Zyxel GS1920-8HPv2 - test ot PoE switch with cloud management

Today we are looking at one of the most advanced managed switches on the market. Not so long ago, Zyxel built support for the nebula cloud management system into its professional devices, which allows you to configure and maintain the network on the site simply, and most importantly - remotely. Just imagine: the installer connects the cables, checks the connection, calls the Central office - and the system administrator uploads the configuration to all devices at once, including switches and access points, via the Internet. Sets up all the work not "in the field", but in his usual chair, with access to documentation and full Internet. It doesn't need to go anywhere and waste time: management and configuration, as well as firmware updates - everything is done from a single Web interface.

Zyxel GS1920-8HP

I am sure that you already know about the ZyXEL Nebula cloud system, so we will move its description further in the text, and start with THE gs1920 switch itself, because this is something really unusual and cool.

Zyxel GS1920-if you need PoE

The GS1920 series includes models with 8/24/48 ports, and each of them has a PoE version, in which all ports, except for the trunk (although there is no division into local and Uplink ports - they are all equivalent), support the 802.3 at twisted pair power standard. And the manufacturer did not skimp on power supplies: The 8-port version has a power budget of 130 watts, while the other two have 375 watts each. Today, these switches are used for the most promising ultra-high-definition video surveillance networks and access points with 802.11 ac support that have speeds above 1 Gbps. Each port can be allocated up to 25.5 W of power, which is 5 times the consumption of an average access point or 4G-WiFi gateway, and which is enough for a powerful led spotlight.

The younger model Zyxel GS 1920-8HPv2 came to us for testing, which has 8 PoE ports and 2 combined RJ45/SFP for trunk connection. Even this Junior model has a built-in power supply, so it takes up a minimum of space in the telecommunications Cabinet: 1 unit wide and 162 mm deep.

The switch has a power supply manufactured by the Chinese company Gospower. I have not met this company before, and I was pleasantly surprised to see that the efficiency of this power supply is 85%, the power factor is 0.90, and the design uses expensive Japanese Rubycon capacitors with a temperature rating of 105 degrees Celsius.

Giant radiators on switch chips also attract attention: Zyxel set a goal to make the switch stable without using active cooling, and in 10-port models it succeeded, and the gs1920-8HPv2 specification States the time between failures - 514 thousand hours, or < b>58 years of continuous operation, and these devices are covered by a lifetime warranty!

The Switch stores 2 firmware versions and 2 configuration files in memory, so if you updated unsuccessfully or clicked the wrong button, you can easily roll back the changes.

it Remains to add that if PoE functions are crucial for you, then you can use the switch interface to monitor power consumption by port and free PoE budget per device, as well as statistics on PoE device consumption.

GS1920 - if you need filtering

Zyxel calls the GS1920 v2 series "smart managed switches", and there are already OSI level 3 and 4 management features, such as IP-based filtering, TCP/UDP socket filtering, authentication, and VLAN distribution via the RADIUS server. There are 3 methods available for setting traffic priorities: SPQ, WRR, and WFQ, plus IP/TCP/UDP speed limits per port.< / p>

Our tests show that prioritizing 802.1 p traffic using SPA costs about 10% of the switch's bandwidth on small packets, which is within the measurement error.

GS1920 - if you are building a video wall or configuring Multicast traffic

If you plan to actively use video broadcasts in your network, for example, to build complex configurations of video walls via HDMI-over-IP devices, and even add IPTV to the network, then Zyxel GS1920 has a full set of tools for you: traditional IGMP Snooping version 1/2/3, IGMP filtering function for binding multicast profiles to individual ports, IGMP trottling for controlling the number of IGMP groups on one interface, IGMP proxying and MVR.

MVR allows you to create separate VLANs for Multicast traffic, isolated from the subscriber's virtual networks, but at the same time allow a subscriber located in a different VLAN to connect to the multicast VLAN of the provider and watch the channel broadcast there. MVR works independently of IGMP Snooping and operates with the IP addresses of multicast groups.

GS1920 - if you need functions for working with IP addresses and VLANs

The switch has a PPPoE client and basic configuration of routing rules, plus selection of priority rules based on port, MAC address, and IP address. The GS1920 itself can act as a DHCP repeater. There is a limit on the number of MAC addresses served by a single port, IPv4/IPV6 packet ACL filtering, and a speed limit for specified IP addresses on a given port.

You can create Virtual networks based on physical ports, MAC addresses, protocols, IP address ranges, and source/target over MAC/IP using LACP algorithms. By the way, ports can be combined into a trunk according to the ACPI standard (8 tanks up to 8 ports are supported in each), but in such a switch, this will not surprise anyone.

As you can see, the functionality of the Zyxel GS1920 series is sufficient to work both in the network of a small provider with IP TV and in the network of a small enterprise. It is particularly interesting that all this functionality is available in a 10-port model that can be used as a root switch for a small business center or hotel.

In this variety of functions, only the built-in command-line terminal and settings search are missing: apparently, Zyxel has invested all its strength in the Nebula cloud, so the gs1920's own Web interface is both ugly and inconvenient.

Nebula cloud

Of Course, the highlight of the GS1920 is management via the Nebula cloud. This is a centralized management system in which all your organizations (for companies that serve the network remotely), all offices, all access points/gateways/switches with full statistics of traffic, PoE consumption, firmware updates and device load are available to you in one browser window. The algorithm for working with the cloud is very simple: first, you register on the Nebula website and add your organization's offices. Then select the office to add the device to, and use the mobile app to scan the QR code in the web interface of this device. That's all, it is automatically added to your Arsenal, and the most interesting thing is that almost all settings disappear from the device's own web interface. Of course, you can restore the device to an offline state by removing it from the cloud, but note that even a factory reset does not remove the binding to Nebula: as soon as the switch senses the Internet, it immediately connects to the cloud. So if access points are stolen from your site, it is useless to do this with Zyxel: wherever the attacker puts them, they will remain under your control.< / p>

In General, the convenience of Nebula is also that you can see statistics on one tab and immediately take some action. For access points, for example, you can immediately see the most active clients, who can change the access policy, disable authorization, or block it altogether in two clicks.

For the switch , it is even more convenient: just open the port that interests you: here you are immediately given a graph of traffic in both directions, power consumption on the port (if we are talking about PoE), statistics, including IGMP and the number of errors. Click on the port and you can immediately enable STP, loop protection, enable or disable PoE, or configure bandwidth control.

For more complex settings, such as filtering or IGMP, there are still separate menu items, and here the only difference from configuring the switch via the Web interface is that it is more beautiful and convenient in the cloud.

but of course, the main beauty of the cloud is in the General settings, which you can apply in batches to any new device, and here... there is something to praise Zyxel for, and something to scold. Well, for example, you can create a PoE schedule to centrally turn on and off some devices at facilities, saving electricity. And you can turn on the power from 09 to 18, but from 18 to 06, so that they work only at night-no, because only one time interval is available for the day, without exception. But such things should be treated normally: the cloud is new, and Zyxel is constantly updating it.< / p>

Scheduling PoE

It is Much more interesting to immediately set the RADIUS and filtering settings with VLANs and apply them to new devices that will only be added to your network. This is what we talked about at the very beginning: you don't need to mess with each switch individually: you can specify basic things for all types of devices: for gateways, access points, and ZyXEL switches.

But still, if you are used to using the command line, Nebula is not your assistant here: there is no interface for accessing the device CLI from a single cloud management system.

Testing

Test bench:

  • Intel Xeon E5-2603 V4
  • ASRock Rack EPC612D4U-2T8R
  • Transcend DDR4-2400 ECC RDIMM
  • Seagate Exos 10E2400
  • Intel X550-T2 (PCI-E Passthrough to Guest VM)
  • VMWare ESXi 6.7
  • Windows 10 x64 1809

For testing, we will use an Intel X550-T2 network card running at 1 Gbit / s. We will conduct two stages of testing: UDP traffic from port 7 to port 9 without enabling Jumbo Frame in the network card parameters, and TCP traffic between the same ports when the maximum Jumbo Frame value of 9 KB is enabled in the network card parameters. For comparison, we will specify the speed when connecting ports directly.

Everything is perfect here, first of all, due to the large buffer available in the GS1920-8HP. Note that the switch in the circuit not only does not reduce the speed, but also increases it. As the packet size increases, the difference between a professional switch and a home one decreases, and we see that THE gs1200-8HP office switch shows itself to be an outsider in all tests, which is not surprising, because it is designed for TCP traffic with a large packet size.

But when tested in a network environment with a frame size of 9K, the GS 1920-8HP switch is inferior to all participants, but the lag does not exceed the measurement error.

Conclusions

Zyxel GS1920 is a series of very powerful and functional devices that can be used as access switches in networks of small providers. They have all the necessary functions for distinguishing VLANs, filtering traffic, and working with IP TV. The model under consideration, which is positioned for building a Wi-Fi network on small objects, is generally redundant for this purpose: most likely, you will not use even a third of the capabilities inherent in these devices in a hotel or country club, but you should choose Zyxel for this purpose solely for the sake of the Nebula cloud.

What you liked:

  • Very wide functionality for setting up and filtering
  • High performance
  • Lifetime warranty

What I didn't like:

  • Some nebula functionality requires purchasing a license

Yes, many sysadmins kick their heels in the chest, proud that they know all the command-line syntax by heart, but few people will refuse the convenience of a single interface in which your entire infrastructure is presented on the map at a glance. In the Nebula cloud, you can access traffic statistics, power consumption, firmware status, and most importantly, easily add new devices to your existing infrastructure. This approach significantly simplifies the administration of geographically distributed and large objects, and therefore reduces your own maintenance costs for your own objects.

Michael Degtjarev (aka LIKE OFF)
12/02.2019


Tags Switch ZyXEL network cloud

New articles

Read also:

Protecting the company's network with Zyxel USG Flex 100AX

Zyxel USG Flex 100AX is an entry–level security gateway that is designed for installation in small offices and branches, in cases where the company has strict security requirements or there is a complex multi-rank network in whi...