTTPS,addanexceptionruletothewebbrowsertelling

thewebbrowserthatthewebsiteislegitimateoruploadaunitself-signed/CA-signedcerticate.

RADIUS/TACACS+

RADIUS/TACACS+enablesremoteuserauthenticationwhenuseraccessestheunitoverweborSSH.Usernameandpasswordarethen

authenticatedbytheRADIUS/TACACS+server.

TheadvantageswithRADIUS/TACACS+isthatusernameandpasswordareeasytoupdate,especiallyifmanynetworkdevices

aretobemanaged.

ThedisadvantagewithRADIUS/TACACS+isthattheunitisnotaccessibleifbothRADIUS/TACACS+serversaredown.Itispossible

toenableLocalloginfallbackwhichallowstheunittouseitslocalusernameandpasswordwheneverthereisnoreplyfrom

RADIUS/TACACS+servers.

RADIUS/TACACS+commonparameters

ParameterDescription

EnableauthenticationCongureifRADIUS/TACACS+shouldbeenabledordisabled.WhenRADIUS/TACACS+isdisabled,

localusernameandpasswordareused.

EnablelocalloginfallbackWhenlocalloginfallbackisenabled,localusernameandpasswordareusedwheneverthereisno

replyfromRADIUS/TACACS+servers.Thiscanhappenwhentheserversaredownorincaseof

anetworkproblem.

AuthenticationprotocolSelecteitherRADIUSorTACACS+authenticationprotocol.

SharedsecretThesameprivatekeystringmustbeconguredonboththeunitandtheRADIUS/TACACS+server.

AXIST8504–EOutdoorPoESwitch

Webinterface

PrimaryserverIPaddressConguretheprimaryIPv4,IPv6orhostnametobeusedtoaccessthemainRADIUS/TACACS+

server.

SecondaryserverIPaddressCongurethesecondaryIPv4,IPv6orhostnametobeusedtoaccessthemainRADIUS/TACACS+

server.

Timout(Sec)Congurethetimeforareplytimeout.

RADIUSextraparameters

ParameterDescription

AuthenticationUDPportConguretheUDPportusedbytheRADIUSserver.

TACACS+extraparameters

ParameterDescription

AuthenticationTCPportConguretheTCPportusedbytheTACACS+server.

Note

Softwareversion3.51.06onlysupportsaccessingRADIUS/TACACS+serversoverIPv4,eitherwithanIPv4addressora

hostnametoberesolvedbyDNSserver.

TestRADIUS/TACACS+

GotoTestRADIUS/TACACS+toverifytheRADIUS/TACACS+congurationbeforeactivatingit.

Note

Duringtesting,theEnableauthenticationshouldbedisabled.

1.CongureallRADIUS/TACACS+parameters,leavingtheEnableauthenticationdisabled.

2.Savetheconguration.Ifnot,theparameterswillberestoredtosavedvaluesaftereachtest,erasinganyunsavedvalue.

3.Typetheusernameandpassword.

4.ClickTestconguration.Awaitingmessagewillappear,followedbyeitherOKorFAIL.

5.Ifneeded,changeandsavethecongurationandtestagain.

6.WhenthetestresultisOK,setEnableauthenticationtoenabled.Savetheconguration,whichactivatesthe

RADIUS/TACACS+conguration.

VLANconguration

VLANcongurationsanitycheckisdoneuponunitpower-upandwhenaVLANcongurationchangeisrequestedovertheweb.The

sanitycheckistomakesurethattheunitremainsmanageableoverthenetworkafterVLANcongurationisapplied.Incasethenew

VLANcongurationmaycausetheunittobecomeunmanageable,anerrormessageappearsonthewebpageforrequestsoverthe

web.Whenaproblemisdetecteduponpower-up,theunitcongurationwillberestoredtofactorydefault.

VLANenable&managementport

ParameterDescription

EnableVLANEnableordisableVLANfunctionality.

AXIST8504–EOutdoorPoESwitch

Webinterface

ManagementuplinkportThisparameterhasnoeffectonactualVLANtrafc.Themanagementuplinkportassiststhe

unittoevaluateifthenewVLANcongurationmightblocktheunitfrombeingmanaged

overVLANfromthisport.Ifapossibleconictisdetected,anerrormessageappearsandthe

newVLANcongurationisrejected.

ManagementVLANIDCongurewhichVLANIDtobeusedwhenmanagingtheunitwheneverVLANisenabled.

VLANportsconguration

ParameterDescription

VLANmodeSetVLANmodetoAccessorTrunkforeachoftheEthernetports.

Access—VLANisusedonlyinsidetheunittosplitorlimitpacketaccesstospecicports

only.AnyincomingVLANtaggedpacketsreceivedbyVLANaccessportisdiscarded.VLAN

taggingisaddedtotheunitpacketforVLANAccessincomingpackets.UnitinternalVLAN

taggingisstrippedoutforVLANAccessoutgoingpackets.

Trunk—AllEthernetpacketsareVLANtagged.AnyuntaggedVLANpacketsreceivedby

VLANtrunkportisdiscarded.

AccessmodeVLANIDConguretheVLANIDtobeusedwhenevertheportisconguredasAccess.Theunit

internalmanagementportactsasaccessonly.Itcanonlybereachedfromasingle

managementVLANID.

TRUNK–FilterunknownVLANConguretheVLANTrunkportaslteredorunltered.

Enabled—OnlydataowfromsomeVLANIDs,speciedintheTrunkVLANslist,passes

throughVLANTrunkport.AllotherVLANtaggedtrafcisdiscarded.

Disabled—DataowfromallVLANIDspassesthroughVLANTrunkport.

TRUNKVLANsListtheVLANIDsthatmaypassthroughVLANTrunkportwheneverTRUNK–Filter

unknownVLANisenabled.

SNMPconguration

GotoSNMPcongurationtocongureparametersapplicabletoSNMPv2candSNMPv3.

SNMPv2c

ParameterDescription

EnableSNMPv2cEnableordisableSNMPv2csupport.

ReadcommunityConguretheSNMPv2cGETcommunitystring.Example:public.

WritecommunityConguretheSNMPv2cSETcommunitystring.Example:private.

TrapcommunityConguretheSNMPv2cTrapcommunitystring.Example:public.

Systeminformation(MIB-II,v2c/v3)

ParameterDescription

SystemcontactConguretheSNMPMIB-IIsystemcontactOiDstring.Example:John.

SystemnameConguretheSNMPMIB-IIsystemname.Example:MyUnit.

SystemlocationConguretheSNMPMIB-IIsystemlocation.Example:University.

PoEMIB(RFC3621,v2c/v3)

AXIST8504–EOutdoorPoESwitch

Webinterface

ParameterDescription

EnablenoticationEnableordisablethefollowingPoEtrapreports:

•PoEpowerwasprovided/removedfrompowereddevice

•Unittotalpowerconsumptionexceedsxy%outofmaxunitpower

•Unittotalpowerconsumptionwasrestoredtolessthanxy%outofmax

unitpower

Notifyexceededpowerusage

(1–99%)

Ifenabled,userisnotiedwheneverunittotalpowerconsumption(xy%)percentageout

ofunitmaxpowerexceedsordropsbelowspeciedvalue.

SNMPv3

ParameterDescription

EnableSNMPv3EnableordisableSNMPv3support.

UsernameCongureSNMPv3usernamestring.

AuthenticationpasswordCongureSNMPv3passwordtobeusedbyMD5/SHA.

PrivacypasswordCongureSNMPv3passwordtobeusedbyDES/AES.

AuthenticationandencryptionmodeConguretheSNMPv3authenticationandencryptionmode.

None—noauthenticationorencryption,whichmeansnosecurity.

MD5—MD5authenticationwithnoencryption.Packetcanbechanged,bycaneasilybe

analyzedbynetworksniffers.

SHA—SHAauthenticationwithnoencryption.

MD5+DES—MD5authenticationandDESencryption

SHA+DES—SHAauthenticationandDESencryption

MD5+AES—MD5authenticationandAESencryption

SHA+AES—SHAathenticationandAESencryption

SNMPv3notication(Trap)

ParameterDescription

UsernameCongureSNMPv3noticationusernamestring.

AuthenticationpasswordCongureSNMPv3noticationpasswordtobeusedbyMD5/SHA.

PrivacypasswordCongureSNMPv3noticationpasswordtobeusedbyDES/AES.

AuthenticationandencryptionmodeConguretheSNMPv3noticationauthenticationandencryptionmode.

None—noauthenticationorencryption,whichmeansnosecurity.

MD5—MD5authenticationwithnoencryption.Packetcanbechanged,bycaneasilybe

analyzedbynetworksniffers.

SHA—SHAauthenticationwithnoencryption.

MD5+DES—MD5authenticationandDESencryption

SHA+DES—SHAauthenticationandDESencryption

MD5+AES—MD5authenticationandAESencryption

SHA+AES—SHAathenticationandAESencryption

RemoteIPv4/IPv6SNMPtrapmanagers(v2c/v3)

ParameterDescription

Trapmanager#1ConguretherstIPv4/IPv6/DNSnameofremoteSNMPmanagerserverreceivingunit

trapreportssuchasCold-Start,etc.

Trapmanager#2CongurethesecondIPv4/IPv6/DNSnameofremoteSNMPmanagerserverreceiving

unittrapreportssuchasCold-Start,etc.

AXIST8504–EOutdoorPoESwitch

Webinterface

Maintenance

Reset-Therearefourdifferentresetoptions:

•DoasaferestartwithoutlosingPoEpowerresetstheinternalnetworkmanagerandtheinternalEthernet

switch(networkwillbedownforafewseconds),leavingthePoEpowerunchanged.Powereddevicescontinue

normaloperationsasifnoresetisdone.

•Doasaferestartresetstheinternalnetworkmanager,internalPoEcontrollerandinternalEthernetswitch.

•RestorethefactoryvaluesbutkeeptheIPsettingsresetsunitcongurationtofactorydefault,leavingIPv4/IPv6

networkcongurationunchanged.VLANandRADIUS/TACACS+isdisabled.Theoptiontoaccesstheunitoverthe

networkasbeforeismaintained.

•Restoreallfactoryvaluesrestorestheunittofulldefaultfactorysetting.UnitIPissetto192.168.0.254and

VLANisdisabled.

Firmwareupgrade-Armwareupgradeupgradesonlytheinternalnetworkmanager.PoErmwareisunchanged.Theupgradecan

takeupto10minutes.Duringthistimenetworkswitchingfunctionalityremainsuninterrupted,buttheunitisunmanageable.PoE

functionalityremainsactive,butnetworktrafcmaybeinterruptedforseveralseconds.

Productconguration-GotoProductcongurationtodownloadoruploadaproductcongurationle.Thisfunctionalitycan

beusedtobackupunitconguration,modifyunitcongurationofineortocreateamastercongurationletoeasilycongure

severalunits.

AXIST8504–EOutdoorPoESwitch

SSHserialinterface

TheSSHinterfaceisdesignedforvariousmaintenancetaskssuchasPoErmwareupdateetc.Itisdesignedtoprovideaneasyand

convenientinterfaceforITmanagerswhoarefamiliarwithSSH.TosimplifySSHusage,theSSHinterfaceismenu-driven.

SSHispasswordprotectedandsharesthesameusernameandpasswordasforwebaccess.

SSHsupportsRADIUSandTACACS+usernameandpasswordauthentication.

Note

OnlyoneremoteuseratatimecanaccesstheunitoverSSH.IncaseasecondremoteSSHusertriestoaccesstheunit

whiletherstSSHuserisstillactive,amessageisshowntothesecondSSHuser,requestingtheusertotryandreconnect

overSSHlater.

Note

Non-activeSSHsessions(nokeystrokesbytheremoteuser)areterminatedautomaticallyafterthreeminutes.

Mainmenu

Toeasilyidentifytheaccessedunit,theunithostnamestringisshowntotherightoftheMainmenutitle.Thisisespecially

usefulwhentheuserhasmultipleunits.

Viewmenu

ViewmenuprovidesinformationonPoEportsstatus,networkparametersandunitinformation.

MenuitemDescription

1.ViewPoEportsstatusGotothismenuitemtogetthefollowinginformation:

•Network—InformationaboutEthernetlinkspeed(10/100/1000)andHD/FD

connectiontype

•PoE—Informationaboutpowerconsumptionforeachconnecteddevice

•Totalpower—Informationabouttotalpowerconsumptionofallpowered

devicesconnectedtoallactivePoEports.Alsoshowsmaximumavailable

power.

•Powersupply—Informationaboutinternalpowersupplyvoltagefortheunit

AXIST8504–EOutdoorPoESwitch

SSHserialinterface

2.ViewnetworkparametersGotothismenuitemtogetthefollowinginformation:

•In-useIPv4networkparameters—ShowsifDHCPv4isenabledordisabled.

Alsoshowsthein-useIPv4address,IPv4maskandIPv4defaultgateway.

•In-useIPv6networkparameters—ShowsifDHCPv6isenabledordisabled.

Alsoshowsthein-useIPv6address,IPv6prexandIPv6defaultgateway.

IPv6canreportseveralIPv6addresseswhichwereobtainedautomaticallyin

additiontoastatic/DHCPv6IPv6address.

•In-useDNSnetworkparameters—Informationaboutin-useIPv4/IPv6

domainnameserverIPs,whichareconguredstaticallyorobtainedby

DHCPv4/DHCPv6.

•Morenetworkparameters—InformationabouttheunitMACaddress

3.ViewunitinformationGotothismenuitemtogetasummaryofunitproductionparameters:

•Partnumber—Informationaboutunitmarketingpartnumber(T8504–E)

•S/N—Informationaboutunitsix-digitserialnumber

•Productnumber—Informationaboutunitproductionnumber(forinternal

useonly)

•Appver—Informationaboutnetworkmanagersoftwareversion

•Bootver—Informationaboutnetworkmanagerbootversion

•Firmware—PoErmwareversion

•Systemuptime—Informationaboutthetimepassedsincetheunitwas

resetorpoweredup

•SystemGMTtime—InformationaboutunitGMTtimeasitwasobtainedfrom

anNTPserver.WhenevertheunitisunabletoobtainNTPtimefromanNTP

server,themessage“incorrect”isshown.

•Systemlocaltime—Informationaboutunitlocaltime(GMTplustimezone

shift).WhenevertheunitisunabletoobtainNTPtimefromanNTPserver,

themessage“incorrect”isshown.

Congurationandmaintenancemenu

GotoCongurationandmaintenancemenutocongureorresettheunitortoupdatesoftware.

MenuitemDescription

1.Enable/DisablePoEportEnableordisableaPoEport.Ethernetlinkremainsenabledevenwhennopoweris

provided.

2.DownloadWEBSSLcerticatefrom

TFTPserver(resetonlywebserver)

Downloadself-signedorCAsignedcerticatesfromaTFTPserver,toallowsecureweb

browsingtotheunitwithsecurityconrmationbythewebbrowser(greenlockinthe

webbrowserURLarea)

3.UpdateunitPoErmware(reset

unit)

UpdatePoErmware.UpdatelesaredownloadedfromaTFTPserver.PoEfunctionalityis

notavailableduringthermwareupdate(approximately5–10minutes).

4.Restoreunittosemifactorydefault

(excludingIPconguration)

Restoretheunitcongurationtofactorydefault,butleavestheIPv4/IPv6network

congurationunchanged.Thismaintainstheoptiontoaccesstheunitoverthenetwork

asbefore.

5.RestoreunittofullfactorydefaultRestoretheentireunittofullfactorydefault.

6.ResetonlynetworkmanagerResetonlytheinternalnetworkmanager,whichisresponsibleforunitnetwork

managementinterfacessuchastheweb,SSH,SNMP,etc.InternalEthernetswitchisalso

reset;thenetworkwillbedownforafewseconds.OnlyPoEpowerisunchanged.Powered

devicescontinuenormaloperationasifnoresetwasdone.

AXIST8504–EOutdoorPoESwitch

SSHserialinterface

7.ResetunitResettheentireunitincludingtheinternalnetworkmanager,PoEcontrollerandinternal

Ethernetswitch.

8.Enable/Disableautoping

defaultgatewaytoensurenetwork

connectivity

Enableordisableautopingtodefaultgateway.Whenenabled,theunitveriesproper

networkconnectivitybypingingdefaultgatewayevery12seconds(IPv4DGWorIPv6

DGW).After10consecutivepingfailures,networkmanagementmoduleresetsitself

withoutaffectingPoEports.

Pingremotehost

GotoPingremotehosttotestnetworkconnectivityissues.

AXIST8504–EOutdoorPoESwitch

SNMPmonitoringandconﬁguration

Multipleunitscanbemonitoredandmanagedbyusingthird-partystandardnetworkmanagementtoolssuchasHPOpenview,

IBMTivoli,SNMPcetc.

EnableSNMP

ThenetworkmanagerinterfacesupportsSNMPv1,SNMPv2andSNMPv3.TheunitacceptsandrepliestoSNMPv1packets,butsince

SNMPv1isobsolete,SNMPtrapsandnoticationsaresentinSNMPv2,SNMPv3orboth.

Note

Duetosecurityreasons,theunitisshippedwithSNMPv2andSNMPv3disabled.PriortoenablingSNMP,itishighly

recommendedtomodifySNMPcommunitystringsbeforeenablingit.

ToenableSNMP:

•GotoSecurity>SNMMPcongurationandenableSNMPv2orSNMPv3.

•MakesurethatSNMPv2communitystringsmatchyourSNMPmanagerconguration.

•MakesureSNMPv3username,authenticationpassword,privacypasswordandencryptionmethodsmatchyourSNMP

managerconguration.

Toenabletraps:

•GotoRemoteIPv4/IPv6SNMPtrapmanagersandconguretheremotemanagerIPaddress.

•MakesureSNMPv3noticationusername,authenticationpassword,privacypasswordandencryptionmethodsmatchyour

SNMPtrapmanagerconguration.

•GotoPoEMIBandenablePoEnoticationstogetnoticationsaboutchangesinPoEportstatus,unitpowerconsumption

exceedsorfallsbelowacertainleveletc.

SNMPMIBs

SeveralMIBsaresupportedbytheSNMPmanager.

NetworkMIBs-VariousnetworkMIBs,suchasRFC1213MIB-II,canbeusedforprovidingnetworkstatistics.NotethattheseMIBs

arenotintendedtobeusedfornetworkcongurationoverSNMP.

RFC3621-PoweroverEthernet(PoE)MIBwhichprovidesvariousPoEcapabilities.SeeRFC3621PoEMIBonpage18.

PrivateMIB-EnhancesPoEfunctionalitybeyondRFC3621PoEMIB.SeePrivateMIBonpage19.

RFC3621PoEMIB

RFC3621PoEMIBislocatedunderthe1.3.6.1.2.1.105SNMPMIBtree.TheMIBisdividedintothreesections.

Portparameters-TherstsectionhandlesPoEportsandprovidesfunctionalitysuchasenableanddisableports,readportstatus,

class,etc.EachOiDisaccessedasatwo-dimensionalarraytable.

MainPSEparameters-ThesecondsectionhandlesthepowersourcethatprovidespowertoagroupofPoEports.Itenables

readingthetotalpowerconsumption,powersupplystatus,etc.

PoEtraps-ThethirdsectionenablesanddisablesPoEtrapstobesenttoremoteSNMPmanagers.

AXIST8504–EOutdoorPoESwitch

SNMPmonitoringandconﬁguration

PrivateMIB

ThefollowingSNMPOiDsaresupportedbytheSNMPprivateMIB:

OiDnameType(R/W)Description

poePortConsumptionPowerRPoEportpowerconsumption[Watt]

poePortMaxPowerRPoEportmaximumavailablepower[Watt]

poePortTypeRPoEporttype—twopair,30[Watt],fourpair,60

[Watt]

mainVoltageRUnitpowersupplyvoltage[Volt]

AXIST8504–EOutdoorPoESwitch

SysLogMessage

TheunitsendsvariouseventreportstoanexternalIPv4/IPv6hostrunningaSysLogdaemonapplication.TheIPv4/IPv6hostlogs

theeventsforfutureuse.CongureSysLogserverIPaddressbybrowsingtotheunitcongurationwebpageifSysLogevents

aretobesent.

Therearethreecategoriesoflogevents:

BroadcastIPv4SysLogevents-TheselogeventsaretobeinterceptedbyanySysLogserverontheLANregardlessofunitSysLog

conguration.ThisfacilitateslocatingofunitIPonthenetworkandreportingofmajoreventssuchasunitrecoveryfrompower

failure,etc.

RFC3621PoEtraps-RFC3621PoEtrapsarealsosentasSysLogmessages,whichsimpliesthereadabilityofsucheventsforthe

remoteuser.

ProprietarySysLogevents-Theselogeventsincludepotentialfailuresorpotentialsecuritybreachesaswhenaremoteuser

triestoaccesswithincorrectusernameoverweb/SSH,etc.

SysLogmessagetypes

MessageIDDescriptionInformationprovidedComments

0SystemUPissentwhenpoweris

providedtotheunitortheinternal

networkmanagerresetsitself.

•Applicationversion

•Bootversion

•Resetcause

•Bootstatus

•Unithostname

•UnitMACaddress

•VLAN(Yes/No)

Ifyes,VLANIDisalso

provided.VLANIDis

usedtomanagethe

unit.Whichportandif

theportisconguredas

AccessorTrunk.

•IPv4address

(static/HDCPv4)

•AllIPv6address

(static/DHCPv6)

Messageissentinbroadcastformat

255.255.255.255toanySysLog

serverconnectedoverLANandto

SysLogserver1and2.

1PoEportstatuschangedissent

whenPoEportstatusischanged,

suchaswhenadeviceisinsertedor

removed.

NewPoEstateasdenedinRFC3621

(searching,deliveringpower,fault,

etc.)

RFC3621SNMPPoEMIB,trap

equivalentSysLogreport

2PoEpowerusageexceedsxy%out

ofpowersupplymaximumpower

issentwhenthePoEpowerusage

exceedsthesetvalue.

Powerusageinpercentoutofpower

supplymaximumpower

RFC3621SNMPPoEMIB,trap

equivalentSysLogreport

3PoEpowerusageislessthanxy%

outofpowersuplymaximum

powerissentwhenthePoEpower

usagegoesbelowthesetvalue.

Powerusageinpercentoutofpower

supplymaximumpower

RFC3621SNMPPoEMIB,trap

equivalentSysLogreport

6Defaultcongurationissent

whenunitisrestoredtodefault

conguration

SysLogserverIPisunchanged

whentheunitisrestoredtodefault

conguration.

Page is loading ...

Axis T8504-E User manual

Brand: Axis

Model: T8504-E

Category: Network switches

Type: User manual

Download PDF

report

Axis T8504-E User manual

Axis T8504-E User manual

Other documents