Netis ST3310GF, 8+2 managed switch review

Not so long ago, we considered the 10-port PoE switch netis PE6110 for video surveillance systems, and today we will talk about the (8+2)-port Gigabit managed switch level 2 netis ST3310GF. This model is interesting because at a low cost, it can be used as an edge switch, can be managed via SNMP, has broadcast storm protection protocols, advanced port settings, client authentication capabilities using VLANs, and much more.

Structurally, the 2 dedicated Gigabit SFP ports for connecting to the backbone fiber network are not parallelized with the main 8 ports, so when using them, you do not lose switching capabilities. There is a channel aggregation function (IEEE802.3adLACP Protocol) to increase the bandwidth to a specific network segment, and you can combine at least 8 ports into one channel if your equipment needs such a high network bandwidth. In total, up to 8 aggregator groups are supported - more than you might actually need on such a device.

The switching matrix of the device is taken with an excess of 20 Gigabits/s, that is, you can not be afraid that when the network is fully loaded, performance problems will begin. It is strange that there are still manufacturers that save on processor resources, in whose devices the switching matrix is less than the total bandwidth of all ports. This vicious practice must be stopped, and in this case the netis ST3310GF is in full order.

Of course, since the device is designed to work in large networks, STP protocols are supported to prevent loops: STP, IEEE802.1D, RSTP, IEEE802.1w, MSTP, IEEE802.1s, including for virtual networks (VLANs). Virtual networks themselves can be created up to 4096 with support for Q-in-Q technology, that is, netis ST3310GF can act as an edge switch and work with clients who have several virtual networks, VLANs in their own networks, and the GVRP Protocol makes it easier to configure virtual networks, eliminating the need to enter all tags in the device configuration manually.

Since netis ST3310GF is a managed switch, the built-in QoS service allows traffic shaping where necessary, both with a set priority (StrictPriority) and with automatic filtering using the cyclically weighted WRR algorithm, which makes it possible to ensure the best quality of communication, for example, IP telephony or video conferencing in the office. Of course, with the high quality of modern Internet channels, QoS is increasingly not necessary, but in government agencies, where the speed of Internet access is often measured in kilobits per second, but at the same time require the presence of conference communication systems, traffic shaping is a necessity. In addition, QoS can ensure uninterrupted operation of IP video surveillance systems if the cameras are installed in different networks.

For user authentication, not only archaic IEEE802.1x based on the Mac address of the port is supported, but also more reliable authentication via RADIUS/TACAS+ servers. And of course, Netis ST3310GF has a "Gentleman's set" of a provider switch - bandwidth management, port and stream mirroring, which allows you to configure network performance, so to speak, at a low level, and in case of Troubleshooting, quickly fix them.

As you can see, according to its characteristics, netis ST3310GF can act as a root or edge switch of a large office network, which contains all types of traffic, including multimedia, VOIP, web, VPN, as well as servers that require more bandwidth than 1 Gbit/s. Let's take a closer look at the device.

Package contents and exterior

The nateks st3310gf switch can be installed separately or installed in a telecommunications Cabinet. The device is supplied with steel brackets and rubber adhesive feet. As befits professional equipment, the equipment here is minimal: instructions and power cable.

Externally, this is a typical representative of SmB class switches, where most of the front panel is reserved for indicators of network port activity and power supply.

The rear panel has an RS 232 console port, which, if you can manage via Web and SSH, is generally just a tribute to tradition.

The switch has a built-in power supply, but it costs passive cooling. With a low power consumption of about 5 W, and a depth of only 173 mm, it can be installed in closed compact switching cabinets without forced ventilation or placed in the same space where the staff works, without fear that it will cause inconvenience with its noise.

The only thing that is missing is its own switch, but for some reason manufacturers install them less often.

Коммутатор имеет 128 Мб памяти RAM2, представленные 1 чипом Winbond W631GG6KB-12 (DDR3 SDRAM 800 MHz). В целом, конструкция Netis ST3310GF соответствует тому, чего ждешь от современных сетевых устройств такого класса: один процессор типа "все-в-одном", физический интерфейс, чип памяти - и все это в компактном корпусе, который мог бы быть еще меньше, если бы в том была необходимость.

Setting up

The device can be managed via the Web interface, via SSH, via the console or Telnet, as well as via SNMP, and if everything is standard and monotonous with SSH and Telnet. By default, SSH access to the switch is disabled, and you need to use it via the Web interface.

Many administrators prefer to configure network hardware via the console, although this is not always convenient. However, for user authentication, netis ST3310GF offers not only traditional password entry, but also access using a public key certificate, which allows various devices to connect to the switch, such as servers that can use scripts to reconfigure certain parameters.

But in any case, the initial installation and configuration are performed via the Web interface. By default, the switch has the address 192.168.2.11 and the guest username / password.

By the way, I want to mention the built-in SSH access emulator on the device, from which you can control the switch in command-line mode from the Web interface, if SSH access is closed for security reasons. This can be useful for managing configuration files and reading logs.

It is very convenient that on the title page of the Web interface, you can see the switch diagram as live: which ports are connected, which indicators are lit, and the main part of the interface is defined for the desktop, where the most important functions are highlighted with icons: port information, enabling port aggregation, VLAN configuration, loop elimination and port mirroring. We will not list all the features of the Web interface, but will focus on the most significant ones from our point of view.

I would like to pay attention to a very useful tab - the status of the command line (Show CHI Running), which shows which commands are currently being executed by the switch. This feature can be more useful than a traditional Log file when debugging corruption in real time, because you can see what is currently happening and at what point during the switch operation something is wrong.

You can create many users to manage netis ST3310GF, but access rights are limited to two levels: level 1 for those who watch but can't do anything, and level 15 for those who can make configuration changes.

There is a separate menu section for working with the SNMP Protocol. Here you can create groups of users with two levels of rights: Read Only and Read-Write to restrict their access to the switch configuration.

Port management has a tree structure, where the device ID (GI) is selected first, followed by the port number, to identify and configure ports. If you create a port group, it has the designation (Po) and is configured independently of the physical ports included in it. For example, you can limit one port in a group to 500 Mbit/s, another to 700 Mbit/s, and a group to 1000 Mbit/s.

For each port, advanced statistics are available with information about various packets and the speed of their translation in both directions, so that an experienced system administrator can get complete information about the size of packets, if he needs it. Personally, I have not met specialists who are able to read information in this form, but if the manufacturer introduces such a function, then they exist.

In the Storm-Control tab, you can define parameters for protection against three types of storm: broadcast, unicast, and multicast, limiting the access speed on a specific port when broadcasting unattended packets. Interestingly, in addition to limiting the throughput performance of each physical and logical port, it is also possible to set the priority for logical (aggregates) and physical ports in increments from 1 to 7.

The QoS mechanism is used to manage traffic quality. 3 filtering algorithms are supported: at the port level, by DSCP fields in IP packet headers, by priority tags, 802.1 p, and total 802.1 p+DSCP. At the same time, netis ST3310GF can independently rewrite CoS and DSCP fields for IP packets.

The switch has the ability to set a map of matching DSCP fields in the order.

To identify users, you are provided with all possible means. First of all, you can use ACL tables to identify by IP and MAC address. It also supports identification by the virtual VLAN ID record with binding to each specific port. The MOST common Mac address filtering here is extended by port and VLAN tag bindings, which allows you to configure access from the corporate network transparently for users.

The traditional STP Protocol, RSTP with accelerated tree reconfiguration, which allows faster network topology recovery, and RSTP are used to protect against loops that loop packets. If you need to study the operation of any of the busy network ports, you can enable the port mirroring function. When it is activated, traffic from one port is duplicated to another so that it can be connected to search for and eliminate anomalies.

Among the features that the switch provides, there is not enough support for the Syslog server and manual entry of routing tables. Otherwise, the Netis st3310gf switch allows you to make all the necessary settings through the Web interface in today's conditions.

Cost of ownership and warranty

In idle mode, the power consumption of the netis ST3310GF is 2.0 W, no matter how hard we tried, but we could not raise the consumption above 5 W, although the maximum permissible power of the power supply here is 60 W. Thus, when operating around the clock, the switch can not be turned off to save electricity, and with a typical load in the 24/7x365 mode, energy consumption will be around 43 KWh per year, or about 500 rubles at modern rates.

All netis devices are guaranteed for a period of 2 years.

Conclusions

The netis st3310gf switch is a typical example of how young network equipment manufacturers are making network technologies available. What used to be several processors in a large case with powerful power supplies and cost thousands of dollars, is now assembled on a single chip and offered at a price comparable to a good home Wi-Fi router. At the same time, the user who decided not to overpay for the brand gets support for modern network protocols that allow both configuring traffic shaping and authentication using VLANs, that is, almost gets a little more features than the top-end Cisco SNMP switches with a similar buffer and switching matrix a few years ago, which even now cost more in the secondary market than our ward.

Despite its low cost, the netis ST3310GF is a great purchase in today's networks, when connection speeds are higher, authentication requirements are stricter, and hardware costs are lower.

Michael Degtjarev (aka LIKE OFF)
26/11.2017