Tools of Managed SWITCH 4008GT

1. Analyse Tools

SALZ WIZAR Dashboard

SALZ WIZAR Dashboard

The dashboard provides a clear overview of port statuses, including indicators for LINK-UP/LINK-DOWN and connection speed. Using clustered bar charts, it displays the packets per second (PPS) rate for each port, showing both transmission (Transmitting Port Broadcast Rate) and reception (Receiving Port Broadcast Rate) activity.

The CPU usage metric on the dashboard shows how much processing power the switch is currently using. This helps administrators monitor device workload and detect performance issues. High CPU usage may point to excessive traffic, configuration errors, or security threats. By tracking this data, administrators can take timely action to balance traffic, optimize performance, or investigate anomalies.

Memory usage is another key indicator that reveals how much system memory the switch is consuming. Monitoring this metric helps ensure that resources are used efficiently and that the switch runs smoothly. If memory usage remains high, it could cause slower performance or dropped packets. Identifying such trends allows administrators to adjust system configurations and maintain overall stability.

LED indicators in the corner of the dashboard provide a real-time visual status of the switch’s current operational state.

Diagnostic Tools

The diagnostic tools in the SWITCH 4008GT help network administrators monitor and troubleshoot network connectivity, performance, and security. They play an important role in keeping the network stable and running smoothly.

The Alarm section shows the status of alarm outputs and the reasons behind them. It also allows administrators to view and change the DIP switch settings directly from the interface.

Port-Based Mirroring lets administrators copy the network traffic from one port to another (the destination port) for detailed inspection. This helps them check network performance, identify problems, monitor activity, and detect any unusual or suspicious data flow.

The Port Statistics and Port Utilization sections show detailed information about data being sent and received, including packet counts, data rates, and usage percentages. These tools help administrators monitor performance, find issues, and keep the network running efficiently.

The Syslog feature records messages from different network devices and lists events as they happen. This helps in tracking network health, troubleshooting problems, finding security issues, and staying compliant with internal policies or regulations.

Port Link Down Statistics provide information about link failures or disconnections for each port.
They include:

  • Port Status: Shows whether each port is active (linked up) or inactive (linked down).

  • Link Down Events / Error Counters: Displays how many times a port has lost connection or failed.

  • Historical Trends: Helps identify repeated issues, track changes over time, and improve network reliability.

These diagnostic tools help administrators detect problems early, fix them quickly, and ensure reliable network operation with minimal downtime.

 

Network Management

Network management in switches includes the administration, monitoring, and control of the switch to ensure reliable performance, efficiency, and security. The SWITCH 4008GT supports different versions of SNMP (Simple Network Management Protocol), including SNMPv3, which offers a more secure and reliable management framework for modern networks.

SNMPv3 Security Features:

  • Authentication: Uses cryptographic algorithms like HMAC-MD5 and HMAC-SHA to confirm that messages come from trusted sources and are not altered during transmission.

  • Encryption: Supports encryption standards such as DES and AES to keep SNMP messages private and protected from unauthorized access.

  • Access Control: Uses a User-Based Security Model (USM) that allows administrators to set different user profiles with specific permissions, providing fine control over who can access or modify SNMP data.

SNTP (Simple Network Time Protocol):
The switch also supports SNTP, which keeps consistent time across network devices. Accurate time synchronization helps maintain proper logging, auditing, and coordination in distributed systems. It also supports time-based applications, security features like event timestamping, and other time-dependent protocols.

2. Configuration Tools

Port Settings

Port Settings

The Port Configuration section displays the various ports available on your switch. Each port is assigned a unique numerical identifier. From this particular section of the GUI, the data transmission between the various ports can be controlled. The state column indicates weather the particular port is enabled or not. The Speed column indicates the data transmission and reception speed for each port, typically measured in Mbps or Gbps and 'duplex' in the column specifies the communication mode of the port, whether it can transmit and receive data simultaneously (Full Duplex) or only perform one operation at a time (Half Duplex). Using this you can control the activities of the port. Flow control is crucial for managing data flow between devices connected to the switch. In the Flow Control Settings section, you can control the flow control behavior for each port. The table displays the port number, along with the options to enable or disable flow control for both sending and receiving data.

A network loop occurs when there is a redundant or unintended connection between network devices, causing data to continuously circulate within the loop and resulting in a broadcast storms and disrupt network connectivity. This can severely impact network performance and stability. Loop detection, as the name suggests, detects the loops in the network and therefore lets you preventing and configuring them. Recovery state represents the current state of the network in terms of connectivity, stability, and operational status after a failure or disruption has occurred. Recovery time is the duration required for a network or a network component to return to a fully operational and functional state after a failure or disruption. Recovery time includes activities such as identifying and diagnosing the cause of the failure, implementing necessary corrective measures, re-establishing network connections, and ensuring the network is stable and operational.

The 802.1p priority feature allows network administrators to assign different levels of priority to different types of network traffic. By assigning priorities, it becomes possible to prioritize certain types of traffic over others, ensuring that critical or time-sensitive data is transmitted with minimal delay or interruption.

VLAN und Port-Isolation

Mit dem SWITCH 4008GT können Benutzer VLANs (Virtual Local Area Networks) erstellen und konfigurieren. Ein VLAN verhält sich wie ein physisches LAN, gruppiert aber Geräte logisch – auch wenn sie an verschiedenen Ports oder Switches angeschlossen sind. So lässt sich ein physisches Netzwerk in mehrere virtuelle Netzwerke aufteilen. VLANs verbessern die Netzwerksegmentierung, Leistung und Sicherheit. Sie eignen sich, um Abteilungen zu trennen, Gastnetzwerke vom internen Netz zu isolieren oder bestimmte Anwendungen zu priorisieren.

Das benutzerfreundliche Dashboard des SWITCH 4008GT erlaubt die Konfiguration von bis zu 5 VLANs pro Interface (Format: 1,3,7,10,25). Der Switch unterstützt auch Port Trunking, um Datenverkehr mehrerer VLANs gleichzeitig zu übertragen.

Port-Isolation schränkt innerhalb eines VLANs die Kommunikation zwischen Geräten an verschiedenen Ports ein. In Kombination mit VLANs bieten beide Funktionen starken Schutz und präzise Datensteuerung: VLANs trennen Gruppen logisch, Port-Isolation verhindert internen Datenverkehr innerhalb derselben VLAN.

Firmware-Update und Konfiguration

Der SWITCH 4008GT ermöglicht das Speichern individueller Konfigurationen und bietet regelmäßige Firmware-Updates. Beide Funktionen sind wichtig aus folgenden Gründen:

  • Sicherheitsupdates: Netzwerksicherheit entwickelt sich ständig weiter. Aktuelle Firmware schützt vor neuen Bedrohungen, unbefugtem Zugriff und Datenlecks durch die neuesten Sicherheitsfunktionen.
  • Fehlerbehebungen und Stabilität: Updates beheben Fehler, verbessern die Stabilität und optimieren die Leistung. Sie bringen auch neue Funktionen und erweitern die Möglichkeiten des Switches.
  • Konfigurationssicherung: Das Speichern der Konfiguration erhält alle Netzwerkeinstellungen. Nach einem Update oder Systemausfall lässt sich der Switch schnell wiederherstellen – ohne manuelle Neukonfiguration.
  • Rechtskonformität: In vielen Branchen sind regelmäßige Updates und Konfigurations-Backups vorgeschrieben. Sie zeigen, dass Sicherheit, Datenschutz und Branchenstandards eingehalten werden.

With SWITCH 4008GT users can configure and create VLANs (Virtual Local Area Networks). A VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if they are not located on the same network switch which means, logical segmentation of a physical network into multiple virtual networks. By using VLANs, network administrators can achieve network segmentation, improve network performance, and enhance security. VLANs can be used to separate different departments within an organization, isolate guest networks from internal networks, or prioritize traffic for specific applications or users. The user friendly and easy to use dashboard of SWITCH 4008GT user can configure a maximum of 5 VLANs on each interface in the format 1,3,7,10,25. This product is also capable of port trunking which means it is capable of carrying traffic for multiple VLANs simultaneously.

Port isolation feature is typically implemented within a single VLAN. By enabling port isolation on specific switch ports, network administrators can restrict the communication between devices within that VLAN.

When port isolation and VLANs are used together, they provide a powerful combination for network security and traffic control. Port isolation restricts communication between devices on the same switch port, while VLANs enable logical separation and control of traffic between different groups of devices.

 

Firmware Update and Configuration

SWITCH 4008GT comes with a feature where users are allows to save their desired configuartion on a switch and regular upadtes for the firmware are provided as well. The importance of the following are:

  • Security Update: Network security is an evolving theme. It gets better and better with time and it is imprtant to have the latest security features on the device. By updating the firmware, you ensure that your switch has the latest security enhancements, reducing the risk of unauthorized access, data breaches, or network compromises. It helps protect your network and connected devices from potential threats.
  • Bug Fixes and Stability: Firmware updates address bugs, stability issues, or performance optimizations. It helps maintain the stability and performance of your network infrastructure and enhances the features and introduces new functionalities to the switch.

  • Configuration Persistence: Saving the configuration of your switch is crucial to preserve your network settings and customized configurations. By saving the configuration, you can restore the switch to its desired state after a firmware update or in case of a system failure. It simplifies the recovery process and minimizes the time and effort required to reconfigure the switch manually.

  • Regulatory Compliance: In some industries, regulatory standards and compliance requirements may mandate regular firmware updates and configuration backups. By adhering to these requirements, you demonstrate a commitment to network security, data protection, and industry best practices.

3. Security Tools

Network Access Control Protocol IEEE 802.1X

Network Access Control Protocol IEEE 802.1X

IEEE 802.1X or EAPOL (Extensible Authentication Protocol over LAN), is a network access control protocol that provides port-based authentication for devices attempting to connect to a local area network (LAN) or a wired network switch.

With 802.1X, our switch ensures that your network remains secure by allowing only authorized devices to connect and access valuable resources and provides robust port-based authentication, giving you full control over who can join your network. This feature acts as a gateway, allowing access to the network only after successful authentication.

  • With 802.1X, only devices with valid and verified credentials can join your network. This eliminates the risk of malicious actors infiltrating your network infrastructure.
  • User accountability is another advantage of our 802.1X feature. Each user's credentials are tied to their network connection, allowing you to track and monitor individual user activities. This level of transparency aids in identifying potential security breaches and ensuring compliance with your organization's policies.
  • Moreover, our switch enables you to enforce stringent security policies. You can require the use of strong passwords, regular password changes, or the utilization of digital certificates for heightened security. These policies contribute to a robust security posture for your network.
  • The port-based control provided by 802.1X ensures that even if an unauthorized device is physically connected to our switch, it remains isolated until successful authentication occurs. This prevents unauthorized access and strengthens your network's defenses.
  • With our 802.1X feature, you can provide temporary network access to visitors or contractors, while maintaining a secure network environment. Guest users can be granted limited access privileges, keeping your critical resources protected.
  • Our product's integration with an authentication server, such as a RADIUS server, offers centralized management capabilities. You can efficiently manage user accounts and authentication policies from a single point, ensuring consistent security enforcement across your network.

Port Security

Port Security further bolster the network security. Port Security enables you to restrict access to a specific switch port by controlling the number and type of devices that can connect to it.

With Port Security, you can define and enforce rules to ensure that only authorized devices are allowed to connect to a designated port. This feature helps prevent unauthorized devices from gaining access to your network and protects against potential security breaches.

  1. Authorized Device Control: Port Security allows you to specify the MAC addresses of authorized devices that are permitted to connect to a particular port. This prevents unauthorized devices from connecting to the network and helps maintain a trusted device inventory.

  2. Limiting Device Connections: You can set a maximum limit on the number of devices that can be connected to a port. This ensures that only a predetermined number of devices can access the network through that specific port, preventing unauthorized or excessive connections.

  3. MAC Address Learning: Port Security learns and stores the MAC addresses of connected devices. If an unauthorized device attempts to connect to a secured port, it can be detected and denied access based on its unrecognized MAC address, providing an additional layer of protection.

  4. Security Violation Actions: When a security violation occurs, such as an unauthorized device attempting to connect or multiple devices exceeding the allowed limit, Port Security can be configured to take specific actions. These actions may include shutting down the port, generating an alert, or notifying network administrators, helping to identify and address security incidents promptly.

  5. Protection against MAC Spoofing: Port Security helps guard against MAC address spoofing, where an attacker attempts to impersonate an authorized device by using its MAC address. By verifying the authenticity of MAC addresses, Port Security prevents such spoofing attempts and maintains the integrity of your network.

Access Control List

Access Control Lists (ACLs) provide granular control over network traffic, allowing you to filter and control communication based on specific criteria, enhancing network security and protecting against unauthorized access.

With ACLs, you have the ability to filter and control network traffic based on various criteria, such as source IP addresses, destination IP addresses, protocols, ports, and more. This granular control empowers you to permit or deny specific types of traffic, effectively protecting your network from unauthorized or potentially malicious activity.

  1. Traffic Filtering: ACLs enable you to filter network traffic based on specific conditions. By defining rules, you can allow or deny traffic flow between different network segments, subnets, or individual devices. This helps prevent unauthorized access to sensitive resources and mitigates the risk of attacks or data breaches.

  2. Protection against Denial of Service (DoS) Attacks: ACLs can be configured to identify and block traffic associated with known DoS attack patterns. By dropping or rate-limiting malicious traffic, ACLs help maintain network availability and protect critical services from being overwhelmed by malicious requests.

  3. Network Segmentation: ACLs facilitate network segmentation by allowing you to control communication between different segments. By separating devices into logical groups, you can restrict access to sensitive data and limit lateral movement in the event of a security breach. This containment strategy enhances network security and reduces the potential impact of a breach.

  4. Application Control: ACLs can be utilized to regulate specific applications or services by filtering traffic based on protocols and ports. For example, you can block or allow access to certain applications or ports, such as restricting peer-to-peer file sharing or permitting only authorized communication channels. This helps enforce security policies and minimize the attack surface of your network.

  5. Fine-Grained Access Control: ACLs allow you to define access permissions at a detailed level. You can specify which devices or IP addresses are allowed to communicate with specific network resources. This level of control helps enforce the principle of least privilege, ensuring that only authorized devices or users can access critical assets.

  6. Traffic Prioritization: ACLs can prioritize certain types of traffic over others, ensuring that critical applications or services receive the necessary bandwidth and resources. By assigning priority levels to specific traffic flows, you can optimize network performance and maintain service availability even during periods of high utilization.

Contact our Technical Sales: Christian Kürten

christian.kuerten@salz-automation.com

WhatsApp Chat

  +49 5222 93 53 5-30

Contact us