overview of management methods

overview of management methods

IN

previous article

we dealt with the appearance, indicators and even looked inside the switch. Now it’s time to plug it in and see how system administrators and network engineers can manage and monitor this device.

Physical console

Let’s start with the simplest and most convenient way to connect to the console of the switch. There is no need to look for complicated adapters or specific cables, any USB Type-C cable from a smartphone will do. When connected, it is identified as CP2102N USB to UART Brigde Controller (VID_10C4&PID_EA60) from Silicon Labs. Actually, a simple virtual COM port.

You can find drivers for Windows 10 version 1803 and higher (x64, x86) and Windows 11 (x64) on the downloads page. But even if there was a need to connect from ancient iron that only has Windows XP on board, then there will be no problems. Native drivers on the Silicon Labs website will do. Moreover, there are drivers for any Linux distribution with a kernel version from 2.6 and even Windows CE 5.0/6.0.

Let’s test it and connect from a 20-year-old Windows XP laptop. After installing the drivers, a COM port (COM4) appeared in the system, which can be used for further connection:

Let’s assume that there is not even a hint of PuTTY on the computer and we will use the standard HyperTerminal that came with the OS. We set the connection speed to 115200 baud and do not forget to disable the hardware flow control. We leave other parameters as default:

That’s how, with almost any old laptop with a USB port and Windows XP on board, you can configure hardware from 2023. Versatility plays an important role, especially when the switch needs to be installed and configured far from civilization.

CLI

The Zyxel XMG1930-30HP has

Cisco-like CLI

. It doesn’t try to fully imitate the behavior of IOS, although the basic principles are the same, which will be convenient for administrators of the old hardened. Tab autocompletion and command shortening that have come since the days of OpenVMS.

Availability of CLI commands varies by license type. With a basic license, connecting to a physical console gives debug access. If the switch has gone bad for some reason and other diagnostic methods are unavailable, you can connect to the physical console and use basic commands to figure out what’s going on. Full configuration through the CLI is available only with the purchase of an L3 Access license.

To begin with, let’s perform a few simple actions, for example, build LACP from two links to the neighboring Mikrotik router (which will pretend to be a switch and on which the bonding interface has been configured in advance).

Go to the configuration mode:

XMG1930# configure

Activate the LACP mechanism itself:

XMG1930(config)# lacp

We activate the trunk with ID T1:

XMG1930(config)# trunk T1

We indicate that the T1 trunk will work according to the LACP protocol:

XMG1930(config)# trunk T1 lacp

Now let’s write that there will be two physical interfaces in this trunk (for example, ports 21 and 22):

XMG1930(config)# trunk T1 interface 21,22

Exit configuration mode:

XMG1930(config)# exit

We check the state of the T1 trunk:

XMG1930# sh trunk group T1
Group ID T1:    active
  Criteria :  src-dst-mac
  Status: LACP
  Member number: 2        Member:21 22

Let’s take a look at the config:

XMG1930# sh run

We stick both links. Let’s look at the state of the aggregated channel:

XMG1930# sh lacp group T1
AGGREGATOR INFO:
ID: 1
  [(ffff,f4-4d-5c-69-ed-fa,0001,00,0000)][(ffff,c4-ad-34-bc-99-f0,0009,00,0000)]
LINKS : [21]-[22]-
SYNCS : [21]-[22]-

We see that the link is on both ports and they are both configured to work with LACP. The output line displays the partner’s MAC address. On the other hand, we can see how it will look on Mikrotik:

[admin@MikroTik] > interface/bonding/print 
Flags: X - disabled; R - running 
 0  R ;;; LACP_Uplink
      name="WAN" mtu=1500 mac-address=C4:AD:34:BC:99:F0 arp=enabled 
      arp-timeout=auto slaves=ether1,ether2 mode=802.3ad primary=none 
      link-monitoring=mii arp-interval=100ms arp-ip-targets="" 
      mii-interval=100ms down-delay=0ms up-delay=0ms lacp-rate=30secs 
      transmit-hash-policy=layer-2 min-links=0

The letter R indicates that the interface is running. Now let’s look at the state of the ports:

[admin@MikroTik] > interface/bonding/monitor WAN       
                    mode: 802.3ad
            active-ports: ether1,ether2
          inactive-ports: 
          lacp-system-id: C4:AD:34:BC:99:F0
    lacp-system-priority: 65535
  lacp-partner-system-id: F4:4D:5C:69:ED:FA

Everything is fine here, both ports are in Active status, and the MAC address of our switch is displayed in the column lacp-partner-system-id. Now, this aggregated interface will increase the bandwidth and reserve the channel in case of loss of any of the links.

Web interface

The main page welcomes us with the most important parameters of the switch. So, for example, we immediately see the presence of a link on the ports, the connection speed, the utilization of the processor and memory, as well as the consumed PoE “budget”. By clicking on any port, it can be turned on or off, there is also a switch for PoE:

The dashboard also displays some useful data, such as hostname, firmware versions, uptime, presence of temperature alerts and fan operation. You can also make your own small selection of ten quick links to the parts of the web interface that are most important to you. For example, viewing the status of aggregated links:

In the previous article about this switch, we already mentioned that it has two modes of operation. By default, Standalone mode works, but the switch periodically checks the availability of the centralized Nebula network management system. The CLOUD LED on the front panel flashes yellow once per second. To prevent the switch from interacting with Nebula, simply disable the corresponding NCC Discovery option. In this case, the CLOUD indicator will go out, and you will be able to use the switch only in local mode:

It is also important to immediately look at the Remote management section and disable those management methods that may be dangerous. The same Telnet, for example, does not encrypt data at all, which can become a security problem. Nevertheless, all key telecommunications equipment manufacturers continue to build support for this protocol into their devices and it is almost always enabled by default.

Just as at Cisco you get into the habit of running the #wr mem command, it makes sense to get into the habit of clicking the save configuration button. Without it, the installed configuration will work only until the restart. It should probably be highlighted somehow in the web interface, maybe it will be finished in future versions of the firmware.

The peculiarity of the standard web interface is that standard HTML elements, such as checkboxes, drop-down lists, and fields for data entry, are used as much as possible. This greatly reduces the risk that the page will look different in different browsers. It is clear that in some Internet Explorer 6, you are unlikely to be able to configure anything. But in any more or less modern browser, with the help of JavaScript, the pages will already be displayed correctly.

When accessing from a mobile device, the page is displayed in the desktop version. There is no adaptation for the screens of mobile devices. This is more of a plus than a minus, because it allows the system administrator to use a single interface both on a smartphone and on a regular computer. This means that you will not have to look for where the interface designers have stuffed this or that function in the mobile version.

Management with SNMP

The SNMP protocol has been used for network monitoring and management for more than three decades and is found in almost all network devices. We will not deal with the architecture and security of this protocol now, but look exclusively from a utilitarian point of view. To begin with, let’s configure SNMP parameters: replace Community lines with our own and create a test user:

To get object identifiers (OIDs), we need MIB tables. These are hierarchical collections of identifiers that enable every aspect of device monitoring and management. You can download them in the same place as the drivers,

on the downloads page

. The archive will contain a collection of more than a hundred MIB tables. By downloading it into some iReasoning MIB Browser, you can see which OIDs are responsible for what:

By making a Get request, we will get the current value of the selected OID. By setting the desired value through the Set request, you can control the switch. So, for example, if you set OID .1.3.6.1.4.1.890.1.15.3.2.1 to 1, the switch will go into reboot. Well, if you set .1.3.6.1.4.1.890.1.15.3.2.3 to 1, it will reset the current configuration to factory settings.

Of course, there is the possibility of configuring SNMP “traps”, which allows you to quickly monitor the status of ports, the availability of IP addresses and, in general, monitor the basic parameters of the system. SNMP support is available in all popular monitoring systems, so there should be no problems with integration.

Management via Nebula

In conclusion, let’s talk about one more method of management, which will be convenient in certain situations. Zyxel has built support for its centralized management system into these devices

Nebula

. This allows for a fun trick where you can pre-configure a new switch without even taking it out of the box.

We ordered new equipment for the branches. It has arrived at your central office and now the task is to unpack it, set it up in advance and send it to where it will stand. But in the case of Zyxel, you can do even more interesting things. All you have to do is open the Nebula app on your smartphone, log into your account, and scan all the QR codes from the packaging of the purchased devices. This action will add them to the account:

We already mentioned above that Nebula Control Center search is activated by default and as soon as the device comes online, it will automatically connect to Nebula. This will give you full control over it and you can configure it remotely through your account.

The default access credentials (admin/1234) will be automatically replaced with those you specify in the Configuration > Site Settings settings. This applies to both the Web interface and the CLI:

Otherwise, management through Nebula can be called even more convenient than through the regular web interface. There is also a port map, through which you can open the settings of any particular port and change them as you see fit.

Nebula was clearly conceived as a one-window system in which administrative and network tasks can be solved at once. Inventory is easy, all device data is stored in one place. They need to be transferred to another system – downloaded to CSV or XML for further import into other programs.

There is also a simple monitor that accumulates uplink utilization statistics and PoE “budget”. This allows for optimal network planning and a better understanding of the load profile for each individual device. Nebula can automatically build a network topology, and after a recent update, a display of client devices appeared. This is very convenient, because just by looking at the map, you immediately understand which port this or that device is plugged into.

Of course, setting up messages immediately becomes easier. The system administrator can configure the automatic receipt of reports by e-mail. Something went wrong – without delay, they received a push notification in the application on the smartphone. Again, you’ll find all the logs right there in Nebula.

In the next article, we will talk about how this switch supports AV over IP technology and how to use it to distribute video streams in high quality.

Related posts