Axis T8504-E User manual

T8504-E
Axis
Brand
Axis
Model
T8504-E
Category
Network switches
Type
User manual

Axis T8504-E is an outdoor PoE switch with four weather-sealed RJ45 Ethernet ports and a single SFP Ethernet port. It delivers up to 60W per port on two 4Pair PoE ports and up to 30W per port on two IEEE 802.3at PoE ports, enabling you to power high-power devices such as PTZ cameras and illuminators. The switch supports VLAN, allowing you to segment your network and improve security. Additionally, it features remote device reset, system status display, and SysLog reporting for PoE events and invalid remote user access.

Axis T8504-E is an outdoor PoE switch with four weather-sealed RJ45 Ethernet ports and a single SFP Ethernet port. It delivers up to 60W per port on two 4Pair PoE ports and up to 30W per port on two IEEE 802.3at PoE ports, enabling you to power high-power devices such as PTZ cameras and illuminators. The switch supports VLAN, allowing you to segment your network and improve security. Additionally, it features remote device reset, system status display, and SysLog reporting for PoE events and invalid remote user access.

AXIST8504–EOutdoorPoESwitch
UserManual
AXIST8504–EOutdoorPoESwitch
TableofContents
Aboutthismanual..........................................3
Objectives.....................................................3
Intendedaudience...............................................3
Relateddocumentation...........................................3
Abbreviations...................................................3
Generalinformation.........................................5
Features.......................................................5
Useraccessandsecurity..........................................5
First-timeconguration..........................................7
UnitidenticationoverIPnetwork.................................8
Webinterface..............................................9
Webinterfacemenu.............................................9
SSHserialinterface.........................................15
Mainmenu....................................................15
SNMPmonitoringandconguration...........................18
EnableSNMP...................................................18
SNMPMIBs....................................................18
SysLogMessage............................................20
Troubleshooting............................................22
Support.......................................................22
Learnmore!....................................................23
2
AXIST8504–EOutdoorPoESwitch
Aboutthismanual
Aboutthismanual
Objectives
AXIST8504–EisanoutdoorPoEswitch.Themajorbenetsofthisproductisitsoutdoorcapabilitiesandthecapabilitytoextend
themaximumreachofthenetworkbyanadditional100meters,toatotalof200meters,betweentheswitchandthepowered
devices,whileprovidingupto2x60Wand2x30Wtoitsnetwork-poweredPoEdevices.
ThisusermanualprovidesinformationonhowtomanageAXIST8504–EthroughAXISIPv4/IPv6,VLAN,RADIUS,TACACS+,web
interface,SNMPandSHH.
Intendedaudience
Thisusermanualisintendedfornetworkadministrators,supervisorsandinstallationtechnicianswithknowledgeabout:
Basicconceptsandterminologyofnetworking
NetworktopologyincludingVLAN
Networkprotocols
UserauthenticationprotocolsincludingRADIUSandTACACS+
Relateddocumentation
Foradditionalinformation,seethefollowingdocumentation:
Productinstallationguide
RFC3621SNMPMIBandprivateMIB
CreatingcerticateforT8504–Esecuredwebserver
Abbreviations
AbbreviationDescription
8021.QSameasVLAN
DESDataEncryptionStandard
DGWDefaultGateWay
DHCPv4DynamicIPv4HostCongurationProtocol
DHCPv6DynamicIPv46HostCongurationProtocol
IPv432–bitlongIPaddress
IPv6128–bitlongIPaddress
MD5Messagedigestalgorithm
MDIMediaDependentInterface
MIBManagementInformationBase
PoEPoweroverEthernet
RADIUSRemoteAuthenticationDial-inUserService
SFPFiberinterface,smallform-factorplug
3
AXIST8504–EOutdoorPoESwitch
Aboutthismanual
SHAMessagedigestalgorithm
SNMPSimpleNetworkManagementProtocol
SSHSecureShell
SSLSecureSocketsLayer
SysLogSystemLog
TACACS+TerminalAccessControllerAccess-Control
TFTPTrivialFileTransferProtocol
TLSTransportLayerSecurity
VLANVirtualLocalAreaNetwork
4
AXIST8504–EOutdoorPoESwitch
Generalinformation
Generalinformation
Features
Anumberoffeaturesareprovidedthroughsystemnetworkmanagement.
EasysoftwareupdateduringruntimewithoutaffectingactivePoEports
Congurationandreal-timemonitoringusinggraphicalrepresentationoftheremotedevice
Systemstatusdisplay
SysLogreportingonPoEevents,invalidremoteuseraccess,initialDHCPv4/v6addressetc.
SNMPtrapsreportingonvariousPoEeventssuchasPoEpowereddeviceinsertionorremoval
Ethernetswitchnetworkcapabilities
FourweathersealedRJ45Ethernetportscapableof10Mbit,100Mbit,1000Mbithalf-duplexand1000Mbitfull-duplex
Ethernetspeed
SingleweathersealedSFPEthernetport
8KinternalMACaddresslookupengine
VLANAccess,TrunkandFilteredtrunk
AutoMDIX
10KBjumboframes
PoEcapabilities
ThefollowingPoEoptionsareavailable:
Two4PairPoEportswhichdeliverupto60Wperport
TwoIEEE802.3atPoEportswhichdeliverupto30Wperport
PoEenable/disabletoenableordisablePoEportspoweroutput.Ethernetdataisalwaysenabled.
Remotedeviceresettoresetattachedpowereddevice.Thedeviceistemporarilypoweredoffandthenturnedbackon.
Supportednetworkprotocols
Thefollowingnetworkprotocolsaresupported:
IPv432–bitlongIPaddress(static/DHCPv4)
IPv6128–bitlongIPaddress(static/DHCPv6)
VLANAccess,TrunkandFilteredtrunk
Useraccessandsecurity
Accessoptions
Youcanaccesstheunitthroughdifferentinterfaces:
WebinterfaceviaawebbrowsertoviewtheunitPoEstatus,networkstatus,unitcongurationandunitproduction
information
5
AXIST8504–EOutdoorPoESwitch
Generalinformation
HTTPisaweb-basedfriendlycongurationinterface.
HTTPS-TLSisasecuredweb-basedfriendlycongurationinterface.
SNMPviaanSNMPmanagerapplicationtomonitortheunitoverthenetwork(MIB-IIRFC1213)andtomonitoror
conguretheunitPoEcapabilities(RFC3621)
SNMPv2cfornon-securedSNMPmanagement
SNMPv3forsecuredandencryptedmanagement
RFC1213MIB-IIfornetworkstatistics
RFC3621forPoESNMPMIBs
PrivateMIBextensionforRFC3621PoEMIB
VariousinfrastructureandnetworkMIBssuchasIP-MIB,TCP-MIB,UDP-MIBetc.
SSHviaanSSHclienttoviewtheunitPoEpowerreport,networkstatus,unitcongurationandproductioninformation;
toupdatesoftware,enableordisablePoEfunctionalityandtopingremotenetworkdevicesforconnectivitytests
Remoteuserauthentication
Useraccesscanbemanagedinthefollowingways:
LocalUsernameandpasswordismanagedlocallybythedevice
RADIUSUsernameandpasswordisauthenticatedbyRADIUSserveroverthenetwork
TACACS+UsernameandpasswordisauthenticatedbyTACACS+serveroverthenetwork
Securityprotocols
WebHTTPandHTTPS,SNMPv2,SNMPv3andSSH,usedforaccessingtheunit,offerdifferentlevelsofsecuritystrength.AlsoRADIUS
andTACACS+,usedforremoteuserauthentication,offerdifferentsecuritylevels.
SNMPv1andSNMPv2usecommunitystringforGet/Set/Trapauthentication.SNMPv1andSNMPv2areconsideredasunsecured
protocolsincethecommunitystringpasswordcaneasilybeinterceptedbyanynetworksnifngdevice.
SNMPv3resolvesSNMPv1/v2securityissuesbyaddingauthenticationandencryptionlayerontopofSNMPpackets.
DefaultunitIP,usernameandpassword
Theunitisshippedwiththefollowingfactorydefaultusernamesandpasswords:
UnitdefaultIPv4address
IP=192.168.0.254
Mask=255.255.255.0
WebHTTP/HTTPSandSSH
Username=root
Password=Findthedefaultpasswordonthelabelonyourdevice
SNMPv2
GETcommunitystring=public
SETcommunitystring=write
Readcommunity=public
Writecommunity=write
Trapcommunity=public
SNMPv3
Username=admin
6
AXIST8504–EOutdoorPoESwitch
Generalinformation
Authenticationpassword(MD5)=password
Privacypassword(DES)=password
Authenticationandencryptionmode=MD5+DES
SNMPv3notication
Username=trap
Authenticationpassword=password
Privacypassword=password
Authenticationandencryptionmode=None
Forinformationabouthowtorecoverusernameandpassword,seeRecoverusernameandpasswordonpage7.
Recoverusernameandpassword
Note
TherecoveryprocedurecanonlybeperformedfromthelocalLANandnotoverInternetorfromanotherIPnetwork.The
usershouldbeabletoturnofftheunitpowerwhenneeded.AllPoEportsmustbedisconnectedandtheunitmusthave
onlyonesingleactiveEthernetlink.
Note
YoumightneedtoaddaTelnetclientservicetoWindows7orWindows8.
Note
Theentirerecoveryprocedurefromunitpoweronuntiltheusernameandpasswordisappliedmusttakelessthan120seconds.
1.DisconnectallPoEportsfromtheunitexceptforoneEthernetcable.OnlyonesingleEthernetportshouldbeactive.
2.TurnofftherewallorenableUDPport514.ThenrunIPv4capableSysLogServeronyourcomputer.
3.Turnofftheunit.Wait10seconds,thenturntheunitbackon.
4.ASysLogmessageappearsafterapproximately15seconds.IdentifytheunitLink-localIPv6address.ALink-localIPv6
addressalwaysstartswithFE80.
5.Openacommandwindowonyourcomputer.
-ForWindows7,gotoStartandtypecmd.
-ForWindows8,presstheWINDOWSkeyandtheRkey,thentypecmd.
6.TypeipcongtoidentifythevirtualinterfaceindexofLink-localIPv6address.Thevirtualinterfaceindexisindicatedbya
numberafter%.Example:fe80::9c39:db8b:62de:7bv4%17
7.PreparetheSSHconnectionbytypingTelnet[unitLocal-linkIPv6address][%virtualinterfacenumber]2525,butdon’t
pressENTER.Example:Telnetfe80::9c39:db8b:62de:7bv4%172525
8.Turnofftheunit.Wait10seconds,thenturntheunitbackon.
9.Wait30seconds,thenpressENTERtostarttheTelnetsessiononTCPport2525.
10.Typeaxispasswordrecoveryasusernameandaxispasswordrecoveryaspassword.Arecoveryoptiontorestoretheentire
unittocompletefactorydefaultincludingunitnetworkcongurationispresented.
11.PressYtorestoretheunit.TheunitrestartswithdefaultIPv4192.168.0.254,typerootasusernameandusethedefault
passwordprintedonthelabelonyourdevice.
First-timeconguration
Whenconguringtheunitforthersttime,followthestepsbelow:
7
AXIST8504–EOutdoorPoESwitch
Generalinformation
1.CongureyourPCEthernetnetworkinterfacetothefollowingIPv4parameters:
PCIPv4address:192.168.0.40
PCIPv4mask:255.255.255.0
2.ConnectyourPCEthernetnetworkinterfacetoanyoftheunit’sEthernetports.
3.Openawebbrowserandtype192.168.0.254intheaddresseld.
4.Loginwiththedefaultusernameandpassword.SeeDefaultunitIP,usernameandpasswordonpage6.
5.Conguretheunit.Itisrecommendedtochangetheusernamesandpasswordstootherthanthedefaultvalues.
UnitidenticationoverIPnetwork
TolocatetheunitovertheIPnetwork,theunitsendsIPv4SysLogmessage#0inbroadcastformat255.255.255.255uponpower-up.
AnySysLogserverconnectedoverLANreceivesthisSysLogmessage.ThesameSysLogmessageisalsosenttotheoptionalSysLog
servers1and2,iftheyarecongured.
Theunitsendsthemessagetwice.ThisistoensurethattheSysLogmessageisreceivedbytheSysLogservers,regardlessofnetwork
conguration.ThemessageisrstsentbeforeVLANcongurationismadeandlateragainafterVLANcongurationisdone.
SysLogmessage#0containsalltheinformationwhichisrequiredtobeabletoprovideaccesstotheunitoverthenetwork.
Example:MsgID#000-SystemUP.APP:v3.51.06BOOT:v3.16RST:Power-OnBOOT:0=[APP
OK]Host:axis-00055A034B49MAC:00:05:5a:03:4b:49VLAN:YESVLAN_MNGR:5
VLAN_UPLINK_PORT:3VLAN_UPLINK_MODE:TRUNKDHCPv4:NoIP1v4:192.168.0.254/24DHCPv6:No
IP1v6:2345::205:5AFF:FE03:4B49/64IP2v6:FE80::205:5AFF:FE03:4B49/64
FieldValueDescription
MsgID#000-SystemUPSysLogmessagenumber
APP:v3.51.06Unitapplicationsoftwareversion
BOOT:v3.16Unitbootversion,usedforsoftware
update
RST:Power-OnResetreason
BOOT:0=[APPOK]
Host:axis-00055A034B49axisfollowedbyunitMACaddress
MAC:00:05:5a:03:4b:49UnitMACaddress
VLAN:YESVLANstatusenabledordisabled
VLAN_UPLINK_PORT:3Ethernetportnumberusedforunit
management
VLAN_UPLINK_MODE:TRUNKManagementportisconguredasAccess
orTrunk
DHCPv4:NoDHCPv4YesorNo
IP1v4:192.168.0.254/24UnitIPv4address
DHCPv6:NoDHCPv6YesorNo
IP1v6:2345::205:5AFF:FE03:4B49/64UnitIPv6address
IP2v6:FE80::205:5AFF:FE03:4B49/64Unitlink-localIPv6address
8
AXIST8504–EOutdoorPoESwitch
Webinterface
Webinterface
Webinterfacemenu
Status
GotoStatustoviewtheunitstatus.Thepageisupdatedautomaticallyeveryfewseconds.
Note
TheEthernetnetworklinkisalwaysenabled,regardlessofPoEconguration(enabledordisabled).
ParameterDescription
BluesymbolPoEpowerisprovided
GraysymbolNoPoEpower
BluesymbolPoEportisenabled
GraysymbolPoEportisdisabled
BluesymbolEthernetlinkison
GraysymbolNoEthernetlink
BluesymbolSFPmoduleisinsertedintotheuplinkport
GraysymbolUplinkporthasnoSFPmoduleinserted
NetworkReportstheEthernetlinkspeed(10/100/1000MB)andifthenetworkconnectionisupordown
StatusReportsthePoEportstatus,ifitisenabled,disabled,deliveringpower,etc.
PowerusageReportstheactualpowerconsumptionandthemaximumpoweritcandeliver
PoEresetClickResettoturnoffthePoEportpowerandrestorethePoEpowerbackon.
Note
APoEportwhichisdisabledbySSHorSNMPwillbeenabledafteraPoEreset.
TotalpowerusageReportstheaggregatedpowerconsumedbyallPoEportsandthepercentageoftheconsumed
powerrelativetotheinternalpowersupplypowercapabilities.
Basic
GotoBasictoviewbasicinformationabouttheproduct.
IPaddressinuse-GotoIPaddressinusetoviewinformationaboutIPv4andIPv6addresses,masks,defaultgatewaysand
DomainNameServers(DNS).
Productinformation-GotoProductinformationtoviewgeneralproductinformationsuchasproductname,serialnumber,
softwareversionandPoErmwareversion,andSFPmoduleinformationsuchasSFPtype,vendor,partnumberandserialnumber.
9
AXIST8504–EOutdoorPoESwitch
Webinterface
Networkconguration-GotoNetworkcongurationtoenableordisableDHCP,congureIPv4,IPv6andnetworkhostname.
HostnameisusedbybothIPv4andIPv6toregistertheunitnameinDHCPv4/v6server.NotethatIPv6usestheFQDNterminology
ashostname.
NetworkservicesIPv4/IPv6-GotoNetworkservicesIPv4/IPv6tocongureDNSandSysLogservers.
PoEconguration-GotoPoEcongurationtocongurePoEportpower.FourPoEpowerschemesofferdifferentpower
distributionsbetweenthefourPoEports.Allfouroptionscomplywiththeunitmaximumpowercapacities.
60W:DeliverpoweroverfourpairsinsidetheEthernetcable.Eachpairdeliversupto30W.
30W:DeliverpowerovertwooutoffourpairsinsidetheEthernetcable
15.4W:DeliverpowerovertwooutoffourpairsinsidetheEthernetcable
–:NoPoEpower.Ethernetportisenabledandfunctional,butPoEisdisabled.
Security
Securityconguration
GotoSecuritycongurationtoconguretheunitusernameandpasswordforremoteweborSSHaccess.
Note
OnlyASCIIcharacters33–90and94–122canbeusedfortheusernameandpasswordelds.
HTTPS
GotoHTTPStocongurewhetherHTTPorHTTPS(securedweb)shouldbeused.WhenHTTPSisenabled,TLSv1.2isusedtoencrypt
webnetworktrafc.
Note
ToeliminatewebbrowserwarningwheneveraccessingtheunitoverHTTPS,addanexceptionruletothewebbrowsertelling
thewebbrowserthatthewebsiteislegitimateoruploadaunitself-signed/CA-signedcerticate.
RADIUS/TACACS+
RADIUS/TACACS+enablesremoteuserauthenticationwhenuseraccessestheunitoverweborSSH.Usernameandpasswordarethen
authenticatedbytheRADIUS/TACACS+server.
TheadvantageswithRADIUS/TACACS+isthatusernameandpasswordareeasytoupdate,especiallyifmanynetworkdevices
aretobemanaged.
ThedisadvantagewithRADIUS/TACACS+isthattheunitisnotaccessibleifbothRADIUS/TACACS+serversaredown.Itispossible
toenableLocalloginfallbackwhichallowstheunittouseitslocalusernameandpasswordwheneverthereisnoreplyfrom
RADIUS/TACACS+servers.
RADIUS/TACACS+commonparameters
ParameterDescription
EnableauthenticationCongureifRADIUS/TACACS+shouldbeenabledordisabled.WhenRADIUS/TACACS+isdisabled,
localusernameandpasswordareused.
EnablelocalloginfallbackWhenlocalloginfallbackisenabled,localusernameandpasswordareusedwheneverthereisno
replyfromRADIUS/TACACS+servers.Thiscanhappenwhentheserversaredownorincaseof
anetworkproblem.
AuthenticationprotocolSelecteitherRADIUSorTACACS+authenticationprotocol.
SharedsecretThesameprivatekeystringmustbeconguredonboththeunitandtheRADIUS/TACACS+server.
10
AXIST8504–EOutdoorPoESwitch
Webinterface
PrimaryserverIPaddressConguretheprimaryIPv4,IPv6orhostnametobeusedtoaccessthemainRADIUS/TACACS+
server.
SecondaryserverIPaddressCongurethesecondaryIPv4,IPv6orhostnametobeusedtoaccessthemainRADIUS/TACACS+
server.
Timout(Sec)Congurethetimeforareplytimeout.
RADIUSextraparameters
ParameterDescription
AuthenticationUDPportConguretheUDPportusedbytheRADIUSserver.
TACACS+extraparameters
ParameterDescription
AuthenticationTCPportConguretheTCPportusedbytheTACACS+server.
Note
Softwareversion3.51.06onlysupportsaccessingRADIUS/TACACS+serversoverIPv4,eitherwithanIPv4addressora
hostnametoberesolvedbyDNSserver.
TestRADIUS/TACACS+
GotoTestRADIUS/TACACS+toverifytheRADIUS/TACACS+congurationbeforeactivatingit.
Note
Duringtesting,theEnableauthenticationshouldbedisabled.
1.CongureallRADIUS/TACACS+parameters,leavingtheEnableauthenticationdisabled.
2.Savetheconguration.Ifnot,theparameterswillberestoredtosavedvaluesaftereachtest,erasinganyunsavedvalue.
3.Typetheusernameandpassword.
4.ClickTestconguration.Awaitingmessagewillappear,followedbyeitherOKorFAIL.
5.Ifneeded,changeandsavethecongurationandtestagain.
6.WhenthetestresultisOK,setEnableauthenticationtoenabled.Savetheconguration,whichactivatesthe
RADIUS/TACACS+conguration.
VLANconguration
VLANcongurationsanitycheckisdoneuponunitpower-upandwhenaVLANcongurationchangeisrequestedovertheweb.The
sanitycheckistomakesurethattheunitremainsmanageableoverthenetworkafterVLANcongurationisapplied.Incasethenew
VLANcongurationmaycausetheunittobecomeunmanageable,anerrormessageappearsonthewebpageforrequestsoverthe
web.Whenaproblemisdetecteduponpower-up,theunitcongurationwillberestoredtofactorydefault.
VLANenable&managementport
ParameterDescription
EnableVLANEnableordisableVLANfunctionality.
11
AXIST8504–EOutdoorPoESwitch
Webinterface
ManagementuplinkportThisparameterhasnoeffectonactualVLANtrafc.Themanagementuplinkportassiststhe
unittoevaluateifthenewVLANcongurationmightblocktheunitfrombeingmanaged
overVLANfromthisport.Ifapossibleconictisdetected,anerrormessageappearsandthe
newVLANcongurationisrejected.
ManagementVLANIDCongurewhichVLANIDtobeusedwhenmanagingtheunitwheneverVLANisenabled.
VLANportsconguration
ParameterDescription
VLANmodeSetVLANmodetoAccessorTrunkforeachoftheEthernetports.
AccessVLANisusedonlyinsidetheunittosplitorlimitpacketaccesstospecicports
only.AnyincomingVLANtaggedpacketsreceivedbyVLANaccessportisdiscarded.VLAN
taggingisaddedtotheunitpacketforVLANAccessincomingpackets.UnitinternalVLAN
taggingisstrippedoutforVLANAccessoutgoingpackets.
TrunkAllEthernetpacketsareVLANtagged.AnyuntaggedVLANpacketsreceivedby
VLANtrunkportisdiscarded.
AccessmodeVLANIDConguretheVLANIDtobeusedwhenevertheportisconguredasAccess.Theunit
internalmanagementportactsasaccessonly.Itcanonlybereachedfromasingle
managementVLANID.
TRUNKFilterunknownVLANConguretheVLANTrunkportaslteredorunltered.
EnabledOnlydataowfromsomeVLANIDs,speciedintheTrunkVLANslist,passes
throughVLANTrunkport.AllotherVLANtaggedtrafcisdiscarded.
DisabledDataowfromallVLANIDspassesthroughVLANTrunkport.
TRUNKVLANsListtheVLANIDsthatmaypassthroughVLANTrunkportwheneverTRUNKFilter
unknownVLANisenabled.
SNMPconguration
GotoSNMPcongurationtocongureparametersapplicabletoSNMPv2candSNMPv3.
SNMPv2c
ParameterDescription
EnableSNMPv2cEnableordisableSNMPv2csupport.
ReadcommunityConguretheSNMPv2cGETcommunitystring.Example:public.
WritecommunityConguretheSNMPv2cSETcommunitystring.Example:private.
TrapcommunityConguretheSNMPv2cTrapcommunitystring.Example:public.
Systeminformation(MIB-II,v2c/v3)
ParameterDescription
SystemcontactConguretheSNMPMIB-IIsystemcontactOiDstring.Example:John.
SystemnameConguretheSNMPMIB-IIsystemname.Example:MyUnit.
SystemlocationConguretheSNMPMIB-IIsystemlocation.Example:University.
PoEMIB(RFC3621,v2c/v3)
12
AXIST8504–EOutdoorPoESwitch
Webinterface
ParameterDescription
EnablenoticationEnableordisablethefollowingPoEtrapreports:
PoEpowerwasprovided/removedfrompowereddevice
Unittotalpowerconsumptionexceedsxy%outofmaxunitpower
Unittotalpowerconsumptionwasrestoredtolessthanxy%outofmax
unitpower
Notifyexceededpowerusage
(1–99%)
Ifenabled,userisnotiedwheneverunittotalpowerconsumption(xy%)percentageout
ofunitmaxpowerexceedsordropsbelowspeciedvalue.
SNMPv3
ParameterDescription
EnableSNMPv3EnableordisableSNMPv3support.
UsernameCongureSNMPv3usernamestring.
AuthenticationpasswordCongureSNMPv3passwordtobeusedbyMD5/SHA.
PrivacypasswordCongureSNMPv3passwordtobeusedbyDES/AES.
AuthenticationandencryptionmodeConguretheSNMPv3authenticationandencryptionmode.
Nonenoauthenticationorencryption,whichmeansnosecurity.
MD5MD5authenticationwithnoencryption.Packetcanbechanged,bycaneasilybe
analyzedbynetworksniffers.
SHASHAauthenticationwithnoencryption.
MD5+DESMD5authenticationandDESencryption
SHA+DESSHAauthenticationandDESencryption
MD5+AESMD5authenticationandAESencryption
SHA+AESSHAathenticationandAESencryption
SNMPv3notication(Trap)
ParameterDescription
UsernameCongureSNMPv3noticationusernamestring.
AuthenticationpasswordCongureSNMPv3noticationpasswordtobeusedbyMD5/SHA.
PrivacypasswordCongureSNMPv3noticationpasswordtobeusedbyDES/AES.
AuthenticationandencryptionmodeConguretheSNMPv3noticationauthenticationandencryptionmode.
Nonenoauthenticationorencryption,whichmeansnosecurity.
MD5MD5authenticationwithnoencryption.Packetcanbechanged,bycaneasilybe
analyzedbynetworksniffers.
SHASHAauthenticationwithnoencryption.
MD5+DESMD5authenticationandDESencryption
SHA+DESSHAauthenticationandDESencryption
MD5+AESMD5authenticationandAESencryption
SHA+AESSHAathenticationandAESencryption
RemoteIPv4/IPv6SNMPtrapmanagers(v2c/v3)
ParameterDescription
Trapmanager#1ConguretherstIPv4/IPv6/DNSnameofremoteSNMPmanagerserverreceivingunit
trapreportssuchasCold-Start,etc.
Trapmanager#2CongurethesecondIPv4/IPv6/DNSnameofremoteSNMPmanagerserverreceiving
unittrapreportssuchasCold-Start,etc.
13
AXIST8504–EOutdoorPoESwitch
Webinterface
Maintenance
Reset-Therearefourdifferentresetoptions:
DoasaferestartwithoutlosingPoEpowerresetstheinternalnetworkmanagerandtheinternalEthernet
switch(networkwillbedownforafewseconds),leavingthePoEpowerunchanged.Powereddevicescontinue
normaloperationsasifnoresetisdone.
Doasaferestartresetstheinternalnetworkmanager,internalPoEcontrollerandinternalEthernetswitch.
RestorethefactoryvaluesbutkeeptheIPsettingsresetsunitcongurationtofactorydefault,leavingIPv4/IPv6
networkcongurationunchanged.VLANandRADIUS/TACACS+isdisabled.Theoptiontoaccesstheunitoverthe
networkasbeforeismaintained.
Restoreallfactoryvaluesrestorestheunittofulldefaultfactorysetting.UnitIPissetto192.168.0.254and
VLANisdisabled.
Firmwareupgrade-Armwareupgradeupgradesonlytheinternalnetworkmanager.PoErmwareisunchanged.Theupgradecan
takeupto10minutes.Duringthistimenetworkswitchingfunctionalityremainsuninterrupted,buttheunitisunmanageable.PoE
functionalityremainsactive,butnetworktrafcmaybeinterruptedforseveralseconds.
Productconguration-GotoProductcongurationtodownloadoruploadaproductcongurationle.Thisfunctionalitycan
beusedtobackupunitconguration,modifyunitcongurationofineortocreateamastercongurationletoeasilycongure
severalunits.
14
AXIST8504–EOutdoorPoESwitch
SSHserialinterface
SSHserialinterface
TheSSHinterfaceisdesignedforvariousmaintenancetaskssuchasPoErmwareupdateetc.Itisdesignedtoprovideaneasyand
convenientinterfaceforITmanagerswhoarefamiliarwithSSH.TosimplifySSHusage,theSSHinterfaceismenu-driven.
SSHispasswordprotectedandsharesthesameusernameandpasswordasforwebaccess.
SSHsupportsRADIUSandTACACS+usernameandpasswordauthentication.
Note
OnlyoneremoteuseratatimecanaccesstheunitoverSSH.IncaseasecondremoteSSHusertriestoaccesstheunit
whiletherstSSHuserisstillactive,amessageisshowntothesecondSSHuser,requestingtheusertotryandreconnect
overSSHlater.
Note
Non-activeSSHsessions(nokeystrokesbytheremoteuser)areterminatedautomaticallyafterthreeminutes.
Mainmenu
Toeasilyidentifytheaccessedunit,theunithostnamestringisshowntotherightoftheMainmenutitle.Thisisespecially
usefulwhentheuserhasmultipleunits.
Viewmenu
ViewmenuprovidesinformationonPoEportsstatus,networkparametersandunitinformation.
MenuitemDescription
1.ViewPoEportsstatusGotothismenuitemtogetthefollowinginformation:
NetworkInformationaboutEthernetlinkspeed(10/100/1000)andHD/FD
connectiontype
PoEInformationaboutpowerconsumptionforeachconnecteddevice
TotalpowerInformationabouttotalpowerconsumptionofallpowered
devicesconnectedtoallactivePoEports.Alsoshowsmaximumavailable
power.
PowersupplyInformationaboutinternalpowersupplyvoltagefortheunit
15
AXIST8504–EOutdoorPoESwitch
SSHserialinterface
2.ViewnetworkparametersGotothismenuitemtogetthefollowinginformation:
In-useIPv4networkparametersShowsifDHCPv4isenabledordisabled.
Alsoshowsthein-useIPv4address,IPv4maskandIPv4defaultgateway.
In-useIPv6networkparametersShowsifDHCPv6isenabledordisabled.
Alsoshowsthein-useIPv6address,IPv6prexandIPv6defaultgateway.
IPv6canreportseveralIPv6addresseswhichwereobtainedautomaticallyin
additiontoastatic/DHCPv6IPv6address.
In-useDNSnetworkparametersInformationaboutin-useIPv4/IPv6
domainnameserverIPs,whichareconguredstaticallyorobtainedby
DHCPv4/DHCPv6.
MorenetworkparametersInformationabouttheunitMACaddress
3.ViewunitinformationGotothismenuitemtogetasummaryofunitproductionparameters:
PartnumberInformationaboutunitmarketingpartnumber(T8504–E)
S/NInformationaboutunitsix-digitserialnumber
ProductnumberInformationaboutunitproductionnumber(forinternal
useonly)
AppverInformationaboutnetworkmanagersoftwareversion
BootverInformationaboutnetworkmanagerbootversion
FirmwarePoErmwareversion
SystemuptimeInformationaboutthetimepassedsincetheunitwas
resetorpoweredup
SystemGMTtimeInformationaboutunitGMTtimeasitwasobtainedfrom
anNTPserver.WhenevertheunitisunabletoobtainNTPtimefromanNTP
server,themessage“incorrect”isshown.
SystemlocaltimeInformationaboutunitlocaltime(GMTplustimezone
shift).WhenevertheunitisunabletoobtainNTPtimefromanNTPserver,
themessage“incorrect”isshown.
Congurationandmaintenancemenu
GotoCongurationandmaintenancemenutocongureorresettheunitortoupdatesoftware.
MenuitemDescription
1.Enable/DisablePoEportEnableordisableaPoEport.Ethernetlinkremainsenabledevenwhennopoweris
provided.
2.DownloadWEBSSLcerticatefrom
TFTPserver(resetonlywebserver)
Downloadself-signedorCAsignedcerticatesfromaTFTPserver,toallowsecureweb
browsingtotheunitwithsecurityconrmationbythewebbrowser(greenlockinthe
webbrowserURLarea)
3.UpdateunitPoErmware(reset
unit)
UpdatePoErmware.UpdatelesaredownloadedfromaTFTPserver.PoEfunctionalityis
notavailableduringthermwareupdate(approximately5–10minutes).
4.Restoreunittosemifactorydefault
(excludingIPconguration)
Restoretheunitcongurationtofactorydefault,butleavestheIPv4/IPv6network
congurationunchanged.Thismaintainstheoptiontoaccesstheunitoverthenetwork
asbefore.
5.RestoreunittofullfactorydefaultRestoretheentireunittofullfactorydefault.
6.ResetonlynetworkmanagerResetonlytheinternalnetworkmanager,whichisresponsibleforunitnetwork
managementinterfacessuchastheweb,SSH,SNMP,etc.InternalEthernetswitchisalso
reset;thenetworkwillbedownforafewseconds.OnlyPoEpowerisunchanged.Powered
devicescontinuenormaloperationasifnoresetwasdone.
16
AXIST8504–EOutdoorPoESwitch
SSHserialinterface
7.ResetunitResettheentireunitincludingtheinternalnetworkmanager,PoEcontrollerandinternal
Ethernetswitch.
8.Enable/Disableautoping
defaultgatewaytoensurenetwork
connectivity
Enableordisableautopingtodefaultgateway.Whenenabled,theunitveriesproper
networkconnectivitybypingingdefaultgatewayevery12seconds(IPv4DGWorIPv6
DGW).After10consecutivepingfailures,networkmanagementmoduleresetsitself
withoutaffectingPoEports.
Pingremotehost
GotoPingremotehosttotestnetworkconnectivityissues.
17
AXIST8504–EOutdoorPoESwitch
SNMPmonitoringandconfiguration
SNMPmonitoringandconfiguration
Multipleunitscanbemonitoredandmanagedbyusingthird-partystandardnetworkmanagementtoolssuchasHPOpenview,
IBMTivoli,SNMPcetc.
EnableSNMP
ThenetworkmanagerinterfacesupportsSNMPv1,SNMPv2andSNMPv3.TheunitacceptsandrepliestoSNMPv1packets,butsince
SNMPv1isobsolete,SNMPtrapsandnoticationsaresentinSNMPv2,SNMPv3orboth.
Note
Duetosecurityreasons,theunitisshippedwithSNMPv2andSNMPv3disabled.PriortoenablingSNMP,itishighly
recommendedtomodifySNMPcommunitystringsbeforeenablingit.
ToenableSNMP:
GotoSecurity>SNMMPcongurationandenableSNMPv2orSNMPv3.
MakesurethatSNMPv2communitystringsmatchyourSNMPmanagerconguration.
MakesureSNMPv3username,authenticationpassword,privacypasswordandencryptionmethodsmatchyourSNMP
managerconguration.
Toenabletraps:
GotoRemoteIPv4/IPv6SNMPtrapmanagersandconguretheremotemanagerIPaddress.
MakesureSNMPv3noticationusername,authenticationpassword,privacypasswordandencryptionmethodsmatchyour
SNMPtrapmanagerconguration.
GotoPoEMIBandenablePoEnoticationstogetnoticationsaboutchangesinPoEportstatus,unitpowerconsumption
exceedsorfallsbelowacertainleveletc.
SNMPMIBs
SeveralMIBsaresupportedbytheSNMPmanager.
NetworkMIBs-VariousnetworkMIBs,suchasRFC1213MIB-II,canbeusedforprovidingnetworkstatistics.NotethattheseMIBs
arenotintendedtobeusedfornetworkcongurationoverSNMP.
RFC3621-PoweroverEthernet(PoE)MIBwhichprovidesvariousPoEcapabilities.SeeRFC3621PoEMIBonpage18.
PrivateMIB-EnhancesPoEfunctionalitybeyondRFC3621PoEMIB.SeePrivateMIBonpage19.
RFC3621PoEMIB
RFC3621PoEMIBislocatedunderthe1.3.6.1.2.1.105SNMPMIBtree.TheMIBisdividedintothreesections.
Portparameters-TherstsectionhandlesPoEportsandprovidesfunctionalitysuchasenableanddisableports,readportstatus,
class,etc.EachOiDisaccessedasatwo-dimensionalarraytable.
MainPSEparameters-ThesecondsectionhandlesthepowersourcethatprovidespowertoagroupofPoEports.Itenables
readingthetotalpowerconsumption,powersupplystatus,etc.
PoEtraps-ThethirdsectionenablesanddisablesPoEtrapstobesenttoremoteSNMPmanagers.
18
AXIST8504–EOutdoorPoESwitch
SNMPmonitoringandconfiguration
PrivateMIB
ThefollowingSNMPOiDsaresupportedbytheSNMPprivateMIB:
OiDnameType(R/W)Description
poePortConsumptionPowerRPoEportpowerconsumption[Watt]
poePortMaxPowerRPoEportmaximumavailablepower[Watt]
poePortTypeRPoEporttypetwopair,30[Watt],fourpair,60
[Watt]
mainVoltageRUnitpowersupplyvoltage[Volt]
19
AXIST8504–EOutdoorPoESwitch
SysLogMessage
SysLogMessage
TheunitsendsvariouseventreportstoanexternalIPv4/IPv6hostrunningaSysLogdaemonapplication.TheIPv4/IPv6hostlogs
theeventsforfutureuse.CongureSysLogserverIPaddressbybrowsingtotheunitcongurationwebpageifSysLogevents
aretobesent.
Therearethreecategoriesoflogevents:
BroadcastIPv4SysLogevents-TheselogeventsaretobeinterceptedbyanySysLogserverontheLANregardlessofunitSysLog
conguration.ThisfacilitateslocatingofunitIPonthenetworkandreportingofmajoreventssuchasunitrecoveryfrompower
failure,etc.
RFC3621PoEtraps-RFC3621PoEtrapsarealsosentasSysLogmessages,whichsimpliesthereadabilityofsucheventsforthe
remoteuser.
ProprietarySysLogevents-Theselogeventsincludepotentialfailuresorpotentialsecuritybreachesaswhenaremoteuser
triestoaccesswithincorrectusernameoverweb/SSH,etc.
SysLogmessagetypes
MessageIDDescriptionInformationprovidedComments
0SystemUPissentwhenpoweris
providedtotheunitortheinternal
networkmanagerresetsitself.
Applicationversion
Bootversion
Resetcause
Bootstatus
Unithostname
UnitMACaddress
VLAN(Yes/No)
Ifyes,VLANIDisalso
provided.VLANIDis
usedtomanagethe
unit.Whichportandif
theportisconguredas
AccessorTrunk.
IPv4address
(static/HDCPv4)
AllIPv6address
(static/DHCPv6)
Messageissentinbroadcastformat
255.255.255.255toanySysLog
serverconnectedoverLANandto
SysLogserver1and2.
1PoEportstatuschangedissent
whenPoEportstatusischanged,
suchaswhenadeviceisinsertedor
removed.
NewPoEstateasdenedinRFC3621
(searching,deliveringpower,fault,
etc.)
RFC3621SNMPPoEMIB,trap
equivalentSysLogreport
2PoEpowerusageexceedsxy%out
ofpowersupplymaximumpower
issentwhenthePoEpowerusage
exceedsthesetvalue.
Powerusageinpercentoutofpower
supplymaximumpower
RFC3621SNMPPoEMIB,trap
equivalentSysLogreport
3PoEpowerusageislessthanxy%
outofpowersuplymaximum
powerissentwhenthePoEpower
usagegoesbelowthesetvalue.
Powerusageinpercentoutofpower
supplymaximumpower
RFC3621SNMPPoEMIB,trap
equivalentSysLogreport
6Defaultcongurationissent
whenunitisrestoredtodefault
conguration
SysLogserverIPisunchanged
whentheunitisrestoredtodefault
conguration.
20
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24

Axis T8504-E User manual

T8504-E
Axis
Brand
Axis
Model
T8504-E
Category
Network switches
Type
User manual

Axis T8504-E is an outdoor PoE switch with four weather-sealed RJ45 Ethernet ports and a single SFP Ethernet port. It delivers up to 60W per port on two 4Pair PoE ports and up to 30W per port on two IEEE 802.3at PoE ports, enabling you to power high-power devices such as PTZ cameras and illuminators. The switch supports VLAN, allowing you to segment your network and improve security. Additionally, it features remote device reset, system status display, and SysLog reporting for PoE events and invalid remote user access.

Download PDF
report

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI

Other documents