Testing the features of the L3 PoE switch IP-Com G5328P-24-410w
Level 3 switches with PoE support are usually used to build enterprise Wi-Fi networks and video surveillance systems. And, of course, there are advanced models on the market with a huge list of L3 functions, but few people use all this advanced functionality, because as a rule, in such application scenarios, a switch is required to divide traffic flows between LAN and WAN directions, directing streams from cameras to NVR and from access points to shared resources in order to do not overload the network gateway, as well as provide a configurable distribution of PoE power in case of power overload. In such installations, one switch combines both the access level and the distribution level, so the network turns out to be very inexpensive and easily scalable horizontally when connecting new premises in the enterprise.
In the budget version, when the network is built on 1080P/4K cameras and access points of the 802.11ac standard (or cheap 802.11ax), a downstream connection at a speed of more than 1 Gigabit is not required, respectively, demand shifts towards budget L3 switches with support for 802.3at/af and a total PoE budget of around 250 Watts (up to 10 watts per port). The IP-Com G5328P-24-410w model is a 28–port switch in which 4 ports are Gigabit optics for Uplink, and the remaining 24 ports are 1-gigabit RJ45 PoE with a total power budget of 370 watts, and each of these ports can work both in 802.3af mode (up to 15.4 W), and in the mode 802.at (up to 30 watts).
From the management point of view, the model is interesting because it supports both console access via a serial interface, WebUI, and even management via the cloud. But about everything in order.
The switch has a standard 1U enclosure with a depth of 285 mm, which allows it to be placed in most wall cabinets and telecommunication racks. Power is supplied from the back, and all signal connections are supplied from the front. The console port has an RJ45 form factor, and an RS232 adapter is supplied with the device. The ability to configure via the terminal is still in demand among network specialists, and if you have several such switches installed in the rack, it is easy to put the console cable of each of them on the stackers along with the network cables and connect it to a common console, server or RS232 switch.
The display on the case has an interesting feature – the same LEDs are used to display the connection status (Link) or power supply (PoE). The current display mode is switched by a small button near the console port: pressed once – received a connection indication, pressed a second time – received a power indication on the ports.
Two fans with constant rotation speed are used for cooling, directing air from left to right (when viewed from the front side). The IP-Com G5328P-24-410w switch can operate at ambient temperatures from 0 to 45 degrees Celsius. The main source of heat in such PoE switches is a power supply that generates heat on losses from converting 220V AC to 37–57V DC for PoE customers. For this reason, the fans in this model only cool the PSU, and simple radiators are enough for electronics chips.
Lightning protection is an important property of PoE switches, since often connected devices are located on the street at a considerable distance. According to the specification, the switch has lightning protection up to 6 KV both at the power input and from the RJ45 ports. A simplified L-C filter is installed on the input stage of the power supply unit to filter interference and a fuse to protect against overcurrent or short circuit. Please note – the power supply itself is marked at 450 watts, so there is also a certain power reserve.
PoE Distribution Configuration Features
Perhaps one of the most popular options in this kind of switches is dynamic power distribution on ports. Modern access points vary their power consumption quite a lot depending on the load and the number of connected clients, and if the PoE project budget is at the top of the switch's capabilities, the switch should be able to turn off non-critical load so that there is no power overload and protection in the PSU does not work. In this case, the following settings are available to you:
You can limit the consumption on each of the ports by rigidly setting the PoE standard: for example, 802.3af or 802.3at, after checking the specification of the access point or camera and finding out which power standard it uses.
You can set a schedule for the power supply to the port, for example, to turn off Wi-Fi during non-working hours, but this has more to do with saving electricity and security than overload protection.
You can enable dynamic power distribution by setting priorities for ports: if the PoE budget is exhausted, the switch will start turning off power on ports with low priority, giving the released power to high-priority devices.
All these settings are made individually for each port. It is a pity that there is no Power Cycle function either in manual or automatic mode, it would immediately bring the IP-Com G5328P-24-410w to a higher league of expensive AV models.
In terms of network security, I would like to pay attention to ACL sheets – today, they can be used to build secure isolated networks and solve some configuration error problems. Two types of rules are supported here: for MAC and IP addresses.
The rules apply to each port and, moreover, to the direction of traffic (incoming or outgoing). Actions can be of two types: banning and skipping packages.
In addition, there are MAC address filtering tools, support for authentication via ACL and basic anti-DDoS settings.
DHCP and routing capabilities
To work with an external DHCP server on the network, the switch supports the DHCP Relay function with the server address setting for each of the VLANs. To prevent an attack using the DHCP protocol on the network – DHCP Snooping.
A proprietary DHCP server allows you to select a range of addresses in the pool and specify one exclusion range for it. For devices that need to be issued a static address via DHCP, there is an address reservation function.
Routing is supported both static and dynamic, a convenient search tool is implemented in the route table. The update interval can be configured for ARP tables, but by default it is set to a sufficient value so as not to overload the network with broadcast requests - 20 minutes.
QoS and STP
QoS rule configuration policies in access–level switches are rarely used, since basically all traffic here is equivalent. The IP-Com G5328P-24-410w supports 802.1P, DSCP, and port priority-based queuing. Perhaps it is the priority of ports that will be the simplest and most effective method of preventing overloading of Uplink ports, if you have an understanding of the physical priority of premises in the enterprise. For example, for access points in the meeting room, you can increase the priority, for IP cameras broadcasting to NVR with face and object recognition, too.
To build trees, RSTP, MSTP and STP protocols are supported with the configuration of basic parameters, including packet transmission delay. I want to note a very convenient table of statistics on xSTP by ports and information on paths and bridges. Processor protection is not explicitly declared, but can be implemented by means of limiting the rate of packet transmission over ports.
Three algorithms are available for combining channels: src-dst-mac, src-dst-ip and src-dst-mac-ip-port. The web interface allows you to combine both RJ45 and SFP ports into one group, up to 8 ports in each trunk in total.
In addition, LACP is supported. Four SFP slots are enough for simultaneous connection to upstream switches and a server rack with NVR.
Monitoring and logs
The IP-Com G5328P-24-410w switch supports all three SNMP protocols (v1/v2c/v3), and a SySlog server that does not require authorization can be used to export logs.
Ping and traceroute are implemented for connection diagnostics.
IP-Com switches have a very convenient function of building a local device map, and the switch is able to determine by itself what type of device is working in the same network with it, but if it has not done this, you can configure the icons manually. Moreover, it is not at all necessary that the device be connected to the ports of the switch itself – the scheme is built even for neighboring switches.
In addition to the visual topology, the map is good because you can visually observe on it which port the device is connected to, here you can run a ping test with one mouse click, try to open the Web interface and if it doesn't help, disconnect the port separately by link or by power supply. If I were the manufacturer, I would duplicate disabling ports on the start Dashboard, because this function is very necessary, and should always be at hand.
For remote network maintenance, a cloud service and an IP-Com ProFi cloud application are provided, in which you can start projects with IP-COM devices such as gateway, switch and access point. When creating a project, location presets such as "office", "hotel", "living room" and others are available to you. When working with access points, the cloud service helps to optimize the radiation of transmitters, reducing interference. In terms of switch maintenance, it is necessary to visually see the status of the port and make any of its settings.
At the same time, the cloud does not completely take over the management of the device, as Zyxel Nebula does, but simply is a single entry point for monitoring and device configuration. That is, you configure the switch both through the CLI, and through WebUI, and through the cloud, while you do not need VPN access to the network where it is installed. It is very useful that you can directly access the switch's Web interface from the cloud, even if it is behind the provider's NAT, but only for some reason the connection is established over the insecure HTTP protocol.
A very useful feature is the ability to save the backup configuration of the switch directly to the cloud in case the device fails and requires prompt replacement. In general, I believe that cloud services for managing network devices are a mandatory option for modern installations, since it greatly facilitates the configuration and troubleshooting process: the administrator does not need to connect via VPN to the network where the equipment is located, does not need to use Anydesk or RDP, and even more so does not need to go to the facility for nothing.
The IP-Com G5328P-24-410w is one of the most affordable Gigabit 24-port L3 PoE switches on the market. This model solves the main task of modern video surveillance and Wi-Fi networks - it combines the level of distribution and access in one device with routing at the L3 level and comfortable controls. A visual map of the network topology and management via the cloud are the distinctive features of this model, designed to significantly reduce operating costs, and they should be paid attention to first.
From the point of view of the design, there is a maximum reduction in the cost of everything and everything, and as a result, the model has a relatively narrow operating temperature range, which does not allow it to be mounted, say, on a mast in a sealed cabinet or in an unheated, non-conditioned room. And if you ask yourself the question "why is it so cheap", then the answer is in front of you.
I believe that for the IP-Com G5328P-24-410w switch, the most suitable scenario is for use in video surveillance systems at non-critical facilities in remote branches of the enterprise (shops, warehouses, terminals).
Michael Degtjarev (aka LIKE OFF)