GS3700/XGS3700 Series GbE L2+ Switch Version 4.10 Edition 1, 05/2013 Quick Start Guide User’s Guide Default Login Details IP Address http://192.168.0.1 (Outof-band MGMT port) http://192.168.1.1 (Inwww.zyxel.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. Note: This guide is a reference for a series of products. Therefore some features or options in this guide may not be available in your product. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.
Contents Overview Contents Overview User’s Guide .......................................................................................................................................19 Getting to Know Your Switch ...................................................................................................................21 Hardware Installation and Connection ....................................................................................................27 Hardware Overview ....................
Contents Overview Differentiated Services ..........................................................................................................................290 DHCP ....................................................................................................................................................298 VRRP ....................................................................................................................................................313 Load Sharing ................
Table of Contents Table of Contents Contents Overview ..............................................................................................................................3 Table of Contents .................................................................................................................................5 Part I: User’s Guide ......................................................................................... 19 Chapter 1 Getting to Know Your Switch............................
Table of Contents Chapter 4 The Web Configurator ........................................................................................................................39 4.1 Introduction .......................................................................................................................................39 4.2 System Login .................................................................................................................................39 4.3 The Web Configurator Layout .
Table of Contents 6.9.8 IPv6 Router Discovery Setup ..................................................................................................81 6.9.9 IPv6 Prefix Setup .....................................................................................................................82 6.9.10 IPv6 Neighbor Setup .............................................................................................................84 6.9.11 DHCPv6 Client Setup ................................................
Table of Contents 11.1.2 How STP Works .................................................................................................................. 113 11.1.3 STP Port States .................................................................................................................. 113 11.1.4 Multiple RSTP .................................................................................................................... 113 11.1.5 Multiple STP .................................................
Table of Contents Chapter 16 Port Authentication ..........................................................................................................................152 16.1 Port Authentication Overview .......................................................................................................152 16.1.1 IEEE 802.1x Authentication .................................................................................................152 16.1.2 MAC Authentication ..................................
Table of Contents 21.1.1 VLAN Stacking Example ......................................................................................................177 21.2 VLAN Stacking Port Roles ............................................................................................................178 21.3 VLAN Tag Format ..........................................................................................................................179 21.3.1 Frame Format .................................................
Table of Contents 23.2.2 TACACS+ Server Setup ..................................................................................................213 23.2.3 AAA Setup ...........................................................................................................................215 23.2.4 Vendor Specific Attribute .....................................................................................................217 23.2.5 Tunnel Protocol Attribute ..............................................
Table of Contents 27.2 Configuring Layer 2 Protocol Tunneling ........................................................................................254 Chapter 28 sFlow..................................................................................................................................................256 28.1 sFlow Overview .............................................................................................................................256 28.2 sFlow Port Configuration ...........
Table of Contents Chapter 34 Static Route .......................................................................................................................................281 34.1 Static Routing Overview ..............................................................................................................281 34.2 Static Routing ................................................................................................................................281 34.
Table of Contents 37.5.1 DHCPv4 VLAN Port Configure ...........................................................................................308 37.5.2 Example: DHCP Relay for Two VLANs ...............................................................................309 37.6 DHCPv6 Relay .............................................................................................................................. 311 Chapter 38 VRRP...........................................................................
Table of Contents 41.8.3 GUI-based FTP Clients ........................................................................................................336 41.8.4 FTP Restrictions .................................................................................................................336 Chapter 42 Access Control .................................................................................................................................337 42.1 Access Control Overview .........................
Table of Contents 45.3 Clustering Management Configuration ........................................................................................369 Chapter 46 MAC Table .........................................................................................................................................371 46.1 MAC Table Overview ....................................................................................................................371 46.2 Viewing the MAC Table ..........................
Table of Contents Appendix A Common Services ........................................................................................................389 Appendix B IPv6 ..............................................................................................................................393 Appendix C Legal Information .........................................................................................................403 Index ....................................................................
Table of Contents 18 GS3700/XGS3700 Series User’s Guide
P ART I User’s Guide 19
C HAPT ER 1 Getting to Know Your Switch This chapter introduces the main features and applications of the Switch. 1.1 Introduction Your Switch is a stackable, layer 2+, Gigabit Ethernet (GbE) switch with two power slots for hotswappable RPS300 or RPS600-HP power modules. The Switch provides four SFP or SFP+ slots for uplink or stacking. It can operate together with other stackable switches and allows you to remotely manage them from one switch using one single IP address.
Chapter 1 Getting to Know Your Switch the Switch. You can provide a super-fast uplink connection by using the optional 10 Gigabit uplink module on the Switch. Figure 1 Bridging Application Backbone Sales RD 1.1.2 High Performance Switching Example The Switch is ideal for connecting two geographically dispersed networks that need high bandwidth. In the following example, a company uses the optional 10 Gigabit uplink modules to connect the headquarters to a branch office network.
Chapter 1 Getting to Know Your Switch 1.1.3 Gigabit Ethernet to the Desktop The Switch is an ideal solution for small networks which demand high bandwidth for a group of heavy traffic users. You can connect computers and servers directly to the Switch’s port or connect other switches to the Switch. Use the optional 10 Gigabit uplink module to provide high speed access to a data server and the Internet.
Chapter 1 Getting to Know Your Switch Shared resources such as a server can be used by all ports in the same VLAN as the server. In the following figure only ports that need access to the server need to be part of VLAN 1. Ports can belong to other VLAN groups too. Figure 4 Shared Server Using VLAN Example 1.1.5 IPv6 Support IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.
Chapter 1 Getting to Know Your Switch • SNMP. The device can be monitored and/or managed by an SNMP manager. See Section 42.3 on page 337. 1.3 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively. • Change the password. Use a password that’s not easy to guess and that consists of different types of characters, such as numbers and letters. • Write down the password and put it in a safe place.
Chapter 1 Getting to Know Your Switch 26 GS3700/XGS3700 Series User’s Guide
C HAPT ER 2 Hardware Installation and Connection This chapter shows you how to install and connect the Switch. 2.1 Freestanding Installation 1 Make sure the Switch is clean and dry. 2 Set the Switch on a smooth, level surface strong enough to support the weight of the Switch and the connected cables. Make sure there is a power outlet nearby. 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and the power cord.
Chapter 2 Hardware Installation and Connection 2.2 Mounting the Switch on a Rack This section lists the rack mounting requirements and precautions and describes the installation steps of how to mount the Switch in a 19-inch rack with the included rack mounting kit. Note: ZyXEL provides extensible rear mounting brackets (RM400) to install the Switch in a 21-inch, 23-inch or 24-inch rack. See the RM400 Hardware Installation Guide. 2.
Chapter 2 Hardware Installation and Connection 7 Slide the rear bracket along the rail and set the bracket in place depending on the depth of the rack. The rear brackets can be used with a 19-inch rack. Rear Bracket Sliding Rail Front Bracket You may now mount the Switch on a rack. Proceed to the next section. 2.5 Mounting the Switch on a Rack Use the M6 rack screws (larger than the M4 screws) to mount the Switch with brackets on the rack.
Chapter 2 Hardware Installation and Connection 6 Repeat steps 4 and 5 to attach the other rear mounting bracket on the other side of the rack. Rear Front 2.6 Power Module Installation There is one power module installed in the first power slot of the Switch by default. See the Power Module Hardware Installation Guide for how to install a second power module or remove the power module.
C HAPT ER 3 Hardware Overview This chapter describes the front panel and rear panel of the Switch and shows you how to make the hardware connections. 3.1 Front Panel Connections The figure below shows the front panel of the Switch.
Chapter 3 Hardware Overview Figure 7 Front Panel: XGS3700 Series The following table describes the ports. Table 2 Panel Connections CONNECTOR DESCRIPTION 24 or 48 10/ 100/1000Base-T RJ-45 Ethernet Ports Connect these ports to a computer, a hub, an Ethernet switch or router. 4 SFP or SFP+ Slots Use Small Form-Factor Pluggable (SFP) or SFP+ transceivers in these ports for fiber-optic or copper connections to a computer, a hub, an Ethernet switch or router.
Chapter 3 Hardware Overview 3.1.1.1 Default Ethernet Settings The factory default negotiation settings for the Ethernet ports on the Switch are: • Speed: Auto • Duplex: Auto • Flow control: Off • Dual Personality Interface: Fiber-optic module first 3.1.2 SFP/SFP+ Slots These are four slots for Small Form-Factor Pluggable (SFP) or SFP+ modules, such as an SFP/SFP+ transceiver. The SFP+ (SFP Plus) is an enhanced version of the SFP and supports data rates of 10 Gbps.
Chapter 3 Hardware Overview 3 The Switch automatically detects the installed transceiver. Check the LEDs to verify that it is functioning properly. Figure 9 Installed Transceiver 3.1.2.2 Transceiver Removal Use the following steps to remove a transceiver. 1 Open the transceiver’s latch (latch styles vary). Figure 10 Opening the Transceiver’s Latch Example 2 Pull the transceiver out of the slot. Figure 11 Transceiver Removal Example 3.1.
Chapter 3 Hardware Overview • VT100 terminal emulation • 9600 bps • No parity, 8 data bits, 1 stop bit • No flow control Connect the male 9-pin end of the RS-232 console cable to the console port of the Switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer. 3.2 Rear Panel The following figures show the rear panels of the Switch.
Chapter 3 Hardware Overview Disconnecting the Power The power input connectors can be disconnected from the power source individually. 1 Disconnect the power cord from the power outlet. 2 Disconnect the power cord from the AC power socket. 3.3 LEDs The following table describes the LEDs. Table 3 LEDs LED COLOR STATUS DESCRIPTION PWR1 (Power 1) Green On The system is receiving power from the power module in the first power slot.
Chapter 3 Hardware Overview Table 3 LEDs (continued) LED COLOR STATUS DESCRIPTION 1-24 or 148 Green Blinking The port is receiving or transmitting data at 10 or 1000 Mbps. On The port has a successful 10 or 1000 Mbps connection. LNK/ACT (Left) Amber Blinking The port is receiving or transmitting data 100 Mbps. On The port has a successful 100 Mbps connection. 1-24 or 148 Green Off This link is disconnected or the port is disabled. On Power is supplied to the PoE port.
Chapter 3 Hardware Overview 38 GS3700/XGS3700 Series User’s Guide
C HAPT ER 4 The Web Configurator This section introduces the configuration and functions of the web configurator. 4.1 Introduction The web configurator is an HTML-based management interface that allows easy Switch setup and management via Internet browser. Use Internet Explorer 6.0 and later or Firefox 2.0 and later versions. The recommended screen resolution is 1024 by 768 pixels. In order to use the web configurator you need to allow: • Web browser pop-up windows from your device.
Chapter 4 The Web Configurator 3 The login screen appears. The default username is admin and associated default password is 1234. The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen. Figure 13 Web Configurator: Login 4 Click OK to view the first web configurator screen. 4.3 The Web Configurator Layout The Status screen is the first screen that displays when you access the web configurator.
Chapter 4 The Web Configurator The following figure shows the navigating components of a web configurator screen. Figure 14 The Web Configurator Layout B C D E A A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window. B, C, D, E - These are quick links which allow you to perform certain tasks no matter which screen you are currently working in. B - Click this link to save your configuration into the Switch’s nonvolatile memory.
Chapter 4 The Web Configurator In the navigation panel, click a main link to reveal a list of submenu links. Table 4 Navigation Panel Sub-links Overview BASIC SETTING ADVANCED APPLICATION IP APPLICATION MANAGEMENT The following table describes the links in the navigation panel. Table 5 Navigation Panel Links LINK DESCRIPTION Basic Settings 42 System Info This link takes you to a screen that displays general system and hardware monitoring information.
Chapter 4 The Web Configurator Table 5 Navigation Panel Links (continued) LINK DESCRIPTION IPv6 This link takes you to a screen where you can enable an IPv6 interface and configure the IPv6 settings on the Switch. Advanced Application VLAN This link takes you to screens where you can configure port-based or 802.1Q VLAN (depending on what you configured in the Switch Setup menu). You can also configure a protocol based VLAN or a subnet based VLAN in these screens.
Chapter 4 The Web Configurator Table 5 Navigation Panel Links (continued) LINK DESCRIPTION PPPoE This link takes you to screens where you can configure how the Switch gives a PPPoE termination server additional subscriber information that the server can use to identify and authenticate a PPPoE client. Errdisable This link takes you to a screen where you can configure CPU protection and error disable recovery.
Chapter 4 The Web Configurator 4.3.1 Change Your Password After you log in for the first time, it is recommended you change the default administrator password. Click Management > Access Control > Logins to display the next screen. Figure 15 Change Administrator Login Password 4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off.
Chapter 4 The Web Configurator 4 Disable all ports. 5 Misconfigure the text configuration file. 6 Forget the password and/or IP address. 7 Prevent all services from accessing the Switch. 8 Change a service port number but forget it. Note: Be careful not to lock yourself and others out of the Switch. If you do lock yourself out, try using out-of-band management (via the management port) to configure the Switch. 4.
Chapter 4 The Web Configurator 6 After a configuration file upload, type atgo to restart the Switch. Figure 16 Resetting the Switch: Via the Console Port Bootbase Version: V1.00 | 12/11/2012 13:49:40 RAM: Size = 524288 Kbytes DRAM POST: Testing: 524288K OK DRAM Test SUCCESS ! ZyNOS Version: V4.10(AAGB.0)b2_20130107 | 1/7/2013 20:10:8 Press any key to enter debug mode within 3 seconds. ..................................... Enter Debug Mode ras> atlc Starting XMODEM upload (CRC mode)....
Chapter 4 The Web Configurator 48 GS3700/XGS3700 Series User’s Guide
P ART II Technical Reference 49
C HAPT ER 5 System Status and Port Statistics This chapter describes the system status (web configurator home page) and port details screens. 5.1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details. 5.2 Port Status Summary To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next.
Chapter 5 System Status and Port Statistics The following table describes the labels in this screen. Table 6 Status LABEL DESCRIPTION Port This identifies the Ethernet port. Click a port number to display the Port Details screen (refer to Figure 19 on page 53). Name This is the name you assigned to this port in the Basic Setting > Port Setup screen. Link This field displays the speed (such as 100M for 100 Mbps, 1000M for 1000 Mbps, or 10G for 10 Gbps) and the duplex (F for full duplex).
Chapter 5 System Status and Port Statistics 5.2.1 Status: Port Details Click a number in the Port column in the Status screen to display individual port statistics. Use this screen to check status and detailed performance data about an individual port on the Switch. Figure 19 Status: Port Details The following table describes the labels in this screen. Table 7 Status > Port Details LABEL DESCRIPTION Port Info Port NO. This field displays the port number you are viewing.
Chapter 5 System Status and Port Statistics Table 7 Status > Port Details (continued) LABEL DESCRIPTION RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port. Tx KBs/s This field shows the transmission speed of data sent on this port in kilobytes per second. Rx KBs/s This field shows the transmission speed of data received on this port in kilobytes per second.
Chapter 5 System Status and Port Statistics Table 7 Status > Port Details (continued) LABEL DESCRIPTION 256-511 This field shows the number of packets (including bad packets) received that were between 256 and 511 octets in length. 512-1023 This field shows the number of packets (including bad packets) received that were between 512 and 1023 octets in length. 1024-1518 This field shows the number of packets (including bad packets) received that were between 1024 and 1518 octets in length.
C HAPT ER 6 Basic Setting This chapter describes how to configure the Basic Setting screens. 6.1 System Information In the navigation panel, click Basic Setting > System Info to display the screen as shown. You can check the firmware version number and monitor the Switch temperature, fan speeds and voltage in this screen.
Chapter 6 Basic Setting The following table describes the labels in this screen. Table 8 Basic Setting > System Info LABEL DESCRIPTION System Name This field displays the descriptive name of the Switch for identification purposes. Product Model This field displays the model number of the Switch. ZyNOS F/W Version This field displays the version number of the Switch 's current firmware including the date created.
Chapter 6 Basic Setting 6.2 General Setup Use this screen to configure general settings such as the system name and time. Click Basic Setting > General Setup in the navigation panel to display the screen as shown. Figure 21 Basic Setting > General Setup The following table describes the labels in this screen. Table 9 Basic Setting > General Setup LABEL DESCRIPTION System Name Type a descriptive name for identification purposes.
Chapter 6 Basic Setting Table 9 Basic Setting > General Setup (continued) LABEL DESCRIPTION Current Time This field displays the time you open this menu (or refresh the menu). New Time (hh:min:ss) Enter the new time in hour, minute and second format. The new time then appears in the Current Time field after you click Apply. Current Date This field displays the date you open this menu. New Date (yyyymm-dd) Enter the new date in year, month and day format.
Chapter 6 Basic Setting resources of another on the same LAN, thus a user will not see the printers and hard disks of another user on the same network. VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain. In traditional switched environments, all broadcast packets go to each and every individual port. With VLAN, all broadcasts are confined to a specific broadcast domain. Note: VLAN is unidirectional; it only governs outgoing traffic.
Chapter 6 Basic Setting Table 10 Basic Setting > Switch Setup (continued) LABEL DESCRIPTION MAC Address Learning MAC address learning reduces outgoing traffic broadcasts. For MAC address learning to occur on a port, the port must be active. Aging Time Enter a time from 10 to 1000000 seconds. This is how long all dynamically learned MAC addresses remain in the MAC address table before they age out (and must be relearned). ARP Aging Time Enter a time from 10 to 1000000 seconds.
Chapter 6 Basic Setting 6.5 IP Setup Use the IP Setup screen to configure the default gateway device, the default domain name server and add IP domains. 6.5.1 IP Interfaces The Switch needs an IP address for it to be managed over the network. The factory default IP address is 192.168.1.1. The subnet mask specifies the network number portion of an IP address. The factory default subnet mask is 255.255.255.0. On the Switch, an IP address is not bound to any physical ports.
Chapter 6 Basic Setting The following table describes the labels in this screen. Table 11 Basic Setting > IP Setup LABEL DESCRIPTION Default Gateway Type the IP address of the default outgoing gateway in dotted decimal notation, for example 192.168.1.254. Domain Name Server DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. Enter a domain name server IP address in order to be able to use a domain name instead of an IP address.
Chapter 6 Basic Setting 6.6 Port Setup Use this screen to configure Switch port settings. Click Basic Setting > Port Setup in the navigation panel to display the configuration screen.
Chapter 6 Basic Setting The following table describes the labels in this screen. Table 12 Basic Setting > Port Setup LABEL DESCRIPTION Port This is the port index number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them.
Chapter 6 Basic Setting Table 12 Basic Setting > Port Setup (continued) LABEL DESCRIPTION BPDU Control Configure the way to treat BPDUs received on this port. You must activate bridging control protocol transparency in the Switch Setup screen first. Select Peer to process any BPDU (Bridge Protocol Data Units) received on this port. Select Tunnel to forward BPDUs received on this port. Select Discard to drop any BPDU received on this port.
Chapter 6 Basic Setting Note: The PoE devices that supply or receive power and their connected Ethernet cables must all be completely indoors. To view the current amount of power that PDs are receiving from the Switch, click Basic Setting > PoE Setup. Figure 27 Basic Setting > PoE Status The following table describes the labels in this screen.
Chapter 6 Basic Setting Table 13 Basic Setting > PoE Status LABEL DESCRIPTION State This field shows which ports can receive power from the Switch. You can set this in the Basic Setting > PoE Setup screen. • • Class Disable - The PD connected to this port cannot get power. Enable - The PD connected to this port can receive power. This shows the power classification of the PD.
Chapter 6 Basic Setting Click the PoE Setup link in the Basic Setting > PoE Status screen. The following screen opens. Figure 28 Basic Setting > PoE Status > PoE Setup The following table describes the labels in this screen. Table 14 Basic Setting > PoE Status > PoE Setup LABEL DESCRIPTION PoE Mode Select the power management mode you want the Switch to use.
Chapter 6 Basic Setting Table 14 Basic Setting > PoE Status > PoE Setup LABEL DESCRIPTION PD Priority This field is not available for the SFP or SFP+ ports. When the total power requested by the PDs exceeds the total PoE power budget on the Switch, you can set the PD priority to allow the Switch to provide power to ports with higher priority. Select Critical to give the PD connected to this port the highest priority.
Chapter 6 Basic Setting Use this screen to set IPv6 interfaces on which you can configure an IPv6 address to access and manage the Switch. Click Basic Setting > Interface Setup in the navigation panel to display the configuration screen. Figure 29 Basic Setting > Interface Setup The following table describes the labels in this screen. Table 15 Basic Setting > Interface Setup LABEL DESCRIPTION Interface Type Select the type of IPv6 interface for which you want to configure.
Chapter 6 Basic Setting Click Basic Setting > IPv6 in the navigation panel to display the IPv6 status screen as shown next. Figure 30 Basic Setting > IPv6 Status The following table describes the labels in this screen. Table 16 Basic Setting > IPv6 Status 72 LABEL DESCRIPTION Index This field displays the index number of an IPv6 interface. Click on an index number to view more interface details. Interface This is the name of the IPv6 interface you created.
Chapter 6 Basic Setting 6.9.1 IPv6 Interface Status Use this screen to view a specific IPv6 interface status and detailed information. Click an interface index number in the Basic Setting > IPv6 screen. The following screen opens. Figure 31 Basic Setting > IPv6 Interface Status The following table describes the labels in this screen. Table 17 Basic Setting > IPv6 Interface Status LABEL DESCRIPTION IPv6 Active This field displays whether the IPv6 interface is activated or not.
Chapter 6 Basic Setting Table 17 Basic Setting > IPv6 Interface Status (continued) LABEL DESCRIPTION ICMPv6 Rate Limit Error Interval This field displays the time period (in milliseconds) during which ICMPv6 error messages of up to the bucket size can be transmitted. 0 means no limit. Stateless Address Autoconfig This field displays whether the Switch’s interface can automatically generate a link-local address via stateless autoconfiguration.
Chapter 6 Basic Setting Table 17 Basic Setting > IPv6 Interface Status (continued) LABEL DESCRIPTION DNS This field displays the DNS server address assigned by the DHCPv6 server. Domain List This field displays the address record when the Switch queries the DNS server to resolve domain names. Restart DHCPv6 Client Click Click Here to send a new DHCP request to the DHCPv6 server and update the IPv6 address and DNS information for this interface. 6.9.
Chapter 6 Basic Setting Table 18 Basic Setting > IPv6 > IPv6 Configuration (continued) LABEL DESCRIPTION IPv6 Neighbor Setup Click the link to go to a screen where you can create a static IPv6 neighbor entry in the Switch’s IPv6 neighbor table. DHCPv6 Client Setup Click the link to go to a screen where you can configure the Switch DHCP settings. 6.9.3 IPv6 Global Setup Use this screen to configure the global IPv6 settings.
Chapter 6 Basic Setting 6.9.4 IPv6 Interface Setup Use this screen to turn on or off an IPv6 interface and enable stateless autoconfiguration on it. Click the link next to IPv6 Interface Setup in the IPv6 Configuration screen to display the screen as shown next. Figure 34 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Interface Setup The following table describes the labels in this screen.
Chapter 6 Basic Setting Use this screen to configure the interface’s link-local address and default gateway. Click the link next to IPv6 Link-Local Address Setup in the IPv6 Configuration screen to display the screen as shown next. Figure 35 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Link-Local Address Setup The following table describes the labels in this screen.
Chapter 6 Basic Setting 6.9.6 IPv6 Global Address Setup Use this screen to configure the interface’s IPv6 global address. Click the link next to IPv6 Global Address Setup in the IPv6 Configuration screen to display the screen as shown next. Figure 36 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Global Address Setup The following table describes the labels in this screen.
Chapter 6 Basic Setting 6.9.7 IPv6 Neighbor Discovery Setup Use this screen to configure neighbor discovery settings for each interface. Click the link next to IPv6 Neighbor Discovery Setup in the IPv6 Configuration screen to display the screen as shown next. Figure 37 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Discovery Setup The following table describes the labels in this screen.
Chapter 6 Basic Setting 6.9.8 IPv6 Router Discovery Setup Use this screen to configure router discovery settings for each interface. Click the link next to IPv6 Router Discovery Setup in the IPv6 Configuration screen to display the screen as shown next. Figure 38 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Router Discovery Setup The following table describes the labels in this screen.
Chapter 6 Basic Setting Table 24 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Router Discovery Setup (continued) LABEL DESCRIPTION Cancel Click Cancel to begin configuring this screen afresh. Clear Click Clear to reset the fields to the factory defaults. Index This is the interface index number. Click on an index number to change the settings. Interface This is the name of the IPv6 interface you created.
Chapter 6 Basic Setting Table 25 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Prefix Setup (continued) LABEL DESCRIPTION Valid Lifetime Specify how long (from 0 to 4294967295 seconds) the prefix is valid for on-link determination. Preferred Lifetime Specify how long (from 0 to 4294967295 seconds) that addresses generated from the prefix via stateless address autoconfiguration remain preferred.
Chapter 6 Basic Setting 6.9.10 IPv6 Neighbor Setup Use this screen to create a static IPv6 neighbor entry in the Switch’s IPv6 neighbor table to store the neighbor information permanently. Click the link next to IPv6 Neighbor Setup in the IPv6 Configuration screen to display the screen as shown next. Figure 40 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Setup The following table describes the labels in this screen.
Chapter 6 Basic Setting Table 26 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Setup (continued) LABEL DESCRIPTION MAC This field displays the MAC address of the neighboring device which can be reached through the interface. Delete Check the entry(ies) that you want to remove in the Delete column and then click Delete to remove the selected entry(ies) from the summary table. Cancel Click Cancel to clear the Delete check boxes. 6.9.
Chapter 6 Basic Setting Table 27 Basic Setting > IPv6 > IPv6 Configuration > DHCPv6 Client Setup (continued) LABEL 86 DESCRIPTION Index This is the interface index number. Click on an index number to change the settings. Interface This is the name of the IPv6 interface you created. IA-NA This field displays whether the Switch obtains a non-temporary IP address from the DHCPv6 server.
C HAPT ER 7 VLAN The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs. 7.1 Introduction to IEEE 802.1Q Tagged VLANs A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created. The VLANs can be created statically by hand or dynamically through GVRP.
Chapter 7 VLAN 7.2 Automatic VLAN Registration GARP and GVRP are the protocols used to automatically register VLAN membership across switches. 7.2.1 GARP GARP (Generic Attribute Registration Protocol) allows network switches to register and de-register attribute values with other GARP participants within a bridged LAN. GARP is a protocol that provides a generic mechanism for protocols that serve a more specific application, for example, GVRP. 7.2.1.
Chapter 7 VLAN 7.3 Port VLAN Trunking Enable VLAN Trunking on a port to allow frames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices. The following figure describes VLAN Trunking. Suppose you want to create VLAN groups 1 and 2 (V1 and V2) on devices A and B.
Chapter 7 VLAN 7.5.1 VLAN Status See Section 7.1 on page 87 for more information on 802.1Q VLAN. Click Advanced Application > VLAN from the navigation panel to display the VLAN Status screen as shown next. Figure 44 Advanced Application > VLAN: VLAN Status The following table describes the labels in this screen.
Chapter 7 VLAN 7.5.2 VLAN Details Use this screen to view detailed port settings and status of the VLAN group. See Section 7.1 on page 87 for more information on 802.1Q VLAN. Click on an index number in the VLAN Status screen to display VLAN details. Figure 45 Advanced Application > VLAN > VLAN Detail The following table describes the labels in this screen. Table 30 Advanced Application > VLAN > VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen.
Chapter 7 VLAN 7.5.3 Configure a Static VLAN or Private VLAN Use this screen to create 802.1Q VLAN IDs and set VLAN members for Normal (static) or Private (Primary, Isolated or Community) VLANs. You must create VLAN IDs for Private (Primary, Isolated or Community) VLANs before configuring Advanced Application > Private VLAN. See Section 7.1 on page 87 for more information on 802.1Q VLAN. To configure a static or private VLAN, click Static VLAN in the VLAN Status screen to display the screen as shown next.
Chapter 7 VLAN The following table describes the related labels in this screen. Table 31 Advanced Application > VLAN > Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings. Name Enter a descriptive name for the VLAN group for identification purposes. This name consists of up to 64 printable characters; spaces are allowed. VLAN Group ID Enter the VLAN ID for this static entry; the valid range is between 1 and 4094. VLAN Type Select Normal (static) or Private.
Chapter 7 VLAN 7.5.4 Configure VLAN Port Settings Use the VLAN Port Setting screen to configure the static VLAN (IEEE 802.1Q) settings on a port. See Section 7.1 on page 87 for more information on 802.1Q VLAN. Click the VLAN Port Setting link in the VLAN Status screen. Figure 47 Advanced Application > VLAN > VLAN Port Setting The following table describes the labels in this screen.
Chapter 7 VLAN Table 32 Advanced Application > VLAN > VLAN Port Setting (continued) LABEL DESCRIPTION Acceptable Frame Type Specify the type of frames allowed on a port. Choices are All, Tag Only and Untag Only. Select All from the drop-down list box to accept all untagged or tagged frames on this port. This is the default setting. Select Tag Only to accept only tagged frames on this port. All untagged frames will be dropped. Select Untag Only to accept only untagged frames on this port.
Chapter 7 VLAN services). All untagged incoming frames will be classified based on their source IP subnet and prioritized accordingly. That is, video services receive the highest priority and data the lowest. Figure 48 Subnet Based VLAN Application Example Tagged Frames Internet Untagged Frames 172.16.1.0/24 VID = 100 192.168.1.0/24 VID = 200 10.1.1.0/24 VID = 300 7.5.5.1 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown.
Chapter 7 VLAN The following table describes the labels in this screen. Table 33 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN Setup LABEL DESCRIPTION Active Select this check box to activate this subnet based VLANs on the Switch. DHCP-Vlan Override When DHCP snooping is enabled DHCP clients can renew their IP address through the DHCP VLAN or via another DHCP server on the subnet based VLAN.
Chapter 7 VLAN Note: Protocol based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. For example, ports 1, 2, 3 and 4 belong to static VLAN 100, and ports 4, 5, 6, 7 belong to static VLAN 120. You can configure a protocol based VLAN A with priority 2 for ARP traffic received on port 1, 2 and 3. You can also have a protocol based VLAN B with priority 3 for Apple Talk traffic received on port 6 and 7.
Chapter 7 VLAN The following table describes the labels in this screen. Table 34 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN Setup LABEL DESCRIPTION Active Select this check box to activate this protocol based VLAN. Port Type a port number to be included in this protocol based VLAN. This port must belong to a static VLAN in order to participate in a protocol based VLAN. See Chapter 7 on page 87 for more details on setting up VLANs.
Chapter 7 VLAN 6 Leave the priority set to 0 and click Add. Figure 52 Protocol Based VLAN Configuration Example EXAMPLE To add more ports to this protocol based VLAN. 1 Click the index number of the protocol based VLAN entry. Click 1 2 Change the value in the Port field to the next port you want to add. 3 Click Add. 7.5.7 View Private VLAN Status Use this screen to view all private VLANs created on the Switch. See also Advanced Application > Private VLAN.
Chapter 7 VLAN The following table describes the labels in this screen. Table 35 Advanced Application > VLAN > Private VLAN Status LABEL DESCRIPTION Private VLAN Status These fields show information for the all private VLANs. See also Advanced Application > Private VLAN. Primary VLAN This field shows the primary VLAN ID in a private VLAN. Secondary VLAN This field shows the secondary VLAN ID in a private VLAN. Type This field shows the type of private VLAN: Primary, Community or Isolated.
Chapter 7 VLAN The following screen shows users on a port-based, all-connected VLAN configuration.
Chapter 7 VLAN The following screen shows users on a port-based, port-isolated VLAN configuration.
Chapter 7 VLAN The following table describes the labels in this screen. Table 36 Advanced Application > VLAN: Port Based VLAN Setup LABEL DESCRIPTION Setting Wizard Choose All connected or Port isolation. All connected means all ports can communicate with each other, that is, there are no virtual LANs. All incoming and outgoing ports are selected. This option is the most flexible but also the least secure.
C HAPT ER 8 Static MAC Forward Setup Use these screens to configure static MAC address forwarding. 8.1 Overview This chapter discusses how to configure forwarding rules based on MAC addresses of devices on your network. 8.2 Configuring Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table. Static MAC addresses do not age out. When you set up static MAC address rules, you are setting static MAC addresses for a port.
Chapter 8 Static MAC Forward Setup The following table describes the labels in this screen. Table 37 Advanced Application > Static MAC Forwarding LABEL DESCRIPTION Active Select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this check box. Name Enter a descriptive name for identification purposes for this static MAC address forwarding rule.
C HAPT ER 9 Static Multicast Forward Setup Use these screens to configure static multicast address forwarding. 9.1 Static Multicast Forwarding Overview A multicast MAC address is the MAC address of a member of a multicast group. A static multicast address is a multicast MAC address that has been manually entered in the multicast table. Static multicast addresses do not age out.
Chapter 9 Static Multicast Forward Setup Figure 59 Static Multicast Forwarding to Multiple Ports 9.2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to specific port(s). Click Advanced Application > Static Multicast Forwarding to display the configuration screen as shown. Figure 60 Advanced Application > Static Multicast Forwarding The following table describes the labels in this screen.
Chapter 9 Static Multicast Forward Setup Table 38 Advanced Application > Static Multicast Forwarding (continued) LABEL DESCRIPTION VID You can forward frames with matching destination MAC address to port(s) within a VLAN group. Enter the ID that identifies the VLAN group here. If you don’t have a specific target VLAN, enter 1. Port Enter the port(s) where frames with destination MAC address that matched the entry above are forwarded.
C HAPTER 10 Filtering This chapter discusses MAC address port filtering. 10.1 Configure a Filtering Rule Configure the Switch to filter traffic based on the traffic’s source, destination MAC addresses and/or VLAN group (ID). Click Advanced Application > Filtering in the navigation panel to display the screen as shown next. Figure 61 Advanced Application > Filtering The following table describes the related labels in this screen.
Chapter 10 Filtering Table 39 Advanced Application > FIltering (continued) LABEL DESCRIPTION MAC Type a MAC address in a valid MAC address format, that is, six hexadecimal character pairs. VID Type the VLAN group identification number. Add Click this to create a new entry or to update an existing one. This saves your changes to the Switch’s run-time memory.
C HAPTER 11 Spanning Tree Protocol The Switch supports Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) as defined in the following standards. • IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol • IEEE 802.1s Multiple Spanning Tree Protocol The Switch also allows you to set up multiple STP configurations (or trees). Ports can then be assigned to the trees. 11.
Chapter 11 Spanning Tree Protocol Table 40 STP Path Costs LINK SPEED RECOMMENDED VALUE RECOMMENDED RANGE ALLOWED RANGE Path Cost 1Gbps 4 3 to 10 1 to 65535 Path Cost 10Gbps 2 1 to 5 1 to 65535 On each bridge, the bridge communicates with the root through the root port. The root port is the port on this Switch with the lowest path cost to the root (the root path cost). If there is no root port, then this Switch has been accepted as the root bridge of the spanning tree network.
Chapter 11 Spanning Tree Protocol In the following example, there are two RSTP instances (MRSTP1 and MRSTP2) on switch A. Figure 62 MRSTP Network Example To set up MRSTP, activate MRSTP on the Switch and specify which port(s) belong to which spanning tree. Note: Each port can belong to one STP tree only. 11.1.5 Multiple STP Multiple Spanning Tree Protocol (IEEE 802.
Chapter 11 Spanning Tree Protocol 11.1.5.1 MSTP Network Example The following figure shows a network example where two VLANs are configured on the two switches. If the switches are using STP or RSTP, the link for VLAN 2 will be blocked as STP and RSTP allow only one link in the network and block the redundant link. Figure 63 STP/RSTP Network Example A VLAN 1 VLAN 2 B With MSTP, VLANs 1 and 2 are mapped to different spanning trees in the network.
Chapter 11 Spanning Tree Protocol Devices that belong to the same MST region are configured to have the same MSTP configuration identification settings. These include the following parameters: • Name of the MST region • Revision level as the unique number for the MST region • VLAN-to-MST Instance mapping 11.1.5.3 MST Instance An MST Instance (MSTI) is a spanning tree instance. VLANs can be configured to run on a specific MSTI.
Chapter 11 Spanning Tree Protocol 11.2 Spanning Tree Protocol Status Screen Click Advanced Application > Spanning Tree Protocol to see the screen as shown. Figure 67 Advanced Application > Spanning Tree Protocol This screen differs depending on which STP mode (RSTP, MRSTP or MSTP) you configure on the Switch. This screen is described in detail in the section that follows the configuration section for each STP mode. Click Configuration to activate one of the STP standards on the Switch. 11.
Chapter 11 Spanning Tree Protocol 11.4 Configure Rapid Spanning Tree Protocol Use this screen to configure RSTP settings, see Section 11.1 on page 112 for more information on RSTP. Click RSTP in the Advanced Application > Spanning Tree Protocol screen. Figure 69 Advanced Application > Spanning Tree Protocol > RSTP The following table describes the labels in this screen.
Chapter 11 Spanning Tree Protocol Table 43 Advanced Application > Spanning Tree Protocol > RSTP (continued) LABEL DESCRIPTION Max Age This is the maximum time (in seconds) a switch can wait without receiving a BPDU before attempting to reconfigure. All switch ports (except for designated ports) should receive BPDUs at regular intervals. Any port that ages out STP information (provided in the last BPDU) becomes the designated port for the attached LAN.
Chapter 11 Spanning Tree Protocol Note: This screen is only available after you activate RSTP on the Switch. Figure 70 Advanced Application > Spanning Tree Protocol > Status: RSTP The following table describes the labels in this screen. Table 44 Advanced Application > Spanning Tree Protocol > Status: RSTP LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you want to activate. Click RSTP to edit RSTP settings on the Switch.
Chapter 11 Spanning Tree Protocol 11.6 Configure Multiple Rapid Spanning Tree Protocol To configure MRSTP, click MRSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 11.1 on page 112 for more information on MRSTP. Figure 71 Advanced Application > Spanning Tree Protocol > MRSTP The following table describes the labels in this screen.
Chapter 11 Spanning Tree Protocol Table 45 Advanced Application > Spanning Tree Protocol > MRSTP (continued) LABEL DESCRIPTION Max Age This is the maximum time (in seconds) a switch can wait without receiving a BPDU before attempting to reconfigure. All switch ports (except for designated ports) should receive BPDUs at regular intervals. Any port that ages out STP information (provided in the last BPDU) becomes the designated port for the attached LAN.
Chapter 11 Spanning Tree Protocol Note: This screen is only available after you activate MRSTP on the Switch. Figure 72 Advanced Application > Spanning Tree Protocol > Status: MRSTP The following table describes the labels in this screen. Table 46 Advanced Application > Spanning Tree Protocol > Status: MRSTP LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you want to activate. Click MRSTP to edit MRSTP settings on the Switch.
Chapter 11 Spanning Tree Protocol 11.8 Configure Multiple Spanning Tree Protocol To configure MSTP, click MSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 11.1.5 on page 114 for more information on MSTP.
Chapter 11 Spanning Tree Protocol The following table describes the labels in this screen. Table 47 Advanced Application > Spanning Tree Protocol > MSTP LABEL DESCRIPTION Status Click Status to display the MSTP Status screen (see Figure 75 on page 128). Active Select this check box to activate MSTP on the Switch. Clear this checkbox to disable MSTP on the Switch.
Chapter 11 Spanning Tree Protocol Table 47 Advanced Application > Spanning Tree Protocol > MSTP (continued) LABEL DESCRIPTION Enabled VLAN(s) This field displays which VLAN(s) are mapped to this MST instance. Port This field displays the port number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Chapter 11 Spanning Tree Protocol 11.8.1 Multiple Spanning Tree Protocol Port Configuration To configure MSTP ports, click Port in the Advanced Application > Spanning Tree Protocol > MSTP screen. Figure 74 Advanced Application > Spanning Tree Protocol > MSTP > Port The following table describes the labels in this screen. Table 48 Advanced Application > Spanning Tree Protocol > MSTP > Port LABEL DESCRIPTION Port This field displays the port number. * Settings in this row apply to all ports.
Chapter 11 Spanning Tree Protocol 11.9 Multiple Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1.5 on page 114 for more information on MSTP. Note: This screen is only available after you activate MSTP on the Switch. Figure 75 Advanced Application > Spanning Tree Protocol > Status: MSTP The following table describes the labels in this screen.
Chapter 11 Spanning Tree Protocol Table 49 Advanced Application > Spanning Tree Protocol > Status: MSTP (continued) LABEL DESCRIPTION Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree. Configuration Name This field displays the configuration name for this MST region. Revision Number This field displays the revision number for this MST region.
C HAPTER 12 Bandwidth Control This chapter shows you how to cap the maximum bandwidth using the Bandwidth Control screen. 12.1 Bandwidth Control Overview Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port. 12.1.1 CIR and PIR The Committed Information Rate (CIR) is the guaranteed bandwidth for the incoming traffic flow on a port.
Chapter 12 Bandwidth Control 12.2 Bandwidth Control Setup Click Advanced Application > Bandwidth Control in the navigation panel to bring up the screen as shown next. Figure 76 Advanced Application > Bandwidth Control The following table describes the related labels in this screen. Table 50 Advanced Application > Bandwidth Control LABEL DESCRIPTION Active Select this check box to enable bandwidth control on the Switch. Port This field displays the port number.
Chapter 12 Bandwidth Control Table 50 Advanced Application > Bandwidth Control (continued) 132 LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh.
C HAPTER 13 Broadcast Storm Control This chapter introduces and shows you how to configure the broadcast storm control feature. 13.1 Broadcast Storm Control Setup Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or DLF packets is reached per second, the subsequent packets are discarded.
Chapter 13 Broadcast Storm Control The following table describes the labels in this screen. Table 51 Advanced Application > Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the Switch. Clear this check box to disable this feature. Port This field displays a port number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
C HAPTER 14 Mirroring This chapter discusses port mirroring setup screens. 14.1 Port Mirroring Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the monitor port without interference. The Switch supports both local port mirroring and remote port mirroring. In local port mirroring, the mirroring ports (through which traffic you copy passes) and the monitor port are on the same device.
Chapter 14 Mirroring Single-Destination RMirror If the mirrored traffic is forwarded to one single destination switch, you can disable the reflector port. The Switch adds RMirror VLAN tag and forwards mirrored traffic from the mirroring port to the connected port directly.
Chapter 14 Mirroring Port Rules in Port Mirroring The following table shows the rule for a port in remote port mirroring. For example, a port on the source device can be a mirroring port in both RMirror VLAN 1 and RMirror VLAN 2. But when the port is the source device’s mirroring port in RMirror VLAN 1, it cannot be the reflector port or monitor port in another RMirror VLAN.
Chapter 14 Mirroring 14.1.1 Local Port Mirroring Click Advanced Application > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port. Figure 78 Advanced Application > Mirroring The following table describes the labels in this screen. Table 54 Advanced Application > Mirroring LABEL DESCRIPTION Active Select this check box to activate port mirroring on the Switch.
Chapter 14 Mirroring Table 54 Advanced Application > Mirroring (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 14.1.
Chapter 14 Mirroring Click the Source link in the RMirror screen. The following screen opens. Figure 80 Advanced Application > Mirroring > RMirror > Source The following table describes the labels in this screen. Table 56 Advanced Application > Mirroring > RMirror > Source LABEL DESCRIPTION RMirror VLAN ID Select the RMirror VLAN over which the mirrored traffic is forwarded. Priority Enter the priority of the mirrored traffic.
Chapter 14 Mirroring Table 56 Advanced Application > Mirroring > RMirror > Source (continued) LABEL DESCRIPTION Direction Specify the direction of the traffic to mirror by selecting from the drop-down list box. Choices are Egress (outgoing), Ingress (incoming) and Both. Apply Click Apply to save your changes to the Switch’s run-time memory.
Chapter 14 Mirroring Table 57 Advanced Application > Mirroring > RMirror > Destination (continued) LABEL DESCRIPTION Tagging Select whether to add the RMirror VLAN tag to mirrored traffic on the monitor port. Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done configuring.
Chapter 14 Mirroring The following table describes the labels in this screen. Table 58 Advanced Application > Mirroring > RMirror > Connected Port LABEL DESCRIPTION RMirror VLAN ID Select the RMirror VLAN over which the mirrored traffic is forwarded. Port This field displays the port number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
C HAPTER 15 Link Aggregation This chapter shows you how to logically aggregate physical links to form one logical, higherbandwidth link. 15.1 Link Aggregation Overview Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link. You may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link.
Chapter 15 Link Aggregation Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network topology loops. 15.2.
Chapter 15 Link Aggregation The following table describes the labels in this screen. Table 61 Advanced Application > Link Aggregation Status LABEL DESCRIPTION Group ID This field displays the group ID to identify a trunk group, that is, one logical link containing multiple ports. Enabled Port These are the ports you have configured in the Link Aggregation screen to be in the trunk group. The port number(s) displays only when this trunk group is activated and there is a port belonging to this group.
Chapter 15 Link Aggregation 15.4 Link Aggregation Setting Click Advanced Application > Link Aggregation > Link Aggregation Setting to display the screen shown next. See Section 15.1 on page 144 for more information on link aggregation. Figure 84 Advanced Application > Link Aggregation > Link Aggregation Setting The following table describes the labels in this screen.
Chapter 15 Link Aggregation Table 62 Advanced Application > Link Aggregation > Link Aggregation Setting (continued) LABEL DESCRIPTION Criteria Select the outgoing traffic distribution type. Packets from the same source and/or to the same destination are sent over the same link within the trunk. By default, the Switch uses the src-dst-mac distribution type. If the Switch is behind a router, the packet’s destination or source MAC address will be changed.
Chapter 15 Link Aggregation 15.5 Link Aggregation Control Protocol Click in the Advanced Application > Link Aggregation > Link Aggregation Setting > LACP to display the screen shown next. See Section 15.2 on page 144 for more information on dynamic link aggregation. Figure 85 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP The following table describes the labels in this screen.
Chapter 15 Link Aggregation Table 63 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP (continued) LABEL DESCRIPTION System Priority LACP system priority is a number between 1 and 65,535. The switch with the lowest system priority (and lowest port number if system priority is the same) becomes the LACP “server”. The LACP “server” controls the operation of LACP setup. Enter a number to set the priority of an active port using Link Aggregation Control Protocol (LACP).
Chapter 15 Link Aggregation 2 Configure static trunking - Click Advanced Application > Link Aggregation > Link Aggregation Setting. In this screen activate trunk group T1, select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below. Click Apply when you are done. Figure 87 Trunking Example - Configuration Screen EXAMPLE Your trunk group 1 (T1) configuration is now complete.
C HAPTER 16 Port Authentication This chapter describes the IEEE 802.1x and MAC authentication methods. 16.1 Port Authentication Overview Port authentication is a way to validate access to ports on the Switch to clients based on an external server (authentication server). The Switch supports the following methods for port authentication: • IEEE 802.1x2 - An authentication server validates access to a port based on a username and password provided by the user.
Chapter 16 Port Authentication provides the login credentials, the Switch sends an authentication request to a RADIUS server. The RADIUS server validates whether this client is allowed access to the port. Figure 88 IEEE 802.1x Authentication Process 1 New Connection 2 Identity Request 3 4 Login Credentials Authentication Request 5 6 Access Challenge Challenge Request 7 8 Challenge Response Access Request 9 Authentication Reply Session Granted/Denied 16.1.
Chapter 16 Port Authentication on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch. Figure 89 MAC Authentication Process 1 New Connection 2 Authentication Request 3 Authentication Reply Session Granted/Denied 16.
Chapter 16 Port Authentication 16.2.1 Activate IEEE 802.1x Security Use this screen to activate IEEE 802.1x security. In the Port Authentication screen click 802.1x to display the configuration screen as shown. Figure 91 Advanced Application > Port Authentication > 802.1x The following table describes the labels in this screen. Table 64 Advanced Application > Port Authentication > 802.1x LABEL DESCRIPTION Active Select this check box to permit 802.1x authentication on the Switch.
Chapter 16 Port Authentication Table 64 Advanced Application > Port Authentication > 802.1x (continued) LABEL DESCRIPTION Max-Req Specify the number of times the Switch tries to authenticate client(s) before sending unresponsive ports to the Guest VLAN. This is set to 2 by default. That is, the Switch attempts to authenticate a client twice. If the client does not respond to the first authentication request, the Switch tries again.
Chapter 16 Port Authentication Use this screen to enable and assign a guest VLAN to a port. In the Port Authentication > 802.1x screen click Guest Vlan to display the configuration screen as shown. Figure 93 Advanced Application > Port Authentication > 802.1x > Guest VLAN The following table describes the labels in this screen. Table 65 Advanced Application > Port Authentication > 802.1x > Guest VLAN LABEL DESCRIPTION Port This field displays a port number. * Settings in this row apply to all ports.
Chapter 16 Port Authentication Table 65 Advanced Application > Port Authentication > 802.1x > Guest VLAN (continued) LABEL DESCRIPTION Host-mode Specify how the Switch authenticates users when more than one user connect to the port (using a hub). Select Multi-Host to authenticate only the first user that connects to this port. If the first user enters the correct credential, any other users are allowed to access the port without authentication.
Chapter 16 Port Authentication The following table describes the labels in this screen. Table 66 Advanced Application > Port Authentication > MAC Authentication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch. Note: You must first enable MAC authentication on the Switch before configuring it on each port. Name Prefix Type the prefix that is appended to all MAC addresses sent to the RADIUS server for authentication.
C HAPTER 17 Port Security This chapter shows you how to set up port security. 17.1 About Port Security Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. The Switch can learn up to 32K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 32K. For maximum port security, enable this feature, disable MAC address learning and configure static MAC address(es) for a port.
Chapter 17 Port Security The following table describes the labels in this screen. Table 67 Advanced Application > Port Security LABEL DESCRIPTION Port List Enter the number of the port(s) (separated by a comma) on which you want to enable port security and disable MAC address learning. After you click MAC freeze, all previously learned MAC addresses on the specified port(s) will become static MAC addresses and display in the Static MAC Forwarding screen.
Chapter 17 Port Security 17.3 VLAN MAC Address Limit Use this screen to set the MAC address learning limit on per-port and per-VLAN basis. Click VLAN MAC Address Limit in the Advanced Application > Port Security screen to display the screen as shown. Figure 96 Advanced Application > Port Security > VLAN MAC Address Limit The following table describes the labels in this screen.
C HAPTER 18 Classifier This chapter introduces and shows you how to configure the packet classifier on the Switch. 18.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested.
Chapter 18 Classifier Click Advanced Application > Classifier in the navigation panel to display the configuration screen as shown. Figure 97 Advanced Application > Classifier The following table describes the labels in this screen. Table 69 Advanced Application > Classifier 164 LABEL DESCRIPTION Active Select this option to enable this rule. Name Enter a descriptive name for this rule for identifying purposes.
Chapter 18 Classifier Table 69 Advanced Application > Classifier (continued) LABEL DESCRIPTION Packet Format Specify the format of the packet. Choices are All, 802.3 tagged, 802.3 untagged, Ethernet II tagged and Ethernet II untagged. A value of 802.3 indicates that the packets are formatted according to the IEEE 802.3 standards. A value of Ethernet II indicates that the packets are formatted according to RFC 894, Ethernet II encapsulation.
Chapter 18 Classifier Table 69 Advanced Application > Classifier (continued) LABEL DESCRIPTION Destination IP Address/ Address Prefix Socket Number Enter a destination IP address in dotted decimal notation. Specify the address prefix by entering the number of ones in the subnet mask. Note: You must select either UDP or TCP in the IP Protocol field before you configure the socket numbers.
Chapter 18 Classifier The following table shows some other common Ethernet types and the corresponding protocol number. Table 71 Common Ethernet Types and Protocol Number ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X.75 Internet 0801 NBS Internet 0802 ECMA Internet 0803 Chaosnet 0804 X.
Chapter 18 Classifier 18.4 Classifier Example The following screen shows an example of configuring a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. Figure 99 Classifier: Example EXAMPLE After you have configured a classifier, you can configure a policy to define action(s) on the classified traffic flow. See Chapter 19 on page 169 for information on configuring a policy rule.
C HAPTER 19 Policy Rule This chapter shows you how to configure policy rules. 19.1 Policy Rules Overview A classifier distinguishes traffic into flows based on the configured criteria (refer to Chapter 18 on page 163 for more information). A policy rule ensures that a traffic flow gets the requested treatment in the network. 19.1.
Chapter 19 Policy Rule Click Advanced Application > Policy Rule in the navigation panel to display the screen as shown. Figure 100 Advanced Application > Policy Rule The following table describes the labels in this screen. Table 73 Advanced Application > Policy Rule 170 LABEL DESCRIPTION Active Select this option to enable the policy. Name Enter a descriptive name for identification purposes.
Chapter 19 Policy Rule Table 73 Advanced Application > Policy Rule (continued) LABEL DESCRIPTION Classifier(s) This field displays the active classifier(s) you configure in the Classifier screen. Select the classifier(s) to which this policy rule applies. To select more than one classifier, press [SHIFT] and select the choices at the same time. Parameters Set the fields below for this policy. You only have to set the field(s) that is related to the action(s) you configure in the Action field.
Chapter 19 Policy Rule Table 73 Advanced Application > Policy Rule (continued) LABEL DESCRIPTION Out-of-profile action Select the action(s) to be performed for out-of-profile traffic. Select Drop the packet to discard the out-of-profile traffic. Select Change the DSCP value to replace the DSCP field with the value specified in the Out of profile DSCP field. Select Set Out-Drop Precedence to mark out-of-profile traffic and drop it when network is congested.
Chapter 19 Policy Rule 19.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (refer to Section 18.4 on page 168).
C HAPTER 20 Queuing Method This chapter introduces the queuing methods supported. 20.1 Queuing Method Overview Queuing is used to help solve performance degradation when there is network congestion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffic. See also Priority Queue Assignment in Switch Setup and 802.1p Priority in Port Setup for related information.
Chapter 20 Queuing Method 20.1.3 Weighted Round Robin Scheduling (WRR) Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle. A queue is given an amount of bandwidth irrespective of the incoming traffic on that port. This queue then moves to the back of the list. The next queue is given an equal amount of bandwidth, and then moves to the end of the list; and so on, depending on the number of queues being used.
Chapter 20 Queuing Method The following table describes the labels in this screen. Table 75 Advanced Application > Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them.
C HAPTER 21 VLAN Stacking This chapter shows you how to configure VLAN stacking on your Switch. See the chapter on VLANs for more background information on Virtual LAN 21.1 VLAN Stacking Overview A service provider can use VLAN stacking to allow it to distinguish multiple customers VLANs, even those with the same (customer-assigned) VLAN ID, within its network. Use VLAN stacking to add an outer VLAN tag to the inner IEEE 802.1Q tagged frames that enter the network.
Chapter 21 VLAN Stacking adding tag 37 to distinguish customer A and tag 48 to distinguish customer B at edge device 1 and then stripping those tags at edge device 2 as the data frames leave the network. Figure 104 VLAN Stacking Example 21.2 VLAN Stacking Port Roles Each port can have three VLAN stacking “roles”, Normal, Access Port and Tunnel Port (the latter is for Gigabit ports only). • Select Normal for “regular” (non-VLAN stacking) IEEE 802.1Q frame switching.
Chapter 21 VLAN Stacking 21.3 VLAN Tag Format A VLAN tag (service provider VLAN stacking or customer IEEE 802.1Q) consists of the following three fields. Table 76 VLAN Tag Format Type Priority VID Type is a standard Ethernet type code identifying the frame and indicates that whether the frame carries IEEE 802.1Q tag information. SP TPID (Service Provider Tag Protocol Identifier) is the service provider VLAN stacking tag type. Many vendors use 0x8100 or 0x9100.
Chapter 21 VLAN Stacking 21.4 Configuring VLAN Stacking Click Advanced Application > VLAN Stacking to display the screen as shown. Figure 105 Advanced Application > VLAN Stacking The following table describes the labels in this screen. Table 79 Advanced Application > VLAN Stacking LABEL DESCRIPTION Active Select this checkbox to enable VLAN stacking on the Switch. Port The port number identifies the port you are configuring. * Settings in this row apply to all ports.
Chapter 21 VLAN Stacking Table 79 Advanced Application > VLAN Stacking (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 21.4.
Chapter 21 VLAN Stacking 21.4.2 Selective Q-in-Q Selective Q-in-Q is VLAN-based. It allows the Switch to add different outer VLAN tags to the incoming frames received on one port according to their inner VLAN tags. Note: Selective Q-in-Q rules are only applied to single-tagged frames received on the access ports. If the incoming frames are untagged or single-tagged but received on a tunnel port or cannot match any selective Q-in-Q rules, the Switch applies the port-based Q-in-Q rules to them.
Chapter 21 VLAN Stacking Table 81 Advanced Application > VLAN Stacking > Selective QinQ (continued) LABEL DESCRIPTION Active This shows whether this rule is activated or not. Name This is the descriptive name for this rule. Port This is the port number to which this rule is applied. CVID This is the customer VLAN ID in the incoming packets. SPVID This is the service provider’s VLAN ID that adds to the packets from the subscribers.
C HAPTER 22 Multicast This chapter shows you how to configure various multicast features. 22.1 Multicast Overview Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast delivers IP packets to just a group of hosts on the network. IGMP (Internet Group Management Protocol) is a network-layer protocol used to establish membership in an IPv4 multicast group - it is not used to carry user data.
Chapter 22 Multicast 22.1.3 IGMP Snooping The Switch can passively snoop on IGMP packets transferred between IP multicast routers/switches and IP multicast hosts to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly. IGMP snooping allows the Switch to learn multicast groups without you having to manually configure them.
Chapter 22 Multicast one query from a router (X) or MLD Done or Report message from any upstream port, it will be broadcast to all connected upstream ports. X 1 Query 2 9 8 3 Report 7 4 6 5 Done 22.1.6 MLD Messages A multicast router or switch periodically sends general queries to MLD hosts to update the multicast forwarding table. When an MLD host wants to join a multicast group, it sends an MLD Report message for that address. An MLD Done message is similar to an IGMP Leave message.
Chapter 22 Multicast The following table describes the labels in this screen. Table 82 Advanced Application > Multicast Setup LABEL DESCRIPTION IPv4 Multicast Click the link to open screens where you can configure IGMP snooping and IGMP filtering for IPv4. IPv6 Multicast Click the link to open screens where you can configure MLD snooping and MLD filtering for IPv6. MVR Click the link to open screens where you can create multicast VLANs. 22.
Chapter 22 Multicast 22.3.1 IGMP Snooping Click the IGMP Snooping link in the Advanced Application > Multicast > IPv4 Multicast screen to display the screen as shown. See Section 22.1 on page 184 for more information on multicasting. Figure 110 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping The following table describes the labels in this screen.
Chapter 22 Multicast Table 84 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping (continued) LABEL DESCRIPTION IGMP Filtering Select Active to enable IGMP filtering to control which IGMP groups a subscriber on a port can join. Note: If you enable IGMP filtering, you must create and assign IGMP filtering profiles for the ports that you want to allow to join multicast groups. Unknown Multicast Frame Specify the action to perform when the Switch receives an unknown multicast frame.
Chapter 22 Multicast Table 84 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping (continued) LABEL DESCRIPTION Throttling IGMP throttling controls how the Switch deals with the IGMP reports when the maximum number of the IGMP groups a port can join is reached. Select Deny to drop any new IGMP join report received on this port until an existing multicast forwarding table entry is aged out.
Chapter 22 Multicast 22.3.2 IGMP Snooping VLAN Click Advanced Application > Multicast > IPv4 Multicast in the navigation panel. Click the IGMP Snooping link and then the IGMP Snooping VLAN link to display the screen as shown. See Section 22.1.4 on page 185 for more information on IGMP Snooping VLAN. Figure 111 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Snooping VLAN The following table describes the labels in this screen.
Chapter 22 Multicast Table 85 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Snooping VLAN (continued) LABEL DESCRIPTION VID Enter the ID of a static VLAN; the valid range is between 1 and 4094. Note: You cannot configure the same VLAN ID as in the MVR screen. Add Click this to create a new entry or to update an existing one. This saves your changes to the Switch’s run-time memory.
Chapter 22 Multicast The following table describes the labels in this screen. Table 86 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Filtering Profile LABEL DESCRIPTION Profile Name Enter a descriptive name for the profile for identification purposes. To configure additional rule(s) for a profile that you have already added, enter the profile name and specify a different IP multicast address range.
Chapter 22 Multicast Table 87 Advanced Application > Multicast > IPv6 Multicast (continued) LABEL DESCRIPTION Multicast Group This field displays IP multicast group addresses. Group Timeout This field displays the time (in seconds) that elapses before the Switch removes an MLD group membership entry if it does not receive report messages from the port. 22.4.
Chapter 22 Multicast 22.4.2 MLD Snooping-proxy VLAN Click the MLD Snooping-proxy link and then the VLAN link in the Advanced Application > Multicast > IPv6 Multicast screen to display the screen as shown. See Section 22.1 on page 184 for more information on multicasting. Figure 115 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN The following table describes the labels in this screen.
Chapter 22 Multicast Table 89 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN LABEL DESCRIPTION Robustness Variable Enter the number of queries. A multicast address entry (learned only on an upstream port by snooping) is removed from the forwarding table when there is no response to the configured number of queries sent by the router connected to the upstream port. This value should be exactly the same as what’s configured in the connected multicast router.
Chapter 22 Multicast 22.4.3 MLD Snooping-proxy VLAN Port Role Setting Click the Port Role Setting link in the Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN screen to display the screen as shown. See Section 22.1 on page 184 for more information on multicasting. Figure 116 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN > Port Role Setting The following table describes the labels in this screen.
Chapter 22 Multicast Table 90 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN > Port Role Setting (continued) LABEL DESCRIPTION Leave Mode Select the leave mode for the specified downstream port(s) in this VLAN.
Chapter 22 Multicast screen to display the screen as shown. See Section 22.1 on page 184 for more information on multicasting. Figure 117 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering The following table describes the labels in this screen. Table 91 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering LABEL DESCRIPTION Active Select this option to enable MLD filtering on the Switch. Port This field displays the port number.
Chapter 22 Multicast 22.4.5 MLD Snooping-proxy Filtering Profile Use this screen to create an MLD filtering profile and set the range of the multicast address(es). Click the Filtering Profile link in the Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering screen to display the screen as shown. Figure 118 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering > Filtering Profile The following table describes the labels in this screen.
Chapter 22 Multicast Table 92 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering > Filtering Profile (continued) LABEL DESCRIPTION Delete To delete the profile(s) and all the accompanying rules, select the profile(s) that you want to remove in the Delete Profile column, then click the Delete button. To delete a rule(s) from a profile, select the rule(s) that you want to remove in the Delete Rule column, then click the Delete button.
Chapter 22 Multicast update the multicast forwarding table to forward or not forward multicast traffic to the receiver ports. In compatible mode, the Switch does not send any IGMP reports. In this case, you must manually configure the forwarding settings on the multicast devices in the multicast VLAN. 22.5.
Chapter 22 Multicast Note: Your Switch automatically creates a static VLAN (with the same VID) when you create a multicast VLAN in this screen. Figure 121 Advanced Application > Multicast > Multicast Setup > MVR The following table describes the related labels in this screen. Table 93 Advanced Application > Multicast > Multicast Setting > MVR LABEL DESCRIPTION Active Select this check box to enable MVR to allow one single multicast VLAN to be shared among different subscriber VLANs on the network.
Chapter 22 Multicast Table 93 Advanced Application > Multicast > Multicast Setting > MVR (continued) LABEL DESCRIPTION * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them.
Chapter 22 Multicast Note: A port can belong to more than one multicast VLAN. However, IP multicast group addresses in different multicast VLANs cannot overlap. Figure 122 Advanced Application > Multicast > Multicast Setup > MVR > Group Configuration The following table describes the labels in this screen.
Chapter 22 Multicast Table 94 Advanced Application > Multicast > Multicast Setup > MVR > Group Configuration LABEL DESCRIPTION Delete Select the entry(ies) that you want to remove in the Delete column, then click the Delete button to remove the selected entry(ies) from the table. Note: If you delete a multicast VLAN, all multicast groups in this VLAN will also be removed. Cancel Select Cancel to clear the checkbox(es) in the table. 22.6.
Chapter 22 Multicast To configure the MVR settings on the Switch, create a multicast VLAN in the MVR screen and set the receiver and source ports.
Chapter 22 Multicast To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two IPv4 multicast groups (News and Movie) are configured for the multicast VLAN 200.
C HAPTER 23 AAA This chapter describes how to configure authentication, authorization and accounting settings on the Switch. 23.1 Authentication, Authorization and Accounting (AAA) Authentication is the process of determining who a user is and validating access to the Switch. The Switch can authenticate users who try to log in based on user accounts configured on the Switch itself. The Switch can also use an external authentication server to authenticate a large number of users.
Chapter 23 AAA 23.1.2 RADIUS and TACACS+ RADIUS and TACACS+ are security protocols used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device. In essence, RADIUS and TACACS+ authentication both allow you to validate an unlimited number of users from a central location. The following table describes some key differences between RADIUS and TACACS+.
Chapter 23 AAA authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown. Figure 129 Advanced Application > AAA > RADIUS Server Setup The following table describes the labels in this screen. Table 96 Advanced Application > AAA > RADIUS Server Setup LABEL DESCRIPTION Authentication Server Use this section to configure your RADIUS authentication settings.
Chapter 23 AAA Table 96 Advanced Application > AAA > RADIUS Server Setup (continued) 212 LABEL DESCRIPTION Delete Check this box if you want to remove an existing RADIUS server entry from the Switch. This entry is deleted when you click Apply. Apply Click Apply to save your changes to the Switch’s run-time memory.
Chapter 23 AAA 23.2.2 TACACS+ Server Setup Use this screen to configure your TACACS+ server settings. See Section 23.1.2 on page 210 for more information on TACACS+ servers. Click on the TACACS+ Server Setup link in the Authentication and Accounting screen to view the screen as shown. Figure 130 Advanced Application > AAA > TACACS+ Server Setup The following table describes the labels in this screen.
Chapter 23 AAA Table 97 Advanced Application > AAA > TACACS+ Server Setup (continued) 214 LABEL DESCRIPTION TCP Port The default port of a TACACS+ server for authentication is 49. You need not change this value unless your network administrator instructs you to do so. Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external TACACS+ server and the Switch. This key is not sent over the network.
Chapter 23 AAA 23.2.3 AAA Setup Use this screen to configure authentication, authorization and accounting settings on the Switch. Click on the AAA Setup link in the AAA screen to view the screen as shown. Figure 131 Advanced Application > AAA > AAA Setup The following table describes the labels in this screen. Table 98 Advanced Application > AAA > AAA Setup LABEL DESCRIPTION Authentication Use this section to specify the methods used to authenticate users accessing the Switch.
Chapter 23 AAA Table 98 Advanced Application > AAA > AAA Setup (continued) LABEL DESCRIPTION Login These fields specify which database the Switch should use (first, second and third) to authenticate administrator accounts (users for Switch management). Configure the local user accounts in the Access Control > Logins screen. The TACACS+ and RADIUS are external servers. Before you specify the priority, make sure you have set up the corresponding database correctly first.
Chapter 23 AAA Table 98 Advanced Application > AAA > AAA Setup (continued) LABEL DESCRIPTION Mode The Switch supports two modes of recording login events. Select: • • Method start-stop - to have the Switch send information to the accounting server when a user begins a session, during a user’s session (if it lasts past the Update Period), and when a user ends a session. stop-only - to have the Switch send information to the accounting server only when a user ends a session.
Chapter 23 AAA The following table describes the VSAs supported on the Switch. Note that these attributes only work when you enable authorization (see Section 23.2.3 on page 215).
Chapter 23 AAA Refer to RFC 2865 for more information about RADIUS attributes used for authentication. Refer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting. This section lists the attributes used by authentication and accounting functions on the Switch. In cases where the attribute has a specific format associated with it, the format is specified. 23.3.
Chapter 23 AAA 23.3.2.1 Attributes Used for Accounting System Events NAS-IP-Address NAS-Identifier Acct-Status-Type Acct-Session-ID - The format of Acct-Session-Id is date+time+8-digit sequential number, for example, 2007041917210300000001. (date: 2007/04/19, time: 17:21:03, serial number: 00000001) Acct-Delay-Time 23.3.2.
Chapter 23 AAA 23.3.2.3 Attributes Used for Accounting IEEE 802.
C HAPTER 24 IP Source Guard Use IP source guard to filter unauthorized DHCP and ARP packets in your network. 24.1 IP Source Guard Overview IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in your network. A binding contains these key attributes: • MAC address • VLAN ID • IP address • Port number When the Switch receives a DHCP or ARP packet, it looks up the appropriate MAC address, VLAN ID, IP address, and port number in the binding table.
Chapter 24 IP Source Guard Trusted ports are connected to DHCP servers or other switches. The Switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high. The Switch learns dynamic bindings from trusted ports. Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports. Untrusted ports are connected to subscribers.
Chapter 24 IP Source Guard 24.1.1.3 DHCP Relay Option 82 Information The Switch can add information to DHCP requests that it does not discard. This provides the DHCP server more information about the source of the requests. The Switch can add the following information: • Slot ID (1 byte), port ID (1 byte), and source VLAN ID (2 bytes) • System name (up to 32 bytes) This information is stored in an Agent Information field in the option 82 field of the DHCP headers of client DHCP request frames.
Chapter 24 IP Source Guard • It pretends to be computer A and responds to computer B. • It pretends to be computer B and sends a message to computer A. As a result, all the communication between computer A and computer B passes through computer X. Computer X can read and alter the information passed between them. 24.1.2.
Chapter 24 IP Source Guard 24.2 IP Source Guard Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns the bindings by snooping DHCP packets (dynamic bindings) and from information provided manually by administrators (static bindings). To open this screen, click Advanced Application > IP Source Guard.
Chapter 24 IP Source Guard ID as an existing static binding, the new static binding replaces the original one. To open this screen, click Advanced Application > IP Source Guard > Static Binding. Figure 135 IP Source Guard > Static Binding The following table describes the labels in this screen.
Chapter 24 IP Source Guard Table 105 IP Source Guard > Static Binding (continued) LABEL DESCRIPTION VLAN Enter the source VLAN ID in the binding. Port Specify the port(s) in the binding. If this binding has one port, select the first radio button and enter the port number in the field to the right. If this binding applies to all ports, select Any. Add Click this to create a new entry or to update an existing one. This saves your changes to the Switch’s run-time memory.
Chapter 24 IP Source Guard 24.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping. Figure 136 IP Source Guard > DHCP Snooping The following table describes the labels in this screen. Table 106 IP Source Guard > DHCP Snooping LABEL DESCRIPTION Database Status This section displays the current settings for the DHCP snooping database.
Chapter 24 IP Source Guard Table 106 IP Source Guard > DHCP Snooping (continued) LABEL DESCRIPTION Write delay timer This field displays how long (in seconds) the Switch tries to complete a specific update in the DHCP snooping database before it gives up. Abort timer This field displays how long (in seconds) the Switch waits to update the DHCP snooping database after the current bindings change.
Chapter 24 IP Source Guard Table 106 IP Source Guard > DHCP Snooping (continued) LABEL DESCRIPTION Last ignored bindings counters This section displays the number of times and the reasons the Switch ignored bindings the last time it read bindings from the DHCP binding database. You can clear these counters by restarting the Switch or using CLI commands. See the Ethernet Switch CLI Reference Guide.
Chapter 24 IP Source Guard still available after a restart. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure. Figure 137 IP Source Guard > DHCP Snooping > Configure The following table describes the labels in this screen. Table 107 IP Source Guard > DHCP Snooping > Configure LABEL DESCRIPTION Active Select this to enable DHCP snooping on the Switch. You still have to enable DHCP snooping on specific VLAN and specify trusted ports.
Chapter 24 IP Source Guard Table 107 IP Source Guard > DHCP Snooping > Configure (continued) LABEL Renew DHCP Snooping URL DESCRIPTION Enter the location of a DHCP snooping database, and click Renew if you want the Switch to load it. You can use this to load dynamic bindings from a different DHCP snooping database than the one specified in Agent URL. When the Switch loads dynamic bindings from a DHCP snooping database, it does not discard the current dynamic bindings first.
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 108 IP Source Guard > DHCP Snooping Port Configure LABEL DESCRIPTION Port This field displays the port number. If you configure the * port, the settings are applied to all of the ports. Server Trusted state Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted).
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 109 IP Source Guard > DHCP Snooping VLAN Configure LABEL DESCRIPTION Show VLAN Use this section to specify the VLANs you want to manage in the section below. Start VID Enter the lowest VLAN ID you want to manage in the section below. End VID Enter the highest VLAN ID you want to manage in the section below. Apply Click this to display the specified range of VLANs in the section below.
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 110 IP Source Guard > DHCP Snooping VLAN Port Configure LABEL DESCRIPTION VID Enter the ID number of the VLAN you want to configure here. Port Enter the number of port(s) to which you want to apply the specified DHCP option 82 profile. You can enter multiple ports separated by (no space) comma (,) or hyphen (-). For example, enter “3-5” for ports 3, 4, and 5. Enter “3,5,7” for ports 3, 5, and 7.
Chapter 24 IP Source Guard and source VLAN ID of the unauthorized ARP packet. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection. Figure 141 IP Source Guard > ARP Inspection Status The following table describes the labels in this screen. Table 111 IP Source Guard > ARP Inspection Status LABEL DESCRIPTION Total number of filters This field displays the current number of MAC address filters that were created because the Switch identified unauthorized ARP packets.
Chapter 24 IP Source Guard 24.6.1 ARP Inspection VLAN Status Use this screen to look at various statistics about ARP packets in each VLAN. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > VLAN Status. Figure 142 IP Source Guard > ARP Inspection VLAN Status The following table describes the labels in this screen.
Chapter 24 IP Source Guard 24.6.2 ARP Inspection Log Status Use this screen to look at log messages that were generated by ARP packets and that have not been sent to the syslog server yet. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Log Status. Figure 143 IP Source Guard > ARP Inspection Log Status The following table describes the labels in this screen.
Chapter 24 IP Source Guard 24.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global settings for the ARP inspection log. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure. Figure 144 IP Source Guard > ARP Inspection Configure The following table describes the labels in this screen.
Chapter 24 IP Source Guard Table 114 IP Source Guard > ARP Inspection Configure (continued) LABEL Syslog rate DESCRIPTION Type the maximum number of syslog messages the Switch can send to the syslog server in one batch. This number is expressed as a rate because the batch frequency is determined by the Log Interval. You must configure the syslog server (Chapter 44 on page 362) to use this. Enter 0 if you do not want the Switch to send log messages generated by ARP packets to the syslog server.
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 115 IP Source Guard > ARP Inspection Port Configure LABEL DESCRIPTION Port This field displays the port number. If you configure the * port, the settings are applied to all of the ports. Trusted State Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted). The Switch does not discard ARP packets on trusted ports for any reason.
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 116 IP Source Guard > ARP Inspection VLAN Configure LABEL DESCRIPTION VLAN Use this section to specify the VLANs you want to manage in the section below. Start VID Enter the lowest VLAN ID you want to manage in the section below. End VID Enter the highest VLAN ID you want to manage in the section below. Apply Click this to display the specified range of VLANs in the section below.
C HAPTER 25 Loop Guard This chapter shows you how to configure the Switch to guard against loops on the edge of your network. 25.1 Loop Guard Overview Loop guard allows you to configure the Switch to shut down a port if it detects that packets sent out on that port loop back to the Switch. While you can use Spanning Tree Protocol (STP) to prevent loops in the core of your network. STP cannot prevent loops that occur on the edge of your network.
Chapter 25 Loop Guard The following figure shows port N on switch A connected to switch B. Switch B is in loop state. When broadcast or multicast packets leave port N and reach switch B, they are sent back to port N on A as they are rebroadcast from B. Figure 148 Switch in Loop State B A N The loop guard feature checks to see if a loop guard enabled port is connected to a switch in loop state. This is accomplished by periodically sending a probe packet and seeing if the packet returns on the same port.
Chapter 25 Loop Guard Note: After resolving the loop problem on your network you can re-activate the disabled port via the web configurator (see Section 6.6 on page 64) or via commands (see the Ethernet Switch CLI Reference Guide). 25.2 Loop Guard Setup Click Advanced Application > Loop Guard in the navigation panel to display the screen as shown. Note: The loop guard feature can not be enabled on the ports that have Spanning Tree Protocol (RSTP, MRSTP or MSTP) enabled.
Chapter 25 Loop Guard Table 117 Advanced Application > Loop Guard (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh.
C HAPTER 26 VLAN Mapping This chapter shows you how to configure VLAN mapping on the Switch. 26.1 VLAN Mapping Overview With VLAN mapping enabled, the Switch can map the VLAN ID and priority level of packets received from a private network to those used in the service provider’s network. The Switch checks incoming traffic from the switch ports (non-management ports) against the VLAN mapping table first, the MAC learning table and then the VLAN table before forwarding them through the Gigabit uplink port.
Chapter 26 VLAN Mapping 26.2 Enabling VLAN Mapping Click Advanced Application and then VLAN Mapping in the navigation panel to display the screen as shown. Figure 153 VLAN Mapping The following table describes the labels in this screen. Table 118 VLAN Mapping LABEL DESCRIPTION Active Select this option to enable VLAN mapping on the Switch. Port This field displays the port number. * Use this row to make the setting the same for all ports.
Chapter 26 VLAN Mapping 26.3 Configuring VLAN Mapping Click the VLAN Mapping Configure link in the VLAN Mapping screen to display the screen as shown. Use this screen to enable and edit the VLAN mapping rule(s). Figure 154 VLAN Mapping Configuration The following table describes the labels in this screen. Table 119 VLAN Mapping Configuration LABEL DESCRIPTION Active Check this box to activate this rule. Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes.
Chapter 26 VLAN Mapping Table 119 VLAN Mapping Configuration (continued) LABEL DESCRIPTION Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes.
C HAPTER 27 Layer 2 Protocol Tunneling This chapter shows you how to configure layer-2 protocol tunneling on the Switch. 27.1 Layer 2 Protocol Tunneling Overview Layer-2 protocol tunneling (L2PT) is used on the service provider's edge devices.
Chapter 27 Layer 2 Protocol Tunneling To emulate a point-to-point topology between two customer switches at different sites, such as A and B, you can enable protocol tunneling on edge switches 1 and 2 for PAgP (Port Aggregation Protocol), LACP or UDLD (UniDirectional Link Detection). Figure 156 L2PT Network Example B A STP STP STP 1 Service Provider's Network D 2 C 27.1.1 Layer-2 Protocol Tunneling Mode Each port can have two layer-2 protocol tunneling modes, Access and Tunnel.
Chapter 27 Layer 2 Protocol Tunneling 27.2 Configuring Layer 2 Protocol Tunneling Click Advanced Application > Layer 2 Protocol Tunneling in the navigation panel to display the screen as shown. Figure 157 Advanced Application > Layer 2 Protocol Tunneling The following table describes the labels in this screen. Table 120 Advanced Application > Layer 2 Protocol Tunneling LABEL DESCRIPTION Active Select this to enable layer-2 protocol tunneling on the Switch.
Chapter 27 Layer 2 Protocol Tunneling Table 120 Advanced Application > Layer 2 Protocol Tunneling (continued) LABEL DESCRIPTION STP Select this option to have the Switch tunnel STP (Spanning Tree Protocol) packets so that STP can run properly across the service provider’s network and spanning trees can be set up based on bridge information from all (local and remote) networks.
C HAPTER 28 sFlow This chapter shows you how to configure sFlow to have the Switch monitor traffic in a network and send information to an sFlow collector for analysis. 28.1 sFlow Overview sFlow (RFC 3176) is a standard technology for monitoring switched networks. An sFlow agent embedded on a switch or router gets sample data and packet statistics from traffic forwarded through its ports. The sFlow agent then creates sFlow data and sends it to an sFlow collector.
Chapter 28 sFlow 28.2 sFlow Port Configuration Click Advanced Application > sFlow in the navigation panel to display the screen as shown. Figure 159 Advanced Application > sFlow The following table describes the labels in this screen. Table 121 Advanced Application > sFlow LABEL DESCRIPTION Active Select this to enable the sFlow agent on the Switch. Apply Click Apply to save your changes to the Switch’s run-time memory.
Chapter 28 sFlow Table 121 Advanced Application > sFlow (continued) LABEL DESCRIPTION Collector Address Enter the IP address of the sFlow collector. Note: You must have the sFlow collector already configured in the sFlow > Collector screen. The sFlow collector does not need to be in the same subnet as the Switch, but it must be accessible from the Switch. Note: Configure UDP port 6343 (the default) on a NAT router to allow port forwarding if the collector is behind a NAT router.
Chapter 28 sFlow Table 122 Advanced Application > sFlow > Collector (continued) LABEL DESCRIPTION Cancel Click Cancel to reset the fields to your previous configuration. Clear Click Clear to reset the fields to the factory defaults. Index This field displays the index number of this entry. Click on an index number to change the settings. Collector Address This field displays IP address of the sFlow collector.
C HAPTER 29 PPPoE This chapter describes how the Switch gives a PPPoE termination server additional information that the server can use to identify and authenticate a PPPoE client. 29.1 PPPoE Intermediate Agent Overview A PPPoE Intermediate Agent (PPPoE IA) is deployed between a PPPoE server and PPPoE clients.
Chapter 29 PPPoE Table 125 PPPoE IA Remote ID Sub-option Format SubOpt Length Value 0x02 N MAC Address or String (1 byte) (1 byte) (63 bytes) The 1 in the first field identifies this as an Agent Circuit ID sub-option and 2 identifies this as an Agent Remote ID sub-option. The next field specifies the length of the field. The Switch takes the Circuit ID string you manually configure for a VLAN on a port as the highest priority and the Circuit ID string for a port as the second priority.
Chapter 29 PPPoE Trusted ports are connected to PPPoE servers. • If a PADO (PPPoE Active Discovery Offer), PADS (PPPoE Active Discovery Session-confirmation), or PADT (PPPoE Active Discovery Terminate) packet is sent from a PPPoE server and received on a trusted port, the Switch forwards it to all other ports. • If a PADI or PADR packet is sent from a PPPoE client but received on a trusted port, the Switch forwards it to other trusted port(s).
Chapter 29 PPPoE Click Advanced Application > PPPoE > Intermediate Agent in the navigation panel to display the screen as shown. Figure 162 Advanced Application > PPPoE > Intermediate Agent The following table describes the labels in this screen. Table 128 Advanced Application > PPPoE > Intermediate Agent LABEL DESCRIPTION Active Select this option to enable the PPPoE intermediate agent globally on the Switch.
Chapter 29 PPPoE Table 128 Advanced Application > PPPoE > Intermediate Agent (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 29.3.
Chapter 29 PPPoE Table 129 Advanced Application > PPPoE > Intermediate Agent > Port (continued) LABEL DESCRIPTION Server Trusted State Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted). Trusted ports are uplink ports connected to PPPoE servers.
Chapter 29 PPPoE Click the VLAN link in the Intermediate Agent > Port screen to display the screen as shown. Figure 164 Advanced Application > PPPoE > Intermediate Agent > Port > VLAN The following table describes the labels in this screen. Table 130 Advanced Application > PPPoE > Intermediate Agent > Port > VLAN LABEL DESCRIPTION Show Port Enter a port number to show the PPPoE Intermediate Agent settings for the specified VLAN(s) on the port.
Chapter 29 PPPoE 29.3.3 PPPoE IA for VLAN Use this screen to set whether the PPPoE Intermediate Agent is enabled on a VLAN and whether the Switch appends the Circuit ID and/or Remote ID to PPPoE discovery packets from a specific VLAN. Click the VLAN link in the Intermediate Agent screen to display the screen as shown. Figure 165 Advanced Application > PPPoE > Intermediate Agent > VLAN The following table describes the labels in this screen.
C HAPTER 30 Error Disable This chapter shows you how to configure the rate limit for control packets on a port, and set the Switch to take an action (such as to shut down a port or stop sending packets) on a port when the Switch detects a pre-configured error. It also shows you how to configure the Switch to automatically undo the action after the error is gone. 30.1 CPU Protection Overview Switches exchange protocol control packets in a network to get the latest networking information.
Chapter 30 Error Disable 30.3 The Error Disable Screen Use this screen to configure error disable related settings. Click Advanced Application > Errdisable in the navigation panel to open the following screen. Figure 166 Advanced Application > Errdisable 30.4 CPU Protection Configuration Use this screen to limit the maximum number of control packets (ARP, BPDU and/or IGMP) that the Switch can receive or transmit on a port.
Chapter 30 Error Disable The following table describes the labels in this screen. Table 132 Advanced Application > Errdisable > CPU protection LABEL DESCRIPTION Reason Select the type of control packet you want to configure here. Port This field displays the port number. * Use this row to make the setting the same for all ports. Use this row first and then make adjustments to each port if necessary. Note: Changes in this row are copied to all the ports as soon as you make them.
Chapter 30 Error Disable Table 133 Advanced Application > Errdisable > Errdisable Detect (continued) LABEL DESCRIPTION Mode Select the action that the Switch takes when the number of control packets exceed the rate limit on a port, set in the Advanced Application > Errdisable > CPU protection screen. • • • inactive-port - The Switch disables the port on which the control packets are received.
Chapter 30 Error Disable Table 134 Advanced Application > Errdisable > Errdisable Recovery (continued) 272 LABEL DESCRIPTION Timer Status Select this option to allow the Switch to wait for the specified time interval to activate a port or allow specific packets on a port, after the error was gone. Deselect this option to turn off this rule. Interval Enter the number of seconds (from 30 to 2592000) for the time interval. Apply Click Apply to save your changes to the Switch’s run-time memory.
C HAPTER 31 MAC Pinning This chapter shows you how to configure MAC pinning on the Switch. 31.1 MAC Pinning Overview When the Switch obtains a connected device’s MAC address, it adds an entry in the MAC address forwarding table and uses the table to determine how to forward frames. In addition to the source MAC address of a received frame, the Switch also learns the VLAN to which the device belongs and the port on which the frame is received.
Chapter 31 MAC Pinning 31.2 MAC Pinning Configuration Use this screen to enable MAC pinning on the Switch and on specific ports. Click Advanced Application > MAC Pinning in the navigation panel to open the following screen. Figure 170 Advanced Application > MAC Pinning The following table describes the labels in this screen. Table 135 Advanced Application > MAC Pinning LABEL DESCRIPTION Active Select this option to turn on the MAC pinning function on the Switch.
C HAPTER 32 Private VLAN 32.1 Private VLAN Overview Use private VLAN if you want you to block traffic between ports in the same VLAN. Community and Isolated VLANs are secondary private VLANs that must be associated with a Primary private VLAN. • Primary: Ports in a Primary VLAN are promiscuous and they can communicate with all promiscuous ports in the same primary VLAN, and all ports in associated community and isolated VLANs. They cannot communicate with ports in different primary VLANs.
Chapter 32 Private VLAN Table 136 PVLAN Graphic Key (continued) LABEL DESCRIPTION C-VLAN 101 Community private VLAN I-VLAN 102 Isolated private VLAN Tagged Private VLANs can span switches but trunking ports must be VLAN-trunking ports - see Advanced > VLAN > VLAN Port Setting.
Chapter 32 Private VLAN Note: Isolation in VLAN > VLAN Port Setting (see Section 7.5.4 on page 94) has a higher priority than private VLAN settings, so promiscuous ports with Isolation in VLAN > VLAN Port Setting enabled will not be able to communicate with each other. 32.1.1 Configuration You must go to the Static VLAN screen first (see Section 7.5.3 on page 92) to create VLAN IDs for Primary, Isolated or Community VLANs. Click Advanced Application > Private VLAN to display the following screen.
Chapter 32 Private VLAN The following table describes the labels in this screen. Table 138 Advanced Application > Private VLAN LABEL DESCRIPTION Port Use the * row to make the setting the same for all entries. Use this row first and then make adjustments to each entry if necessary. Note: Changes in this row are copied to all the entries as soon as you make them. Mode This is the type of VLAN mapped to this port. • • • • Associated VLAN Normal: These are ports in a static VLAN.
C HAPTER 33 Green Ethernet This chapter shows you how to configure the Switch to reduce the power consumed by switch ports. 33.1 Green Ethernet Overview Green Ethernet reduces switch port power consumption in the following ways. • IEEE 802.3az Energy Efficient Ethernet (EEE) If EEE is enabled, both sides of a link support EEE and there is no traffic, the port enters Low Power Idle (LPI) mode. LPI mode turns off some functions of the physical layer (becomes quiet) to save power.
Chapter 33 Green Ethernet Note: EEE, Auto Power Down and Short Reach are not supported on an uplink port. Figure 172 Advanced Application > Green Ethernet The following table describes the labels in this screen. Table 139 Advanced Application > Green Ethernet LABEL DESCRIPTION EEE Select this to activate Energy Efficient Ethernet globally. Auto Power Down Select this to activate Auto Power Down globally. Short Reach Select this to activate Short Reach globally.
C HAPTER 34 Static Route This chapter shows you how to configure static routes. 34.1 Static Routing Overview The Switch usually uses the default gateway to route outbound traffic from computers on the LAN to the Internet. To have the Switch send data to devices not reachable through the default gateway, use static routes. For example, the next figure shows a computer (A) connected to the Switch. The Switch routes most traffic from A to the Internet through the Switch’s default gateway (R1).
Chapter 34 Static Route rules. Click the link next to IPv6 Static Route to open a screen where you can create IPv6 static routing rules. Figure 174 IP Application > Static Routing 34.3 Configuring IPv4 Static Routing Click the link next to IPv4 Static Route in the IP Application > Static Routing screen to display the screen as shown. Figure 175 IP Application > Static Routing > IPv4 Static Route The following table describes the related labels you use to create a static route.
Chapter 34 Static Route Table 140 IP Application > Static Routing > IPv4 Static Route (continued) LABEL DESCRIPTION Metric The metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.
Chapter 34 Static Route 34.4 Configuring IPv6 Static Routing Click the link next to IPv6 Static Route in the IP Application > Static Routing screen to display the screen as shown. Figure 176 IP Application > Static Routing > IPv6 Static Route The following table describes the related labels you use to create a static route. Table 141 IP Application > Static Routing > IPv6 Static Route LABEL DESCRIPTION Route Destination Enter the IPv6 address of the final destination.
Chapter 34 Static Route Table 141 IP Application > Static Routing > IPv6 Static Route (continued) LABEL DESCRIPTION Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the Delete check boxes.
C HAPTER 35 Policy Routing This chapter shows you how to configure policy routing rules. 35.1 Policy Route Overview Traditionally, routing is based on the destination address only and the Switch takes the shortest path to forward a packet. Policy routing provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator. Policy-based routing is applied to incoming packets prior to the normal routing.
Chapter 35 Policy Routing 35.2 Configuring Policy Routing Profile Click IP Application > Policy Routing in the navigation panel to display the screen as shown. Use this screen to configure a policy routing profile, which can consist of multiple policy routing rules. Figure 177 IP Application > Policy Routing The following table describes the labels in this screen.
Chapter 35 Policy Routing matching classifier and the action to take when a packet meets the criteria in the classifier. The action is taken only when all the criteria are met. Policy-based routing is applied to incoming packets on a per interface basis before normal routing. The Switch does not perform normal routing on packets that match any of the policy routes. Click Rule Configuration in the IP Application > Policy Routing screen to display the screen as shown.
Chapter 35 Policy Routing Table 143 IP Application > Policy Routing > Rule Configuration (continued) LABEL DESCRIPTION Action Enter the IP address of the gateway. The gateway is an immediate neighbor of your Switch that will forward the packet to the destination. Add Click this to create a new entry or to update an existing one. This saves your changes to the Switch’s run-time memory.
C HAPTER 36 Differentiated Services This chapter shows you how to configure Differentiated Services (DiffServ) on the Switch. 36.1 DiffServ Overview Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types.
Chapter 36 Differentiated Services various traffic policies to the traffic flows. For example, one traffic policy would be to give higher drop precedence to one traffic flow over others. In our example packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Platinum traffic flow as they move across the DiffServ network. Figure 180 DiffServ Network A P G S B P - Platinum G - Gold S - Silver B - Bronze S G P P S G P P S B B 36.
Chapter 36 Differentiated Services 36.2.1 TRTCM - Color-blind Mode All packets are evaluated against the PIR. If a packet exceeds the PIR it is marked red. Otherwise it is evaluated against the CIR. If it exceeds the CIR then it is marked yellow. Finally, if it is below the CIR then it is marked green. Figure 181 TRTCM - Color-blind Mode Exceed NO CIR? Exceed NO PIR? Low Packet Loss YES YES High Packet Loss Medium Packet Loss 36.2.
Chapter 36 Differentiated Services Click IP Application > DiffServ in the navigation panel to display the screen as shown. Figure 183 IP Application > DiffServ The following table describes the labels in this screen. Table 144 IP Application > DiffServ LABEL DESCRIPTION Active Select this option to enable DiffServ on the Switch. Port This field displays the index number of a port on the Switch. * Settings in this row apply to all ports.
Chapter 36 Differentiated Services Note: You cannot enable both TRTCM and Bandwidth Control at the same time. Figure 184 IP Application > DiffServ > 2-rate 3 Color Marker The following table describes the labels in this screen. Table 145 IP Application > DiffServ > 2-rate 3 Color Marker LABEL DESCRIPTION Active Select this to activate TRTCM (Two Rate Three Color Marker) on the Switch. The Switch evaluates and marks the packets based on the TRTCM settings.
Chapter 36 Differentiated Services Table 145 IP Application > DiffServ > 2-rate 3 Color Marker (continued) LABEL DESCRIPTION Commit Rate Specify the Commit Information Rate (CIR) for this port. Peak Rate Specify the Peak Information Rate (PIR) for this port. DSCP Select a pre-defined DSCP profile. The Switch assigns the DSCP values defined in the profile to packets based on the color they are marked via TRTCM. Apply Click Apply to save your changes to the Switch’s run-time memory.
Chapter 36 Differentiated Services Table 146 IP Application > DiffServ > 2-rate 3 Color Marker > DSCP Profile (continued) LABEL DESCRIPTION Profile Name This field displays the descriptive name of the profile. Click the profile name to change the settings. Green This field displays the DSCP value to use for packets with low packet loss priority. Yellow This field displays the DSCP value to use for packets with medium packet loss priority.
Chapter 36 Differentiated Services The following table describes the labels in this screen. Table 148 IP Application > DiffServ > DSCP Setting LABEL DESCRIPTION 0 … 63 This is the DSCP classification identification number. To set the IEEE 802.1p priority mapping, select the priority level from the drop-down list box. Apply Click Apply to save your changes to the Switch’s run-time memory.
C HAPTER 37 DHCP This chapter shows you how to configure the DHCP feature. 37.1 DHCP Overview DHCP (Dynamic Host Configuration Protocol RFC 2131 and RFC 2132) allows individual computers to obtain TCP/IP configuration at start-up from a server. You can configure the Switch as a DHCP server or a DHCP relay agent. When configured as a server, the Switch provides the TCP/IP configuration for the clients.
Chapter 37 DHCP and create option 82 profiles. Click the link next to DHCPv6 to open a screen where you can configure DHCPv6 relay settings. Figure 187 IP Application > DHCP 37.3 DHCPv4 Status Click IP Application > DHCP > DHCPv4 in the navigation panel. The DHCP Status screen displays. Figure 188 IP Application > DHCP > DHCPv4 The following table describes the labels in this screen.
Chapter 37 DHCP 37.3.1 DHCPv4 Server Status Detail Click IP Application > DHCP > DHCPv4 in the navigation panel and then click an existing index number of a DHCP server configuration to view the screen as shown. Use this screen to view details regarding DHCP server settings configured on the Switch. Figure 189 IP Application > DHCP > DHCPv4 > Server Status Detail The following table describes the labels in this screen.
Chapter 37 DHCP information (such as the IP address and subnet mask) between a DHCP client and a DHCP server. Once the DHCP client obtains an IP address and can connect to the network, network information renewal is done between the DHCP client and the DHCP server without the help of the Switch. The Switch can be configured as a global DHCP relay. This means that the Switch forwards all DHCP requests from all domains to the same DHCP server.
Chapter 37 DHCP 37.4.2 DHCPv4 Option 82 Profile Use this screen to create DHCPv4 option 82 profiles. Click IP Application > DHCP > DHCPv4 in the navigation panel and click the Option 82 Profile link to display the screen as shown. Figure 190 IP Application > DHCP > DHCPv4 > Option 82 Profile The following table describes the labels in this screen. Table 154 IP Application > DHCP > DHCPv4 > Option 82 Profile LABEL DESCRIPTION Name Enter a descriptive name for the profile for identification purposes.
Chapter 37 DHCP Table 154 IP Application > DHCP > DHCPv4 > Option 82 Profile (continued) LABEL DESCRIPTION mac Select this option to have the Switch add its MAC address to the client DHCP requests that it relays to a DHCP server. string Enter a string of up to 64 ASCII characters for the remote ID information in this field. Spaces are allowed. Add Click this to create a new entry or to update an existing one. This saves your changes to the Switch’s run-time memory.
Chapter 37 DHCP Table 155 IP Application > DHCP > DHCPv4 > Global (continued) LABEL DESCRIPTION Option 82 Profile Select a pre-defined DHCPv4 option 82 profile that the Switch applies to all ports. The Switch adds the Circuit ID sub-option and/or Remote ID sub-option specified in the profile to DHCP requests that it relays to a DHCP server. Apply Click Apply to save your changes to the Switch’s run-time memory.
Chapter 37 DHCP Table 156 IP Application > DHCP > DHCPv4 > Global > Port (continued) LABEL DESCRIPTION Index This field displays a sequential number for each entry. Click an index number to change the settings. Port This field displays the port(s) to which the Switch applies the settings. Profile Name This field displays the DHCP option 82 profile that the Switch applies to the port(s).
Chapter 37 DHCP together with the DHCP requests to the DHCP server. This allows the DHCP server to assign the appropriate IP address according to the VLAN ID. Figure 194 DHCP Relay Configuration Example EXAMPLE 37.5 Configuring DHCP VLAN Settings Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients. Click IP Application > DHCP > DHCPv4 in the navigation panel, then click the VLAN link In the DHCP Status screen that displays.
Chapter 37 DHCP Note: You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the Switch. See Section 6.5 on page 62 for information on how to do this. Figure 195 IP Application > DHCP > DHCPv4 > VLAN The following table describes the labels in this screen. Table 157 IP Application > DHCP > DHCPv4 > VLAN LABEL DESCRIPTION VID Enter the ID number of the VLAN to which these DHCP settings apply.
Chapter 37 DHCP Table 157 IP Application > DHCP > DHCPv4 > VLAN (continued) LABEL Primary/ Secondary DNS Server Relay Remote DHCP Server 1 .. 3 DESCRIPTION Enter the IP addresses of the DNS servers. The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask. Use this section if you want to configure the Switch to function as a DHCP relay for this VLAN. Enter the IP address of a DHCP server in dotted decimal notation.
Chapter 37 DHCP The following table describes the labels in this screen. Table 158 IP Application > DHCP > DHCPv4 > VLAN > Port LABEL DESCRIPTION VID Enter the ID number of the VLAN you want to configure here. Port Enter the number of port(s) to which you want to apply the specified DHCP option 82 profile. You can enter multiple ports separated by (no space) comma (,) or hyphen (-). For example, enter “3-5” for ports 3, 4, and 5. Enter “3,5,7” for ports 3, 5, and 7.
Chapter 37 DHCP the academic buildings (VLAN 2) are sent to the other DHCP server with an IP address of 172.16.10.100. Figure 197 DHCP Relay for Two VLANs DHCP:192.168.1.100 VLAN 1 VLAN 2 DHCP:172.16.10.100 For the example network, configure the VLAN Setting screen as shown.
Chapter 37 DHCP 37.6 DHCPv6 Relay A DHCPv6 relay agent is on the same network as the DHCPv6 clients and helps forward messages between the DHCPv6 server and clients. When a client cannot use its link-local address and a wellknown multicast address to locate a DHCPv6 server on its network, it then needs a DHCPv6 relay agent to send a message to a DHCPv6 server that is not attached to the same network.
Chapter 37 DHCP Table 159 IP Application > DHCP > DHCPv6 (continued) 312 LABEL DESCRIPTION Cancel Click Cancel to reset the fields to their last saved values. Clear Click Clear to reset the fields to the factory defaults. VID This field displays the VLAN ID number. Click the VLAN ID to change the settings. Helper Address This field displays the IPv6 address of the remote DHCPv6 server for this VLAN.
C HAPTER 38 VRRP This chapter shows you how to configure and monitor the Virtual Router Redundancy Protocol (VRRP) on the Switch. 38.1 VRRP Overview Each host on a network is configured to send packets to a statically configured default gateway (this Switch). The default gateway can become a single point of failure. Virtual Router Redundancy Protocol (VRRP), defined in RFC 2338, allows you to create redundant backup gateways to ensure that the default gateway of a host is always available.
Chapter 38 VRRP 38.2 VRRP Status Click IP Application > VRRP in the navigation panel to display the VRRP Status screen as shown next. Figure 201 IP Application > VRRP Status The following table describes the labels in this screen. Table 160 IP Application > VRRP Status LABEL DESCRIPTION Index This field displays the index number of a rule. Network This field displays the IP address and the subnet mask bits of an IP routing domain that is associated to a virtual router.
Chapter 38 VRRP Click IP Application, VRRP and click the Configuration link to display the VRRP Configuration screen as shown next. Note: You can only configure VRRP on interfaces with unique VLAN IDs. Note: Routing domains with the same VLAN ID are not displayed in the table indicated. Figure 202 IP Application > VRRP Configuration: IP Interface The following table describes the labels in this screen.
Chapter 38 VRRP Table 161 IP Application > VRRP Configuration: IP Interface (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to discard all changes made in this table. 38.3.2 VRRP Parameters This section describes the VRRP parameters.
Chapter 38 VRRP 38.3.3 Configuring VRRP Parameters After you set up an IP interface, configure the VRRP parameters in the VRRP Configuration screen. Figure 203 IP Application > VRRP Configuration: VRRP Parameters The following table describes the labels in this screen. Table 162 IP Application > VRRP Configuration: VRRP Parameters LABEL DESCRIPTION Active Select this option to enable this VRRP entry. Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes.
Chapter 38 VRRP Table 162 IP Application > VRRP Configuration: VRRP Parameters (continued) LABEL DESCRIPTION Add Click this to create a new entry or to update an existing one. This saves your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to discard all changes made in this table.
Chapter 38 VRRP 38.4.1 One Subnet Network Example The figure below shows a simple VRRP network with only one virtual router VR1 (VRID =1) and two switches. The network is connected to the WAN via an uplink gateway G (172.16.1.100). The host computer X is set to use VR1 as the default gateway. Figure 205 VRRP Configuration Example: One Virtual Router Network 172.16.1.1 172.16.1.100 172.16.1.10 You want to set switch A as the master router.
Chapter 38 VRRP After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next. Figure 208 VRRP Example 1: VRRP Status on Switch A EXAMPLE Figure 209 VRRP Example 1: VRRP Status on Switch B EXAMPLE 38.4.2 Two Subnets Example The following figure depicts an example in which two switches share the network traffic. Hosts in the two network groups use different default gateways. Each switch is configured to backup a virtual router using VRRP.
Chapter 38 VRRP You need to configure the VRRP Configuration screen for virtual router VR2 on each switch, while keeping the VRRP configuration in example 1 for virtual router VR1 (refer to Section 38.4.2 on page 320). Configure the VRRP parameters on the switches as shown in the figures below.
C HAPTER 39 Load Sharing 39.1 Load Sharing Overview The Switch learns the next-hop(s) using ARP and determines routing path(s) for a destination. The Switch supports Equal-Cost MultiPath (ECMP) to forward packets destined to the same device (A for example) through different routing paths (1, 2 and 3) of equal path cost. This allows you to balance or share traffic loads between multiple routing paths when the Switch is connected to more than one next-hop.
Chapter 39 Load Sharing The following table describes the labels in this screen. Table 164 IP Application > Load Sharing LABEL DESCRIPTION Active Select this option to enable Equal-Cost MultiPath (ECMP) routing on the Switch. Criteria Select the criteria the Switch uses to determine the routing path for a packet. Select src-ip to have the Switch use a hash algorithm to convert a packet’s source IP address into a hash value which acts as an index to a route path.
C HAPTER 40 ARP Setup 40.1 ARP Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The ARP table maintains an association between each MAC address and its corresponding IP address. 40.1.
Chapter 40 ARP Setup ICMP reply from host B, it sends out an ARP request to get host A’s MAC address and updates the ARP table with host A’s ARP reply. The Switch then can forward host B’s ICMP reply to host A. B A ARP Request ARP Reply ICMP Request ARP Request ARP Reply ICMP Request ICMP Reply ARP Request ARP Reply ICMP Reply 40.1.2.
Chapter 40 ARP Setup Therefore in the following example, the Switch can learn host A’s MAC address from the ARP request sent by host A. The Switch then forwards host B’s ICMP reply to host A right after getting host B’s MAC address and ICMP reply. B A ARP Request ARP Reply ICMP Request ARP Request ARP Reply ICMP Request ICMP Reply ICMP Reply 40.2 ARP Setup Click IP Application > ARP Setup in the navigation panel to display the screen as shown.
Chapter 40 ARP Setup 40.2.1 ARP Learning Use this screen to configure each port’s ARP learning mode. Click the link next to ARP Learning in the IP Application > ARP Setup screen to display the screen as shown next. Figure 217 IP Application > ARP Setup > ARP Learning The following table describes the labels in this screen. Table 165 IP Application > ARP Setup > ARP Learning LABEL DESCRIPTION Port This field displays the port number. * Settings in this row apply to all ports.
Chapter 40 ARP Setup Table 165 IP Application > ARP Setup > ARP Learning (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 40.2.
Chapter 40 ARP Setup Table 166 IP Application > ARP Setup > Static ARP (continued) LABEL DESCRIPTION Index This field displays the index number of an entry. Click an index number to change the settings. Active This field displays Yes when the entry is activated and NO when it is deactivated. Name This field displays the descriptive name for this entry. This is for identification purposes only.
Chapter 40 ARP Setup 330 GS3700/XGS3700 Series User’s Guide
C HAPTER 41 Maintenance This chapter explains how to configure the maintenance screens that let you maintain the firmware and configuration files. 41.1 The Maintenance Screen Use this screen to manage firmware and your configuration files. Click Management > Maintenance in the navigation panel to open the following screen. Figure 219 Management > Maintenance The following table describes the labels in this screen.
Chapter 41 Maintenance 41.2 Load Factory Default Follow the steps below to reset the Switch back to the factory defaults. 1 2 In the Maintenance screen, click the Click Here button next to Load Factory Default to clear all Switch configuration information you configured and return to the factory defaults. Click OK to reset all Switch configurations to the factory defaults. Figure 220 Load Factory Default: Start 3 In the web configurator, click the Save button to make the changes take effect.
Chapter 41 Maintenance 1 In the Maintenance screen, click the Config 1 button next to Reboot System to reboot and load configuration one. The following screen displays. Figure 221 Reboot System: Confirmation 2 Click OK again and then wait for the Switch to restart. This takes up to two minutes. This does not affect the Switch’s configuration. Click Config 2 and follow steps 1 to 2 to reboot and load configuration two on the Switch. 41.
Chapter 41 Maintenance 41.6 Restore a Configuration File Restore a previously saved configuration from your computer to the Switch using the Restore Configuration screen. Figure 223 Management > Maintenance > Restore Configuration Type the path and file name of the configuration file you wish to restore in the File Path text box or click Browse to display the Choose File screen from which you can locate it. After you have specified the file, click Restore.
Chapter 41 Maintenance 41.8 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands. First, understand the filename conventions. 41.8.1 Filename Conventions The configuration file (also known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and so on. Once you have customized the Switch’s settings, they can be saved back to your computer under a filename of your choosing.
Chapter 41 Maintenance Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device. 41.8.2 FTP Command Line Procedure 1 Launch the FTP client on your computer. 2 Enter open, followed by a space and the IP address of your Switch. 3 Press [ENTER] when prompted for a username (the default is “admin”). 4 Enter your password as requested (the default is “1234”). 5 Enter bin to set transfer mode to binary.
C HAPTER 42 Access Control This chapter describes how to control access to the Switch. 42.1 Access Control Overview A console port and FTP are allowed one session each, Telnet and SSH share nine sessions, up to five Web sessions (five different usernames and passwords) and/or limitless SNMP access control sessions are allowed.
Chapter 42 Access Control SNMP version 3. The next figure illustrates an SNMP management operation. SNMP is only available if TCP/IP is configured. Figure 226 SNMP Management Model An SNMP managed network consists of two main components: agents and a manager. An agent is a management software module that resides in a managed Switch (the Switch). An agent translates the local management information from the managed Switch into a form compatible with SNMP.
Chapter 42 Access Control 42.3.2 Supported MIBs MIBs let administrators collect statistics and monitor status and performance. The Switch supports the following MIBs: • SNMP MIB II (RFC 1213) • RFC 1157 SNMP v1 • RFC 1493 Bridge MIBs • RFC 1643 Ethernet MIBs • RFC 1155 SMI • RFC 2674 SNMPv2, SNMPv2c • RFC 1757 RMON • SNMPv2, SNMPv2c or later version, compliant with RFC 2011 SNMPv2 MIB for IP, RFC 2012 SNMPv2 MIB for TCP, RFC 2013 SNMPv2 MIB for UDP 42.3.
Chapter 42 Access Control Table 172 SNMP System Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION reset zySysMgmtUncontrolledSyste mReset 1.3.6.1.4.1.890.1.15.3.49.2.1 This trap is sent when the Switch automatically resets. zySysMgmtControlledSystem Reset 1.3.6.1.4.1.890.1.15.3.49.2.2 This trap is sent when the Switch resets by an administrator through a management interface. zySysMgmtBootImageInconsi 1.3.6.1.4.1.890.1.15.3.49.2.
Chapter 42 Access Control Table 173 SNMP InterfaceTraps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION transceiverddm zyTransceiverDdmiTemperature OutOfRange 1.3.6.1.4.1.890.1.15.3.84.3.1 This trap is sent when the transceiver temperature is above or below the normal operating range. zyTransceiverDdmiTxPowerOutO fRange 1.3.6.1.4.1.890.1.15.3.84.3.2 This trap is sent when the transmitted optical power is above or below the normal operating range. zyTransceiverDdmiRxPowerOutO 1.3.6.1.4.1.
Chapter 42 Access Control Table 175 SNMP IP Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION ping pingProbeFailed 1.3.6.1.2.1.80.0.1 This trap is sent when a single ping probe fails. pingTestFailed 1.3.6.1.2.1.80.0.2 This trap is sent when a ping test (consisting of a series of ping probes) fails. pingTestCompleted 1.3.6.1.2.1.80.0.3 This trap is sent when a ping test is completed. traceRouteTestFailed 1.3.6.1.2.1.81.0.2 This trap is sent when a traceroute test fails.
Chapter 42 Access Control 42.3.4 Configuring SNMP From the Access Control screen, display the SNMP screen. You can click Access Control to go back to the Access Control screen. Figure 227 Management > Access Control > SNMP The following table describes the labels in this screen. Table 177 Management > Access Control > SNMP LABEL DESCRIPTION General Setting Use this section to specify the SNMP version and community (password) values. Version Select the SNMP version for the Switch.
Chapter 42 Access Control Table 177 Management > Access Control > SNMP (continued) LABEL DESCRIPTION Username Enter the username to be sent to the SNMP manager along with the SNMP v3 trap. Note: This username must match an existing account on the Switch (configured in the Management > Access Control > SNMP > User screen). Apply Click Apply to save your changes to the Switch’s run-time memory.
Chapter 42 Access Control Table 178 Management > Access Control > SNMP > Trap Group (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 42.3.
Chapter 42 Access Control Table 179 Management > Access Control > SNMP > Trap Group > Port (continued) LABEL DESCRIPTION Active Select this check box to enable the sending of SNMP traps on this port. The Switch sends the related traps received on this port to the SNMP manager. Clear this check box to disable the sending of SNMP traps on this port. Apply Click Apply to save your changes to the Switch’s run-time memory.
Chapter 42 Access Control Table 180 Management > Access Control > SNMP > User (continued) LABEL DESCRIPTION Security Level Select whether you want to implement authentication and/or encryption for SNMP communication from this user. Choose: • • • noauth -to use the username as the password string to send to the SNMP manager. This is equivalent to the Get, Set and Trap Community in SNMP v2c. This is the lowest security level.
Chapter 42 Access Control 42.4 Setting Up Login Accounts Up to five people (one administrator and four non-administrators) may access the Switch via web configurator at any one time. • An administrator is someone who can both view and configure Switch changes. The username for the Administrator is always admin. The default administrator password is 1234. Note: It is highly recommended that you change the default administrator password (1234).
Chapter 42 Access Control Table 181 Management > Access Control > Logins (continued) LABEL DESCRIPTION Password Enter your new system password. Retype to confirm Retype your new system password for confirmation Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Chapter 42 Access Control 42.6 How SSH works The following table summarizes how a secure connection is established between two remote hosts. Figure 233 How SSH Works 1 Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server. The client automatically saves any new server public keys.
Chapter 42 Access Control 42.7 SSH Implementation on the Switch Your Switch supports SSH version 2 using RSA authentication and three encryption methods (DES, 3DES and Blowfish). The SSH server is implemented on the Switch for remote management and file transfer on port 22. Only one SSH connection is allowed at a time. 42.7.1 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the Switch over SSH. 42.
Chapter 42 Access Control Note: If you disable HTTP in the Service Access Control screen, then the Switch blocks all HTTP connection attempts. 42.9 HTTPS Example If you haven’t changed the default HTTPS port on the Switch, then in your browser enter “https:// Switch IP Address/” as the web site address where “Switch IP Address” is the IP address or domain name of the Switch you wish to access. 42.9.1 Internet Explorer Warning Messages 42.9.1.
Chapter 42 Access Control 42.9.1.2 Internet Explorer 7 or 8 When you attempt to access the Switch HTTPS server, a screen with the message "There is a problem with this website's security certificate." may display. If that is the case, click Continue to this website (not recommended) to proceed to the web configurator login screen. Figure 236 Security Certificate Warning (Internet Explorer 7 or 8) After you log in, you will see the red address bar with the message Certificate Error.
Chapter 42 Access Control Click Install Certificate... and follow the on-screen instructions to install the certificate in your browser.
Chapter 42 Access Control 42.9.2 Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server, a This Connection is Unstructed screen may display. If that is the case, click I Understand the Risks and then the Add Exception... button.
Chapter 42 Access Control Confirm the HTTPS server URL matches. Click Confirm Security Exception to proceed to the web configurator login screen. Figure 240 Security Alert (Mozilla Firefox) EXAMPLE 42.9.3 The Main Screen After you accept the certificate and enter the login username and password, the Switch main screen appears.
Chapter 42 Access Control Mozilla Firefox) or next to the address bar (in connection. Internet Explorer 7 or 8) denotes a secure Figure 241 Example: Lock Denoting a Secure Connection EXAMPLE 42.10 Service Access Control Service Access Control allows you to decide what services you may use to access the Switch.
Chapter 42 Access Control the Remote Management screen (discussed later). Click Access Control to go back to the main Access Control screen. Figure 242 Management > Access Control > Service Access Control The following table describes the fields in this screen. Table 182 Management > Access Control > Service Access Control LABEL DESCRIPTION Services Services you may use to access the Switch are listed here.
Chapter 42 Access Control You can specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. Click Access Control to return to the Access Control screen. Figure 243 Management > Access Control > Remote Management The following table describes the labels in this screen. Table 183 Management > Access Control > Remote Management LABEL DESCRIPTION Entry This is the client set index number.
C HAPTER 43 Diagnostic This chapter explains the Diagnostic screen. 43.1 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests. Figure 244 Management > Diagnostic The following table describes the labels in this screen. Table 184 Management > Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi-line text box.
Chapter 43 Diagnostic Table 184 Management > Diagnostic (continued) LABEL IPv4 DESCRIPTION Select this option if you want to ping an IPv4 address, and select which traffic flow (inband or out-of-band) the Switch is to send ping frames. If you select in-band, the Switch sends the frames to all ports except the management port (labelled MGMT). If you select out-of-band, the Switch sends the frames to the management port (labelled MGMT). IPv6 Select this option if you want to ping an IPv6 address.
C HAPTER 44 Syslog This chapter explains the syslog screens. 44.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server. Syslog is defined in RFC 3164. The RFC defines the packet format, content and system log related information of syslog messages. Each syslog message has a facility and severity level.
Chapter 44 Syslog 44.2 Syslog Setup Click Management > Syslog in the navigation panel to display this screen. The syslog feature sends logs to an external syslog server. Use this screen to configure the device’s system logging settings. Figure 245 Management > Syslog The following table describes the labels in this screen.
Chapter 44 Syslog 44.3 Syslog Server Setup Click Management > Syslog > Syslog Server Setup to open the following screen. Use this screen to configure a list of external syslog servers. Figure 246 Management > Syslog > Server Setup The following table describes the labels in this screen. Table 187 Management > Syslog > Server Setup 364 LABEL DESCRIPTION Active Select this check box to have the device send logs to this syslog server.
C HAPTER 45 Cluster Management This chapter introduces cluster management. 45.1 Clustering Management Status Overview Cluster Management allows you to manage switches through one Switch, called the cluster manager. The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another.
Chapter 45 Cluster Management In the following example, switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members. Figure 247 Clustering Application Example 45.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager.
Chapter 45 Cluster Management The following table describes the labels in this screen. Table 189 Management > Cluster Management LABEL DESCRIPTION Status This field displays the role of this Switch within the cluster. Manager Member (you see this if you access this screen in the cluster member switch directly and not via the cluster manager) None (neither a manager nor a member of a cluster) Manager This field displays the cluster manager switch’s hardware MAC address.
Chapter 45 Cluster Management configurator home page. This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different. Figure 249 Cluster Management: Cluster Member Web Configurator Screen EXAMPLE EXAMPLE 45.2.1.1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example.
Chapter 45 Cluster Management The following table explains some of the FTP parameters. Table 190 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION User Enter “admin”. Password The web configurator password default is 1234. ls Enter this command to list the name of cluster member switch’s firmware and configuration file. 410AAGB0.bin This is the name of the firmware file you want to upload to the cluster member switch.
Chapter 45 Cluster Management The following table describes the labels in this screen. Table 191 Management > Clustering Management > Configuration LABEL DESCRIPTION Clustering Manager Active Select Active to have this Switch become the cluster manager switch. A cluster can only have one manager. Other (directly connected) switches that are set to be cluster managers will not be visible in the Clustering Candidates list.
C HAPTER 46 MAC Table This chapter introduces the MAC Table screen. 46.1 MAC Table Overview The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forwarded or filtered across the Switch’s ports. When a device (which may belong to a VLAN group) sends a packet which is forwarded to a port on the Switch, the MAC address of the device is shown on the Switch’s MAC Table.
Chapter 46 MAC Table 46.2 Viewing the MAC Table Click Management > MAC Table in the navigation panel to display the following screen. Use this screen to search specific MAC addresses. You can also directly add dynamic MAC address(es) into the static MAC forwarding table or MAC filtering table from the MAC table using this screen. Figure 253 Management > MAC Table The following table describes the labels in this screen.
Chapter 46 MAC Table Table 192 Management > MAC Table (continued) LABEL DESCRIPTION Index This is the incoming frame index number. MAC Address This is the MAC address of the device from which this incoming frame came. VID This is the VLAN group to which this frame belongs. Port This is the port from which the above MAC address was learned. Type This shows whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen).
C HAPTER 47 IP Table This chapter introduces the IP table. 47.1 IP Table Overview The IP Table screen shows how packets are forwarded or filtered across the Switch’s ports. When a device (which may belong to a VLAN group) sends a packet which is forwarded to a port on the Switch, the IP address of the device is shown on the Switch’s IP Table. The IP Table also shows whether the IP address is dynamic (learned by the Switch) or static (belonging to the Switch).
Chapter 47 IP Table 47.2 Viewing the IP Table Click Management > IP Table in the navigation panel to display the following screen. Figure 255 Management > IP Table The following table describes the labels in this screen. Table 193 Management > IP Table LABEL DESCRIPTION Sort by Click one of the following buttons to display and arrange the data according to that button type. The information is then displayed in the summary table below.
C HAPTER 48 ARP Table This chapter introduces ARP Table. 48.1 ARP Table Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The ARP Table maintains an association between each MAC address and its corresponding IP address. 48.1.
Chapter 48 ARP Table 48.2 The ARP Table Screen Click Management > ARP Table in the navigation panel to open the following screen. Use the ARP table to view IP-to-MAC address mapping(s) and remove specific dynamic ARP entries. Figure 256 Management > ARP Table The following table describes the labels in this screen. Table 194 Management > ARP Table LABEL DESCRIPTION Condition Specify how you want the Switch to remove ARP entries when you click Flush.
C HAPTER 49 Routing Table This chapter introduces the routing table. 49.1 Overview The routing table contains the route information to the network(s) that the Switch can reach. 49.2 Viewing the Routing Table Status Use this screen to view routing table information. Click Management > Routing Table in the navigation panel to display the screen as shown. Figure 257 Management > Routing Table The following table describes the labels in this screen.
C HAPTER 50 Path MTU Table This chapter introduces the IPv6 Path MTU table. 50.1 Path MTU Overview The largest size (in bytes) of a packet that can be transferred over a data link is called the maximum transmission unit (MTU). The Switch uses Path MTU Discovery to discover Path MTU (PMTU), that is, the minimum link MTU of all the links in a path to the destination.
C HAPTER 51 Configure Clone This chapter shows you how you can copy the settings of one port onto other ports. 51.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen.
Chapter 51 Configure Clone The following table describes the labels in this screen. Table 197 Management > Configure Clone LABEL DESCRIPTION Source/ Destination Enter the source port under the Source label. This port’s attributes are copied. Port Enter the destination port or ports under the Destination label. These are the ports which are going to have the same attributes as the source port. You can enter individual ports separated by a comma or a range of ports by using a dash.
C HAPTER 52 Neighbor Table This chapter introduces the IPv6 neighbor table. 52.1 IPv6 Neighbor Table Overview An IPv6 host is required to have a neighbor table. If there is an address to be resolved or verified, the Switch sends out a neighbor solicitation message. When the Switch receives a neighbor advertisement in response, it stores the neighbor’s link-layer address in the neighbor table.
Chapter 52 Neighbor Table Table 198 Management > Neighbor Table (continued) LABEL DESCRIPTION Status This field displays whether the neighbor IPv6 interface is reachable. In IPv6, “reachable” means an IPv6 packet can be correctly forwarded to a neighbor node (host or router) and the neighbor can successfully receive and handle the packet. The available options in this field are: • • • • • • • Type reachable (R): The interface of the neighboring device is reachable.
Chapter 52 Neighbor Table 384 GS3700/XGS3700 Series User’s Guide
C HAPTER 53 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • Switch Access and Login • Switch Configuration 53.1 Power, Hardware Connections, and LEDs The Switch does not turn on. None of the LEDs turn on. 1 Make sure the Switch is turned on (in DC models or if the DC power supply is connected in AC/DC models).
Chapter 53 Troubleshooting One of the LEDs does not behave as expected. 1 Make sure you understand the normal behavior of the LED. See Section 3.3 on page 36. 2 Check the hardware connections. See Section 3.1 on page 31. 3 Inspect your cables for damage. Contact the vendor to replace any damaged cables. 4 Turn the Switch off and on (in DC models or if the DC power supply is connected in AC/DC models).
Chapter 53 Troubleshooting • If you changed the IP address, use the new IP address. • If you changed the IP address and have forgotten it, see the troubleshooting suggestions for I forgot the IP address for the Switch. 2 Check the hardware connections, and make sure the LEDs are behaving as expected. See Section 3.3 on page 36. 3 Make sure your Internet browser does not block pop-up windows and has JavaScripts and Java enabled. 4 Make sure your computer is in the same subnet as the Switch.
Chapter 53 Troubleshooting I cannot see some of Advanced Application submenus at the bottom of the navigation panel. The recommended screen resolution is 1024 by 768 pixels. Adjust the value in your computer and then you should see the rest of Advanced Application submenus at the bottom of the navigation panel. There is unauthorized access to my Switch via telnet, HTTP and SSH.
A PPENDIX A Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service.
Appendix A Common Services Table 199 Commonly Used Services (continued) 390 NAME PROTOCOL PORT(S) DESCRIPTION HTTPS TCP 443 HTTPS is a secured http session often used in ecommerce. ICMP User-Defined 1 Internet Control Message Protocol is often used for diagnostic or routing purposes. ICQ UDP 4000 This is a popular Internet chat program. IGMP (MULTICAST) User-Defined 2 Internet Group Multicast Protocol is used when sending packets to a specific group of hosts.
Appendix A Common Services Table 199 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SQL-NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers. SSH TCP/UDP 22 Secure Shell Remote Login Program. STRM WORKS UDP 1558 Stream Works Protocol. SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server.
Appendix A Common Services 392 GS3700/XGS3700 Series User’s Guide
A PPENDIX B IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted.
Appendix B IPv6 Global Address A global address uniquely identifies a device on the Internet. It is similar to a “public IP address” in IPv4. A global unicast address starts with a 2 or 3. Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address. It is similar to “0.0.0.0” in IPv4. Loopback Address A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to “127.0.0.1” in IPv4.
Appendix B IPv6 Table 202 Reserved Multicast Address (continued) MULTICAST ADDRESS FF0A:0:0:0:0:0:0:0 FF0B:0:0:0:0:0:0:0 FF0C:0:0:0:0:0:0:0 FF0D:0:0:0:0:0:0:0 FF0E:0:0:0:0:0:0:0 FF0F:0:0:0:0:0:0:0 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F). Each block’s 16 bits are then represented by four hexadecimal characters.
Appendix B IPv6 combines its interface ID and global and subnet information advertised from the router. This is a routable global IP address. DHCPv6 The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, RFC 3315) is a server-client protocol that allows a DHCP server to assign and pass IPv6 network addresses, prefixes and other configuration information to DHCP clients. DHCPv6 servers and clients exchange DHCP messages using UDP.
Appendix B IPv6 such as the system name. The interface-ID option provides slot number, port information and the VLAN ID to the DHCPv6 server. The remote-ID option (if any) is stripped from the Relay-Reply messages before the relay agent sends the packets to the clients. The DHCP server copies the interface-ID option from the Relay-Forward message into the Relay-Reply message and sends it to the relay agent. The interface-ID should not change even after the relay agent restarts.
Appendix B IPv6 determine whether the destination address is on-link and can be reached directly without passing through a router. If the address is onlink, the address is considered as the next hop. Otherwise, the Switch determines the next-hop from the default router list or routing table. Once the next hop IP address is known, the Switch looks into the neighbor cache to get the link-layer address and sends the packet when the neighbor is reachable.
Appendix B IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses. C:\>ipv6 install Installing... Succeeded. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific IP Address. . . . . Subnet Mask . . . . IP Address. . . . .
Appendix B IPv6 4 Double click Dibbler - a DHCPv6 client. 5 Click Start and then OK. 6 Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer. To enable IPv6 in Windows 7: 400 1 Select Control Panel > Network and Sharing Center > Local Area Connection. 2 Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it.
Appendix B IPv6 4 Click Close to exit the Local Area Connection Status screen. 5 Select Start > All Programs > Accessories > Command Prompt. 6 Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS IPv6 Address. . . . . . Link-local IPv6 Address IPv4 Address. . . . . . Subnet Mask . . . . . .
Appendix B IPv6 402 GS3700/XGS3700 Series User’s Guide
A PPENDIX C Legal Information Copyright Copyright © 2013 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix C Legal Information ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in material or workmanship for a specific period (the Warranty Period) from the date of purchase. The Warranty Period varies by region. Check with your vendor and/or the authorized ZyXEL local distributor for details about the Warranty Period of this product.
Appendix C Legal Information RoHS ENGLISH DEUTSCH Green Product Declaration Grünes Produkt Erklärung RoHS Directive 2011/65/EU RoHS Richtlinie 2011/65/EU ESPAÑOL Declaración de Producto Ecológico FRANÇAIS Déclaration de Produit Vert Directiva RoHS 2011/65/UE Directive RoHS 2011/65/UE WEEE Directive 2002/96/EC (WEEE: Waste Electrical and Electronic Equipment) 2003/108/EC;2008/34/EC ElektroG Richtlinie 2002/96/EG (ElektroG: Über Elektro- und Elektronik-Altgeräte) 2003/108/EG;2008/34/EG Directiva
Appendix C Legal Information 406 GS3700/XGS3700 Series User’s Guide
Index Index Numbers setup 215 automatic VLAN registration 88 802.1P priority 65 802.
Index network example 366 setup 369 specification 365 status 366 switch models 365 VID 370 web configurator 367 cluster manager 365 cluster member 365 command interface 24 Common and Internal Spanning Tree (CIST) 114 Common and Internal Spanning Tree, See CIST 116 configuration 283 change running config 332 configuration file 46 backup 334 restore 46, 334 saving 332 configuration, saving 45 console port settings 34 DHCP relay option 82 224 DHCP snooping 222 configuring 224 DHCP relay option 82 224 trusted
Index external authentication server 210 H hardware installation 27 F hardware monitor 57 hardware overview 31 Fan Module 35 hello time 125 fan speed 57 hops 125 FCC interference statement 403 HTTPS 351 certificates 351 implementation 351 public keys, private keys 351 file transfer using FTP command example 335 filename convention, configuration configuration file names 335 filtering 110 rules 110 filtering database, MAC table 371 firmware 57 upgrade 333, 368 flow control 65 back pressure 65 IEEE
Index setup 62 IP source guard 222 ARP inspection 222, 224 DHCP snooping 222 static bindings 222 IP table 374 how it works 374 IPv4 static route configuration 282 IPv6 24, 393 addressing 393 EUI-64 395 global address 394 interface ID 395 link-local address 393 Neighbor Discovery Protocol 24, 393 ping 24, 393 prefix 393 prefix length 393 stateless autoconfiguration 395 unspecified address 394 IPv6 static route configuration 284 L limit MAC address learning 161 Link Aggregate Control Protocol (LACP) 144 li
Index firmware 333 restoring configuration 334 max age 125 max hops 125 MST region 115 network example 115 path cost 126 port priority 126 revision level 125 maintenance 331 current configuration 331 main screen 331 Management Information Base (MIB) 338 management port 34, 104 default IP address 34 managing the device good habits 25 using FTP. See FTP. using SNMP. See SNMP. using Telnet. See command interface. using the command interface. See command interface. using the web configurator.
Index password 45 administrator 348 Path MTU 379 Path MTU Discovery 379 PHB (Per-Hop Behavior) 290 ping, test connection 360 PoE 66 port VLAN trunking 89 port-based VLAN 101 all connected 104 port isolation 104 settings wizard 104 ports “standby” 144 diagnostics 361 mirroring 135 speed/duplex 65 policy 170, 172, 288 and classifier 170, 288 and DiffServ 169 configuration 170, 288 example 173 overview 169 rules 169 viewing 172 Power over Ethernet 66 policy configuration 172 power status 57 policy routi
Index R RADIUS 210 advantages 210 and authentication 210 Network example 209 server 210 settings 210 setup 210 collector 258 configuration 257 datagram 256 overview 256 poll interval 257 sample rate 257 UDP port 258 sFlow agent 256 sFlow collector 256 Rapid Spanning Tree Protocol, See RSTP.
Index static trunking example 150 Static VLAN 92 static VLAN control 93 tagging 93 status 51 LED 36 link aggregation 146 port 51 port details 53 power 57 STP 119, 122, 128 VLAN 90 VRRP 314 STP 112, 255 bridge ID 120, 123 bridge priority 118, 121 configuration 118, 121, 124 designated bridge 113 forwarding delay 119, 122 Hello BPDU 113 Hello Time 118, 120, 121, 123 how it works 113 Max Age 119, 120, 122, 123 path cost 112, 119, 122 port priority 119, 122 port state 113 root port 113 status 119, 122, 128 ter
Index DHCP snooping 223 PPPoE IA 262 user profiles 209 V VLAN stacking 177, 179 configuration 180 example 177 frame format 179 port roles 178, 180 port-based Q-in-Q 181 priority 179 selective Q-in-Q 182 Vendor Specific Attribute See VSA VLAN Trunking Protocol, see VTP ventilation holes 27 VLAN, protocol based, See protocol based VLAN VID 63, 87, 90, 91, 179 number of possible VIDs 87 priority frame 87 VLAN, subnet based, See subnet based VLANs 95 VID (VLAN Identifier) 87 Virtual Router status 314
Index WFQ (Weighted Fair Queuing) 175 WRR (Weighted Round Robin Scheduling 175 Z ZyNOS (ZyXEL Network Operating System) 335 416 GS3700/XGS3700 Series User’s Guide