Today we are looking at one of the most advanced managed switches on the market. Not so long ago, Zyxel built support for Nebula’s cloud – based management system into its professional devices, allowing you to set up and maintain a network on-site simply, and most importantly-remotely. Just imagine: the installer connects the cables, checks the connection, calls the Central office-and the system administrator via the Internet downloads the configuration immediately to all devices, including switches and access points. Configures all the work is not” in the field”, and in his usual chair, with access to documentation and full Internet. He does not need to go anywhere and spend time: management and configuration, as well as firmware updates – everything is done from a single Web-interface.
I’m sure you already know about the cloud system Zyxel Nebula, so we will move its description further in the text, and start with the switch GS1920, because it is something really unusual and cool.
Zyxel GS1920 – if you need PoE
The GS1920 series includes models for 8/24/48 ports, each of which has a PoE version, in which all ports, except trunk (although there is no division into local and Uplink ports – they are all equivalent), support the power standard for the twisted pair 802.3 at. And the manufacturer did not stint on the power supply units: the 8-port version has a power budget of 130 W,and the other two-375 W. Today, these switches are used for the most promising ultra-high-definition video surveillance networks and access points with 802.11 ac support, with speeds above 1 Gbit/s. Each port can be allocated up to 25.5 W of power, which is 5 times the consumption of the average access point or 4G-WiFi gateway, and which is enough for a powerful LED spotlight.
For testing we came youngest model Zyxel GS-1920-8HPv2 with 8 PoE ports and 2 combo RJ45/SFP ports for backbone connections. Even such a Junior model has a built-in power supply, so that in the telecommunications Cabinet it takes a minimum of space: 1 unit in width and 162 mm in depth.
The switch includes a power supply unit production of the Chinese company Gospower. I have not met this company before, and I was pleasantly surprised to see that the efficiency of this power supply is 85%, the power factor is 0.90, and expensive Japanese rubycon capacitors with a temperature rating of 105 degrees Celsius are used in the design.
Still draw attention to the giant radiators on the chips of the switch: Zyxel has set a goal to make the switch stable without the use of active cooling, and in 10-port models it succeeded, and in the specification GS1920 – 8HPv2 stated time between failures – 514 thousand hours, or 58 years of continuous operation, and these devices are covered by a lifetime warranty!
The switch stores 2 firmware versions and 2 configuration files in memory, so if you have failed to update or clicked the wrong way, you can easily roll back the changes.
It is necessary to add that if PoE-functions for you are defining, then in the interface of the switch you are available: monitoring of power consumption on ports and the free budget of PoE on the device, and also statistics of consumption of PoE-devices.
GS1920 – if you need filtering
Zyxel calls the GS1920 v2 series “smart managed switches,” and there are already OSI layer 3 and 4 management features, such as IP address filtering, TCP/UDP socket filtering, authentication, and VLAN distribution through the RADIUS server. There are 3 methods available to configure traffic priorities: SPQ, WRR, WFQ, plus IP/TCP/UDP speed limits per port.
Our tests show that prioritizing 802.1 p traffic using SPA costs about 10% of the switch bandwidth on small packets, which is within the measurement error.
GS1920-if you build a video wall or configure Multicast traffic
If you plan to actively use video broadcasting in your network, well, for example, to build complex configurations of video walls through HDMI-over-IP devices, and even add to the IPTV network, then Zyxel GS1920 has a full set of tools for you: traditional IGMP Snooping version 1/2/3, IGMP filtering function for binding multicast profiles to individual ports, IGMP trottling to control the number of IGMP groups on one interface, IGMP proxying and MVR.
MVR allows you to create separate VLANs for Multicast traffic, isolated from subscriber virtual networks, but at the same time allow the subscriber, located in another VLAN-e, to connect to Multicast-VLAN-provider and watch the broadcast channel there. MVR works independently of IGMP Snooping and operates with multicast group IP addresses.
GS1920-if you need functions to work with IP addresses and VLANs
The switch has a PPPoE client and basic routing rules configuration, plus priority rules based on port, MAC address, and IP address. The GS1920 itself can act as a DHCP repeater. There is a limit to the number of MAC addresses served by a single port, an ACL filtering of IPV4/IPV6 packets, and a speed limit for specified IP addresses on a given port.
You can create virtual networks based on physical ports, MAC addresses, protocols, IP address ranges, and source/destination over MAC/IP using LACP algorithms.
By the way, ports can be combined in a trunk according to the ACPI standard (8 tanks up to 8 ports in each are supported), but in such a switch this will not surprise anyone.
As you can see, the functionality of the Zyxel GS1920 series is sufficient to work in the network of a small provider with IP-TV and in the network of a small enterprise. It is particularly interesting that all this functionality is available in a 10-port model that can be used as a root switch for a small business center or hotel.
In this variety of functions is not enough except that the built-in command-line terminal and search settings: apparently, Zyxel has invested all its strength in the Nebula cloud, so its own web-interface GS1920 both ugly and uncomfortable.
Of course, the highlight of GS1920 – it management via the cloud Nebula. This is a centralized management system, in which all your organizations (for companies serving the network on the remote site), all offices, all access points/gateways/switches with full statistics of traffic, PoE consumption, firmware updates and load on devices are available in one browser window. The algorithm of working with the cloud is very simple: first you register on the Nebula website and add offices of your organization. Then choose the office where you want to add the device, and from the mobile application scan the QR-code in the web-interface of this device. All, it automatically preattached in your Arsenal, and what is most interesting – from my own web interface for the device lost almost all settings. Of course, the device can be returned to the offline state by removing from the cloud, but note that even a factory reset does not remove the binding to Nebula: as soon as the switch feels the Internet, it immediately connects to the cloud. So if you have access points stolen on the object, then it is useless to do it with Zyxel: wherever the attacker puts them, they will remain under your control.
In general, the convenience of Nebula is that on one tab you can see the statistics and immediately take some action. For access points, for example, the most active clients are immediately visible, which in two clicks can change the access policy, disable authorization or block altogether.
For the switch-even more convenient: just open the port that you are interested in: here you are immediately given a graph of traffic in both directions, power consumption on the port (if we are talking about PoE), statistics, including IGMP and the number of errors. Click on the port and you will be able to enable STP, loop protection, enable or disable PoE or configure bandwidth control.
For more complex settings, such as filtering or IGMP, there are still separate menu items, and here the only difference from configuring the switch via the Web-interface is that in the cloud it is more beautiful and convenient.
But of course, the main charm of the cloud is in the General settings, which you can apply in batches to any new device, and here… there is and for that praise Zyxel, and for that scold. Well, for example, you can create a PoE schedule to centrally turn on and off some devices at the facilities, saving electricity. And that’s to turn the power on from 09 to 18 you can, and from 18 to 06, to work only at night – no, because days is available only one time interval, without exception. But such things should be treated normally: the cloud is new, and Zyxel is constantly refining it.
It is much more interesting to set RADIUS and VLAN filtering settings at once and apply them to new devices that will only be added to your network. This is what we talked about in the beginning: no need to mess with each switch individually: the basic things you can specify for all type of devices: for gateways, access points and ZyXEL switches.
But still, if you are used to operating in the command line, Nebula is not an assistant to you here: there is no interface to access the CLI of the device from a single cloud management system.
- Intel Xeon E5-2603 V4
- ASRock Rack EPC612D4U-2T8R motherboard
- Memory: Transcend DDR4 – 2400 ECC RDIMM
- Hard drive: Seagate Exos 10E2400
- Intel X550-T2 network card (PCI-E Passthrough to Guest VM)
- Hypervisor: VMWare ESXi 6.7
- Guest operating systems: Windows 10 x64 1809
For testing we will use a network card Intel X550-T2 operating at speeds of 1 Gbit/s, will Hold a two stage test: UDP traffic with 7 port 9 port without enabling Jumbo Frame in the network card settings and TCP traffic between the same two ports when the network cards are enabled the maximum value of the Jumbo Frame of 9 KB. For comparison, we will specify the speed for direct connection of ports.
Everything here is perfect, first of all, due to the large buffer available in GS1920-8HP. Note-the switch in the circuit not only does not reduce speed,but also increases. With the growth of the packet size, the difference between a professional switch and a home one decreases, and we see that the GS1200-8HP office switch in all tests shows itself as an outsider, which is no wonder, because it is designed for TCP-traffic with a large packet size.
But when tested in a network environment with a frame size of 9K, the GS 1920-8HP switch is inferior to all participants, but the lag does not exceed the measurement error.
Zyxel GS1920 is a series of very powerful and functional devices that can be used as access switches in networks of small providers. All the necessary functions for distinguishing between VLAN-s, traffic filtering and work with the IP TV. The model under consideration, positioned to build a Wi-Fi network on small objects, in General, for this purpose is redundant: most likely, neither in a hotel nor in a country club, you do not use even a third of the opportunities inherent in these devices, but to choose for this purpose Zyxel should be solely for the sake of the Nebula cloud.
What I liked:
- A very wide range of functions for configuring and filtering
- High performance
- Lifetime warranty
What’s not to like:
- Some Nebula functionality requires a license purchase
Yes, many sysadmins beat yourself heel in the chest, proud that you know all the command-line syntax by heart, but few give up the convenience of a single interface in which your entire infrastructure is represented on the map, at a glance. In the Nebula cloud, you have access to traffic statistics, power consumption, firmware status, and most importantly, easy addition of new devices to your existing infrastructure. This approach greatly simplifies the administration of geographically distributed and large objects, and therefore reduces your own maintenance costs of your own objects.