The manufacturer QNAP is not only focused on NAS and storage servers, but they are also launching a large number of switches to adapt to the needs of customers. All the QNAP manufacturer’s managed switches make use of the QNAP Switch System (QSS) operating system, with the same configuration options in all of them. Today in RedesZone we are going to see in detail all the configuration options of the QNAP QSW-M408-4C switch that we currently have in production, but it is valid for other manufacturer’s switches.
How is the QNAP Switch System (QSS) different from other switches?
The only differences that we will have in the QSS operating system in the different switches are the different physical Ethernet ports or the SFP and SFP + ports that it has. Depending on the number of ports we have, the firmware will adapt perfectly to the switch hardware. The same happens if we have a QNAP manageable PoE switch, we will have a specific menu to manage PoE efficiently. The rest of the management and configuration options are exactly the same in all of them, in addition, QNAP offers continuous updates to improve security, performance and increase the configuration options available on the switches.
All switches with the QNAP Switch System (QSS) operating system are managed via the web by HTTP and HTTPS, therefore, we will enter their administration with the web browser, we authenticate with the default username and password, or with the credentials that we we have put if we have changed the password.
In the main menu we can see the status of all ports, where we will see both the links that are down or there is no device connected, as well as the links that are up and working. In this menu we can also see the traffic per port, either in the Gigabit Ethernet or Multigigabit ports, as well as the traffic in the 10GbE ports. In the central right part we can see the exact model of the equipment, the private IP address, the MAC address of the equipment, the firmware version of the switch, the temperature (normal or above normal), and even the speed in real time of the fan built into the switches (if they have a fan).
In the upper right area we will have the date and time, as well as the management of the session via the web, where we can close the session, and also where we can restart the switch through the menu.
In the «Port Management» section we can see the status of the ports in detail, it will show us the same as we had in «Overview», but at the bottom we will have each and every one of the ports in detail, and the synchronization speed of the link. We will also have a port statistics section and we can even configure each and every one of the physical ports in detail.
In the upper section we would also have the possibility to see the status of the ports at the VLAN level, they will indicate which ports are in the different VLANs in a summarized way, but if you want to know in detail how the VLANs are configured, we will have to specifically go into the VLAN menu.
If we click on «Port Statistics» we will be able to see with graphs how many Bytes have been sent or received by the different ports, we will have very intuitive graphs that will allow us to know everything in detail, in addition, if we click in list format, we will be able to see a list of the physical ports and the number of Bytes that have been transferred. We will also have a “Clear” button to delete all records and start from scratch.
In the «Port Configuration» section we can configure all the physical ports with the following options:
- Enable or disable ports : we have the ability to disable ports as we want.
- Speed : we can configure the port speed in a specific way, either with Full-Duplex or Half-Duplex. The most normal thing is to always have it in “Auto” mode to have speed auto-negotiation, we recommend having it as “Auto”.
- Flow control : we can activate or deactivate flow control, we recommend having it activated.
The VLAN section is where we can segment the network properly with the 802.1Q VLAN Tagging standard. This will allow us to separate the different ports into different VLANs, and we can even pass the VLANs as tagged or untagged. Let’s remember what is the use of passing a VLAN as tagged or untagged:
- Untagged or untagged VLAN : when we put this on a port, we can only put one VLAN as untagged. Here we will connect any end equipment that we want to be in this particular VLAN.
- VLAN tagged or tagged : we can pass all the VLANs we want to the same port as tagged, in some switches this is called “trunk” mode. Here we will connect a NAS server that does understand VLANs to create different virtual interfaces, we can put a switch that is also in trunk mode or with the same VLANs, and we will even connect a professional AP that allows configuring Multiple SSIDs with one VLAN in each SSID.
In this menu we can configure each and every one of the 12 switch ports (or the ports that your switch has), as well as the LAGs that we can also configure with different VLANs. LAGs are the links configured with Link Aggregation.
For example, in our case we have a total of 5 VLANs, the VLAN ID 1 must always be there because it is the native one and the management one. Later, we can create different VLANs such as tagged (T) or untagged (U). We must remember that in a port there can be one or more VLANs as tagged, but there can only be one VLAN as untagged in a certain port. If you look at port 9, we have a total of 4 VLANs as tagged and one (VLAN ID 1) as untagged.
The way to configure the different VLANs per port is really simple, we click on edit in each VLAN that we have created with the «Add» button, and we select the ports we want as untagged or tagged, we click on «Save» and it will automatically be they will apply all the changes, without having to reboot the switch.
The Link Aggregation feature will allow us to create a LACP to join several physical ports in the same logical port, in this way, we can increase the bandwidth that goes to a NAS server or to another switch that is compatible with this protocol. QNAP allows us to configure it in LACP mode (which is recommended) and in static mode.
Performing the configuration is really simple, we simply configure a LAG with the identifier that you want, it is edited and the physical ports that we have are selected. To be able to select the ports of a LAG, the requirements must be met:
- Same sync speed setting. We cannot have a 1Gbps port and another 2.5Gbps port, the same synchronization speed is necessary.
- If VLANs are used, we must have exactly the same VLAN configuration (untagged and tagged) on both ports. In addition, it tells us in the help that the VLAN configuration is going to be reset, so if we are going to use VLANs in the LACP, we will have to choose LAG1 (or the configured identifier) to configure the VLANs. This is ideal to never make mistakes with the VLANs if we do a LACP.
- The other computer must also support LACP, otherwise we could have problems.
The Rapid Spanning-Tree Protocol allows us to avoid loops at the link layer level, in this way, if we connect one switch to another generating a loop, the switch will automatically detect the loop and block the port, to keep the network free of loops at the link layer level. The QSS operating system will allow us to enable or disable the RSTP protocol, we must remember that, if we use another switch that is not compatible with RSTP, it will work with the STP protocol.
Regarding the configuration options, we can configure the priority of the bridge, if the action of disabling the port is executed, we will see the status of the «Port Role» (Root port, designated or disabled) and also the status of the port (discarding, forwarding or blocked).
The QSS operating system does not have too advanced options, such as the possibility to configure the RSTP in more detail, using costs in the ports, using the Edge options, and even configure security parameters such as “Root Guard” or “BPDU Guard” for prevent possible attacks on the STP.
The Link Layer Discovery Protocol will allow network devices to announce their identity using this protocol, our recommendation is that you deactivate it if you really do not have other devices with LLDP on the network. In this menu we can see the remote computers that have been identified with LLDP, and also the MAC address table of the manageable switch.
IGMP Snooping is one of the most important protocols in switches, this protocol allows us to manage multicast traffic efficiently, so that it never saturates a switch or the entire network. In the configuration options we can enable the IGMP Snooping feature or disable it, to monitor the multicast network traffic and make sure that everything works correctly. We will also have the possibility to configure the blocking of the «Multicast flood» and even select which physical or logical ports (the LAGs) are being used as «Router Port» or as «Fast Leave».
If you do not have multicast traffic on your network, you can deactivate it without any problem, in case you are ever going to have multicast traffic, then you will have to activate it and configure it appropriately.
The ACLs or Access Control Lists will allow us to deny or allow the traffic that we want. We can create several ACLs, based on IPv4 address and also on MAC address. In this menu we can mark the traffic from a source to a specific destination, either by indicating the IP address or the MAC address, we must remember that the switches work at the L2 level, so they can control the traffic between MAC addresses without problems. Once the source and destination have been configured, we can apply it to different physical ports of the switch or to all of them, and, finally, what action should be done (allow or deny traffic).
This configuration option is very interesting to isolate certain computers from others, so if you only have QNAP switches to isolate different IP ranges, you can use it.
Managed switches from the manufacturer QNAP also have Quality Of Service technology, to prioritize traffic efficiently. We can configure both the DSCP protocol as well as the CoS, in addition, we can indicate the configuration of the different priority queues as we want. Finally, we can also configure the priority of the different physical ports, in this way, whenever we connect the different PCs to these ports, they will have the highest possible priority.
In the ” System Settings ” section is where we can see the hostname of the computer, which we can change. We will also see the exact model of the equipment, the MAC address of the equipment, the IP address, the time it has been in operation without restarting, and even the current version of the firmware of this professional switch.
In the “IP” section is where we can configure the switch’s DHCP client, to obtain the IP address, subnet, default gateway and also the DNS, however, we have the possibility to configure IP and DNS statically, from this way, the switch’s DHCP client will not act.
In the «Password» section is where we can change the current administration password, it is only necessary to put the current password and the new one, in addition, we will also have to confirm the new password to change.
The ” Time ” section is where we can configure the time zone, and perform a manual configuration or synchronize the time with a time server (NTP). This NTP server can be local or remote, as you can see in the following screenshot, our NTP server is on the network itself.
The “Backup & Restore” section is where we can save the current configuration of the manageable switch, as a backup in case we want to reset the equipment and test other configurations. We will also have the menu to restore the previously saved file, and we will even have two additional options: reset the administration password, and completely reset the switch to factory settings.
In the “Firmware Update” section is where we will see the current firmware and the firmware date, in addition, we can check if there is a new update. Normally, the managed switches without Cloud support always need to perform the updates manually, entering the manufacturer’s website, downloading the firmware and later uploading it. In the case of QNAP, just click on “Check for update” and it will automatically detect if we have an update, download and install it.
However, in the event that we want to carry out a manual update, because we have not given the switch access to the Internet through a firewall in the company, we can always carry out a manual update through “Firmware update”, loading the downloaded file from the official QNAP website.
As you have seen, the firmware of the QNAP manufacturer’s manageable switches are quite complete, we have the main configuration options that are needed in an L2 managed switch, but without going into too many very advanced configurations as we do find in other manufacturers.
Regarding the performance of the QNAP 10G Multigigabit switches, in the following screenshot you can see that we reached the maximum speed of the 10G interface, making use of Jumbo Frames at all times.
So far we have come with this complete analysis of the QNAP Switch System (QSS) firmware, if you have any questions with the configuration or with any feature you can leave us a comment.