ES-2024 Series Ethernet Switch User’s Guide Version 3.
ES-2024 Series User’s Guide Copyright Copyright © 2006 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
ES-2024 Series User’s Guide Certifications Federal Communications Commission (FCC) Interference Statement This device complies with Part 15 of FCC rules. Operation is subject to the following two conditions: • This device may not cause harmful interference. • This device must accept any interference received, including interference that may cause undesired operations.
ES-2024 Series User’s Guide Certifications 1 Go to www.zyxel.com 2 Select your product from the drop-down list box on the ZyXEL home page to go to that product's page. 3 Select the certification you wish to view from this page.
ES-2024 Series User’s Guide Safety Warnings For your safety, be sure to read and follow all warning notices and instructions. • • • • • • • • • • • • • • • • • • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. Do NOT expose your device to dampness, dust or corrosive liquids. Do NOT store things on the device. Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning.
ES-2024 Series User’s Guide ZyXEL Limited Warranty ZyXEL warrants to the original end user (purchaser) that this product is free from any defects in materials or workmanship for a period of up to two years from the date of purchase.
ES-2024 Series User’s Guide Customer Support Please have the following information ready when you contact customer support. • • • • Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. METHOD SUPPORT E-MAIL TELEPHONE WEB SITE FAX FTP SITE REGULAR MAIL LOCATION CORPORATE HEADQUARTERS (WORLDWIDE) COSTA RICA CZECH REPUBLIC DENMARK FINLAND SALES E-MAIL support@zyxel.com.
ES-2024 Series User’s Guide METHOD SUPPORT E-MAIL TELEPHONE WEB SITE SALES E-MAIL FAX FTP SITE support@zyxel.no +47-22-80-61-80 www.zyxel.no sales@zyxel.no +47-22-80-61-81 ZyXEL Communications A/S Nils Hansens vei 13 0667 Oslo Norway www.pl.zyxel.com ZyXEL Communications ul. Okrzei 1A 03-715 Warszawa Poland www.zyxel.ru ZyXEL Russia Ostrovityanova 37a Str. Moscow, 117279 Russia www.zyxel.es ZyXEL Communications Arte, 21 5ª planta 28033 Madrid Spain www.zyxel.
ES-2024 Series User’s Guide 9 Customer Support
ES-2024 Series User’ Guide Table of Contents Copyright .................................................................................................................. 2 Certifications ............................................................................................................ 3 Safety Warnings ....................................................................................................... 5 ZyXEL Limited Warranty.....................................................................
ES-2024 Series User’ Guide Chapter 3 Hardware Overview ................................................................................................ 42 3.1 Front Panel Connection .....................................................................................42 3.1.1 Console Port .............................................................................................43 3.1.2 Ethernet Ports ...........................................................................................43 3.1.2.
ES-2024 Series User’ Guide 7.3 General Setup ...................................................................................................69 7.4 Introduction to VLANs ........................................................................................70 7.5 Switch Setup Screen .........................................................................................71 7.6 IP Setup ............................................................................................................72 7.6.
ES-2024 Series User’ Guide Chapter 12 Bandwidth Control ............................................................................................... 100 12.1 Bandwidth Control Setup ..............................................................................100 Chapter 13 Broadcast Storm Control..................................................................................... 102 13.1 Broadcast Storm Control Overview ...............................................................102 13.
ES-2024 Series User’ Guide 18.2 Configuring Queuing Method .........................................................................123 Chapter 19 Multicast................................................................................................................ 124 19.1 Multicast Overview ........................................................................................124 19.1.1 IP Multicast Addresses .........................................................................124 19.1.
ES-2024 Series User’ Guide 22.8.3 GUI-based FTP Clients .........................................................................149 22.8.4 FTP Restrictions ...................................................................................149 Chapter 23 Access Control..................................................................................................... 150 23.1 Access Control Overview ..............................................................................150 23.
ES-2024 Series User’ Guide Chapter 27 MAC Table ............................................................................................................. 176 27.1 MAC Table Overview .....................................................................................176 27.2 Viewing the MAC Table ..................................................................................177 Chapter 28 ARP Table......................................................................................................
ES-2024 Series User’ Guide Chapter 31 Command Examples ............................................................................................ 212 31.1 Overview ........................................................................................................212 31.2 show Commands ...........................................................................................212 31.2.1 show interface ......................................................................................212 31.2.
ES-2024 Series User’ Guide 33.2 Interface Command Examples .......................................................................234 33.2.1 interface port-channel ..........................................................................234 33.2.2 bandwidth-limit .....................................................................................234 33.2.3 mirror ...................................................................................................235 33.2.4 gvrp .............................
ES-2024 Series User’ Guide 35.3 Problems with the Password ..........................................................................256 Product Specifications ........................................................................................ 258 Index......................................................................................................................
ES-2024 Series User’s Guide List of Figures Figure 1 Backbone Application .............................................................................. 33 Figure 2 Bridging Application ................................................................................ 34 Figure 3 High Performance Switched Application ................................................. 34 Figure 4 Tag-based VLAN Application ...................................................................
ES-2024 Series User’s Guide Figure 39 Port Based VLAN Setup (Port Isolation) ............................................... 87 Figure 40 Static MAC Forwarding .......................................................................... 90 Figure 41 Filtering .................................................................................................. 92 Figure 42 Spanning Tree Protocol: Status .............................................................
ES-2024 Series User’s Guide Figure 82 HTTPS Implementation .......................................................................... 158 Figure 83 Security Alert Dialog Box (Internet Explorer) .......................................... 159 Figure 84 Security Certificate 1 (Netscape) ............................................................ 159 Figure 85 Security Certificate 2 (Netscape) ............................................................
ES-2024 Series User’s Guide 23 List of Figures
ES-2024 Series User’s Guide List of Tables Table 1 Front Panel ............................................................................................... 42 Table 2 LEDs ......................................................................................................... 46 Table 3 Navigation Panel Sub-links Overview ....................................................... 50 Table 4 Web Configurator Screen Sub-links Details ..............................................
ES-2024 Series User’s Guide Table 39 Queuing Method ..................................................................................... 123 Table 40 Multicast Status ....................................................................................... 125 Table 41 Multicast Setting ...................................................................................... 126 Table 42 Multicast: IGMP Filtering Profile .............................................................. 128 Table 43 MVR ...........
ES-2024 Series User’s Guide Table 82 Classes of IP Addresses ......................................................................... 263 Table 83 Allowed IP Address Range By Class ...................................................... 263 Table 84 “Natural” Masks ...................................................................................... 264 Table 85 Alternative Subnet Mask Notation ........................................................... 264 Table 86 Two Subnets Example ....................
ES-2024 Series User’s Guide 27 List of Tables
ES-2024 Series User’s Guide Preface Congratulations on your purchase of the ES-2024 Series Ethernet Switch. This preface introduces you to the ES-2024 Series Ethernet Switch and discusses the conventions of this User’s Guide. It also provides information on other related documentation. Note: Register your product online to receive e-mail notices of firmware upgrades and information at www.zyxel.com for global products, or at www.us.zyxel.com for North American products.
ES-2024 Series User’s Guide Graphics Icons Key ES-2024 Series Computer Server Computer DSLAM Gateway Central Office/ ISP Internet Hub/Switch User Guide Feedback Help us help you. E-mail all User Guide-related comments, questions or suggestions for improvement to techwriters@zyxel.com.tw or send regular mail to The Technical Writing Team, ZyXEL Communications Corp., 6 Innovation Road II, Science-Based Industrial Park, Hsinchu, 300, Taiwan. Thank you.
ES-2024 Series User’s Guide CHAPTER 1 Getting to Know Your Switch This chapter introduces the main features and applications of the switch. 1.1 Introduction The switch is a stand-alone layer-2 Ethernet switch with 24 10/100Mbps ports and two Gigabit Ethernet/mini-GBIC ports. The ES-2024PWR comes with the Power-over-Ethernet (PoE) feature. With its built-in web configurator, managing and configuring the switch is easy.
ES-2024 Series User’s Guide Queuing Queuing is used to help solve performance degradation when there is network congestion. Two scheduling services are supported: Strict Priority Queuing (SPQ) and Weighted Round Robin (WRR). This allows the switch to maintain separate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth.
ES-2024 Series User’s Guide • The switch supports IGMP snooping enabling group multicast traffic to be only forwarded to ports that are members of that group; thus allowing you to significantly reduce multicast traffic passing through your switch. • Broadcast storm control Port Authentication and Security For security, the switch allows authentication using IEEE 802.
ES-2024 Series User’s Guide Power over Ethernet (PoE) The ES-2024PWR can provide power to a device (that supports PoE) such as an access point or a switch through a 10/100Mbps Ethernet port. 1.4 Applications This section shows a few examples of using the switch in various network environments. 1.4.1 Backbone Application In this application, the switch is an ideal solution for small networks where rapid growth can be expected in the near future.
ES-2024 Series User’s Guide Figure 2 Bridging Application 1.4.3 High Performance Switched Example The switch is ideal for connecting two networks that need high bandwidth. In the following example, use trunking to connect these two networks. Switching to higher-speed LANs such as ATM (Asynchronous Transmission Mode) is not feasible for most people due to the expense of replacing all existing Ethernet cables and adapter cards, restructuring your network and complex maintenance.
ES-2024 Series User’s Guide A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network belong to one group. A station can belong to more than one group. With VLAN, a station cannot directly talk to or hear from stations that are not in the same group(s) unless such traffic first goes through a router. For more information on VLANs, refer to Chapter 8, “VLAN,” on page 78. 1.4.4.
ES-2024 Series User’s Guide Figure 5 Shared Server Using VLAN Example Chapter 1 Getting to Know Your Switch 36
ES-2024 Series User’s Guide 37 Chapter 1 Getting to Know Your Switch
ES-2024 Series User’s Guide CHAPTER 2 Hardware Installation and Connection This chapter shows you how to install and connect the switch. 2.1 Freestanding Installation 1 Make sure the switch is clean and dry. 2 Set the switch on a smooth, level surface strong enough to support the weight of the switch and the connected cables. Make sure there is a power outlet nearby. 3 Make sure there is enough clearance around the switch to allow air circulation and the attachment of cables and the power cord.
ES-2024 Series User’s Guide 2.2 Mounting the Switch on a Rack This section lists the rack mounting requirements and precautions and describes the installation steps. 2.2.1 Rack-mounted Installation Requirements • Two mounting brackets. • Eight M3 flat head screws and a #2 Philips screwdriver. • Four M5 flat head screws and a #2 Philips screwdriver. Note: Failure to use the proper screws may damage the unit. 2.2.1.
ES-2024 Series User’s Guide Figure 8 Mounting the Switch on a Rack 2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack.
ES-2024 Series User’s Guide 41 Chapter 2 Hardware Installation and Connection
ES-2024 Series User’s Guide CHAPTER 3 Hardware Overview This chapter describes the front panel and rear panel of the switch and shows you how to make the hardware connections. 3.1 Front Panel Connection The figure below shows the front panel of the switch.
ES-2024 Series User’s Guide Table 1 Front Panel (continued) LABEL DESCRIPTION 24 10/100 Mbps Connect these ports to a computer, a hub, an Ethernet switch or router. RJ-45 Ethernet Ports Gigabit Ethernet/ mini GBIC ports Connect these Gigabit Ethernet ports to high-bandwidth backbone network Ethernet switches or use them to daisy-chain other switches. Alternatively, use mini-GBIC transceivers in these slots for fiber-optical connections to backbone Ethernet switches 3.1.
ES-2024 Series User’s Guide • Flow control: off 3.1.3 Mini-GBIC Slots These are slots for mini-GBIC (Gigabit Interface Converter) transceivers. A transceiver is a single unit that houses a transmitter and a receiver. The switch does not come with transceivers. You must use transceivers that comply with the SFP Transceiver MultiSource Agreement (MSA). See the SFF committee’s INF-8074i specification Rev 1.0 for details. There are two pairs of Gigabit Ethernet/mini-GBIC ports.
ES-2024 Series User’s Guide Figure 12 Installed Transceiver 3.1.3.2 Transceiver Removal Use the following steps to remove a mini GBIC transceiver (SFP module). 1 Open the transceiver’s latch (latch styles vary). Figure 13 Opening the Transceiver’s Latch Example 2 Pull the transceiver out of the slot. Figure 14 Transceiver Removal Example 3.2 Rear Panel The following figure shows the rear panel of the switch. The power receptacle is on the read panel. Figure 15 Rear Panel 3.2.
ES-2024 Series User’s Guide To connect the power to the switch, insert the female end of power cord to the power receptacle on the rear panel. Connect the other end of the supplied power cord to the power source. 3.3 LEDs The LEDs are located on the front panel. The following table describes the LEDs on the front panel. Table 2 LEDs LED COLOR STATUS DESCRIPTION PWR Green On The system is turned on. Off The system is off. Blinking The system is rebooting and performing self-diagnostic tests.
ES-2024 Series User’s Guide Table 2 LEDs (continued) 47 LED COLOR STATUS DESCRIPTION ACT Green Blinking The port is sending or receiving data. Off The port is not sending or receiving data.
ES-2024 Series User’s Guide CHAPTER 4 The Web Configurator This section introduces the configuration and functions of the web configurator. 4.1 Introduction The web configurator is an HTML-based management interface that allows easy switch setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
ES-2024 Series User’s Guide 4.3 The Status Screen The Status screen is the first screen that displays when you access the web configurator. The following figure shows the navigating components of a web configurator screen. Figure 17 Web Configurator Home Screen (Status) A B C D E The following describes the components in the web configurator screen. A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window.
ES-2024 Series User’s Guide E - Click this link to display web help pages. The help pages provide descriptions for all of the configuration screens. 4.3.1 Menu Overview In the navigation panel, click a main link to reveal a list of submenu links.
ES-2024 Series User’s Guide The following table lists the various web configurator screens within the sub-links.
ES-2024 Series User’s Guide Table 5 Navigation Panel Links (continued) LINK DESCRIPTION IP Setup This link takes you to a screen where you can configure the management IP address, subnet mask (necessary for switch management) and DNS (domain name server). Port Setup This link takes you to screens where you can configure settings for individual switch ports. Advanced Application VLAN This link takes you to screens where you can configure port-based or 802.
ES-2024 Series User’s Guide Table 5 Navigation Panel Links (continued) LINK DESCRIPTION Cluster Management This link takes you to a screen where you can configure clustering management and view its status. MAC Table This link takes you to a screen where you can view the MAC addresses (and types) of devices attached to what ports and VLAN IDs. ARP Table This link takes you to a screen where you can view the MAC addresses – IP address resolution table.
ES-2024 Series User’s Guide 4.5 Switch Lockout You could block yourself (and all others) from accessing the switch through the web configurator if you do one of the following: 1 Deleting the management VLAN (default is VLAN 1). 2 Deleting all port-based VLANs with the CPU port as a member. The “CPU port” is the management port of the switch. 3 Filtering all traffic to the CPU port. 4 Disabling all ports. 5 Misconfiguring the text configuration file. 6 Forgetting the password and/or IP address.
ES-2024 Series User’s Guide 6 After the factory-default configuration file upload, type atgo to restart the switch. Figure 19 Resetting the Switch: Via the Console Port Bootbase Version: V1.07 | 04/20/2005 13:38:02 RAM: Size = 32768 Kbytes FLASH: AMD 32M *1 ZyNOS Version: V3.70(TX.0)| 07/11/2006 19:59:04 Press any key to enter debug mode within 3 seconds. .................... Enter Debug Mode ES-2024A> atlc Starting XMODEM upload (CRC mode).... CCCCCCCCCCCCCCCC Total 262144 bytes received. Erasing.. ......
ES-2024 Series User’s Guide CHAPTER 5 Initial Setup Example This chapter shows how to set up the switch for an example network. 5.1 Overview The following lists the configuration steps for the initial setup: • Create a VLAN • Set port VLAN ID • Configure the switch IP management address 5.1.1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members.
ES-2024 Series User’s Guide 2 In the Static VLAN screen, select ACTIVE, enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network. Note: The VLAN Group ID field in this screen and the VID field in the IP Setup screen refer to the same VLAN ID. 3 Since the VLAN2 network is connected to port 10 on the switch, select Fixed to configure port 10 to be a permanent member of the VLAN only.
ES-2024 Series User’s Guide 1 Click Advanced Applications and VLAN in the navigation panel. Then click the VLAN Port Setting link. 2 Enter 2 in the PVID field for port 10 and click Apply to set the VLAN port setting and click the Save button to save the settings. 5.1.3 Configuring Switch Management IP Address The default management IP address of the switch is 192.168.1.1. You can configure another IP address in a different subnet for management purposes. The following figure shows an example.
ES-2024 Series User’s Guide 3 Click Basic Setting and IP Setup in the navigation panel. 4 Configure the related fields in the IP Setup screen. For the VLAN2 network, enter 192.168.2.1 as the IP address and 255.255.255.0 as the subnet mask. 5 In the VID field, enter the ID of the VLAN group to which you want this management IP address to belong. This is the same as the VLAN ID you configure in the Static VLAN screen. 6 Click Add.
ES-2024 Series User’s Guide CHAPTER 6 System Status and Port Statistics This chapter describes the system status (web configurator home page) and port details screens. 6.1 Port Status Summary The home screen of the web configurator displays a port statistical summary table with links to each port showing statistical details. To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next.
ES-2024 Series User’s Guide Table 6 Status (continued) LABEL DESCRIPTION Link This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or another value depending on the uplink module being used) and the duplex (F for full duplex or H for half duplex). State If STP (Spanning Tree Protocol) is enabled, this field displays the STP state of the port (see Section 11.2 on page 95 for more information).
ES-2024 Series User’s Guide Figure 25 Status: Port Details The following table describes the labels in this screen. Table 7 Status: Port Details LABEL DESCRIPTION Port Info Port NO. This field displays the port index number. Name This field displays the descriptive port name for identification purposes. Link This field shows whether the Ethernet connection is down, and the speed/duplex mode.
ES-2024 Series User’s Guide Table 7 Status: Port Details (continued) LABEL DESCRIPTION LACP This field shows if LACP is enabled on this port or not. TxPkts This field shows the number of transmitted frames on this port RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port. Tx KB/s This field shows the number kilobytes per second transmitted on this port.
ES-2024 Series User’s Guide Table 7 Status: Port Details (continued) LABEL DESCRIPTION 128-255 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length. 256-511 This field shows the number of packets (including bad packets) received that were between 256 and 511 octets in length. 512-1023 This field shows the number of packets (including bad packets) received that were between 512 and 1023 octets in length.
ES-2024 Series User’s Guide 65 Chapter 6 System Status and Port Statistics
ES-2024 Series User’s Guide CHAPTER 7 Basic Setting This chapter describes how to configure the System Info, General Setup, Switch Setup, IP Setup and Port Setup screens. 7.1 Overview The System Info screen displays general switch information (such as firmware version number) and hardware polling information. The General Setup screen allows you to configure general switch identification information.
ES-2024 Series User’s Guide Figure 26 System Info (ES-2024) Figure 27 System Info (ES-2024PWR) The following table describes the labels in this screen. Table 8 System Info LABEL DESCRIPTION System Name This field displays the descriptive name of the switch for identification purposes. ZyNOS F/W Version This field displays the version number of the switch 's current firmware including the date created.
ES-2024 Series User’s Guide Table 8 System Info (continued) LABEL Remaining Power (W) DESCRIPTION This field displays the amount of power the switch can still provide for PoE. Note: The switch must have at least 16W of remaining power in order to supply power to a PoE device; even if the PoE device requested for a lower power supply than 16W. Hardware Monitor Temperature Unit The switch has temperature sensors that are capable of detecting and reporting if the temperature rises above the threshold.
ES-2024 Series User’s Guide 7.3 General Setup Click Basic Setting and General Setup in the navigation panel to display the screen as shown. Use this screen to configure general settings such as the system name and time. Figure 28 General Setup The following table describes the labels in this screen. Table 9 General Setup 69 LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes. This name consists of up to 64 printable characters; spaces are allowed.
ES-2024 Series User’s Guide Table 9 General Setup (continued) LABEL DESCRIPTION Use Time Server when Bootup Enter the time service protocol that a timeserver sends when you turn on the switch. Not all time servers support all protocols, so you may have to use trial and error to find a protocol that works. The main differences between them are the time format. When you select the Daytime (RFC 867) format, the switch displays the day, month, year and time with no time zone adjustment.
ES-2024 Series User’s Guide Note: VLAN is unidirectional; it only governs outgoing traffic. See Chapter 8 on page 78 for information on port-based and 802.1Q tagged VLANs. 7.5 Switch Setup Screen Click Basic Setting and then Switch Setup in the navigation panel to display the screen as shown. The VLAN setup screens change depending on whether you choose 802.1Q or Port Based in the VLAN Type field in this screen. Refer to the chapter on VLAN.
ES-2024 Series User’s Guide Table 10 Switch Setup (continued) LABEL DESCRIPTION Leave Timer Leave Time sets the duration of the Leave Period timer for GVRP in milliseconds. Each port has a single Leave Period timer. Leave Time must be two times larger than Join Timer. Leave All Timer Leave All Timer sets the duration of the Leave All Period timer for GVRP in milliseconds. Each port has a single Leave All Period timer. Leave All Timer must be larger than Leave Timer. Priority Queue Assignment IEEE 802.
ES-2024 Series User’s Guide You can configure up to 64 IP addresses which are used to access and manage the switch from the ports belonging to the pre-defined VLAN(s). Note: You must configure a VLAN first. Figure 30 IP Setup The following table describes the labels in this screen. Table 11 IP Setup LABEL DESCRIPTION Domain DNS (Domain Name System) is for mapping a domain name to its corresponding IP Name Server address and vice versa.
ES-2024 Series User’s Guide Table 11 IP Setup (continued) LABEL Default Gateway DESCRIPTION Enter the IP address of the default outgoing gateway in dotted decimal notation, for example 192.168.1.254 VID Enter the VLAN identification number associated with the switch IP address. This is the VLAN ID of the CPU and is used for management only. The default is "1". All ports, by default, are fixed members of this "management VLAN" in order to manage the device from any port.
ES-2024 Series User’s Guide Figure 31 Port Setup The following table describes the labels in this screen. Table 12 Port Setup LABEL DESCRIPTION Port This is the port index number. * Use this row to configure all the ports at once. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them.
ES-2024 Series User’s Guide Table 12 Port Setup (continued) LABEL DESCRIPTION Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory causing packet discards and frame losses. Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port. The switch uses IEEE 802.3x flow control in full duplex mode and backpressure flow control in half duplex mode. IEEE 802.
ES-2024 Series User’s Guide 77 Chapter 7 Basic Setting
ES-2024 Series User’s Guide CHAPTER 8 VLAN The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs. 8.1 Introduction to IEEE 802.1Q Tagged VLAN A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created.
ES-2024 Series User’s Guide 8.2 Automatic VLAN Registration GARP and GVRP are the protocols used to automatically register VLAN membership across switches. 8.2.1 GARP GARP (Generic Attribute Registration Protocol) allows network switches to register and deregister attribute values with other GARP participants within a bridged LAN. GARP is a protocol that provides a generic mechanism for protocols that serve a more specific application, for example, GVRP. 8.2.1.
ES-2024 Series User’s Guide Table 13 IEEE 802.1Q VLAN Terminology (continued) VLAN PARAMETER TERM DESCRIPTION VLAN Port Port VID This is the VLAN ID assigned to untagged frames that this port received. Acceptable frame type You may choose to accept both tagged and untagged incoming frames or just tagged incoming frames on a port. Ingress filtering If set, the switch discards incoming frames for VLANs that do not have this port as a member 8.
ES-2024 Series User’s Guide Figure 33 Switch Setup: Select VLAN Type 8.5 Static VLAN Use a static VLAN to decide whether an incoming frame on a port should be • sent to a VLAN group as normal depending on its VLAN tag. • sent to a group whether it has a VLAN tag or not. • blocked from a VLAN group regardless of its VLAN tag. You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID. 8.5.
ES-2024 Series User’s Guide Table 14 VLAN: VLAN Status (continued) LABEL DESCRIPTION Elapsed Time This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up. Status This field shows how this VLAN was added to the switch; dynamic - using GVRP, static - added as a permanent entry or other - added using Multicast VLAN Registration (MVR). Change Pages Click Previous or Next to show the previous/next screen if all status information cannot be seen in one screen.
ES-2024 Series User’s Guide Figure 36 VLAN: Static VLAN The following table describes the related labels in this screen. Table 16 VLAN: Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings. Name Enter a descriptive name for the VLAN group for identification purposes. VLAN Group ID Enter the VLAN ID for this static entry; the valid range is between 1 and 4094. Port The port number identifies the port you are configuring.
ES-2024 Series User’s Guide Table 16 VLAN: Static VLAN (continued) LABEL DESCRIPTION Add Click Add to add the settings as a new entry in the summary table below. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields. Clear Click Clear to start configuring the screen again.
ES-2024 Series User’s Guide Table 17 VLAN: VLAN Port Setting LABEL DESCRIPTION GVRP GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Select this check box to permit VLAN groups beyond the local switch. Port Isolation Port Isolation allows each port (1 to 26) to communicate only with the CPU management port and the uplink ports but not communicate with each other.
ES-2024 Series User’s Guide Port-based VLANs are specific only to the switch on which they were created. Note: When you activate port-based VLAN, the switch uses a default VLAN ID of 1. You cannot change it. In screens (such as IP Setup and Filtering) that require a VID, you must enter 1 as the VID. The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all Ethernet ports. 8.6.
ES-2024 Series User’s Guide Figure 39 Port Based VLAN Setup (Port Isolation) The following table describes the labels in this screen. Table 18 Port Based VLAN Setup LABEL DESCRIPTION Setting Wizard Choose All connected or Port isolation. All connected means all ports can communicate with each other, that is, there are no virtual LANs. All incoming and outgoing ports are selected. This option is the most flexible but also the least secure.
ES-2024 Series User’s Guide Table 18 Port Based VLAN Setup (continued) LABEL DESCRIPTION Outgoing These are the egress ports; an egress port is an outgoing port, that is, a port through which a data packet leaves. If you wish to allow two subscriber ports to talk to each other, you must define the egress port for both ports. CPU refers to the switch management port. By default it forms a VLAN with all Ethernet ports.
ES-2024 Series User’s Guide 89 Chapter 8 VLAN
ES-2024 Series User’s Guide CHAPTER 9 Static MAC Forwarding Use these screens to configure static MAC address forwarding. 9.1 Static MAC Forwarding Overview A static MAC address is an address that has been manually entered in the MAC address table. Static MAC addresses do not age out. When you set up static MAC address rules, you are setting static MAC addresses for a port. This may reduce the need for broadcasting.
ES-2024 Series User’s Guide Table 19 Static MAC Forwarding LABEL DESCRIPTION Active Select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this check box. Name Enter a descriptive name for identification purposes for this static MAC address forwarding rule. MAC Address Enter the MAC address in valid MAC address format, that is, six hexadecimal character pairs. Note: Static MAC addresses do not age out.
ES-2024 Series User’s Guide CHAPTER 10 Filtering This chapter discusses static IP and MAC address port filtering. 10.1 Filtering Overview Port filtering means discarding (or dropping) packets based on the MAC addresses and VLAN group. 10.2 Configure a Filtering Rule Click Advanced Application and Filtering in the navigation panel to display the screen as shown next. Figure 41 Filtering The following table describes the related labels in this screen.
ES-2024 Series User’s Guide Table 20 Filtering (continued) 93 LABEL DESCRIPTION Add Click Add to save the new rule to the switch. It then displays in the summary table at the bottom of the screen. The switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields to your previous configuration.
ES-2024 Series User’s Guide C H A P T E R 11 Spanning Tree Protocol This chapter introduces the Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP). 11.1 STP/RSTP Overview (R)STP detects and breaks network loops and provides backup links between switches, bridges or routers. It allows a switch to interact with other (R)STP -compliant switches in your network to ensure that only one path exists between any two stations on the network. The switch uses IEEE 802.
ES-2024 Series User’s Guide On each bridge, the root port is the port through which this bridge communicates with the root. It is the port on this switch with the lowest path cost to the root (the root path cost). If there is no root port, then this switch has been accepted as the root bridge of the spanning tree network. For each LAN segment, a designated bridge is selected. This bridge has the lowest cost to the root among the bridges connected to the LAN. 11.1.
ES-2024 Series User’s Guide Figure 42 Spanning Tree Protocol: Status The following table describes the labels in this screen. Table 23 Spanning Tree Protocol: Status LABEL DESCRIPTION Spanning Tree Protocol This field displays Running if STP is activated. Otherwise, it displays Down. Configuration Click Configuration to configure STP settings. Refer to Section 11.4 on page 96. Bridge Root refers to the base of the spanning tree (the root bridge). Our Bridge is this switch.
ES-2024 Series User’s Guide Figure 43 Spanning Tree Protocol: Configuration The following table describes the labels in this screen. Table 24 Spanning Tree Protocol: Configuration 97 LABEL DESCRIPTION Status Click Status to display the Spanning Tree Protocol Status screen (see Figure 42 on page 96). Active Select this check box to activate STP. Clear this checkbox to disable STP. Bridge Priority Bridge priority is used in determining the root switch, root port and designated port.
ES-2024 Series User’s Guide Table 24 Spanning Tree Protocol: Configuration (continued) LABEL DESCRIPTION Forwarding Delay This is the maximum time (in seconds) a switch will wait before changing states. This delay is required because every switch must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a blocking state; otherwise, temporary data loops might result.
ES-2024 Series User’s Guide 99 Chapter 11 Spanning Tree Protocol
ES-2024 Series User’s Guide CHAPTER 12 Bandwidth Control This chapter shows you how you can cap the maximum bandwidth using the Bandwidth Control screen. 12.1 Bandwidth Control Setup Bandwidth control means defining a maximum allowable bandwidth for incoming and/or outgoing traffic flows on a port. Click Advanced Application and then Bandwidth Control in the navigation panel to bring up the screen as shown next. Figure 44 Bandwidth Control The following table describes the related labels in this screen.
ES-2024 Series User’s Guide Table 25 Bandwidth Control (continued) LABEL DESCRIPTION * Use this row to configure all the ports at once. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. 101 Active Make sure to select this check box to activate ingress rate limit on this port.
ES-2024 Series User’s Guide CHAPTER 13 Broadcast Storm Control This chapter introduces and shows you how to configure the broadcast storm control feature. 13.1 Broadcast Storm Control Overview Broadcast storm control limits the number of broadcast frames that can be stored in the switch buffer or sent out from the switch. Broadcast frames that arrive when the buffer is full are discarded. Enable this feature to reduce broadcast traffic coming into your network. 13.
ES-2024 Series User’s Guide Table 26 Broadcast Storm Control (continued) LABEL DESCRIPTION * Use this row to configure all the ports at once. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. 103 Active Select this check box to enable broadcast storm control on the port.
ES-2024 Series User’s Guide CHAPTER 14 Mirroring This chapter discusses the Mirror setup screens. 14.1 Mirroring Overview Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the mirror port without interference. 14.2 Port Mirroring Setup Click Advanced Application, Mirroring in the navigation panel to display the Mirroring screen.
ES-2024 Series User’s Guide Figure 46 Mirroring The following table describes the labels in this screen. Table 27 Mirroring LABEL DESCRIPTION Active Clear this check box to deactivate port mirroring on the switch. Monitor Port The monitor port is the port you copy the traffic to in order to examine it in more detail without interfering with the traffic flow on the original port(s). Select this port from this drop-down list box.
ES-2024 Series User’s Guide Table 27 Mirroring (continued) LABEL DESCRIPTION Mirrored Select this option to mirror the traffic on a port. Direction Specify the direction of the traffic to mirror. Choices are Egress (outgoing), Ingress (incoming) and Both. Apply Click Apply to save your changes to the switch’s run-time memory.
ES-2024 Series User’s Guide 107 Chapter 14 Mirroring
ES-2024 Series User’s Guide CHAPTER 15 Link Aggregation This chapter shows you how to logically aggregate physical links to form one logical, higherbandwidth link. 15.1 Link Aggregation Overview Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link. You may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link.
ES-2024 Series User’s Guide 15.2.1 Link Aggregation ID LACP aggregation ID consists of the following information1: Table 28 Link Aggregation ID: Local Switch SYSTEM PRIORITY MAC ADDRESS KEY PORT PRIORITY PORT NUMBER 0000 0000 00 0000 00-00-00-00-00 Table 29 Link Aggregation ID: Peer Switch SYSTEM PRIORITY MAC ADDRESS KEY PORT PRIORITY PORT NUMBER 0000 0000 00 0000 00-00-00-00-00 15.3 Link Aggregation Status Click Advanced Application, Link Aggregation in the navigation panel.
ES-2024 Series User’s Guide 15.4 Link Aggregation Setup Click Configuration in the Link Aggregation Control Protocol Status screen to display the screen shown next. Refer to Section 15.1 on page 108 for more information on link aggregation control. Figure 48 Link Aggregation: Configuration The following table describes the labels in this screen.
ES-2024 Series User’s Guide Table 31 Link Aggregation Control Protocol: Configuration (continued) LABEL DESCRIPTION * Use this row to configure all the ports at once. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. Group Select the trunk group to which a port belongs.
ES-2024 Series User’s Guide CHAPTER 16 Port Authentication This chapter describes the 802.1x authentication method and RADIUS server connection setup. See Chapter 30 on page 182 for information on how to use the commands to configure additional RADIUS server settings as well as multiple RADIUS server configuration. 16.1 Port Authentication Overview IEEE 802.
ES-2024 Series User’s Guide Note: Refer to the documentation that comes with your RADIUS server on how to configure a VSA. The following table describes the VSAs supported on the switch.
ES-2024 Series User’s Guide Click Advanced Application, Port Authentication in the navigation panel to display the screen as shown. Figure 50 Port Authentication 16.3 Activating IEEE 802.1x Security To enable port authentication, first activate IEEE802.1x security (both on the switch and the port(s)) then configure the RADIUS server settings. From the Port Authentication screen, display the configuration screen as shown. Figure 51 Port Authentication: 802.
ES-2024 Series User’s Guide Table 34 Port Authentication: 802.1x (continued) LABEL DESCRIPTION * Use this row to configure all the ports at once. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. Active Select this checkbox to permit 802.1x authentication on this port. You must first allow 802.
ES-2024 Series User’s Guide Table 35 Port Authentication: RADIUS (continued) LABEL DESCRIPTION Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS server and the switch. This key is not sent over the network. This key must be the same on the external RADIUS server and the switch. Apply Click Apply to save your changes to the switch’s run-time memory.
ES-2024 Series User’s Guide 117 Chapter 16 Port Authentication
ES-2024 Series User’s Guide CHAPTER 17 Port Security This chapter shows you how to set up port security. 17.1 Port Sercurity Overview Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the switch. For maximum port security, enable this feature, disable MAC address learning and configure static MAC address(es) for a port. Functionally the switch allows for three possible outcomes with port security.
ES-2024 Series User’s Guide Figure 53 Port Security The following table describes the labels in this screen. Table 36 Port Security LABEL DESCRIPTION Active Select this check box to enable the port security feature on the switch. Port This field displays a port number. * Use this row to configure all the ports at once. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
ES-2024 Series User’s Guide 17.3 Port Security Example The following example demonstrates the various settings and results associated with different port security configurations. Ports 1 to 5 are configured to: • Port 1 - Forward all packets and learn all MAC addresses. • Port 2 - Forward all packets and learn all MAC addresses. • Port 3 - Drop all packets from unknown MAC addresses and do not learn MAC addresses. • Port 4 - Drop all packets from unknown MAC addresses and do not learn MAC addresses.
ES-2024 Series User’s Guide Table 37 Port Security Example (continued) SETTINGS PORT 121 ACTIVATE PORT SECURITY 4 X 5 X ACTIVATE ADDRESS LEARNING X LIMIT NO. OF LEARNED MAC ADDRESSES RESULT 100 Drop all packets from unknown MAC addresses, do not learn MAC addresses. 100 Drop packets from unknown MAC addresses, learn up to 100 MAC addresses.
ES-2024 Series User’s Guide CHAPTER 18 Queuing Method This chapter introduces the queuing methods supported. 18.1 Queuing Method Overview Queuing is used to help solve performance degradation when there is network congestion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffic. See also Priority Queue Assignment in Switch Setup and 802.1p Priority in Port Setup for related information.
ES-2024 Series User’s Guide Weighted Round Robin Scheduling (WRR) uses the same algorithm as round robin scheduling, but services queues based on their priority and queue weight (the number you configure in the queue Weight field) rather than a fixed amount of bandwidth. WRR is activated only when a port has more traffic than it can handle. Queues with larger weights get more service than queues with smaller weights.
ES-2024 Series User’s Guide CHAPTER 19 Multicast This chapter shows you how to configure various multicast features. 19.1 Multicast Overview Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast delivers IP packets to just a group of hosts on the network.
ES-2024 Series User’s Guide The switch forwards multicast traffic destined for multicast groups (that it has learned from IGMP snooping or that you have manually configured) to ports that are members of that group. IGMP snooping generates no additional network traffic, allowing you to significantly reduce multicast traffic passing through your switch. 19.2 Multicast Status Click Advanced Applications and Multicast to display the screen as shown. This screen shows the multicast group information.
ES-2024 Series User’s Guide Figure 57 Multicast Setting The following table describes the labels in this screen. Table 41 Multicast Setting LABEL DESCRIPTION IGMP Snooping Use these settings to configure IGMP Snooping. Active Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group.
ES-2024 Series User’s Guide Table 41 Multicast Setting (continued) LABEL DESCRIPTION * Use this row to configure all the ports at once. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. Immed.
ES-2024 Series User’s Guide Figure 58 Multicast: IGMP Filtering Profile The following table describes the labels in this screen. Table 42 Multicast: IGMP Filtering Profile LABEL DESCRIPTION Profile Name Enter a descriptive name for the profile for identification purposes. To configure additional rule(s) for a profile that you have already added, enter the profile name and specify a different IP multicast address range.
ES-2024 Series User’s Guide MVR allows one single multicast VLAN to be shared among different subscriber VLANs on the network. While isolated in different subscriber VLANs, connected devices can subscribe to and unsubscribe from the multicast stream in the multicast VLAN. This improves bandwidth utilization with reduced multicast traffic in the subscriber VLANs and simplifies multicast group management. You must enable IGMP snooping to use MVR.
ES-2024 Series User’s Guide When the subscriber selects a television channel, computer A sends an IGMP report to the switch to join the appropriate multicast group. If the IGMP report matches one of the configured MVR multicast group addresses on the switch, an entry is created in the forwarding table on the switch. This maps the subscriber VLAN to the list of forwarding destinations for the specified multicast traffic.
ES-2024 Series User’s Guide Figure 61 MVR The following table describes the related labels in this screen. Table 43 MVR 131 LABEL DESCRIPTION Active Select this check box to enable MVR to allow one single multicast VLAN to be shared among different subscriber VLANs on the network. Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes. Multicast VLAN ID Enter the VLAN ID (1 to 4094) of the multicast VLAN. 802.
ES-2024 Series User’s Guide Table 43 MVR (continued) LABEL DESCRIPTION * Use this row to configure all the ports at once. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. Source Port Select this option to set this port as the MVR source port that sends and receives multicast traffic.
ES-2024 Series User’s Guide Figure 62 MVR: Group Configuration The following table describes the labels in this screen. Table 44 MVR: Group Configuration 133 LABEL DESCRIPTION Multicast VLAN ID Select a multicast VLAN ID (that you configured in the MVR screen) from the dropdown list box. Name Enter a descriptive name for identification purposes. Start Address Enter the starting IP multicast address of the multicast group in dotted decimal notation. Refer to Section 19.1.
ES-2024 Series User’s Guide 19.7.1 MVR Configuration Example The following figure shows a network example where ports 1, 2 and 3 on the switch belong to VLAN 1. In addition, port 17 belongs to the multicast group with VID 200 to receive multicast traffic (the News and Movie channels) from the remote streaming media server, S. Computers A, B and C in VLAN are able to receive the traffic.
ES-2024 Series User’s Guide Figure 64 MVR Configuration Example To set the switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200.
ES-2024 Series User’s Guide Figure 65 MVR Group Configuration Example Chapter 19 Multicast 136
ES-2024 Series User’s Guide 137 Chapter 19 Multicast
ES-2024 Series User’s Guide CHAPTER 20 Static Route This chapter shows you how to configure static routes. 20.1 Configuring Static Route Static routes tell the switch how to forward IP traffic when you configure the TCP/IP parameters manually. Click IP Application, Static Routing in the navigation panel to display the screen as shown. Figure 66 Static Routing The following table describes the labels in this screen.
ES-2024 Series User’s Guide Table 45 Static Routing (continued) 139 LABEL DESCRIPTION Metric The metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.
ES-2024 Series User’s Guide CHAPTER 21 DiffServ Code Point This chapter shows you how to set up Diffserv Code Point (DSCP) on each port and how to convert DSCP values to IEEE 802.1p values. 21.1 DiffServ Overview DiffServ Code Point is a field used for packet classification on DiffServ (Differentiated Services) networks. The higher the value, the higher the priority. Lower-priority packets may be dropped if the total traffic exceeds the capacity of the network. 21.
ES-2024 Series User’s Guide Table 46 DiffServ (continued) LABEL DESCRIPTION * Use this row to configure all the ports at once. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port by port basis. Note: When you make changes in this row, the changes are copied to all the ports as soon as you make them. Active Select this option to enable DiffServ on the port.
ES-2024 Series User’s Guide Figure 68 DiffServ: DSCP Setting The following table describes the labels in this screen. Table 48 DiffServ: DSCP Setting LABEL DESCRIPTION 0 … 63 This is the DSCP classification identification number. To set the IEEE802.1p priority mapping, select the priority level from the drop-down list box. Apply Click Apply to save your changes to the switch’s run-time memory.
ES-2024 Series User’s Guide 143 Chapter 21 DiffServ Code Point
ES-2024 Series User’s Guide CHAPTER 22 Maintenance This chapter explains how to configure the maintenance screens that let you maintain the firmware and configuration files. 22.1 The Maintenance Screen Click Management, Maintenance in the navigation panel to open the following screen. Figure 69 Maintenance The following table describes the labels in this screen. Table 49 Maintenance LABEL DESCRIPTION Current This field displays the configuration file (Configuration 1) the switch is currently using.
ES-2024 Series User’s Guide 22.2 Load Factory Default Follow the steps below to reset the switch back to the factory defaults. 1 In the Maintenance screen, click the Click Here button next to Load Factory Default to clear all switch configuration information you configured and return to the factory defaults. The following message appears.
ES-2024 Series User’s Guide Figure 71 Reboot System: Confirmation 2 Click OK again and then wait for the switch to restart. This takes up to two minutes. This does not affect the switch’s configuration. 22.5 Firmware Upgrade Make sure you have downloaded (and unzipped) the correct model firmware and version to your computer before uploading to the device. Note: Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device.
ES-2024 Series User’s Guide Figure 73 Restore Configuration Type the path and file name of the configuration file you wish to restore in the File Path text box or click Browse to display the Choose File screen (below) from which you can locate it. After you have specified the file, click Restore. "config" is the name of the configuration file on the switch, so your backup configuration file is automatically renamed when you restore using this screen. 22.
ES-2024 Series User’s Guide 22.8.1 Filename Conventions The configuration file contains the settings in the screens such as password, switch setup, IP Setup, etc.. Once you have customized the switch's settings, they can be saved (as a plain text file) back to your computer under a filename of your choosing. ZyNOS (ZyXEL Network Operating System sometimes referred to as the “sysname” file) is the system firmware and has a “bin” filename extension.
ES-2024 Series User’s Guide 6 Use put to transfer files from the computer to the switch, for example, put firmware.bin ras transfers the firmware on your computer (firmware.bin) to the switch and renames it to “ras”. Similarly, put config.cfg config transfers the configuration file on your computer (config.cfg) to the switch and renames it to “config”. Likewise get config config.cfg transfers the configuration file on the switch to your computer and renames it to “config.cfg”.
ES-2024 Series User’s Guide CHAPTER 23 Access Control This chapter describes how to control access to the switch. 23.1 Access Control Overview A console port and FTP are allowed one session each, Telnet and SSH share four sessions, up to five web management sessions (five different usernames and passwords) and/or limitless SNMP access control sessions are allowed. Table 51 Access Control Overview Number of concurrent sessions allowed Console Port SSH Telnet 1 SSH and Telnet share 4 sessions.
ES-2024 Series User’s Guide Figure 75 Access Control 23.3 About SNMP Simple Network Management Protocol (SNMP) is an application layer protocol used to manage and monitor TCP/IP-based devices. SNMP is used to exchange management information between the network management system (NMS) and a network element (NE). A manager station can manage and monitor the switch through the network via SNMP version one (SNMPv1) and/or SNMP version 2c. The next figure illustrates an SNMP management operation.
ES-2024 Series User’s Guide SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: Table 52 SNMP Commands COMMAND DESCRIPTION Get Allows the manager to retrieve an object variable from the agent. GetNext Allows the manager to retrieve the next object variable from a table or list within an agent.
ES-2024 Series User’s Guide Table 53 SNMP Traps (continued) OBJECT LABEL OBJECT ID DESCRIPTION authenticationFailure 1.3.6.1.6.3.1.1.5.5 This trap is sent when an SNMP request comes from non-authenticated hosts. RFC 1493 Traps newRoot 1.3.6.1.2.1.17.0.1 This trap is sent when the STP topology changes. topology change 1.3.6.1.2.1.17.0.2 This trap is sent when the STP root switch changes. 23.3.3 Configuring SNMP From the Access Control screen, display the SNMP screen.
ES-2024 Series User’s Guide 23.4 Setting Up Login Accounts Up to five people (one administrator and four non-administrators) may access the switch via web configurator at any one time. • An administrator is someone who can both view and configure switch changes. The username for the Administrator is always admin. The default administrator password is 1234. Note: It is highly recommended that you change the default administrator password (1234).
ES-2024 Series User’s Guide Table 55 Access Control: Logins (continued) LABEL DESCRIPTION User Name Set a user name (up to 32 characters long). Password Enter your new system password. Retype to confirm Retype your new system password for confirmation Apply Click Apply to save your changes to the switch’s run-time memory.
ES-2024 Series User’s Guide Figure 80 How SSH Works 1 Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server. The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer.
ES-2024 Series User’s Guide 23.7.1 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the switch over SSH. 23.7.2 SSH Login Example You can use an SSH client program to access the switch. The following figure shows an example using a text-based SSH client program. Refer to the documentation that comes with your SSH program for information on using it. Figure 81 SSH Login Example C:\>ssh2 admin@192.168.1.
ES-2024 Series User’s Guide HTTPS on the switch is used so that you may securely access the switch using the web configurator. The SSL protocol specifies that the SSL server (the switch) must always authenticate itself to the SSL client (the computer which requests the HTTPS connection with the switch), whereas the SSL client only should authenticate itself when the SSL server requires it to do so.
ES-2024 Series User’s Guide Figure 83 Security Alert Dialog Box (Internet Explorer) 23.9.2 Netscape Navigator Warning Messages When you attempt to access the switch HTTPS server, a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the switch. If Accept this certificate temporarily for this session is selected, then click OK to continue in Netscape.
ES-2024 Series User’s Guide Figure 85 Security Certificate 2 (Netscape) 23.9.3 The Main Screen After you accept the certificate and enter the login username and password, the switch main screen appears. The lock displayed in the bottom right of the browser status bar denotes a secure connection.
ES-2024 Series User’s Guide 23.10 Service Port Access Control Service Access Control allows you to decide what services you may use to access the switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later). Click Access Control to go back to the main Access Control screen. Figure 87 Access Control: Service Access Control The following table describes the fields in this screen.
ES-2024 Series User’s Guide Figure 88 Access Control: Remote Management The following table describes the labels in this screen. Table 57 Access Control: Remote Management LABEL DESCRIPTION Entry This is the client set index number. A “client set” is a group of one or more “trusted computers” from which an administrator may use a service to manage the switch. Active Select this check box to activate this secured client set.
ES-2024 Series User’s Guide 163 Chapter 23 Access Control
ES-2024 Series User’s Guide CHAPTER 24 Diagnostic This chapter explains the Diagnostic screen. 24.1 Diagnostic Click Management, Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests. Figure 89 Diagnostic The following table describes the labels in this screen. Table 58 Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi-line text box.
ES-2024 Series User’s Guide 165 Chapter 24 Diagnostic
ES-2024 Series User’s Guide CHAPTER 25 Syslog This chapter explains the syslog screens. 25.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server. Syslog is defined in RFC 3164. The RFC defines the packet format, content and system log related information of syslog messages.
ES-2024 Series User’s Guide Figure 90 Syslog The following table describes the labels in this screen. Table 60 Syslog LABEL DESCRIPTION Syslog Select Active to turn on syslog (system logging) and then configure the syslog setting Logging Type This column displays the names of the categories of logs that the device can generate. Active Select this option to set the device to generate logs for the corresponding category.
ES-2024 Series User’s Guide Figure 91 Syslog: Server Setup The following table describes the labels in this screen. Table 61 Syslog: Server Setup LABEL DESCRIPTION Active Select this check box to have the device send logs to this syslog server. Clear the check box if you want to create a syslog server entry but not have the device send logs to it (you can edit the entry later). Server Address Enter the IP address of the syslog server.
ES-2024 Series User’s Guide 169 Chapter 25 Syslog
ES-2024 Series User’s Guide CHAPTER 26 Cluster Management This chapter introduces cluster management. 26.1 Cluster Management Overview Cluster Management allows you to manage switches through one switch, called the cluster manager. The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another.
ES-2024 Series User’s Guide 26.2 Cluster Management Status Click Management, Cluster Management in the navigation panel to display the following screen. Note: A cluster can only have one manager. Figure 93 Cluster Management: Status The following table describes the labels in this screen. Table 63 Cluster Management: Status LABEL DESCRIPTION Status This field displays the role of this switch within the cluster.
ES-2024 Series User’s Guide 26.2.1 Cluster Member Switch Management Go to the Clustering Management Status screen of the cluster manager switch and then click on an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different. Figure 94 Cluster Management: Cluster Member Web Configurator Screen 26.2.1.
ES-2024 Series User’s Guide Figure 95 Example: Uploading Firmware to a Cluster Member Switch C:\>ftp 192.168.1.1 Connected to 192.168.1.1. 220 FTP version 1.0 ready at Thu Jan 1 00:47:52 1970 User (192.168.1.
ES-2024 Series User’s Guide Figure 96 Clustering Management Configuration The following table describes the labels in this screen. Table 65 Clustering Management Configuration LABEL DESCRIPTION Clustering Manager Active Select Active to have this switch become the cluster manager switch. A cluster can only have one manager. Other (directly connected) switches that are set to be cluster managers will not be visible in the Clustering Candidates list.
ES-2024 Series User’s Guide Table 65 Clustering Management Configuration (continued) LABEL DESCRIPTION Clustering Candidate The following fields relate to the switches that are potential cluster members. List A list of suitable candidates found by auto-discovery is shown here. The switches must be directly connected. Directly connected switches that are set to be cluster managers will not be visible in the Clustering Candidate list.
ES-2024 Series User’s Guide CHAPTER 27 MAC Table This chapter introduces the MAC Table screen. 27.1 MAC Table Overview The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forwarded or filtered across the switch’s ports. It shows what device MAC address, belonging to what VLAN group (if any) is forwarded to which port(s) and whether the MAC address is dynamic (learned by the switch) or static (manually entered in the Static MAC Forwarding screen).
ES-2024 Series User’s Guide 27.2 Viewing the MAC Table Click Management, MAC Table in the navigation panel to display the screen. Note: Click MAC, VID or Port in the Sort by field to display the MAC address entries. Figure 98 MAC Table The following table describes the labels in this screen. Table 66 MAC Table 177 LABEL DESCRIPTION Sort by Click one of the following buttons to display and arrange the data according to that button type. The information is then displayed in the summary table below.
ES-2024 Series User’s Guide CHAPTER 28 ARP Table This chapter introduces ARP Table. 28.1 ARP Table Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long.
ES-2024 Series User’s Guide Figure 99 ARP Table The following table describes the labels in this screen. Table 67 ARP Table 179 LABEL DESCRIPTION Index This is the ARP Table entry number. IP Address This is the learned IP address of a device connected to a switch port with corresponding MAC address below. MAC Address This is the MAC address of the device with corresponding IP address above.
ES-2024 Series User’s Guide CHAPTER 29 Configure Clone This chapter shows you how you can copy the settings of one port onto other ports. 29.1 Clone a Port Cloning allows you to copy the basic and advanced settings from a source port to one or more destination ports. Click Management, Configure Clone to open the following screen. Figure 100 Configure Clone The following table describes the labels in this screen.
ES-2024 Series User’s Guide Table 68 Configure Clone 181 LABEL DESCRIPTION Source/ Destination Port Enter the source port under the Source label. This port’s attributes are copied. Enter the destination port or ports under the Destination label. These are the ports which are going to have the same attributes as the source port. You can enter individual ports separated by a comma or a range of ports by using a dash. Example: • 2, 4, 6 indicates that ports 2, 4 and 6 are the destination ports.
ES-2024 Series User’s Guide CHAPTER 30 Introducing the Commands This chapter introduces the commands and gives a summary of commands available. 30.1 Overview In addition to the web configurator, you can use line commands to configure the switch. Use line commands for advanced switch diagnosis and troubleshooting. If you have problems with your switch, customer support may request that you issue some of these commands to assist them in troubleshooting.
ES-2024 Series User’s Guide • • • • • • VT100 terminal emulation 9600 bps No parity 8 data bits 1 stop bit No flow control 30.2.2.1 Initial Screen When you turn on your switch, it performs several internal tests as well as line initialization. You can view the initialization information using the console port. After the initialization, the login screen displays. Copyright (c) 1994 - 2006 ZyXEL Communications Corp. initialize switch, ethernet address: 00:13:49:00:00:01 Initializing VLAN Database...
ES-2024 Series User’s Guide C:\>ssh2 admin@192.168.1.1 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the host key has just been changed. Please contact your system administrator.
ES-2024 Series User’s Guide • The optional fields in a command are enclosed in square brackets [], for instance, configure snmp-server [contact ] [location ] • • • • • • • means that the contact and location fields are optional. “Command” refers to a command used in the command line interface (CI command). The | symbol means “or”. The entry in the command lines refers to carriage return. Press [ENTER] or carriage return after a command to execute the command.
ES-2024 Series User’s Guide Note: If you use an external RADIUS server to authenticate users, you can use a VSA (Vendor Specific Attribute) to configure a privilege level for an account on the RADIUS server. See Section 16.1.1.1 on page 112 for more information. 30.7 Command Modes There are three command modes: User, Enable and Configure. The modes (and commands ) available to you depend on what level of privilege your account has.
ES-2024 Series User’s Guide Table 69 Command Interpreter Mode Summary (continued) HOW TO LOGIN/ ACCESS MODE .DESCRIPTION Config-vlan This is a sub-mode of the config mode Type vlan followed by sysname(config-vlan)# and allows you to configure VLAN a number (between 1 settings. and 4094). For example, vlan 10 to configure settings for VLAN 10.
ES-2024 Series User’s Guide Enter “?” to display a list of commands you can use. sysname> help Commands available: help logout exit history enable show ip show hardware-monitor show system-information ping help ping [vlan ][..] ping traceroute help traceroute [vlan ][..
ES-2024 Series User’s Guide sysname> ping ? help destination ip address Description of ping help 30.9 Using Command History The switch keeps a list of commands you have entered for the current CLI session. You can use any commands in the history again by pressing the up (y) or down (z) arrow key to scroll through the previously used commands and press [ENTER]. Use the history command to display the list of commands. sysname> history enable exit show ip history sysname> 30.
ES-2024 Series User’s Guide Note: You may also edit a configuration file using a text editor. Make sure you use valid commands. The switch rejects configuration files with invalid or incomplete commands. 30.10.2 Logging Out In User or Enable mode, enter the exit or logout command to log out of the CLI. In Config mode entering exit takes you out of the Config mode and into Enable mode and entering logout logs you out of the CLI. 30.
ES-2024 Series User’s Guide Table 70 Command Summary: User Mode (continued) COMMAND DESCRIPTION PRIVILEGE [vlan ] [ttl <1-255>] [wait <1-60>] [queries <1-10>] Determines the path a packet takes to a device in a 0 VLAN. help Displays command help information. 0 30.11.2 Enable Mode The following table describes the commands available for Enable mode. Table 71 Command Summary: Enable Mode COMMAND DESCRIPTION PRIVILEGE baudrate <1|2|3|4|5> Changes the console port speed.
ES-2024 Series User’s Guide Table 71 Command Summary: Enable Mode (continued) COMMAND DESCRIPTION PRIVILEGE Resets to the factory default settings. You can reset sfeature ettings on a port. 13 exit Exits Enable (or privileged) mode. 13 help Displays help information. 13 history Displays a list of command(s) that you have previously executed. 13 igmp-flush Removes all IGMP information. 13 interface [port-channel [bandwidthlimit...]] kick Resets a TCP connection.
ES-2024 Series User’s Guide Table 71 Command Summary: Enable Mode (continued) COMMAND igmp-filtering DESCRIPTION PRIVILEGE session Displays current HTTPS session(s). 13 timeout Displays the HTTPS session timeout. 13 profile Displays IGMP filter profile settings. 13 Dispalys IGMP snooping setting. 13 Displays current interface status. 13 config Displays current interface configuration. 13 bandwidthcontrol Displays bandwidth control settings.
ES-2024 Series User’s Guide Table 71 Command Summary: Enable Mode (continued) COMMAND DESCRIPTION address-table static PRIVILEGE Displays static MAC address table. 13 mac-aging-time Displays MAC learning aging time. 13 multicast Displays multicast settings. 13 multi-login Displays multi-login information 13 mvr DIsplays all MVR (Multicast VLAN Registration) settings. 13 DIsplays specified MVR information. 13 plt DIsplays PLT (Port Loopback Test) 13 information.
ES-2024 Series User’s Guide Table 71 Command Summary: Enable Mode (continued) COMMAND DESCRIPTION PRIVILEGE known-hosts Displays known SSH hosts information. 13 session Displays current SSH session(s). 13 systeminformation Displays general system information. 13 time Displays current system time and date. 13 timesync Displays time server information. 13 trunk Displays link aggregation information. 13 vlan Displays the status of all VLANs.
ES-2024 Series User’s Guide 30.11.3 General Configuration Mode The following table lists the commands in Configuration (or Config) mode. Table 72 Command Summary: Configuration Mode COMMAND adminpassword DESCRIPTION PRIVILEGE Changes the administrator password. 14 Enables bandwidth control. 13 Sets the cluster management VLAN ID. 13 Sets the cluster member switch's hardware MAC address and password. 13 name Configures a name to identify the cluster manager.
ES-2024 Series User’s Guide Table 72 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE Sets the range of multicast address(es) in a profile. 13 Enables IGMP snooping. 13 8021p-priority <0-7> Sets a priority level (0-7) to which the switch changes the priority in outgoing IGMP control packets. 13 host-timeout <1 16711450> Sets the host timeout value.
ES-2024 Series User’s Guide Table 72 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE Configures a static MAC address port filtering rule. 13 Disables a static MAC address port filtering rule. 13 Configures a static MAC address forwarding rule. 13 inactive Disables a static MAC address forwarding rule. 13 mac Sets port mirroring for the MAC address on the outgoing traffic.
ES-2024 Series User’s Guide Table 72 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION profile startaddress end-address Deletes a rule in the IGMP filtering 13 profile. igmp-snooping Disables IGMP snooping. 13 ip Sets the management IP address to the default value. 13 route Removes a specified IP static route. 13 route inactive Enables a specified IP static route.
ES-2024 Series User’s Guide Table 72 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE Disables the re-authentication mechanism on the listed port(s). 13 Disables port security on the switch. 13 Disables port security on the specified ports. 13 learn inactive Enables MAC address learning on 13 the specified ports. interface Disable PoE on the specified ports. Only available on models with the PoE feature.
ES-2024 Series User’s Guide Table 72 Command Summary: Configuration Mode (continued) COMMAND ssh DESCRIPTION PRIVILEGE key Disables the secure shell server encryption key. Your switch supports SSH versions 1 and 2 using RSA and DSA authentication. 13 known-hosts Removes the specified remote hosts from the list of all known hosts. 13 known-hosts [1024|sshrsa|ssh-dsa] Removes remote known hosts with 13 the specified public key (1024-bit RSA1, RSA or DSA).
ES-2024 Series User’s Guide Table 72 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE learn inactive Disables MAC address learning on 13 the specified port(s). addresslimit Limits the number of (dynamic) MAC addresses that may be learned on a port. 13 MAC-freeze Disables MAC address learning and enables port security. 13 Note: All previously learned dynamic MAC addresses are saved to the static MAC address table.
ES-2024 Series User’s Guide Table 72 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION start-addr endaddr service <[telnet] [ftp][http][ icmp] [snmp][ssh] [https]> servicecontrol snmp-server Specifies a group of trusted 13 computer(s) from which an administrator may use a service to manage the switch. ftp Allows FTP access on the specified service port.
ES-2024 Series User’s Guide Table 72 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE hello-time <1-10> maximum-age <640> forward-delay <4-30> Sets Hello Time, Maximum Age and Forward Delay. 13 help Displays help information. 13 priority <061440> Sets the bridge priority of the switch. 13 Sets the switch to use Strictly Priority Queuing (SPQ). 13 Adds a remote host to which the switch can access using SSH service.
ES-2024 Series User’s Guide Table 72 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE interface timeout Defines the port number and LACP timeout period. 13 vlan <1-4094> Enters the VLAN configuration mode. See Section 30.11.6 on page 209 for more information. 13 vlan-type <802.1q|portbased> Specifies the VLAN type. 13 vlan1q gvrp Enables GVRP. 13 ingress-check Enables VLAN tag checking on incoming traffic.
ES-2024 Series User’s Guide Table 73 interface port-channel Commands (continued) COMMAND DESCRIPTION PRIVILEGE egress set Sets the outgoing traffic port list 13 for a port-based VLAN. exit Exits from the interface portchannel command mode. 13 flow-control Enables interface flow control. Flow control regulates transmissions to match the bandwidth of the receiving port.
ES-2024 Series User’s Guide Table 73 interface port-channel Commands (continued) COMMAND DESCRIPTION Enables port mirroring for dir PRIVILEGE 13 Port mirroring copies traffic from one or all ports to another or all ports for external analysis. Sets a name for the port(s). 13 Enter a descriptive name (up to nine printable ASCII characters).
ES-2024 Series User’s Guide Table 73 interface port-channel Commands (continued) COMMAND DESCRIPTION speed-duplex PRIVILEGE Sets the duplex mode (half or 13 full) and speed (10, 100 or 1000 Mbps) of the connection on the interface. Selecting auto (auto-negotiation) makes one port able to negotiate with a peer automatically to obtain the connection speed and duplex mode that both ends support. test Performs an interface loopback test.
ES-2024 Series User’s Guide Table 74 mvr Commands (continued) COMMAND DESCRIPTION PRIVILEGE group Disables the specified MVR group setting. 13 inactive Enables MVR. 13 receiver-port Disables the receiver port(s). An MVR receiver port can only receive multicast traffic in a multicast VLAN. 13 source-port Disables the source port(s). 13 An MVR source port can send and receive multicast traffic in a multicast VLAN.
ES-2024 Series User’s Guide Table 75 Command Summary: config-vlan Commands (continued) COMMAND DESCRIPTION PRIVILEGE [manageable] Sets the management IP address and subnet mask of the switch in the specified VLAN. 13 defaultgateway Sets a default gateway IP address for this VLAN. 13 defaultmanagement dhcp-bootp Sets the dynamic in-band IP address 13 defaultmanagement Sets a static in-band IP address and subnet mask.
ES-2024 Series User’s Guide 211 Chapter 30 Introducing the Commands
ES-2024 Series User’s Guide CHAPTER 31 Command Examples This chapter describes some commands in more detail. 31.1 Overview These are commands that you may use frequently in maintaining your switch. 31.2 show Commands These are the commonly used show commands. 31.2.1 show interface Syntax: show interfaces This command displays port statistics of the specified port(s). The following example shows that port 12 is up and the related information.
ES-2024 Series User’s Guide sysname# show interfaces 12 Port Info Port NO. Link Status LACP TxPkts RxPkts Errors Tx KBs/s Rx KBs/s Up Time TX Packet Tx Packets Multicast Broadcast Pause RX Packet Rx Packets Multicast Broadcast Pause TX Collison Single Multiple Excessive Late Error Packet RX CRC Runt Distribution 64 65 to 127 128 to 255 256 to 511 512 to 1023 1024 to 1518 Giant :12 :100M/F :FORWARDING :Disabled :14466 :43798 :0 :0.592 :1.
ES-2024 Series User’s Guide 31.2.3 show logging Syntax: show logging This command displays the system logs. The following figure shows an example.
ES-2024 Series User’s Guide This command displays the PoE settings on the ports and the PoE status on the device. The following shows an example. ES-2024PWR# show pwr Averaged Junction Temperature: 33 (c), 91 (f).
ES-2024 Series User’s Guide This command shows the general system information (such as the firmware version and system up time). An example is shown next. sysname> show system-information System Name : ES-2024A System Contact : System Location : Ethernet Address : 00:13:49:49:43:68 ZyNOS F/W Version : V3.70(TX.0)b1 | 06/06/2006 RomRasSize : 1459070 System up Time : 50:23:02 (114c475 ticks) Bootbase Version : V1.07 | 04/20/2005 sysname> 31.
ES-2024 Series User’s Guide where = The IP address or host name of an Ethernet device. [vlan ] = Specifies the VLAN ID to which the Ethernet device belongs. [ttl <1-255>] = Specifies the Time To Live (TTL) period. [wait <1-60>] = Specifies the time period to wait. [quesries <1-10>] = Specifies how many tries the switch performs the traceroute function. This command displays information about the route to an Ethernet device.
ES-2024 Series User’s Guide where copy running-config interface port-channel = Copies all of the possible attributes from one port to another port or ports. copy running-config interface port-channel [active ... ] = Copies only the specified port attributes from one port to another port or ports. An example is shown next.
ES-2024 Series User’s Guide 219 Chapter 31 Command Examples
ES-2024 Series User’s Guide CHAPTER 32 Configuration Mode Commands This chapter describes how to enable and configure your switch’s features using commands. For more background information, see the feature specific chapters which proceed the commands chapters. 32.1 Setting Login Accounts Syntax: logins username password logins username privilege <0-14> where username = Specifies a new user (up to 32 alphanumeric characters).
ES-2024 Series User’s Guide 32.2 Enabling IGMP Snooping To enable IGMP snooping on the switch. Enter igmp-snooping and press [ENTER]. You can also set how to treat traffic from an unknown multicast group by typing the unknownmulticast-frame parameter. Syntax: igmp-snooping igmp-snooping host-timeout <1-16711450> igmp-snooping leave-timeout <1-16711450> igmp-snooping unknown multicast-frame where igmp-snooping = Enables IGMP snooping on the switch.
ES-2024 Series User’s Guide Syntax: igmp-filtering igmp-filtering profile start-address end-address where igmp filtering = Enables IGMP filtering on the switch profile = Specifies a name (up to 32 alphanumeric characters) for this IGMP profile. If you want to edit an existing IGMP profile enter the existing profile name followed by start-address and end-address parameters.
ES-2024 Series User’s Guide where spanning-tree = Enables STP on the switch. priority <0-61440> = Specifies the bridge priority for the switch. The lower the numeric value you assign, the higher the priority for this bridge. Bridge priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch.
ES-2024 Series User’s Guide • Set the priority for port 10 to 20. sysname(config)# sysname(config)# sysname(config)# sysname(config)# sysname(config)# spanning-tree spanning-tree spanning-tree spanning-tree spanning-tree priority 0 hello-time 4 maximum-age 20 forward-delay 15 10 path-cost 150 10 priority 20 32.5 no Command Examples These are the commonly used command examples that belong to the no group of commands. The no group commands are commands which are preceded by keyword no.
ES-2024 Series User’s Guide Syntax: no ip route inactive where inactive = Re-enables an IP route with the specified IP address and subnet mask. An example is shown next. • Enable the IP route with the IP address of 192.168.11.1 and subnet mask of 255.255.255.0. This IP route must have already been created and made inactive prior to re-enable command being applied. sysname(config)# no ip route 192.168.11.1 255.255.255.0 inactive 32.5.
ES-2024 Series User’s Guide 32.5.4.2 no port-access-authenticator Syntax: no port-access-authenticator no port-access-authenticator reauthenticate no port-access-authenticator where port-accessauthenticator = Disables port authentication on the switch. reauthenticate = Disables the re-authentication mechanism on the listed port(s). = Disables authentication on the listed ports. An example is shown next. • Disable authentication on the switch.
ES-2024 Series User’s Guide • Remove the remote host with IP address 172.165.1.8 from the list of known hosts. • Remove the remote host with IP address 172.165.1.9 and with an SSH-RSA encryption key from the list of known hosts. sysname(config)# no ssh key rsa1 sysname(config)# no ssh known-hosts 172.165.1.8 sysname(config)# no ssh known-hosts 172.165.1.9 ssh-rsa 32.6 pwr Commands On the ES-2024PWR, use the pwr commands in Configure mode to enable PoE and configure PoE settings on the ports.
ES-2024 Series User’s Guide ES-2024PWR# config ES-2024PWR(config)# pwr interface 1 ES-2024PWR(config)# pwr interface 1 priority critical ES-2024PWR(config)# pwr mibtrap ES-2024PWR(config)# pwr usagethreshold 15 ES-2024PWR(config)# exit ES-2024PWR# show pwr Averaged Junction Temperature: 33 (c), 91 (f).
ES-2024 Series User’s Guide Syntax: spq wrr wrr ... where spq = Sets the queuing method to SPQ (Strictly Priority Queuing). wrr = Sets the queuing method to WRR (Weighted Round Robin). wrr ... = You may want to configure weights for specific queues on the switch if you use WRR.. An example is shown next. • Set the queueing method to SPQ. sysname(config)# spq 32.
ES-2024 Series User’s Guide [name ] = Specifies a descriptive name (up to 32 printable ASCII characters) for identification purposes. [inactive] = Deactivates a static route An example is shown next. • Create a static route with the destination IP address of 172.21.1.104, subnet mask of 255.255.0.0 and the gateway IP address of 192.168.1.2. • Assigns a metric value of 2 to the static route. • Assigns the name route1 to the static route. sysname(config)# ip route 172.21.1.104 255.255.0.0 192.
ES-2024 Series User’s Guide Syntax: trunk trunk interface trunk lacp where = Enables the trunk. interface = Places ports in the trunk. lacp = Enables LACP in the trunk. An example is shown next. • Enable trunk 1 on the switch. • Place ports 1-3 in trunk 1. • Enable dynamic link aggregation (LACP) on trunk 1. sysname(config)# trunk t1 sysname(config)# trunk t1 interface 1-3 sysname(config)# trunk t1 lacp 32.
ES-2024 Series User’s Guide where radius-server host = Specifies the IP address of the RADIUS server. [auth-port ] = Changes the UDP port of the RADIUS server from the default (1812). [key ] = Specifies a password (up to 32 alphanumeric characters) as the key to be shared between the RADIUS server and the switch. radius-server timeout <11000> = Specifies the timout period (in seconds) the switch will wait for a response from a RADIUS server.
ES-2024 Series User’s Guide where port-access-authenticator = Enables port authentication on the switch. port-access-authenticator = Specifies which ports require authentication. reauthenticate = Enables reauthentication on the port. reauth-period = Specifies how often a client has to re-enter his or her username and password to stay connected to the port. An example is shown next. • Specify RADIUS server 1 with IP address 10.10.10.
ES-2024 Series User’s Guide CHAPTER 33 Interface Commands These are some commonly used configuration commands that belong to the interface group of commands. 33.1 Overview The interface commands allow you to configure the switch on a port by port basis. 33.2 Interface Command Examples This section provides examples of some frequently used interface commands. 33.2.1 interface port-channel Use this command to enable the specified ports for configuration.
ES-2024 Series User’s Guide Syntax: bandwidth-limit bandwidth-limit bandwidth-limit bandwidth-limit egress egress ingress ingress where egress = Sets the maximum bandwidth allowed for outgoing traffic (egress) on the switch. ingress = Sets the maximum bandwidth allowed for incoming traffic (ingress) on the switch. An example is shown next. • Enable port one for configuration. • Enable bandwidth control on the outgoing traffic.
ES-2024 Series User’s Guide • Enable port mirroring for outgoing traffic. Traffic is copied from ports 1, 4, 5 and 6 to port three in order to examine it in more detail without interfering with the traffic flow on the original ports. sysname(config)# mirror-port sysname(config)# mirror-port 3 sysname(config)# interface port-channel 1,4-6 sysname(config-interface)# mirror sysname(config-interface)# mirror dir egress 33.2.
ES-2024 Series User’s Guide • Enable tagged frame-types on the interface. sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# frame-type tagged 33.2.6 egress set Syntax: egress set where = Sets the outgoing traffic port list for a port-based VLAN. An example is shown next. • Enable port-based VLAN tagging on the switch. • Enable ports one, three, four and five for configuration.
ES-2024 Series User’s Guide 33.2.8 name Syntax: name where = Sets a name for your port interface(s). An example is shown next. • Enable ports one, three, four and five for configuration. • Set a name for the ports. sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# name Test 33.2.
ES-2024 Series User’s Guide • Enters interface command mode to configure port 1. • Execute the test command. • View the results. sysname(config)# interface port-channel 1 sysname(config-interface)# test Testing internal loopback on port 1 :Passed! Ethernet Port 1 Test ok. sysname(config-interface)# 33.3 Interface no Command Examples Similar to the no commands in Enable and Config modes, the no commands for the Interface sub mode also disable certain features.
ES-2024 Series User’s Guide CHAPTER 34 IEEE 802.1Q Tagged VLAN Commands This chapter describes the IEEE 802.1Q Tagged VLAN and associated commands. 34.1 Configuring Tagged VLAN The following procedure shows you how to configure tagged VLAN. 1 Use the IEEE 802.1Q tagged VLAN commands to configure tagged VLAN for the switch. • Use the vlan command to configure or create a VLAN on the switch. The switch automatically enters the config-vlan mode.Use the inactive command to deactivate the VLAN(s).
ES-2024 Series User’s Guide 34.2 Global VLAN1Q Tagged VLAN Configuration Commands This section shows you how to configure and monitor the IEEE 802.1Q Tagged VLAN. 34.2.1 GARP Status Syntax: show garp This command shows the switch’s GARP timer settings, including the join, leave and leave all timers. An example is shown next. sysname# show garp GARP Timer -----------------------Join Timer = 200 Leave Timer = 600 Leave All Timer = 10000 sysname# 34.2.
ES-2024 Series User’s Guide Switches join VLANs by making a declaration. A declaration is made by issuing a Join message using GARP. Declarations are withdrawn by issuing a Leave message. A Leave All message terminates all registrations. GARP timers set declaration timeout values. The following example sets the Join Timer to 300 milliseconds, the Leave Timer to 800 milliseconds and the Leave All Timer to 11000 milliseconds. sysname(config)# garp join 300 leave 800 leaveall 11000 34.2.
ES-2024 Series User’s Guide 34.3.1 Set Port VID Syntax: pvid where = Specifies the VLAN number between 1 and 4094. This command sets the default VLAN ID on the port(s). The following example sets the default VID to 200 on ports 1 to 5. sysname(config)# interface port-channel 1-5 sysname(config-interface)# pvid 200 34.3.2 Set Acceptable Frame Type Syntax: frame-type where = Specifies all Ethernet frames (both tagged and untagged) or just tagged Ethernet frames .
ES-2024 Series User’s Guide 34.3.4 Modify Static VLAN Use the following commands in the config-vlan mode to configure the static VLAN table. Syntax: vlan fixed forbidden name normal untagged no fixed no forbidden no untagged where = The VLAN ID [1 – 4094]. = A name to identify the SVLAN entry. = This is the switch port list.
ES-2024 Series User’s Guide 3 The switch notes what the SVLAN table says (that is, the SVLAN tells the switch whether or not to forward a frame and if the forwarded frames should have tags). 4 Then the switch applies the port filter to finish the forwarding decision. This means that frames may be dropped even if the SVLAN says to forward them. Frames might also be dropped if they are sent to a CPE (customer premises equipment) DSL device that does not accept tagged frames. 34.3.4.2.
ES-2024 Series User’s Guide 34.5 Disable VLAN Syntax: vlan inactive This command disables the specified VLAN ID in the SVLAN (Static VLAN) table. 34.6 Show VLAN Setting Syntax: show vlan This command shows the IEEE 802.1Q Tagged SVLAN (Static VLAN) table. An example is shown next. • • • • VID is the VLAN identification number. Status shows whether the VLAN is static or active. Elap-Time is the time since the VLAN was created on the switch.
ES-2024 Series User’s Guide 247 Chapter 34 IEEE 802.
ES-2024 Series User’s Guide CHAPTER 35 Troubleshooting This chapter covers potential problems and possible remedies. 35.1 Problems Starting Up the Switch Table 76 Troubleshooting the Start-Up of Your Switch PROBLEM CORRECTIVE ACTION None of the LEDs Check the power connection and make sure the power source is turned on. turn on when you turn on the switch. If the error persists, you may have a hardware problem. In this case, you should contact your vendor. 35.
ES-2024 Series User’s Guide 35.2.1 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). Note: Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. 35.2.1.1 Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
ES-2024 Series User’s Guide Figure 102 Internet Options 3 Click Apply to save this setting. 35.2.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
ES-2024 Series User’s Guide Figure 103 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites.
ES-2024 Series User’s Guide Figure 104 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen. 6 Click Apply to save this setting. 35.2.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab.
ES-2024 Series User’s Guide Figure 105 Internet Options 2 Click the Custom Level... button. 3 Scroll down to Scripting. 4 Under Active scripting make sure that Enable is selected (the default). 5 Under Scripting of Java applets make sure that Enable is selected (the default). 6 Click OK to close the window.
ES-2024 Series User’s Guide Figure 106 Security Settings - Java Scripting 35.2.1.3 Java Permissions 1 From Internet Explorer, click Tools, Internet Options and then the Security tab. 2 Click the Custom Level... button. 3 Scroll down to Microsoft VM. 4 Under Java permissions make sure that a safety level is selected. 5 Click OK to close the window.
ES-2024 Series User’s Guide Figure 107 Security Settings - Java 35.2.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 make sure that Use Java 2 for
ES-2024 Series User’s Guide Figure 108 Java (Sun) 35.3 Problems with the Password Table 78 Troubleshooting the Password PROBLEM CORRECTIVE ACTION Cannot access the switch. The password field is case sensitive. Make sure that you enter the correct password using the proper casing. The administrator username is “admin”. The default administrator password is “1234”. The username and password are case-sensitive. Make sure that you enter the correct password and username using the proper casing.
ES-2024 Series User’s Guide 257 Chapter 35 Troubleshooting
ES-2024 Series User’s Guide APPENDIX A Product Specifications These are the switch product specifications. Table 79 General Product Specifications Ethernet Interface 24 10/100 Base-TX interfaces Auto-negotiation Auto-MDI/MDIX Compliant with IEEE 802.3/3u Back pressure flow control for half duplex Flow control for full duplex (IEEE 802.3x) RJ-45 Ethernet cable connector Rate limiting at 64Kbps steps Gigabit Interface Two Gigabit Ethernet/mini-GBIC ports PoE IEEE 802.
ES-2024 Series User’s Guide Table 79 General Product Specifications (continued) Port mirroring All ports support port mirroring Multicast IGMP filtering IGMP snooping MVR Table 80 Management Specifications System Control Alarm/Status surveillance LED indication for alarm and system status Performance monitoring Line speed Four RMON groups (history, statistics, alarms, and events) Throughput monitoring CMP packet transmission Port mirroring and aggregation Spanning Tree Protocol IGMP snooping Firmware u
ES-2024 Series User’s Guide Table 81 Physical and Environmental Specifications (continued) Weight ES-2024A: 2.2 Kg ES-2024PWR: 4 Kg Temperature Operating: 0º C ~ 45º C (32º F ~ 113º F) Storage: -25º C ~ 70º C (13º F ~ 158º F) Humidity 10 ~ 90% (non-condensing) Power Supply 100-240VAC, 50/60Hz, ES-2024A: 0.
ES-2024 Series User’s Guide 261 Product Specifications
ES-2024 Series User’s Guide APPENDIX B IP Addresses and Subnetting This appendix introduces IP addresses, IP address classes and subnet masks. You use subnet masks to subdivide a network into smaller logical networks. Introduction to IP Addresses An IP address has two parts: the network number and the host ID. Routers use the network number to send packets to the correct network, while the host ID identifies a single device on the network.
ES-2024 Series User’s Guide The following table shows the network number and host ID arrangement for classes A, B and C. Table 82 Classes of IP Addresses IP ADDRESS OCTET 1 OCTET 2 OCTET 3 OCTET 4 Class A Network number Host ID Host ID Host ID Class B Network number Network number Host ID Host ID Class C Network number Network number Network number Host ID An IP address with host IDs of all zeros is the IP address of the network (192.168.1.0 for example).
ES-2024 Series User’s Guide Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). A subnet mask has 32 bits. If a bit in the subnet mask is a “1” then the corresponding bit in the IP address is part of the network number. If a bit in the subnet mask is “0” then the corresponding bit in the IP address is part of the host ID.
ES-2024 Series User’s Guide Table 85 Alternative Subnet Mask Notation (continued) SUBNET MASK SUBNET MASK “1” BITS LAST OCTET BIT VALUE DECIMAL 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.252 /30 1111 1100 252 The first mask shown is the class “C” natural mask. Normally if no mask is specified it is understood that the natural mask is being used. Example: Two Subnets As an example, you have a class “C” address 192.168.1.0 with subnet mask of 255.255.255.
ES-2024 Series User’s Guide Table 87 Subnet 1 (continued) IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 LAST OCTET BIT VALUE Table 88 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 128 IP Address (Binary) 11000000.10101000.00000001. 10000000 Subnet Mask 255.255.255. 128 Subnet Mask (Binary) 11111111.11111111.11111111. 10000000 Subnet Address: 192.
ES-2024 Series User’s Guide Table 89 Subnet 1 (continued) LAST OCTET BIT VALUE IP/SUBNET MASK NETWORK NUMBER Subnet Address: 192.168.1.0 Lowest Host ID: 192.168.1.1 Broadcast Address: 192.168.1.63 Highest Host ID: 192.168.1.62 Table 90 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.
ES-2024 Series User’s Guide The following table shows class C IP address last octet values for each subnet. Table 93 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 The following table is a summary for class “C” subnet planning. Table 94 Class C Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO.
ES-2024 Series User’s Guide The following table is a summary for class “B” subnet planning. Table 95 Class B Subnet Planning 269 NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.128.0 (/17) 2 32766 2 255.255.192.0 (/18) 4 16382 3 255.255.224.0 (/19) 8 8190 4 255.255.240.0 (/20) 16 4094 5 255.255.248.0 (/21) 32 2046 6 255.255.252.0 (/22) 64 1022 7 255.255.254.0 (/23) 128 510 8 255.255.255.0 (/24) 256 254 9 255.255.255.
ES-2024 Series User’s Guide Index A about the device 30 access control 32 login account 154 remote management 161 service 161 SNMP activate IEEE 802.
ES-2024 Series User’s Guide configuration file 54, 189 and commands 189 configuration restore 54, 146 configuration, saving 53, 189 configure a static VLAN 82 configure port authentication 114 configuring STP 96 connect power 45 connection test 164 console port 182 connector 43 default setting 43 initial screen 183 copying port setting See port cloning Copyright 2 create login account 154 Customer Support 7 D default password 48 default user name 48 deplux mode 75 detailed port status 61 detailed VLAN sta
ES-2024 Series User’s Guide getting help 55 Gigabit Ethernet port 43 Gigabit Interface Converter See GBIC Gigabit/GBIC combo port 43 GMT (Greenwich Mean Time) 70 GVRP 79 H hardware connection 42 hardware feature 32 hardware installation freestanding 38 hardware monitor 68 hardware nstallation rack-mounting 39 help 187 hop count 139 HTTP over SSL See HTTPS HTTPS example 158 HyperText Transfer Protocol over Secure Socket Layer See HTTPS L LACP link aggregation ID 109 note 108 server 110 system priority 110
ES-2024 Series User’s Guide mini GBIC See GBIC mirror port 104 mirroring 104 monitor port 104 MSA MTU 70 multicast 124 address 124 setup 125 multicast group 127 multicast settings 126 multicast status 125 multicast VLAN 132 Multicast VLAN Registration See MVR multicasting 802.
ES-2024 Series User’s Guide Q S queue 72 queue weight queueing 31 queuing 122 queuing algorithm 122 select 123 SPQ safety warnings 5 save configuration 189 saving configuration 53 Secure Shell See SSH Secure Socket Layer See SSL service access control 161 service port 161 setting wizard 87 shared secret 116 Simple Network Management Protocol See SNMP SNMP agent 151 command 152 community 153 manager 151 network component 151 object variable R rack-mounting installation 39 precautions 39 requirement 39 R
ES-2024 Series User’s Guide LED 46 multicast 125 port 60 port details 61 STP 95 STP 31 Bridge ID 96 bridge priority 97 designated bridge 95 forwarding delay 98 Hello BPDU 95 hello time 97 how it works 95 max age 95, 97 path cost 94, 98 port priority 98 port state 95 root path cost 95 root port 95 setup 96 status 95 terminology 94 Strict Priority Queuing (SPQ) 122 Strict Priority Queuing See SPQ subnet 262 subnet mask 264 subnetting 264 switch setup 71 Syntax Conventions 28 sys command example 212 syslog 16
ES-2024 Series User’s Guide W warranty note 6 web configuration menu summary 51 web configurator getting help 55 logout 55 main screen 49 navigation panel 49, 50 Weighted Round Robin See WRR WRR queue weight Z ZyNOS (ZyXEL Network Operating System) 148 Index 276
