Access layer switch QTECH QSW-2800

Introduction

External design

Hardware

Firmware update

Command line interface

Web-interface review

SNMP-interface review

Testing

Conclusion

Introduction

When we were addressed by the QTECH company which offered us to test its L2 access switch, we anticipated to get a device with a common small Smart-switch functionality to organize local networks in the offices of little companies or those communication providers that decided to change their edge equipment with something modern and more manageable. But a great surprise was there in store for us – QTECH QSW-2800-26T-AC has a whole range of interesting functions that as a rule of thumb common access layer switches do not have, and this point makes it possible to use the device more widely while a cisco-like command line lets network engineers, who are familiar with the rest of this vendor’s products, without any efforts come to grips with the model discussed.

External design

QTECH QSW-2800-26T-AC can be placed on a table or mounted into a 19 inch rack. The dimensions of the metal parallelepiped case are 440x175x43 mm (not considering the brackets).

On the front panel there are 24 copper FE-ports and two combo ports for working in Gigabit Ethernet networks. Each of the combo ports can work (not simultaneously, of course) both with copper and optical connection, to perform which you will also need to install an appropriate SFP-module. The active port choice is automatic according to the preferences specified during the switch setup. Moreover there are led indicators of the ports condition and device work, a console port for out-of-band management and a sticker with the device model.

The upper and lower surfaces of the device are absolutely plain, the only things that stand out are a sticker with some brief information about the device and the notches for four rubber legs.

The side panels of QSW-2800-26T-AC are occupied by the vent grate for passive cooling of the switch.

On the rear surface there is a power input connector and a switch case GND screw.

This brings us to the end of the external design review, let’s look inside the device.

Hardware

Inside, the QSW-2800-26T-AC model is presented by two textolite boards: the inner power supply and the main switch board.

All the important elements are situated on one side of the board.

The CPU functions are performed by Broadcom BCM5836KPBG. The Broadcom BCM5482SA chip supports the gigabit ports. Two modules DDR Nanya NT5DS16M16CS-5T, 32 Mbytes each, provide the switch with 64 Mbytes of RAM. The reviewed model also has 8 Mbytes of the flash memory on the Intel JS28F640J3D-75 chip. Under the black heat sink of medium size there is a module of the controlled Broadcom BCM53242MKPBG switch that has 24 FE-ports and 2 GE ones.

Now let’s pass on to examining the switch software capabilities.

Firmware update

You can change the firmware version in several different ways common for the Enterprise level equipment. QTECH QSW-2800-26T-AC can work as a client and a server of FTP and TFTP protocols, by means of which the firmware is downloaded on the device. The firmware consists of two parts: the boot loader (boot.rom) and the main compressed image with operating system and utilities (nos.img).

QSW-2800-26T-AC(config)#tftp-server ?
enable Enable Tftp Server
retransmission-number Retransmission Times config
transmission-timeout Time out config
QSW-2800-26T-AC(config)#tftp-server enable
tftp server has started
QSW-2800-26T-AC(config)#ftp-server ?
enable Enable Ftp Server
timeout Time out config
QSW-2800-26T-AC(config)#ftp-server enable ?
<cr>
QSW-2800-26T-AC(config)#ftp-server enable
ftp server has worked...
QSW-2800-26T-AC(config)#ip ftp ?
username UserName
QSW-2800-26T-AC(config)#ip ftp username ?
WORD User name <1-32> character
QSW-2800-26T-AC(config)#ip ftp username

You can get the new firmware version on the vendor’s FTP-server or by sending a request to the technical support service. The firmware information which we got with the switch is presented below.

QSW-2800-26T-AC#sho ver
QSW-2800-26T-AC Device, Compiled on Jan 21 17:17:39 2011
SoftWare Version 6.2.24.0
BootRom Version 1.2.0
HardWare Version R01
Device serial number 1202000516
Copyright (C) 2011 by QTECH LLC
All rights reserved
Last reboot is cold reset.
Uptime is 0 weeks, 0 days, 3 hours, 5 minutes

Later on we decided to update the loader and switched on the TFTP-server on the device and transmitted a file from the test site under Windows 7 SP1.

C:\>tftp
Transfers files to and from a remote computer running the TFTP service.
TFTP [-i] host [GET | PUT] source [destination]
-i Specifies binary image transfer mode (also called
octet). In binary image mode the file is moved
literally, byte by byte. Use this mode when
transferring binary files.
host Specifies the local or remote host.
GET Transfers the file destination on the remote host to
the file source on the local host.
PUT Transfers the file source on the local host to
the file destination on the remote host.
source Specifies the file to transfer.
destination Specifies where to transfer the file.
C:\>tftp -i 172.17.35.37 put boot.rom
Successful transfer: 496224 bytes in 9 sec., 55136 bytes/s

When you switch on the debug messages output, there is the whole process of a new boot loader getting displayed in the managing interface.

QSW-2800-26T-AC#ter mon
QSW-2800-26T-AC#
Receive new tftp request
Begin to receive file, please wait...
#################################################################################################
Write ok.

We download the main firmware file from the remote TFTP-server.

QSW-2800-26T-AC#cop tftp://172.17.35.134/nos.img flash:/nos.img
Confirm to overwrite the existed destination file? [Y/N]:y
Begin to receive file, please wait...
Get Img file size success, Img file size is:5400320(bytes).
################################################################################################## ######################
################################################################################################## ######################
################################################################################################## ######################
################################################################################################## ######################
################################################################################################## ######################
################################################################################################## ######################
################################################################################################## ######################
################################################################################################## ######################
##############################################################################################
File transfer complete.
Recv total 5400320 bytes
Write ok.
close tftp client.

After rebooting the device we get a new firmware and loader version.

QSW-2800-26T-AC#sho ver
QSW-2800-26T-AC Device, Compiled on Jan 18 10:37:24 2012
SoftWare Version 6.2.150.6
BootRom Version 4.10.4
HardWare Version R01
CPLD Version N/A
Device serial number 1202000516
Copyright (C) 2012 by QTECH LLC
All rights reserved
Last reboot is warm reset.
Uptime is 0 weeks, 0 days, 0 hours, 1 minutes

All the settings listed above can be performed not only with the help of CLI, but also using the «Firmware update» sub item of the «Switch basic configuration» group.

It’s time to turn to the command line interface features.

Command line interface

The access to the switch command line can be gotten through the protocols Telnet or SSH, or by connecting directly to the console port. All these access ways give the administrator the same opportunities of managing the equipment. A small exception is the console by means of which it is possible to watch the device booting process. The QSW-2800-26T-AC log we decided to present as a separate file.

These interface commands are much similar to those of the Cisco network equipment, that’s why we won’t scrutinize all the CLI options, but will have a look at the most interesting peculiarities and differences. Thus, for example, in Cisco Catalyst switches the command show ip interface brief displays the information not only about the virtual interfaces (SVI), but also the statuses of the ports, whereas QSW-2800-26T-AC doesn’t show the physical interfaces information. For such purposes you can use the command show interface Ethernet status. Since QSW-2800-26T-AC is a L2-switch, there can be only one SVI-interface in its settings and with its help you can manage the device. You can perform the command show not only via privileged or non-privileged modes as well. QTECH switch command line allows not typing the whole command if some initial letters can definitely figure it out.

QSW-2800-26T-AC(config)#sho ip int bri
Index Interface IP-Address Protocol
3035 Vlan35 172.17.35.37 up
9000 Loopback 127.0.0.1 up
QSW-2800-26T-AC#sho interface ethernet status
Codes: A-Down - administratively down, a - auto, f - force, G - Gigabit
Interface Link/Protocol Speed Duplex Vlan Type Alias Name
1/1 DOWN/DOWN auto auto 35 FE
1/2 DOWN/DOWN auto auto 35 FE
1/3 DOWN/DOWN auto auto 35 FE
1/4 DOWN/DOWN auto auto 35 FE
1/5 DOWN/DOWN auto auto 35 FE
1/6 DOWN/DOWN auto auto 35 FE
1/7 DOWN/DOWN auto auto 35 FE
1/8 DOWN/DOWN auto auto 35 FE
1/9 DOWN/DOWN auto auto 35 FE
1/10 DOWN/DOWN auto auto 35 FE
1/11 DOWN/DOWN auto auto 35 FE
1/12 DOWN/DOWN auto auto 35 FE
1/13 DOWN/DOWN auto auto 35 FE
1/14 DOWN/DOWN auto auto 35 FE
1/15 DOWN/DOWN auto auto 35 FE
1/16 DOWN/DOWN auto auto 35 FE
1/17 DOWN/DOWN auto auto 35 FE
1/18 DOWN/DOWN auto auto 35 FE
1/19 DOWN/DOWN auto auto 35 FE
1/20 DOWN/DOWN auto auto 35 FE
1/21 DOWN/DOWN auto auto 35 FE
1/22 DOWN/DOWN auto auto 35 FE
1/23 DOWN/DOWN auto auto 35 FE
1/24 UP/UP a-100M a-FULL 35 FE
1/25 UP/UP a-1G a-FULL 35 G-Combo:Copper
1/26 UP/UP a-100M a-FULL 35 G-Combo:Copper

The capabilities of the tested model seem a bit strange to us. On the one hand, it is a typical manageable access level switch that has 24 Fast Ethernet ports and 2 Gigabit Ethernet and resembles the Cisco Catalyst 2950/2960 devices, but on the other hand, its virtual network features correspond to the Metro Ethernet 3750 switches. But in our opinion, it’s not suitable for being used on the aggregation level of modern networks because its FE-ports capacity is obviously not enough for such aims. Moreover, the contemporary approaches in network building recommend to place the switch as close to the consumer as possible (decreasing the L2-cloud in return). Lack of any redundant power supply won’t let this model to be used in critical parts of the network. That’s the reason for us to refer QSW-2800-26T-AC to the access layer switches with a good number of Metro-functions.

What are these Metro Ethernet functions, which presence surprised us so much? The switch observed allows performing L2-tunneling via QinQ (IEEE 802.1ad) technology. The point of this method is adding the second tag of the IEEE 802.1Q protocol for the shots transmitted through the trunk. But the QSW-2800-26T-AC capabilities are much richer than the traditional QinQ. Such additional functionality is characterized by the Selective QinQ and Flexible QinQ extensions that allow tagging only certain frames. Selective QinQ tagging technology is based on the virtual networks identifiers, while Flexible QinQ steps beyond allowing you to select the tagging data, on the basis of the VIDs, MAC and IP addresses, protocols and port numbers etc.

QSW-2800-26T-AC#conf t
QSW-2800-26T-AC(config)#int ethernet 1/1
QSW-2800-26T-AC(config-if-ethernet1/1)#swi mo hybrid
Set the port Ethernet1/1 mode Hybrid successfully
QSW-2800-26T-AC(config-if-ethernet1/1)#dot1q-tunnel selective s-vlan 1000 c-vlan 100-200
QSW-2800-26T-AC(config-if-ethernet1/1)#dot1q-tunnel selective enable
VLAN translation is enable on interface Ethernet1/1
QSW-2800-26T-AC(config-if-ethernet1/1)#exi
QSW-2800-26T-AC(config)#class-map c1
QSW-2800-26T-AC(config-classmap-c1)#match ?
access-group Access group
c-cos Match Customer CoS <0-7>
c-vlan Match Customer VLAN ID <1-4094>
cos Match CoS <0-7>
ip IP specific values
ipv6 IPv6 specific values
vlan Match VLAN ID <1-4094>
QSW-2800-26T-AC(config-classmap-c1)#match ip ?
dscp Match IP DSCP<0-63>
precedence Match IP precedence<0-7>
QSW-2800-26T-AC(config-classmap-c1)#match ip dscp 10
QSW-2800-26T-AC(config-classmap-c1)#exi
QSW-2800-26T-AC(config)#policy-map p1
QSW-2800-26T-AC(config-policymap-p1)#class c1
QSW-2800-26T-AC(config-policymap-p1-class-c1)#set s-vid 1001

A useful feature of the switch in working with the virtual networks tags can be the possibility of the tags reassignment. For example, getting the virtual networks 6, 12, 43 on one of the main ports, you can change their numbers if the VIDs are already being used somewhere else. Alas, we haven’t managed to make such a translation work.

QSW-2800-26T-AC(config-if-ethernet1/2)#switchport mode trunk
Interface Ethernet1/2 is already on this mode !
QSW-2800-26T-AC(config-if-ethernet1/2)#vlan-translation enable
QSW-2800-26T-AC(config-if-ethernet1/2)#vlan-translation 6 to 50 in
QSW-2800-26T-AC(config-if-ethernet1/2)#vlan-translation 12 to 51 in
QSW-2800-26T-AC(config-if-ethernet1/2)#vlan-translation 43 to 52 in

When the provider gives the clients L2-channels, there can emerge a necessity of the traffic transparent redirection, including the frames of the channel protocols such as Spanning Tree. In this case the provider can build a special virtual L2-channel – BPDU tunnel inside the network. For this purpose it is necessary to give the MAC-address of another border switch and enumerate the list of the protocols being serviced.

QSW-2800-26T-AC(config)#bpdu-tunnel dmac ?
FF-FF-FF-FF-FF-FF Mac Address <FF-FF-FF-FF-FF-FF>
QSW-2800-26T-AC(config)#int e1/10
QSW-2800-26T-AC(config-if-ethernet1/10)#bpdu-tunnel ?
dot1x 802.1X
gvrp GARP VLAN Registration Protocol
lacp Port-group configuration
stp Spanning-tree
uldp ULDP information

Among the main functions we would also mention the presence of the MRPP (Multi-layer Ring Protection Protocol) and ULPP (User-Level Protocol Process) protocols, needed for the Ethernet networks loop avoiding, which benefit is decreasing of the convergence time. When the topology is changed, MRPP for instance, converges in time less than one second and in an ideal situation reaches 100-50 msec. But frankly speaking we support some conventional approach in this question, because Rapid Spanning Tree also has a pretty good convergence time.

QSW-2800-26T-AC(config)#mrpp ?
enable Enable mrpp
poll-time poll-time
ring MRPP ring config
QSW-2800-26T-AC(config)#mrpp ring ?
<1-4096> MRPP ring id <1-4096>
QSW-2800-26T-AC(config)#ulpp ?
group ULPP group
QSW-2800-26T-AC(config)#ulpp group ?
<1-48> ULPP group ID <1-48>
QSW-2800-26T-AC(config)#ulpp group 1 ?
<cr>
QSW-2800-26T-AC(config)#ulpp group 1
QSW-2800-26T-AC(ulpp-group-1)#?
commands:
show Show running system information
control Control vlan configuration
description Set ulpp group description
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
flush Flush packet
help Description of the interactive help system
no Negate a command or set its defaults
preemption Preemption configuration
protect Protection vlan configuration
QSW-2800-26T-AC(ulpp-group-1)#

The function of defining the ULDP allows the administrator to detect a simplex channel and switch it off.

QSW-2800-26T-AC(config)#uldp ?
aggressive-mode Enable aggressive mode
disable Disable uldp
enable Enable uldp
hello-interval Hello interval
manual-shutdown Shutdown Unidirection manually
recovery-time Recover timer
reset Reset port
QSW-2800-26T-AC(config)#uldp ena
QSW-2800-26T-AC(config)#int e1/1
QSW-2800-26T-AC(config-if-ethernet1/1)#uldp ?
aggressive-mode Enable aggressive mode
disable Disable uldp
enable Enable uldp on port
reset Reset port

Besides the functions necessary for work on the trunk channels, QTECH QSW-2800-26T-AC has some pretty standard features of working on the access layer. Such options are: access lists, MAC-addresses limit on the subscriber port and 802.1x protocol support.

QSW-2800-26T-AC(config-if-ethernet1/1)#switchport port-security ?
convert Convert dynamic mac to security mac
lock Lock
mac-address Security mac address
maximum Max secure addrs
timeout Lock timer
violation Security Violation Mode
<cr>
QSW-2800-26T-AC(config-if-ethernet1/1)#exi
QSW-2800-26T-AC(config)#access-list ?
<1-99> IP standard access list <1-99>
<100-199> IP extended access list <100-199>
<1100-1199> MAC extended access list <1100-1199>
<200-299> IP extended access list(support discontinuous ip address
mask) <200-299>
<3100-3199> MAC-IP extended access list <3100-3199>
<3200-3299> MAC-IP extended access list(support discontinuous ip
address mask) <3200-3299>
<5000-5099> Multicast source control access list <5000-5099>
<6000-7999> Multicast destination control access list <6000-7999>
<700-799> MAC standard access list <700-799>
deny-preemption Enable deny-preemption
QSW-2800-26T-AC(config)#dot1x ?
accept-mac Accept Mac Entity
eapor Configure EAPoR function
enable Enable 802.1X
macfilter Configure 802.1X MacFilter
max-req Configure the maximum number of times that the Backend
Authentication state machine will retransmit an EAP
Request packet to the Supplicant before it times out the
authentication session
privateclient Configure PriClient function
re-authenticate Manually re-authenticate the client connected to a
specific port
re-authentication Enable 802.1X re-authentication
timeout Configure the timeout
unicast Enable 802.1X unicast
user User based

Making port groups inside one virtual network gives the administrator an opportunity to manage the rules of information exchange between the users in a more flexible way.

QSW-2800-26T-AC(config)#isolate-port group test
QSW-2800-26T-AC(config)#isolate-port group test switchport interface ethernet 1/1-10

QSW-2800-26T-AC L2-switch allows using extended options to control the work of various ARP and DHCP service protocols and some simple DoS-attack prevention functions.

QSW-2800-26T-AC(config)#anti-arpscan ?
enable Enable anti-arpscan
ip-based Ip-based anti-arpscan
log Log
port-based Port-based anti-arpscan
recovery Recovery
trap SNMP Trap
trust Set trust IP
QSW-2800-26T-AC(config)#ip dhcp ?
conflict DHCP address conflict parameters
excluded-address Prevent DHCP from assigning certain addresses
ping Specify ping parameters used by DHCP
pool Configure DHCP address pools
relay DHCP relay agent parameters
server DHCP server parameters
snooping DHCP Snooping
QSW-2800-26T-AC(config)#dosattack-check ?
icmp-attacking Enable ICMP DOS attack checks
icmpV4-size ICMPv4
srcip-equal-dstip Sipequaldip drop
srcport-equal-dstport Enable checking TCP/UDP L4 port
tcp-flags Enable checking TCP DOS attacks on invalid flags
QSW-2800-26T-AC(config)#cpu-rx-ratelimit ?
protocol Protocol
QSW-2800-26T-AC(config)#cpu-rx-ratelimit protocol ?
arp ARP
dhcp DHCP
dot1x DOT1X
http HTTP
igmp IGMP
snmp SNMP
ssh SSH
stp STP
telnet TELNET

Optical and copper ports can display extended information about their statuses and connected cables.

QSW-2800-26T-AC#conf t
QSW-2800-26T-AC(config)#int e1/25
QSW-2800-26T-AC(config-if-ethernet1/25)#virtual-cable-test ?
<cr>
QSW-2800-26T-AC(config-if-ethernet1/25)#virtual-cable-test
Interface Ethernet1/25:
----------------------------------------------------
Cable pairs Cable status Error lenth (meters)
----------- ------------ --------------------
(1, 2) open 1
(3, 6) open 1
(4, 5) open 0
(7, 8) open 1
QSW-2800-26T-AC#sho int e1/25
Interface brief:
Ethernet1/25 is down, line protocol is down
Ethernet1/25 is layer 2 port, alias name is (null), index is 25
Hardware is Gigabit-Combo, active is Fiber, address is 00-1f-ce-4b-da-70
PVID is 35
MTU 1500 bytes, BW 10000 Kbit
Port Uptime:0w-0d-0h-6m-35s (395 seconds)
Encapsulation ARPA, Loopback not set
Auto-duplex, Auto-speed
FlowControl is off, MDI type is auto
Transceiver info:
SFP found in this port, manufactured by CISCO-FINISAR, on Jan 23 2004.
Type is 1000BASE-SX. Serial number is H11F236.
Link length is 550 m for 50um Multi-Mode OM2 Fiber.
Link length is 270 m for 62.5um Multi-Mode OM1 Fiber.
Nominal bit rate is 1200 Mb/s.
Laser wavelength is 850 nm.
Statistics:
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
The last 5 second input rate 0 bits/sec, 0 packets/sec
The last 5 second output rate 0 bits/sec, 0 packets/sec
Input packets statistics:
0 input packets, 0 bytes, 0 no buffer
0 unicast packets, 0 multicast packets, 0 broadcast packets
0 input errors, 0 CRC, 0 frame alignment, 0 overrun, 0 ignored,
0 abort, 0 length error, 0 pause frame
Output packets statistics:
0 output packets, 0 bytes, 0 underruns
0 unicast packets, 0 multicast packets, 0 broadcast packets
0 output errors, 0 collisions, 0 late collisions, 0 pause frame
QSW-2800-26T-AC#sho int e1/26
Interface brief:
Ethernet1/26 is down, line protocol is down
Ethernet1/26 is layer 2 port, alias name is (null), index is 26
Hardware is Gigabit-Combo, active is Fiber, address is 00-1f-ce-4b-da-70
PVID is 35
MTU 1500 bytes, BW 10000 Kbit
Port Uptime:0w-0d-0h-6m-46s (406 seconds)
Encapsulation ARPA, Loopback not set
Auto-duplex, Auto-speed
FlowControl is off, MDI type is auto
Transceiver info:
SFP found in this port, manufactured by MRV COMM, INC., on Apr 07 2005.
Type is 1000BASE-LX. Serial number is 556AC00184.
Link length is 10000 m for Single Mode Fiber.
Link length is 550 m for 50um Multi-Mode OM2 Fiber.
Link length is 550 m for 62.5um Multi-Mode OM1 Fiber.
Nominal bit rate is 1300 Mb/s.
Laser wavelength is 1310 nm.
Statistics:
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
The last 5 second input rate 0 bits/sec, 0 packets/sec
The last 5 second output rate 0 bits/sec, 0 packets/sec
Input packets statistics:
0 input packets, 0 bytes, 0 no buffer
0 unicast packets, 0 multicast packets, 0 broadcast packets
0 input errors, 0 CRC, 0 frame alignment, 0 overrun, 0 ignored,
0 abort, 0 length error, 0 pause frame
Output packets statistics:
0 output packets, 0 bytes, 0 underruns
0 unicast packets, 0 multicast packets, 0 broadcast packets
0 output errors, 0 collisions, 0 late collisions, 0 pause frame
QSW-2800-26T-AC#sho transceiver
Interface Temp( ) Voltage(V) Bias(mA) RX Power(dBM) TX Power(dBM
)
--------- -------- ---------- -------- ------------- ------------
-
1/26 37 3.31 18.23 -329.73 -5.08

The vendors didn’t miss the chance to provide the quality of service: the switch allows classifying the frames and setting unique service parameters for every class.

QSW-2800-26T-AC(config)#access-list 1 permit 10.0.0.0 0.255.255.255
QSW-2800-26T-AC(config)#class-map class1
QSW-2800-26T-AC(config-classmap-class1)#match access-group 1
QSW-2800-26T-AC(config-classmap-class1)#exi
QSW-2800-26T-AC(config)#policy-map p1
QSW-2800-26T-AC(config-policymap-p1)#class class1
QSW-2800-26T-AC(config-policymap-p1-class-class1)#?
commands:
show Show running system information
accounting Add statistic for classified packets
drop Drop packets
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
no Negate a command or set its defaults
policy Policy
set Set QoS values
transmit Add transmit packets
QSW-2800-26T-AC(config-policymap-p1-class-class1)#policy ?
<1-10000000> CIR(Committed Information Rate) Kbits per second <1-10000000>
QSW-2800-26T-AC(config-policymap-p1-class-class1)#policy 10000 ?
<1-1000000> CBS(Committed Burst Size) Kbytes <1-1000000>
QSW-2800-26T-AC(config-policymap-p1-class-class1)#policy 10000 4000 exceed-action ?
drop Drop packet
set-cos-transmit Set COS
set-drop-precedence Set Drop priority
set-dscp-transmit Change dscp
set-internal-priority Set Internal priority
set-prec-transmit Change precedence
transmit Transmit packets
QSW-2800-26T-AC(config-policymap-p1-class-class1)#policy 10000 4000 exceed-action drop
QSW-2800-26T-AC(config-policymap-p1-class-class1)#exi
QSW-2800-26T-AC(config-policymap-p1)#exi
QSW-2800-26T-AC(config)#int e1/5
QSW-2800-26T-AC(config-if-ethernet1/5)#service-policy input p1
QSW-2800-26T-AC(config-if-ethernet1/5)#

To get the information about the device, the firmware version and the serial number it’s necessary to perform the command show version.

QSW-2800-26T-AC#sho ver
QSW-2800-26T-AC Device, Compiled on Jan 21 17:17:39 2011
SoftWare Version 6.2.24.0
BootRom Version 1.2.0
HardWare Version R01
Device serial number 1202000516
Copyright (C) 2011 by QTECH LLC
All rights reserved
Last reboot is cold reset.
Uptime is 0 weeks, 0 days, 3 hours, 5 minutes

Besides the commands described in the manual and the built-in reference system, there are some not documented features which are familiar to us from the command line interface of the Cisco Systems devices.

QSW-2800-26T-AC#who
Telnet user cisco login from 10.247.10.2

This leads us to the end of our brief QTECH QSW-2800-26T-AC command line interface features observation; let’s pass over to the device web-interface review.

Web-interface review

The switch web-interface can be accessed with the help of any modern browser by using HTTP or HTTPS. To enter login and password are required which are by default admin/admin. After entering correct account data, the administrator gets to the device homepage where there’s brief information about the switch and groups of available commands.

We’re not going to scrutinize all features of all menu groups but will only look into several of them.

Time synchronization settings via SNTP are configured with the help of the SNTP Configuration group.

To configure physical ports aggregation one has to turn to the items of the Port channel configuration group.

Several switches can be added to a cluster that can be configured in the Cluster basic configuration group.

Cable infrastructure diagnostics is performed with the help of the Port virtual-cable-test config item of the Port configuration group.

On each of physical ports it’s possible to limit the transmission speed for certain types of traffic.

Here we’re finishing the device web-interface review and are turning to the features of the SNMP-interface.

SNMP-interface review

By default, access to the switch via SNMP is denied. To permit it one has to perform a number of simple actions (given that the SVI-interface was previously configured): to turn the SNMP server on, to specify “passwords” for reading and writing, configure the list of IP-addresses for which access to the device is allowed. In the listing below the IP-check is switched off altogether.

snmp-server enable
snmp-server securityip disable
snmp-server community ro public
snmp-server community rw private

To access the device we used the Getif utility version 2.3.1 where the Parameters tab presents essential information about the equipment. We’re not going to scrutinize all features available in this protocol but will stop at the ones we consider the most interesting.

In the Interfaces tab are presented the switch interfaces, their speeds and statuses.

Now let’s turn to the MBrowser tab. The .iso.org.dod.internet.private.enterprises branch contains information about MAC-addresses, the device hardware revision, the firmware version, etc. More detailed data can be found in the .iso.org.dod.internet.mgmt.mib-2.system branch.

Detailed information about interfaces, their statuses and counters is located in the .iso.org.dod.internet.mgmt.mib-2.interfaces branch.

Statistics regarding IP, ICMP, TCP, UDP and SNMP operation are presented in the .iso.org.dod.internet.mgmt.mib-2.ip, .iso.org.dod.internet.mgmt.mib-2.icmp, .iso.org.dod.internet.mgmt.mib-2.tcp, .iso.org.dod.internet.mgmt.mib-2.udp and .iso.org.dod.internet.mgmt.mib-2.snmp branches, respectively.

Information about the data link layer protocol operation can be found in the .iso.org.dod.internet.mgmt.mib-2.rmon branch.

We also decided to connect QSW-2800-26T-AC to our testing monitoring system based on Cacti to obtain plots of network interfaces utilization when the device review was being written.

The QTECH Company offers its clients its own system – QNMS – intended for monitoring events happening to the devices. Unfortunately, it can’t be utilized for centralized equipment management.

Here we’re through with our brief review of the SNMP-interface and are moving on to actually testing the switch.

Testing

The first test that we traditionally start this section with is determining the device booting time under which we mean the time interval between turning the device on and getting the first echo-reply via ICMP. The QTECH QSW-2800-26T-AC switch boots in 77 seconds. We think it to be an acceptable result.

Then we checked the security of the device for which we used the Positive Technologies XSpider 7.7 (Demo Build 3100) network security scanner. Altogether we detected four open ports to the managing SVI-interface: TCP-22 (SSH), TCP-23 (Telnet), TCP-80 (HTTP) and TCP-443 (HTTP SSL). The most interesting bits of data we obtained are presented below.

The QSW-2800-26T-AC switch allows administrators to limit the maximum transmission speeds for certain types of traffic by the rate-limit (policing) method; traffic shaping is not used. The difference between the specified means of speed limitation is clear from the channel load diagram below.

We decided to find out how such limitation works on the tested model, for which we configured downstream limitation on the Ethernet 1/1 interface. An example of establishing such limitation is shown below.
QSW-2800-26T-AC#conf t
QSW-2800-26T-AC(config)#access-list 1 permit any-source
QSW-2800-26T-AC(config)#class-map 1
QSW-2800-26T-AC(config-classmap-1)#match access-group 1
QSW-2800-26T-AC(config-classmap-1)#exi
QSW-2800-26T-AC(config)#policy-map 1
QSW-2800-26T-AC(config-policymap-1)#class 1
QSW-2800-26T-AC(config-policymap-1-class-1)#policy ?
<1-10000000> CIR(Committed Information Rate) Kbits per second <1-10000000>
QSW-2800-26T-AC(config-policymap-1-class-1)#policy 1024 ?
<1-1000000> CBS(Committed Burst Size) Kbytes <1-1000000>
QSW-2800-26T-AC(config-policymap-1-class-1)#policy 1024 128 ?
conform-action Action when rate is not exceeded
exceed-action Action when rate is exceeded
<cr>
QSW-2800-26T-AC(config-policymap-1-class-1)#policy 1024 128
QSW-2800-26T-AC(config-policymap-1-class-1)#exi
QSW-2800-26T-AC(config-policymap-1)#exi
QSW-2800-26T-AC(config)#int ethernet 1/2
QSW-2800-26T-AC(config-if-ethernet1/2)#service-policy input 1
QSW-2800-26T-AC(config-if-ethernet1/2)#exi
QSW-2800-26T-AC(config)#

We changed the CIR parameter with 1mbps increment and chose the CBS magnitude in such a way that characteristic time Tc was equal to 1 sec. The magnitudes of CIR, CBS and Tc are related by the following formula.

On the diagram below are presented theoretical and actual data transmission speeds when these speeds are limited on a physical port.

As QTECH equipment allows the administrator to block simple DoS-attacks, we decided not to leave this feature unattended. To our surprise, we failed to make QSW-2800-26T-AC block illegitimate packets. Neither were we able to connect a telephone and a PC to different virtual networks through one physical port – the switch detected an LLDP neighbor but didn’t put its MAC-address into a right virtual network. We addressed the vendor with these issues and received a new firmware version solving the problem with protection against DoS-attacks.

QSW-2800-26T-AC#sho run int e1/3
!
Interface Ethernet1/3
lldp med trap enable
network policy voice vid 35
network policy softphone-voice vid 35
switchport access vlan 2
!
QSW-2800-26T-AC#sho mac-address-table | i 1/3
2 00-07-3b-e3-f2-5f DYNAMIC Hardware Ethernet1/3
QSW-2800-26T-AC#sho lldp neighbors interface ethernet 1/3
Port name : Ethernet1/3
Port Remote Counter : 1
TimeMark :92
ChassisIdSubtype :5
ChassisId :
PortIdSubtype :MAC address
PortId :00-07-3b-e3-f2-5f
SysName :AVTE3F25F
SysCapSupported :36
SysCapEnabled :4
LLDP MED Information :
MED Codes:
(CAP)Capabilities, (NP) Network Policy
(LI) Location Identification, (PSE)Power Source Entity
(PD) Power Device, (IN) Inventory
MED Capabilities:CAP,NP,PD,IN
MED Device Type:Endpoint Class III
Media Policy Type :Voice
Media Policy :Tagged
Media Policy Vlan id :99
Media Policy Priority :6
Media Policy Dscp :46
Power Type :PD
Power Source :Local
Power Priority :High
Power Value :0.0 (Watts)
Hardware Revision:9650D01A
Firmware Revision:hb96xxua3_1_04_S.bin
Software Revision:ha96xxua3_1_04_S.bin
Serial Number:08N521004726
Manufacturer Name:Avaya
Model Name:9650
IEEE 802.3 Information :
auto-negotiation support: Supported
auto-negotiation status: Enabled
PMD auto-negotiation advertised capability: 27824
operational MAU type: 16
**********************************************************
QSW-2800-26T-AC#

Unfortunately, even in the new firmware version several functions didn’t work. For instance, we failed to get the switch translating VID (VLAN-transmission). In the 802.1q-trunk mode we connected Cisco Catalyst 2960 switches to QSW-2800-26T-AC two ports (Ethernet 1/3 and Ethernet 1/4). Then on the tested device we configured VID translation from 2 to 3 for traffic entering through the Ethernet 1/3 interface and VID from 3 to 2 for data entering through Ethernet 1/4. However, the senders’ MAC-addresses turned up in their previous virtual networks – the translation didn’t work. Also, there’re a number of minor discrepancies between the functionality description and the switch’s real features.

QSW-2800-26T-AC(config)#monitor session ?
<1-4> SPAN session numberList
QSW-2800-26T-AC(config)#monitor session 2 source interface ethernet 1/1
This switch can only support session 1!

Here we are finishing the testing section and will now make our conclusions.

Conclusion

The tested QTECH QSW-2800-26T-AC switch left an impression of something incomplete and not quite ready to be used. Though the list of features described in the user manual was rather stunning, not all of them were properly implemented. As we understand the given device is an example of a new line of switches QTECH 2800 which has hardware different from other models. Firmware and functionality are different, too. We think that the vendor should have published a user manual specifically for this model and should, for firmware versions, specify for which particular models they’re intended. We hope that QTECH will correct all discovered disadvantages and before long users will get a fully functional switch at an affordable price.

QSW-2800-26T-AC advantages are listed below.

  • Passive cooling.
  • Rich functionality.
  • A cisco-like command system.
  • Affordable price.
  • IPv6 support.
  • The ability to join several devices into a cluster.

Unfortunately, we can’t mention the device disadvantages.

  • Lack of a redundant power supply.
  • Lack of the Russian translation in the web-interface and of Russian documentation.
  • Part of functionality is unavailable or doesn’t work, though it’s described in the user manual.

When the article was being written the recommended price for the QTECH QSW-2800-26T-AC switch was 6356 RUB.

Add comment


Security code
Refresh

Found a typo? Please select it and press Ctrl + Enter.