User’s Guide GS2210 Series Intelligent Layer 2 GbE Switch Default Login Details LAN IP Address User Name Password Version 4.50 Edition 1, 12/2017 http://192.168.1.
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots and graphics in this book may differ slightly from your product due to differences in your product firmware or your computer operating system. Every effort has been made to ensure that the information in this manual is accurate.
Document Conventions Warnings and Notes These are how warnings and notes are shown in this guide. Warnings tell you about things that could harm you or your device. Note: Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • All models may be referred to as the “Switch” in this guide. • Product labels, screen names, field labels and field choices are all in bold font.
Contents Overview Contents Overview User’s Guide ......................................................................................................................................20 Getting to Know Your Switch .............................................................................................................. 21 Hardware Installation and Connection ............................................................................................. 26 Hardware Panels .................................
Contents Overview BPDU Guard ........................................................................................................................................ 316 OAM ..................................................................................................................................................... 319 ZULD ...................................................................................................................................................... 327 Static Route ..........
Table of Contents Table of Contents Document Conventions ......................................................................................................................3 Contents Overview ..............................................................................................................................4 Table of Contents .................................................................................................................................6 Part I: User’s Guide..................
Table of Contents Part II: Technical Reference........................................................................... 35 Chapter 4 The Web Configurator........................................................................................................................36 4.1 Overview ......................................................................................................................................... 36 4.2 System Login ..............................................................
Table of Contents 8.1 Overview ......................................................................................................................................... 66 8.1.1 What You Can Do ................................................................................................................. 66 8.2 System Information ...................................................................................................................... 66 8.3 General Setup ...................................
Table of Contents 9.11 Technical Reference .................................................................................................................. 111 9.11.1 Create an IP-based VLAN Example ................................................................................ 111 Chapter 10 Static MAC Forwarding....................................................................................................................113 10.1 Overview ..........................................................
Table of Contents 14.1 Bandwidth Control Overview ................................................................................................... 142 14.1.1 What You Can Do ............................................................................................................. 142 14.2 Bandwidth Control Setup .......................................................................................................... 142 Chapter 15 Broadcast Storm Control ............................................
Table of Contents Chapter 19 Port Security......................................................................................................................................167 19.1 Port Security Overview .............................................................................................................. 167 19.1.1 What You Can Do ............................................................................................................. 167 19.2 Port Security Setup ..........................
Table of Contents 24.3 IPv4 Multicast Status .................................................................................................................. 192 24.3.1 IGMP Snooping ................................................................................................................. 193 24.3.2 IGMP Snooping VLAN ...................................................................................................... 195 24.3.3 IGMP Filtering Profile .............................................
Table of Contents 26.9 ARP Inspection Log Status ......................................................................................................... 238 26.10 ARP Inspection Configure ........................................................................................................ 240 26.10.1 ARP Inspection Port Configure ...................................................................................... 241 26.10.2 ARP Inspection VLAN Configure .............................................
Table of Contents 30.3 PPPoE Intermediate Agent ....................................................................................................... 271 30.3.1 PPPoE IA Per-Port .............................................................................................................. 272 30.3.2 PPPoE IA Per-Port Per-VLAN ............................................................................................ 273 30.3.3 PPPoE IA for VLAN ...........................................................
Table of Contents Chapter 35 Anti-Arpscan ....................................................................................................................................311 35.1 Anti-Arpscan Overview ............................................................................................................. 311 35.1.1 What You Can Do ............................................................................................................. 311 35.1.2 What You Need to Know ..........................
Table of Contents 40.1 DiffServ Overview ...................................................................................................................... 334 40.1.1 What You Can Do ............................................................................................................. 334 40.1.2 What You Need to Know ................................................................................................. 334 40.2 Activating DiffServ ......................................................
Table of Contents 43.5 Backup Configuration ................................................................................................................ 359 43.6 Auto Configuration ................................................................................................................... 360 43.7 Custom Default ........................................................................................................................... 361 43.8 Tech-Support ........................................
Table of Contents 47.2 Syslog Setup ................................................................................................................................ 395 Chapter 48 Cluster Management.......................................................................................................................398 48.1 Cluster Management Overview .............................................................................................. 398 48.1.1 What You Can Do ..................................
Table of Contents 54.2 Port Status .................................................................................................................................... 415 54.2.1 Port Details ...................................................................................................................... 416 54.2.2 Port Utilization ................................................................................................................. 419 Chapter 55 Troubleshooting........................
P ART I User’s Guide 20
CHAPTER 1 Getting to Know Your Switch 1.1 Introduction This chapter introduces the main features and applications of the Switch. The GS2210 Series consists of the following models: • GS2210-8 • GS2210-8HP • GS2210-24 • GS2210-24HP • GS2210-24LP • GS2210-48 • GS2210-48HP Referring to PoE model(s) in this User's Guide only applies to GS2210-8HP, GS2210-24HP, GS2210-24LP and GS2210-48HP. The Switch is a layer-2 standalone Ethernet switch with additional features suitable for Ethernet.
Chapter 1 Getting to Know Your Switch and release number in brackets. For example, 4.10(AASP.0) is a firmware version for GS2210-8 where 4.10 is the firmware trunk version, AASP identifies the GS2210-8 and .0 is the first release of trunk version 4.10. Table 2 Models and Port Features SWITCH MODEL FIRMWARE VERSION GS2210-8 4.10(AASP.0) and later GS2210-8HP 4.10(AASQ.0) and later GS2210-24 4.10(AAND.2) and later GS2210-24HP 4.10(AANE.2) and later GS2210-24LP 4.30(ABEO.0) and later GS2210-48 4.
Chapter 1 Getting to Know Your Switch Figure 1 Backbone Application 1.1.2 Bridging Example In this example, the Switch connects different company departments (RD and Sales) to the corporate backbone. It can alleviate bandwidth contention and eliminate server and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers via the Switch. You can provide a super-fast uplink connection by using a Gigabit Ethernet/mini-GBIC port on the Switch.
Chapter 1 Getting to Know Your Switch 1.1.3 High Performance Switching Example The Switch is ideal for connecting two networks that need high bandwidth. In the following example, use trunking to connect these two networks. Switching to higher-speed LANs such as ATM (Asynchronous Transmission Mode) is not feasible for most people due to the expense of replacing all existing Ethernet cables and adapter cards, restructuring your network and complex maintenance.
Chapter 1 Getting to Know Your Switch Figure 4 Shared Server Using VLAN Example 1.2 Ways to Manage the Switch Use any of the following methods to manage the Switch. • Web Configurator. This is recommended for everyday management of the Switch using a (supported) web browser. See Chapter 4 on page 36. • Command Line Interface. Line commands offer an alternative to the web configurator and in some cases are necessary to configure advanced features. See the CLI Reference Guide. • FTP.
CHAPTER 2 Hardware Installation and Connection 2.1 Installation Scenarios This chapter shows you how to install and connect the Switch. The Switch can be placed on a desktop or rack-mounted on a standard EIA rack. Use the rubber feet in a desktop installation and the brackets in a rack-mounted installation. Note: For proper ventilation, allow at least 4 inches (10 cm) of clearance at the front and 3.4 inches (8 cm) at the back of the Switch. This is especially important for enclosed rack installations. 2.
Chapter 2 Hardware Installation and Connection 2.3.1.1 Precautions • Make sure the rack will safely support the combined weight of all the equipment it contains. • Make sure the position of the Switch does not make the rack unstable or top-heavy. Take all necessary precautions to anchor the rack securely before installing the unit. 2.3.
Chapter 2 Hardware Installation and Connection Figure 6 Mounting the Switch on a Rack 2 Using a #2 Philips screwdriver, install the M5 flat head screws through the mounting bracket holes into the rack. 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack.
CHAPTER 3 Hardware Panels This chapter describes the front panel and rear panel of the Switch and shows you how to make the hardware connections. 3.1 Front Panel The following figures show the front panels of the Switch.
Chapter 3 Hardware Panels 3.1.1 Gigabit Ethernet Ports The Switch has 1000Base-T auto-negotiating, auto-crossover Ethernet ports. In 10/100/1000 Mbps Gigabit, the speed can be 10 Mbps, 100 Mbps or 1000 Mbps and the duplex mode can be half duplex or full duplex. An auto-negotiating port can detect and adjust to the optimum Ethernet speed (10/100/1000 Mbps) and duplex mode (full duplex or half duplex) of the connected device.
Chapter 3 Hardware Panels To avoid possible eye injury, do not look into an operating fiber-optic module’s connectors. • Type: SFP connection interface • Connection speed: 1 Gigabit per second (Gbps) 3.1.2.1 Transceiver Installation Use the following steps to install a mini-GBIC transceiver (SFP module). 1 Insert the transceiver into the slot with the exposed section of PCB board facing down. 2 Press the transceiver firmly until it clicks into place.
Chapter 3 Hardware Panels Figure 17 Opening the Transceiver’s Latch Example Figure 18 Transceiver Removal Example 3.1.3 LED Mode (only available for GS2210-48HP) After you push this button (see Section Figure 13 on page 29) to active PoE on the Switch, view the LEDs to ensure proper functioning of the Switch and as an aid in troubleshooting (see Section 3.3 on page 33). 3.2 Rear Panel The following figures show the rear panels of the Switch.
Chapter 3 Hardware Panels Figure 24 Rear Panel: GS2210-48 Figure 25 Rear Panel: GS2210-48HP 3.2.1 Console Port For local management, you can use a computer with terminal emulation software configured to the following parameters: • VT100 • Terminal emulation • 9600 bps • No parity, 8 data bits, 1 stop bit • No flow control Connect the male 9-pin end of the console cable to the console port of the Switch. Connect the female end to a serial port (COM1, COM2 or other COM port) of your computer. 3.2.
Chapter 3 Hardware Panels Table 4 LED Descriptions (continued) LED COLOR STATUS DESCRIPTION SYS Green On The system is on and functioning properly. ALM LOCATOR Red Blue Blinking The system is rebooting and performing self-diagnostic tests. Off The power is off or the system is not ready/malfunctioning. On A hardware failure is detected. Off The system is functioning normally. Blinking Shows the actual location of the Switch between several devices in a rack.
P ART II Technical Reference 35
CHAPTER 4 The Web Configurator 4.1 Overview This section introduces the configuration and functions of the web configurator. The web configurator is an HTML-based management interface that allows easy Switch setup and management via Internet browser. Use Internet Explorer 9.0 and later versions, Mozilla Firefox 21 and later versions, Safari 6.0 and later versions or Google Chrome 26.0 and later versions. The recommended screen resolution is 1024 by 768 pixels.
Chapter 4 The Web Configurator Figure 26 Web Configurator: Login 4 Click Log In to view the first web configurator screen. 5 If you didn’t change the default administrator password and/or SNMP community values, a warning screen displays each time you log into the web configurator. Click Password / SNMP to open a screen where you can change the administrator and SNMP passwords simultaneously. Otherwise, click Ignore to close it.
Chapter 4 The Web Configurator Figure 28 Web Configurator: Password Change the default administrator and/or SNMP passwords, and then click Apply to save your changes. Table 5 Web Configurator: Password/SNMP LABEL DESCRIPTION Administrator This is the default administrator account with the “admin” user name. You cannot change the default administrator user name. Only the administrator has read/write access. Old Password Type the existing system password (1234 is the default password when shipped).
Chapter 4 The Web Configurator 4.3 The Status Screen The Status screen is the first screen that displays when you access the web configurator. This guide uses PoE model(s) screens as an example. The screens may very slightly for different models. The following figure shows the navigating components of a web configurator screen.
Chapter 4 The Web Configurator Table 6 Navigation Panel Sub-links Overview BASIC SETTING ADVANCED APPLICATION IP APPLICATION MANAGEMENT The following table describes the links in the navigation panel. Table 7 Navigation Panel Links LINK DESCRIPTION Basic Settings System Info This link takes you to a screen that displays general system information. General Setup This link takes you to a screen where you can configure general identification information about the Switch.
Chapter 4 The Web Configurator Table 7 Navigation Panel Links (continued) LINK DESCRIPTION PoE Setup For PoE model(s). This link takes you to a screen where you can set priorities, PoE power-up settings and schedule so that the Switch is able to reserve and allocate power to certain PDs. Interface Setup This link takes you to a screen where you can configure settings for individual interface type and ID. IPv6 This link takes you to a screen where you can view IPv6 status and configure IPv6 settings.
Chapter 4 The Web Configurator Table 7 Navigation Panel Links (continued) LINK DESCRIPTION Layer 2 Protocol Tunneling This link takes you to a screen where you can configure L2PT (Layer 2 Protocol Tunneling) settings on the Switch. PPPoE This link takes you to screens where you can configure intermediate agent settings in port, VLAN, and PPPoE.
Chapter 4 The Web Configurator 4.3.1 Change Your Password After you log in for the first time, it is recommended you change the default administrator password. Click Management > Access Control > Logins to display the next screen. Figure 30 Change Administrator Login Password 4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off.
4 Disable all ports. 5 Misconfigure the text configuration file. 6 Forget the password and/or IP address. 7 Prevent all services from accessing the Switch. 8 Change a service port number but forget it. Note: Be careful not to lock yourself and others out of the Switch. 4.6 Resetting the Switch If you lock yourself (and others) from the Switch or forget the administrator password, you will need to reload the factory-default configuration file or reset the Switch back to the factory defaults. 4.6.
Chapter 4 The Web Configurator Figure 31 Web Configurator: Logout Screen 4.8 Help The web configurator’s online help has descriptions of individual screens and some supplementary information. Click the Help link from a web configurator screen to view an online help description of that screen.
Chapter 5 Initial Setup Example CHAPTER 5 Initial Setup Example 5.1 Overview This chapter shows how to set up the Switch for an example network. The following lists the configuration steps for the initial setup: • Creating a VLAN • Setting Port VID • Configuring Switch Management IP Address 5.1.1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members.
Chapter 5 Initial Setup Example 2 In the Static VLAN screen, select ACTIVE, enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network. Note: The VLAN Group ID field in this screen and the VID field in the IP Setup screen refer to the same VLAN ID. 3 Since the VLAN2 network is connected to port 1 on the Switch, select Fixed to configure port 1 to be a permanent member of the VLAN only.
Figure 33 Initial Setup Network Example: Port VID 1 Click Advanced Applications > VLAN > VLAN Configuration in the navigation panel. Then click the VLAN Port Setup link. 2 Enter 2 in the PVID field for port 2 and click Apply to save your changes back to the runtime memory. Settings in the run-time memory are lost when the Switch’s power is turned off. 5.1.3 Configuring Switch Management IP Address The default management IP address of the Switch is 192.168.1.1.
Chapter 5 Initial Setup Example Figure 34 Initial Setup Example: Management IP Address 1 Connect your computer to any Ethernet port on the Switch. Make sure your computer is in the same subnet as the Switch. 2 Open your web browser and enter 192.168.1.1 (the default IP address) in the address bar to access the web configurator. See Section 4.2 on page 36 for more information. 3 Click Basic Setting > IP Setup in the navigation panel. 4 Configure the related fields in the IP Setup screen.
Chapter 6 Tutorials CHAPTER 6 Tutorials 6.1 Overview This chapter provides some examples of using the web configurator to set up and use the Switch. The tutorials include: • How to Use DHCPv4 Snooping on the Switch • How to Use DHCPv4 Relay on the Switch • How to Use Auto Configuration on the Switch 6.2 How to Use DHCPv4 Snooping on the Switch You only want DHCP server A connected to port 5 to assign IP addresses to all devices in VLAN network (V). Create a VLAN containing ports 5, 6 and 7.
Chapter 6 Tutorials 1 Access the Switch through http://192.168.1.1 by default. Log into the Switch by entering the username (default: admin) and password (default: 1234). 2 Go to Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup, and create a VLAN with ID of 100. Add ports 5, 6 and 7 in the VLAN by selecting Fixed in the Control field as shown. Deselect Tx Tagging because you don’t want outgoing traffic to contain this VLAN tag. Click Add.
Chapter 6 Tutorials Figure 37 Tutorial: Tag Untagged Frames 4 Go to Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure, activate and specify VLAN 100 as the DHCP VLAN as shown. Click Apply. Figure 38 5 Tutorial: Specify DHCP VLAN Click the Port link at the top right corner.
Chapter 6 Tutorials 6 The DHCP Snooping Port Configure screen appears. Select Trusted in the Server Trusted state field for port 5 because the DHCP server is connected to port 5. Keep ports 6 and 7 Untrusted because they are connected to DHCP clients. Click Apply.
Chapter 6 Tutorials 10 To check if DHCP snooping works, go to Advanced Application > IP Source Guard > IPv4 Source Guard Setup, you should see an IP assignment with the type DHCP-Snooping as shown. Figure 41 Tutorial: Check the Binding If DHCP Snooping Works You can also telnet or log into the Switch’s console. Use the command “show dhcp snooping binding” to see the DHCP snooping binding table as shown next.
Chapter 6 Tutorials 1 Access the web configurator through the Switch’s management port. 2 Go to Basic Setting > Switch Setup and set the VLAN type to 802.1Q. Click Apply to save the settings to the run-time memory. Figure 43 Tutorial: Set VLAN Type to 802.1Q 3 Click Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup. 4 In the Static VLAN screen, select ACTIVE, enter a descriptive name (VLAN 102 for example) in the Name field and enter 102 in the VLAN Group ID field.
Chapter 6 Tutorials 8 Click the VLAN Configuration link in the Static VLAN Setup screen and then the VLAN Port Setup link in the VLAN Configuration screen. Figure 45 Tutorial: Click the VLAN Port Setting Link 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines. 10 Click Apply to save your changes back to the run-time memory.
5 Click Apply to save your changes back to the run-time memory. Figure 47 Tutorial: Set DHCP Server and Relay Information 6 Click the Save link in the upper right corner of the web configurator to save your configuration permanently. 7 The DHCP server can then assign a specific IP address based on the DHCP request. 6.3.4 Troubleshooting Check the client A’s IP address. If it did not receive the IP address 172.16.1.18, make sure: 1 Client A is connected to the Switch’s port 2 in VLAN 102.
Chapter 6 Tutorials • Enter the filename of an auto configuration file. The Switch will load this auto configuration file when rebooting with DHCP option 60 disabled. • If you want to load the auto configuration file with DHCP option 60 enabled and a Vendor Class Identifier assigned when you reboot the Switch, follow the instruction below. Otherwise, skip this step. Enter the filename of the an auto configuration file. Set up a Vendor Class Identifier.
Chapter 6 Tutorials Figure 49 Tutorial: Enable Auto Configuration 3 Go to the Basic Setting > IP Setup screen. Select the checkbox in the DHCP Client field. 4 If you want to load the auto configuration file with DHCP option 60 enabled and a Vendor Class Identifier assigned when you reboot the Switch, follow the instruction below. Otherwise, skip this step. In the Basic Setting > IP Setup screen, select the checkbox in the Option-60 field, and enter a Vendor Class Identifier in the Class-ID field.
Chapter 6 Tutorials 6 Click the same button next to Reboot System field to reboot the Switch, and load the auto configuration setting as configured before. For example, if you save the auto configuration setting to Config 1, you need to click the Config 1 button next to the Reboot System field. See Section 43.2.3 on page 357 for more information. Figure 51 Tutorial: Save Configuration & Reboot System 7 Go to the Management > System Log screen to see if auto configuration was performed successfully.
Chapter 7 Status and ZON CHAPTER 7 Status and ZON 7.1 Overview This chapter describes the screens for System Status, ZON Utility, ZON Neighbor Management, Port Status, and Port Details. 7.1.1 What You Can Do • Use the Status screen (Section 7.2 on page 61) to see the Switch’s general device information, system status, and IP addresses. You can also display other status screens for more information. • Use the ZON Utility screen (Section 7.3 on page 63) to deploy and manage network devices.
Chapter 7 Status and ZON Figure 54 Status (for PoE model(s)) The following table describes the labels in this screen. Table 9 Status LABEL DESCRIPTION Device Information Device Type This field displays the model name of this Switch. System Name This field displays the name used to identify the Switch on any network. Boot Version This field displays the version number and date of the boot module that is currently on the Switch.
Chapter 7 Status and ZON Table 9 Status (continued) LABEL DESCRIPTION Default Gateway This field displays the IP address of the Switch’s default gateway. IP Setup Click the link to go to the Basic Setting > IP Setup screen. IPV6 Global Unicast Address This field displays the Switch’s IPv6 global unicast address IPV6 Link-Local Address This field displays the Switch’s IPv6 link-local address. IPv6 configuration Click the link to go to the Basic Setting > IPv6 screen.
Chapter 7 Status and ZON Figure 55 ZON Utility Screen 7.4 ZON Neighbor Management Screen The ZON neighbor management screen allows you to view and manage the Switch’s neighboring devices more conveniently. It uses Layer Link Discovery Protocol (LLDP) to discover all neighbor devices connected to the Switch including non-Zyxel devices.
Chapter 7 Status and ZON Table 10 Status > Neighbor LABEL DESCRIPTION Desc. This shows the port description of the Switch. PoE Draw This shows the consumption that the neighboring device connected to this port draws from the Switch. This allows you to plan and use within the power budget of the Switch. Remote Port This show the number of the neighbor device’s port which is connected to the Switch. Desc. This shows the description of the neighbor device’s port which is connected to the Switch.
CHAPTER 8 Basic Setting 8.1 Overview This chapter describes how to configure the System Info, General Setup, Switch Setup, IP Setup, Port Setup, PoE, Interface Setup and IPv6 screens. 8.1.1 What You Can Do • Use the System Info screen (Section 8.2 on page 66) to check the firmware version number. • Use the General Setup screen (Section 8.3 on page 68) to configure general settings such as the system name and time. • Use the Switch Setup screen (Section 8.
Chapter 8 Basic Setting Figure 57 Basic Setting > System Info (for PoE model(s) only) The following table describes the labels in this screen. Table 11 Basic Setting > System Info LABEL DESCRIPTION System Name This field displays the descriptive name of the Switch for identification purposes. Product Model This field displays the product model of the Switch. Use this information when searching for firmware upgrade or looking for other support information in the website.
Chapter 8 Basic Setting Table 11 Basic Setting > System Info (continued) LABEL DESCRIPTION Temperature Unit The Switch has temperature sensors that are capable of detecting and reporting if the temperature rises above the threshold. You may choose the temperature unit (Centigrade or Fahrenheit) in this field. Temperature (C) BOARD, MAC and PHY refer to the location of the temperature sensors on the Switch printed circuit board. Current This shows the current temperature at this sensor.
Chapter 8 Basic Setting Figure 58 Basic Setting > General Setup The following table describes the labels in this screen. Table 12 Basic Setting > General Setup LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes. This name consists of up to 64 printable characters; spaces are allowed. Location Enter the geographic location of your Switch. You can use up to 32 printable ASCII characters; spaces are allowed.
Chapter 8 Basic Setting Table 12 Basic Setting > General Setup (continued) LABEL DESCRIPTION Time Zone Select the time difference between UTC (Universal Time Coordinated, formerly known as GMT, Greenwich Mean Time) and your time zone from the drop-down list box. Daylight Saving Time Daylight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening.
Chapter 8 Basic Setting See Chapter 9 on page 93 for information on port-based and 802.1Q tagged VLANs. 8.5 Switch Setup Click Basic Setting > Switch Setup in the navigation panel to display the screen as shown. The VLAN setup screens change depending on whether you choose 802.1Q or Port Based in the VLAN Type field in this screen. Refer to Chapter 9 on page 93 for more information on VLAN. Figure 59 Basic Setting > Switch Setup The following table describes the labels in this screen.
Chapter 8 Basic Setting Table 13 Basic Setting > Switch Setup (continued) LABEL DESCRIPTION Leave Timer Leave Time sets the duration of the Leave Period timer for GVRP in milliseconds. Each port has a single Leave Period timer. Leave Time must be two times larger than Join Timer; the default is 600 milliseconds. Leave All Timer Leave All Timer sets the duration of the Leave All Period timer for GVRP in milliseconds. Each port has a single Leave All Period timer.
Chapter 8 Basic Setting Figure 60 Basic Setting > IP Setup The following table describes the labels in this screen. Table 14 Basic Setting > IP Setup LABEL DESCRIPTION Default Management IP Address DHCP Client Select this option if you have a DHCP server that can assign the Switch an IP address, subnet mask, a default gateway IP address and a domain name server IP address automatically.
Chapter 8 Basic Setting Table 14 Basic Setting > IP Setup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields to your previous configuration.
Chapter 8 Basic Setting Figure 61 Basic Setting > Port Setup The following table describes the labels in this screen. Table 15 Basic Setting > Port Setup LABEL DESCRIPTION Port This is the port index number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them.
Chapter 8 Basic Setting Table 15 Basic Setting > Port Setup (continued) LABEL DESCRIPTION Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory causing packet discards and frame losses. Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port. The Switch uses IEEE802.3x flow control in full duplex mode and backpressure flow control in half duplex mode. IEEE802.
Chapter 8 Basic Setting To view the current amount of power that PDs are receiving from the Switch, click Basic Setting > PoE Setup. Figure 63 Basic Setting > PoE Status The following table describes the labels in this screen. Table 16 Basic Setting > PoE Status LABEL DESCRIPTION PoE Mode This field displays the power management mode used by the Switch, whether it is in Classification or Consumption mode.
Chapter 8 Basic Setting Table 16 Basic Setting > PoE Status (continued) LABEL DESCRIPTION Class This shows the power classification of the PD. This is a number from 0 to 4, where each value represents a range of power (W) and power current (mA) that the PD requires to function. The ranges are as follows. • • • • • PD Priority Class 0 - Default, 0.44 to 12.94 Class 1 - Optional, 0.44 to 3.84 Class 2 - Optional, 3.84 to 6.49 Class 3 - Optional, 6.49 to 12.
Chapter 8 Basic Setting Table 17 Basic Setting > PoE Setup > PoE Time Range Status (continued) LABEL DESCRIPTION Time Range This field displays the name of the schedule which is applied to the port. PoE is enabled at the specified time/date. state This field displays whether the port can receive power from the Switch (In) or not (Out) currently. It shows - if there is no schedule applied to the port. 8.8.
Chapter 8 Basic Setting Table 18 Basic Setting > PoE Setup (continued) LABEL DESCRIPTION * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. PD Select this to provide power to a PD connected to the port.
Chapter 8 Basic Setting Use this screen to set IPv6 interfaces on which you can configure an IPv6 address to access and manage the Switch. Click Basic Setting > Interface Setup in the navigation panel to display the configuration screen. Figure 66 Basic Setting > Interface Setup The following table describes the labels in this screen. Table 19 Basic Setting > Interface Setup LABEL DESCRIPTION Interface Type Select the type of IPv6 interface for which you want to configure.
Chapter 8 Basic Setting Figure 67 Basic Setting > IPv6 The following table describes the labels in this screen. Table 20 Basic Setting > IPv6 LABEL DESCRIPTION Index This field displays the index number of an IPv6 interface. Click on an index number to view more interface details. Interface This is the name of the IPv6 interface you created. Active This field displays whether the IPv6 interface is activated or not. 8.10.
Chapter 8 Basic Setting The following table describes the labels in this screen. Table 21 Basic Setting > IPv6 > IPv6 Interface Status LABEL DESCRIPTION IPv6 Active This field displays whether the IPv6 interface is activated or not. MTU Size This field displays the Maximum Transmission Unit (MTU) size for IPv6 packets on this interface. ICMPv6 Rate Limit Bucket Size This field displays the maximum number of ICMPv6 error messages which are allowed to transmit in a given time interval.
Chapter 8 Basic Setting Table 21 Basic Setting > IPv6 > IPv6 Interface Status (continued) LABEL State DESCRIPTION This field displays the state of the TA. It shows Active when the Switch obtains addresses from a DHCpv6 server and the TA is created. Renew when the TA’s address lifetime expires and the Switch sends out a Renew message. Rebind when the Switch doesn’t receive a response from the original DHCPv6 server and sends out a Rebind message to another DHCPv6 server.
Chapter 8 Basic Setting Table 22 Basic Setting > IPv6 > IPv6 Configuration (continued) LABEL IPv6 Global Address Setup DESCRIPTION Click the link to go to a screen where you can configure the IPv6 global address for an interface. IPv6 Neighbor Discovery IPv6 Neighbor Discovery Setup Click the link to go to a screen where you can configure the IPv6 neighbor discovery settings.
Chapter 8 Basic Setting 8.10.4 IPv6 Interface Setup Use this screen to turn on or off an IPv6 interface and enable stateless autoconfiguration on it. Click the link next to IPv6 Interface Setup in the IPv6 Configuration screen to display the screen as shown next. Figure 71 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Interface Setup The following table describes the labels in this screen.
Chapter 8 Basic Setting Figure 72 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Link-Local Address Setup The following table describes the labels in this screen. Table 25 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Link-Local Address Setup LABEL DESCRIPTION Interface Select the IPv6 interface you want to configure. Link-Local Address Manually configure a static IPv6 link-local address for the interface. Default Gateway Set the default gateway IPv6 address for the interface.
Chapter 8 Basic Setting The following table describes the labels in this screen. Table 26 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Global Address Setup LABEL DESCRIPTION Interface Select the IPv6 interface you want to configure. IPv6 Global Address Manually configure a static IPv6 global address for the interface. Prefix Length Specify an IPv6 prefix length that specifies how many most significant bits (start from the left) in the address compose the network address.
Chapter 8 Basic Setting The following table describes the labels in this screen. Table 27 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Discovery Setup LABEL DESCRIPTION Interface Select the IPv6 interface you want to configure.
Chapter 8 Basic Setting The following table describes the labels in this screen. Table 28 Basic Setting > IPv6 > IPv6 Configuration > IPv6 Neighbor Setup LABEL DESCRIPTION Interface Type Select the type of IPv6 interface for which you want to configure. The Switch supports the VLAN interface type for IPv6 at the time of writing. Interface ID Specify a unique identification number (from 1 to 4094) for the interface.
Chapter 8 Basic Setting Figure 76 Basic Setting > IPv6 > IPv6 Configuration > DHCPv6 Client Setup The following table describes the labels in this screen. Table 29 Basic Setting > IPv6 > IPv6 Configuration > DHCPv6 Client Setup LABEL DESCRIPTION Interface Select the IPv6 interface you want to configure. IA Type Select IA-NA to set the Switch to get a non-temporary IP address from the DHCPv6 server for this interface.
Chapter 8 Basic Setting 8.11 DNS DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. Use the DNS screen to configure and view the default DNS servers on the Switch. Figure 77 Basic Setting > DNS The following table describes the labels in this screen. Table 30 Basic Setting > DNS LABEL DESCRIPTION Static Domain Name Server Preference This is the priority of the DNS server address.
CHAPTER 9 VLAN 9.1 Overview This chapter shows you how to configure 802.1Q tagged and port-based VLANs. The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. 9.1.1 What You Can Do • Use the VLAN Status screen (Section 9.2 on page 96) to view and search all VLAN groups. • Use the VLAN Detail screen (Section 9.2.1 on page 97) to view detailed port settings and status of the VLAN group. • Use the Static VLAN Setup screen (Section 9.
Chapter 9 VLAN The CFI (Canonical Format Indicator) is a single-bit flag, always set to zero for Ethernet switches. If a frame received at an Ethernet port has a CFI set to 1, then that frame should not be forwarded as it is to an untagged port. The remaining twelve bits define the VLAN ID, giving a possible maximum number of 4,096 VLANs. Note that user priority and VLAN ID are independent of each other.
Chapter 9 VLAN Please refer to the following table for common IEEE 802.1Q VLAN terminology. Table 31 IEEE 802.1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually. Dynamic VLAN This is a VLAN configured by a GVRP registration/deregistration process. Registration Fixed Fixed registration ports are permanent VLAN members. Registration Forbidden Ports with registration forbidden are forbidden to join the specified VLAN.
Chapter 9 VLAN Figure 79 Basic Setting > Switch Setup > Select VLAN Type Static VLAN Use a static VLAN to decide whether an incoming frame on a port should be • sent to a VLAN group as normal depending on its VLAN tag. • sent to a group whether it has a VLAN tag or not. • blocked from a VLAN group regardless of its VLAN tag. You can also tag all outgoing frames (that were previously untagged) from a port with the specified VID. 9.2 VLAN Status Use this screen to to view and search all VLAN groups.
Chapter 9 VLAN Table 32 Advanced Application > VLAN: VLAN Status (continued) LABEL DESCRIPTION Index This is the VLAN index number. Click on an index number to view more VLAN details. VID This is the VLAN identification number that was configured in the Static VLAN screen. Elapsed Time This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up. Status This field shows how this VLAN was added to the Switch.
Chapter 9 VLAN 9.3 VLAN Configuration Use this screen to view IEEE 802.1Q VLAN parameters for the Switch. Click Advanced Application > VLAN > VLAN Configuration to see the following screen. Figure 82 Advanced Application > VLAN > VLAN Configuration The following table describes the labels in the above screen. Table 34 Advanced Application > VLAN > VLAN Configuration LABEL DESCRIPTION Static VLAN Setup Click Click Here to configure the Static VLAN for the Switch.
Chapter 9 VLAN Figure 83 Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup The following table describes the related labels in this screen. Table 35 Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings. Name Enter a descriptive name for the VLAN group for identification purposes. This name consists of up to 64 printable characters. Spaces are allowed.
Chapter 9 VLAN Table 35 Advanced Application > VLAN > VLAN Configuration > Static VLAN Setup (continued) LABEL DESCRIPTION Add Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to change the fields back to their last saved values.
Chapter 9 VLAN The following table describes the labels in this screen. Table 36 Advanced Application > VLAN > VLAN Configuration> VLAN Port Setup LABEL DESCRIPTION GVRP GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Port This field displays the port number. * Settings in this row apply to all ports. Select this check box to permit VLAN groups beyond the local Switch.
Chapter 9 VLAN video for 192.168.1.0/24 and data for 10.1.1.0/24. The Switch can then be configured to group incoming traffic based on the source IP subnet of incoming frames. You configure a subnet based VLAN with priority 6 and VID of 100 for traffic received from IP subnet 172.16.1.0/24 (voice services). You also have a subnet based VLAN with priority 5 and VID of 200 for traffic received from IP subnet 192.168.1.0/24 (video services).
Chapter 9 VLAN Figure 86 Advanced Application > VLAN > VLAN Configuration > Subnet Based VLAN Setup Note: The following table describes the labels in this screen. Table 37 Advanced Application > VLAN > VLAN Configuration > Subnet Based VLAN Setup LABEL DESCRIPTION Active Check this box to activate this subnet based VLANs on the Switch. DHCP-Vlan Override When DHCP snooping is enabled DHCP clients can renew their IP address through the DHCP VLAN or via another DHCP server on the subnet based VLAN.
Chapter 9 VLAN Table 37 Advanced Application > VLAN > VLAN Configuration > Subnet Based VLAN Setup LABEL DESCRIPTION Active This field shows whether the subnet based VLAN is active or not. Name This field shows the name the subnet based VLAN. IP This field shows the IP address of the subnet for this subnet based VLAN. Mask-Bits This field shows the subnet mask in bit number format for this subnet based VLAN. VID This field shows the VLAN ID of the frames which belong to this subnet based VLAN.
Chapter 9 VLAN 9.7.1 Configuring Protocol Based VLAN Click the Protocol Based VLAN Setup link in the VLAN Configuration screen to display the configuration screen as shown. Note: Protocol-based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. Figure 88 Advanced Application > VLAN > VLAN Configuration > Protocol Based VLAN Setup Note: The following table describes the labels in this screen.
Chapter 9 VLAN Table 38 Advanced Application > VLAN > VLAN Configuration > Protocol Based VLAN Setup LABEL DESCRIPTION Port This field shows which port belongs to this protocol based VLAN. Name This field shows the name the protocol based VLAN. Ethernet-type This field shows which Ethernet protocol is part of this protocol based VLAN. VID This field shows the VLAN ID of the port. Priority This field shows the priority which is assigned to frames belonging to this protocol based VLAN.
Chapter 9 VLAN The following table describes the fields in the above screen. Table 39 Advanced Application > VLAN > VLAN Configuration > Voice VLAN Setup LABEL DESCRIPTION Voice VLAN Global Setup Voice VLAN Click the Voice VLAN radio button if you want to enable the Voice VLAN feature. Type a VLAN ID number in the box next to the radio button that is associated with the Voice VLAN. Click Disable radio button if you do not want to enable the Voice VLAN feature.
Chapter 9 VLAN Figure 90 Advanced Application > VLAN > VLAN Configuration > MAC Based VLAN Setup The following table describes the fields in the above screen. Table 40 Advanced Application > VLAN > VLAN Configuration > MAC Based VLAN Setup LABEL DESCRIPTION Name Type a name up to 32 alpha numeric characters for the MAC-based VLAN entry. MAC Address Type a MAC address that is bind to the MAC-based VLAN entry.
Chapter 9 VLAN Port-based VLANs are specific only to the Switch on which they were created. Note: When you activate port-based VLAN, the Switch uses a default VLAN ID of 1. You cannot change it. Note: In screens (such as IP Setup and Filtering) that require a VID, you must enter 1 as the VID. The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all Ethernet ports. 9.10.
Chapter 9 VLAN Figure 92 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) GS2210 Series User’s Guide 110
Chapter 9 VLAN The following table describes the labels in this screen. Table 41 Advanced Application > VLAN: Port Based VLAN Setup label Description Setting Wizard Choose All connected or Port isolation. All connected means all ports can communicate with each other, that is, there are no virtual LANs. All incoming and outgoing ports are selected. This option is the most flexible but also the least secure.
Chapter 9 VLAN Figure 93 Protocol Based VLAN Configuration Example To add more ports to this protocol based VLAN. 1 Click the index number of the protocol based VLAN entry. Click 1. 2 Change the value in the Port field to the next port you want to add. 3 Click Add.
Chapter 10 Static MAC Forwarding C H A P T E R 10 Static MAC Forwarding 10.1 Overview This chapter discusses how to configure forwarding rules based on MAC addresses of devices on your network. Use these screens to configure static MAC address forwarding. 10.1.1 What You Can Do Use the Static MAC Forwarding screen (Section 10.2 on page 113) to assign static MAC addresses for a port. 10.
Figure 94 Advanced Application > Static MAC Forwarding The following table describes the labels in this screen. Table 42 Advanced Application > Static MAC Forwarding LABEL DESCRIPTION Active Select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this check box. Name Enter a descriptive name for identification purposes for this static MAC address forwarding rule.
Chapter 11 Static Multicast Forwarding C H A P T E R 11 Static Multicast Forwarding 11.1 Static Multicast Forward Setup Overview This chapter discusses how to configure forwarding rules based on multicast MAC addresses of devices on your network. Use these screens to configure static multicast address forwarding. 11.1.1 What You Can Do Use the Static Multicast Forwarding screen (Section 11.
Figure 96 Static Multicast Forwarding to A Single Port Figure 97 Static Multicast Forwarding to Multiple Ports 11.2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames, such as streaming or control frames, to specific port(s). Click Advanced Application > Static Multicast Forwarding to display the configuration screen as shown.
Chapter 11 Static Multicast Forwarding Figure 98 Advanced Application > Static Multicast Forwarding The following table describes the labels in this screen. Table 43 Advanced Application > Static Multicast Forwarding LABEL DESCRIPTION Active Select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this check box. Name Type a descriptive name (up to 32 printable ASCII characters) for this static multicast MAC address forwarding rule.
Chapter 11 Static Multicast Forwarding Table 43 Advanced Application > Static Multicast Forwarding (continued) LABEL DESCRIPTION Delete Click Delete to remove the selected entry from the summary table. Cancel Click Cancel to clear the check boxes.
C H A P T E R 12 Filtering 12.1 Filtering Overview This chapter discusses MAC address port filtering. Filtering means sifting traffic going through the Switch based on the source and/or destination MAC addresses and VLAN group (ID). 12.1.1 What You Can Do Use the Filtering screen (Section 12.2 on page 119) to create rules for traffic going through the Switch. 12.2 Configure a Filtering Rule Use this screen to create rules for traffic going through the Switch.
Chapter 12 Filtering The following table describes the related labels in this screen. Table 44 Advanced Application > Filtering LABEL DESCRIPTION Active Make sure to select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by deselecting this check box. Name Type a descriptive name (up to 32 printable ASCII characters) for this rule. This is for identification only.
C H A P T E R 13 Spanning Tree Protocol 13.1 Spanning Tree Protocol Overview The Switch supports Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) as defined in the following standards. • IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol • IEEE 802.1s Multiple Spanning Tree Protocol The Switch also allows you to set up multiple STP configurations (or trees). Ports can then be assigned to the trees. 13.1.
Chapter 13 Spanning Tree Protocol generates the topology change. In STP, a longer delay is required as the device that causes a topology change first notifies the root bridge that then notifies the network. Both RSTP and STP flush unwanted learned addresses from the filtering database. In RSTP, the port states are Discarding, Learning, and Forwarding. Note: In this user’s guide, “STP” refers to both STP and RSTP. STP Terminology The root bridge is the base of the spanning tree.
Chapter 13 Spanning Tree Protocol STP Port States STP assigns five port states to eliminate packet looping. A bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops. Table 46 STP Port States PORT STATE DESCRIPTION Disabled STP is disabled (default). Blocking Only configuration and management BPDUs are received and processed. Listening All BPDUs are received and processed. Note: The listening state does not exist in RSTP.
Chapter 13 Spanning Tree Protocol • Load-balancing is possible as traffic from different VLANs can use distinct paths in a region. 13.2 Spanning Tree Protocol Status Screen The Spanning Tree Protocol status screen changes depending on what standard you choose to implement on your network. Click Advanced Application > Spanning Tree Protocol to see the screen as shown.
Chapter 13 Spanning Tree Protocol The following table describes the labels in this screen. Table 47 Advanced Application > Spanning Tree Protocol > Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch. Apply Click Apply to save your changes to the Switch’s run-time memory.
Chapter 13 Spanning Tree Protocol The following table describes the labels in this screen. Table 48 Advanced Application > Spanning Tree Protocol > RSTP LABEL DESCRIPTION Status Click Status to display the RSTP Status screen (see Figure 104 on page 127). Active Select this check box to activate RSTP. Clear this checkbox to disable RSTP. Note: You must also activate Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable RSTP on the Switch.
Chapter 13 Spanning Tree Protocol Table 48 Advanced Application > Spanning Tree Protocol > RSTP (continued) LABEL DESCRIPTION Priority Configure the priority for each port here. Priority decides which port should be disabled when more than one port forms a loop in a switch. Ports with a higher priority numeric value are disabled first. The allowed range is between 0 and 255 and the default value is 128. Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port.
Chapter 13 Spanning Tree Protocol Table 49 Advanced Application > Spanning Tree Protocol > Status: RSTP (continued) LABEL DESCRIPTION Max Age (second) This is the maximum time (in seconds) the Switch can wait without receiving a configuration message before attempting to reconfigure. Forwarding Delay (second) This is the time (in seconds) the root switch will wait before changing states (that is, listening to learning to forwarding). Note: The listening state does not exist in RSTP.
Chapter 13 Spanning Tree Protocol 13.6 Configure Multiple Rapid Spanning Tree Protocol To configure MRSTP, click MRSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 13.1 on page 121 for more information on MRSTP. Figure 105 Advanced Application > Spanning Tree Protocol > MRSTP The following table describes the labels in this screen.
Chapter 13 Spanning Tree Protocol Table 50 Advanced Application > Spanning Tree Protocol > MRSTP (continued) LABEL DESCRIPTION Hello Time This is the time interval in seconds between BPDU (Bridge Protocol Data Units) configuration message generations by the root switch. The allowed range is 1 to 10 seconds. Max Age This is the maximum time (in seconds) the Switch can wait without receiving a BPDU before attempting to reconfigure.
Chapter 13 Spanning Tree Protocol 13.7 Multiple Rapid Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 13.1 on page 121 for more information on MRSTP. Note: This screen is only available after you activate MRSTP on the Switch. Figure 106 Advanced Application > Spanning Tree Protocol > Status: MRSTP Note: The following table describes the labels in this screen.
Chapter 13 Spanning Tree Protocol Table 51 Advanced Application > Spanning Tree Protocol > Status: MRSTP (continued) LABEL DESCRIPTION Port State This field displays the port state in STP. • • • Port Role Discarding - The port does not forward/process received frames or learn MAC addresses, but still listens for BPDUs. Learning - The port learns MAC addresses and processes BPDUs, but does not forward frames yet. Forwarding - The port is operating normally.
Chapter 13 Spanning Tree Protocol Figure 107 Advanced Application > Spanning Tree Protocol > MSTP GS2210 Series User’s Guide 133
Chapter 13 Spanning Tree Protocol The following table describes the labels in this screen. Table 52 Advanced Application > Spanning Tree Protocol > MSTP LABEL DESCRIPTION Status Click Status to display the MSTP Status screen (see Figure 109 on page 137). Port Click Port to display the MSTP Port screen (see Figure 108 on page 135). Active Select this to activate MSTP on the Switch. Clear this to disable MSTP on the Switch.
Chapter 13 Spanning Tree Protocol Table 52 Advanced Application > Spanning Tree Protocol > MSTP (continued) LABEL DESCRIPTION * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. Active Select this check box to add this port to the MST instance.
Chapter 13 Spanning Tree Protocol The following table describes the labels in this screen. Table 53 Advanced Application > Spanning Tree Protocol > MSTP > Port LABEL DESCRIPTION MSTP Click MSTP to edit MSTP settings on the Switch. Port This field displays the port number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
Chapter 13 Spanning Tree Protocol Figure 109 Advanced Application > Spanning Tree Protocol > Status: MSTP The following table describes the labels in this screen. Table 54 Advanced Application > Spanning Tree Protocol > Status: MSTP LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you want to activate. Click MSTP to edit MSTP settings on the Switch. CST This section describes the Common Spanning Tree settings.
Chapter 13 Spanning Tree Protocol Table 54 Advanced Application > Spanning Tree Protocol > Status: MSTP (continued) LABEL DESCRIPTION Revision Number This field displays the revision number for this MST region. Configuration Digest A configuration digest is generated from the VLAN-MSTI mapping information. Topology Changed Times This is the number of times the spanning tree has been reconfigured. Time Since Last Change This is the time since the spanning tree was last reconfigured.
Chapter 13 Spanning Tree Protocol Table 54 Advanced Application > Spanning Tree Protocol > Status: MSTP (continued) LABEL DESCRIPTION Designated Cost This field displays the path cost to the LAN segment to which the port is connected when the port is a designated port. Otherwise, it displays the path cost to the root bridge from the designated port for the LAN segament to which this port is connected, Root Guard State This field displays the state of the port on which root guard is enabled.
Chapter 13 Spanning Tree Protocol Figure 111 MSTP Network Example A VLAN 1 VLAN 2 B 13.10.2 MST Region An MST region is a logical grouping of multiple network devices that appears as a single device to the rest of the network. Each MSTP-enabled device can only belong to one MST region. When BPDUs enter an MST region, external path cost (of paths outside this region) is increased by one. Internal path cost (of paths within this region) is increased by one when BPDUs traverse the region.
Chapter 13 Spanning Tree Protocol Figure 112 MSTIs in Different Regions 13.10.4 Common and Internal Spanning Tree (CIST) A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP/ RSTP. The CIST is the default MST instance (MSTID 0). Any VLANs that are not members of an MST instance are members of the CIST. In an MSTP-enabled network, there is only one CIST that runs between MST regions and single spanning tree devices.
C H A P T E R 14 Bandwidth Control 14.1 Bandwidth Control Overview This chapter shows you how you can cap the maximum bandwidth using the Bandwidth Control screen. Bandwidth control means defining a maximum allowable bandwidth for incoming and/or out-going traffic flows on a port. 14.1.1 What You Can Do Use the Bandwidth Control screen (Section 14.2 on page 142) to limit the bandwidth for traffic going through the Switch. 14.
Chapter 14 Bandwidth Control The following table describes the related labels in this screen. Table 55 Advanced Application > Bandwidth Control LABEL DESCRIPTION Active Select this check box to enable bandwidth control on the Switch. Port This field displays the port number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
C H A P T E R 15 Broadcast Storm Control 15.1 Broadcast Storm Control Overview This chapter introduces and shows you how to configure the broadcast storm control feature. Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or DLF packets is reached per second, the subsequent packets are discarded.
Chapter 15 Broadcast Storm Control Figure 115 Advanced Application > Broadcast Storm Control The following table describes the labels in this screen. Table 56 Advanced Application > Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the Switch. Clear this check box to disable this feature. Port This field displays the port number. * Settings in this row apply to all ports.
C H A P T E R 16 Mirroring 16.1 Mirroring Overview This chapter discusses port mirroring setup screens. Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the monitor port without interference. 16.1.1 What You Can Do Use the Mirroring screen (Section 16.2 on page 146) to select a monitor port and specify the traffic flow to be copied to the monitor port. 16.
Chapter 16 Mirroring The following table describes the labels in this screen. Table 57 Advanced Application > Mirroring LABEL DESCRIPTION Active Select this check box to activate port mirroring on the Switch. Clear this check box to disable the feature. Monitor Port The monitor port is the port you copy the traffic to in order to examine it in more detail without interfering with the traffic flow on the original port(s). Enter the port number of the monitor port.
C H A P T E R 17 Link Aggregation 17.1 Link Aggregation Overview This chapter shows you how to logically aggregate physical links to form one logical, higher-bandwidth link. Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link. You may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link.
Chapter 17 Link Aggregation • You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking. • LACP only works on full-duplex links. • All ports in the same trunk group must have the same media type, speed, duplex mode and flow control settings. Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network topology loops.
Chapter 17 Link Aggregation The following table describes the labels in this screen. Table 60 Advanced Application > Link Aggregation Status LABEL DESCRIPTION Group ID This field displays the group ID to identify a trunk group, that is, one logical link containing multiple ports. Enabled Ports These are the ports you have configured in the Link Aggregation screen to be in the trunk group. The port number(s) displays only when this trunk group is activated and there is a port belonging to this group.
Chapter 17 Link Aggregation Figure 118 Advanced Application > Link Aggregation > Link Aggregation Setting The following table describes the labels in this screen. Table 61 Advanced Application > Link Aggregation > Link Aggregation Setting LABEL DESCRIPTION Link Aggregation Setting This is the only screen you need to configure to enable static link aggregation. Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports.
Chapter 17 Link Aggregation Table 61 Advanced Application > Link Aggregation > Link Aggregation Setting (continued) LABEL DESCRIPTION Criteria Select the outgoing traffic distribution type. Packets from the same source and/or to the same destination are sent over the same link within the trunk. By default, the Switch uses the src-dst-mac distribution type. If the Switch is behind a router, the packet’s destination or source MAC address will be changed.
Chapter 17 Link Aggregation Figure 119 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP The following table describes the labels in this screen. Table 62 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP LABEL Link Aggregation Control Protocol Active DESCRIPTION Note: Do not configure this screen unless you want to enable dynamic link aggregation. Select this checkbox to enable Link Aggregation Control Protocol (LACP).
Chapter 17 Link Aggregation Table 62 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP (continued) LABEL DESCRIPTION System Priority LACP system priority is a number between 1 and 65,535. The switch with the lowest system priority (and lowest port number if system priority is the same) becomes the LACP “server”. The LACP “server” controls the operation of LACP setup. Enter a number to set the priority of an active port using Link Aggregation Control Protocol (LACP).
Chapter 17 Link Aggregation 2 Configure static trunking - Click Advanced Application > Link Aggregation > Link Aggregation Setting. In this screen activate trunk group T1, select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below. Click Apply when you are done. Figure 121 Trunking Example - Configuration Screen Your trunk group 1 (T1) configuration is now complete.
Chapter 18 Port Authentication C H A P T E R 18 Port Authentication 18.1 Port Authentication Overview This chapter describes the IEEE 802.1x and MAC authentication methods. Port authentication is a way to validate access to ports on the Switch to clients based on an external server (authentication server). The Switch supports the following methods for port authentication: • IEEE 802.1x2 - An authentication server validates access to a port based on a username and password provided by the user.
Figure 122 IEEE 802.1x Authentication Process 18.1.3 MAC Authentication MAC authentication works in a very similar way to IEEE 802.1x authentication. The main difference is that the Switch does not prompt the client for login credentials. The login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch. Figure 123 MAC Authentication Process 18.
Chapter 18 Port Authentication Click Advanced Application > Port Authentication in the navigation panel to display the screen as shown. Select a port authentication method’s link in the screen that appears. Figure 124 Advanced Application > Port Authentication 18.3 Activate IEEE 802.1x Security Use this screen to activate IEEE 802.1x security. In the Port Authentication screen click 802.1x to display the configuration screen as shown. Figure 125 Advanced Application > Port Authentication > 802.
Chapter 18 Port Authentication The following table describes the labels in this screen. Table 63 Advanced Application > Port Authentication > 802.1x LABEL DESCRIPTION Active Select this check box to permit 802.1x authentication on the Switch. Note: You must first enable 802.1x authentication on the Switch before configuring it on each port. EAPOL flood Select this check box to flood EAPoL packets to all ports in the same VLAN. EAPOL flood will not take effect with 802.1x authentication enabled.
Chapter 18 Port Authentication Figure 126 Guest VLAN Example Use this screen to enable and assign a guest VLAN to a port. In the Port Authentication > 802.1x screen click Guest Vlan to display the configuration screen as shown. Figure 127 Advanced Application > Port Authentication > 802.1x > Guest VLAN The following table describes the labels in this screen. Table 64 Advanced Application > Port Authentication > 802.1x > Guest VLAN LABEL DESCRIPTION Port This field displays a port number.
Chapter 18 Port Authentication Table 64 Advanced Application > Port Authentication > 802.1x > Guest VLAN (continued) LABEL DESCRIPTION Active Select this checkbox to enable the guest VLAN feature on this port. Clients that fail authentication are placed in the guest VLAN and can receive limited services. Guest Vlan A guest VLAN is a pre-configured VLAN on the Switch that allows non-authenticated users to access limited network resources through the Switch. You must also enable IEEE 802.
Chapter 18 Port Authentication Figure 128 Advanced Application > Port Authentication > MAC Authentication The following table describes the labels in this screen. Table 65 Advanced Application > Port Authentication > MAC Authentication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch. Note: You must first enable MAC authentication on the Switch before configuring it on each port.
Chapter 18 Port Authentication Table 65 Advanced Application > Port Authentication > MAC Authentication (continued) LABEL DESCRIPTION * Use this row to make the setting the same for all ports. Use this row first and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. Active Select this check box to permit MAC authentication on this port. You must first allow MAC authentication on the Switch before configuring it on each port.
Chapter 18 Port Authentication RADIUS is a simple package exchange in which your switch acts as a message relay between the wired client and the network RADIUS server. 18.5.2.1 Types of RADIUS Messages The following types of RADIUS messages are exchanged between the switch and the RADIUS server for user authentication: • Access-Request Sent by an switch requesting authentication. • Access-Reject Sent by a RADIUS server rejecting access. • Access-Accept Sent by a RADIUS server allowing access.
For EAP-TLS authentication type, you must first have a wired connection to the network and obtain the certificate(s) from a certificate authority (CA). A certificate (also called digital IDs) can be used to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner. • EAP-MD5 (Message-Digest Algorithm 5) MD5 authentication is the simplest one-way authentication method. The authentication server sends a challenge to the wired client.
Chapter 18 Port Authentication The switch will send an encryption key to the wired client. It’ll be allowed access to the network when both of the switch and wired client have the correct encryption keys. • EAP-Packet Both of the wired client and the switch will send this message to complete the authentication process. • EAPOL-Logoff This message will be sent when the wired client wants to be disconnected from the network.
Chapter 19 Port Security C H A P T E R 19 Port Security 19.1 Port Security Overview This chapter shows you how to set up port security. Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. The Switch can learn up to 16K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 16K.
Figure 129 Advanced Application > Port Security The following table describes the labels in this screen. Table 66 Advanced Application > Port Security LABEL DESCRIPTION Port List Enter the number of the port(s) (separated by a comma) on which you want to enable port security and disable MAC address learning. After you click MAC freeze, all previously learned MAC addresses on the specified port(s) will become static MAC addresses and display in the Static MAC Forwarding screen.
Chapter 19 Port Security Table 66 Advanced Application > Port Security (continued) LABEL DESCRIPTION Limited Number of Learned MAC Address Use this field to limit the number of (dynamic) MAC addresses that may be learned on a port. For example, if you set this field to "5" on port 2, then only the devices with these five learned MAC addresses may access port 2 at any one time. A sixth device would have to wait until one of the five learned MAC addresses aged out.
C H A P T E R 20 Time Range 20.1 Time Range Overview You can set up one-time and recurring schedules for time-oriented features, such as PoE and classifier. The UAG supports one-time and recurring schedules. One-time schedules are effective only once, while recurring schedules usually repeat. Both types of schedules are based on the current date and time in the Switch. 20.1.1 What You Can Do Use the Time Range screen (Section 20.2 on page 170) to view or define a schedule on the Switch. 20.
Chapter 20 Time Range The following table describes the labels in this screen. Table 67 Advanced Application > Time Range LABEL DESCRIPTION Name Enter a descriptive name for this rule for identifying purposes. Type Select Absolute to create a one-time schedule. One-time schedules begin on a specific start date and time and end on a specific stop date and time. One-time schedules are useful for long holidays and vacation periods. Alternatively, select Periodic to create a recurring schedule.
Chapter 21 Classifier C H A P T E R 21 Classifier 21.1 Classifier Overview This chapter introduces and shows you how to configure the packet classifier on the Switch. It also discusses Quality of Service (QoS) and classifier concepts as employed by the Switch. 21.1.1 What You Can Do • Use the Classifier Status screen (Section 21.2 on page 173) to view the classifiers configured on the Switch and how many times the traffic matches the rules. • Use the Classifier Configuration screen (Section 21.
Chapter 21 Classifier 21.2 Classifier Status Use this screen to view the classifiers configured on the Switch and how many times the traffic matches the rules. Click Advanced Application > Classifier in the navigation panel to display the configuration screen as shown. Figure 131 Advanced Application > Classifier > Classifier Status The following table describes the labels in this screen.
Chapter 21 Classifier Figure 132 Advanced Application > Classifier > Classifier Configuration GS2210 Series User’s Guide 174
Chapter 21 Classifier The following table describes the labels in this screen. Table 69 Advanced Application > Classifier > Classifier Configuration LABEL DESCRIPTION Active Select this option to enable this rule. Name Enter a descriptive name for this rule for identifying purposes. Weight Enter a number between 0 and 65535 to specify the rule’s weight. When the match order is in manual mode in the Classifier Global Setting screen, a higher weight means a higher priority.
Chapter 21 Classifier Table 69 Advanced Application > Classifier > Classifier Configuration (continued) LABEL DESCRIPTION Layer 3 Specify the fields below to configure a layer 3 classifier. DSCP IPv4/IPv6 Select Any to classify traffic from any DSCP or select the second option and specify a DSCP (DiffServ Code Point) number between 0 and 63 in the field provided.
Chapter 21 Classifier Table 69 Advanced Application > Classifier > Classifier Configuration (continued) LABEL DESCRIPTION Cancel Click Cancel to reset the fields back to your previous configuration. Clear Click Clear to set the above fields back to the factory defaults. 21.3.1 Viewing and Editing Classifier Configuration Summary To view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Classifier screen.
Chapter 21 Classifier Table 71 Common Ethernet Types and Protocol Numbers ETHERNET TYPE PROTOCOL NUMBER IBM SNA 80D5 AppleTalk AARP 80F3 In the Internet Protocol there is a field, called “Protocol”, to identify the next level protocol. The following table shows some common protocol types and the corresponding protocol number. Refer to http:// www.iana.org/assignments/protocol-numbers for a complete list.
The following table describes the labels in this screen. Table 74 Advanced Application > Classifier > Classifier Configuration > Classifier Global Setting LABEL DESCRIPTION Match Order Select manual to have classifier rules applied according to the weight of each rule you configured in Advanced Application > Classifier > Classifier Configuration. Alternatively, select auto to have classifier rules applied according to the layer of the item configured in the rule.
Chapter 21 Classifier Figure 135 Classifier: Example GS2210 Series User’s Guide 180
Chapter 22 Policy Rule C H A P T E R 22 Policy Rule 22.1 Policy Rules Overview This chapter shows you how to configure policy rules. A classifier distinguishes traffic into flows based on the configured criteria (refer to Chapter 21 on page 172 for more information). A policy rule ensures that a traffic flow gets the requested treatment in the network. 22.1.1 What You Can Do Use the Policy Rule screen (Section 22.
Chapter 22 Policy Rule Figure 136 Advanced Application > Policy Rule The following table describes the labels in this screen. Table 75 Advanced Application > Policy Rule LABEL DESCRIPTION Active Select this option to enable the policy. Name Enter a descriptive name for identification purposes. Classifier(s) This field displays the active classifier(s) you configure in the Classifier screen. Select the classifier(s) to which this policy rule applies.
Table 75 Advanced Application > Policy Rule (continued) LABEL DESCRIPTION Rate Limit You can configure the desired bandwidth available to a traffic flow. Traffic that exceeds the maximum bandwidth allocated (in cases where the network is congested) is dropped. Bandwidth Specify the bandwidth in kilobit per second (Kbps). Enter a number between 64 and 1000000. Action Specify the action(s) the Switch takes on the associated classified traffic flow.
Chapter 22 Policy Rule 22.3 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier (refer to Section 21.5 on page 179).
Chapter 23 Queuing Method C H A P T E R 23 Queuing Method 23.1 Queuing Method Overview This chapter introduces the queuing methods supported. Queuing is used to help solve performance degradation when there is network congestion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffic. See also Priority Queue Assignment in Switch Setup and 802.1p Priority in Port Setup for related information. 23.1.1 What You Can Do Use the Queueing Method screen (Section 23.
amount of bandwidth, and then moves to the end of the list; and so on, depending on the number of queues being used. This works in a looping fashion until a queue is empty. Weighted Round Robin Scheduling (WRR) uses the same algorithm as round robin scheduling, but services queues based on their priority and queue weight (the number you configure in the queue Weight field) rather than a fixed amount of bandwidth. WRR is activated only when a port has more traffic than it can handle.
Chapter 23 Queuing Method The following table describes the labels in this screen. Table 76 Advanced Application > Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them.
Chapter 24 Multicast C H A P T E R 24 Multicast 24.1 Multicast Overview This chapter shows you how to configure various multicast features. Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast delivers IP packets to just a group of hosts on the network.
Chapter 24 Multicast IGMP Snooping A Switch can passively snoop on IGMP packets transferred between IP multicast routers/switches and IP multicast hosts to learn the IP multicast group membership. It checks IGMP packets passing through it, picks out the group registration information, and configures multicasting accordingly. IGMP snooping allows the Switch to learn multicast groups without you having to manually configure them.
Chapter 24 Multicast query from a router (X) or MLD Done or Report message from any upstream port, it will be broadcast to all connected upstream ports. MLD Messages A multicast router or switch periodically sends general queries to MLD hosts to update the multicast forwarding table. When an MLD host wants to join a multicast group, it sends an MLD Report message for that address. An MLD Done message is similar to an IGMP Leave message.
Chapter 24 Multicast Figure 139 MVR Network Example Types of MVR Ports In MVR, a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic. Once configured, the Switch maintains a forwarding table that matches the multicast stream to the associated multicast group. MVR Modes You can set your Switch to operate in either dynamic or compatible mode.
Chapter 24 Multicast Figure 140 MVR Multicast Television Example 24.2 Multicast Setup Use this screen to configure IGMP for IPv4 or MLD for IPv6 and set up multicast VLANs. Click Advanced Application > Multicast in the navigation panel. Figure 141 Advanced Application > Multicast Setup The following table describes the labels in this screen.
Chapter 24 Multicast The following table describes the labels in this screen. Table 78 Advanced Application > Multicast > IPv4 Multicast LABEL DESCRIPTION Index This is the index number of the entry. VID This field displays the multicast VLAN ID. Port This field displays the port number that belongs to the multicast group. Multicast Group This field displays IP multicast group addresses. 24.3.
Chapter 24 Multicast Table 79 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping (continued) (continued) LABEL DESCRIPTION Host Timeout Specify the time (from 1 to 16 711 450) in seconds that elapses before the Switch removes an IGMP group membership entry if it does not receive report messages from the port. 802.1p Priority Select a priority level (0-7) to which the Switch changes the priority in outgoing IGMP control packets. Otherwise, select No-Change to not replace the priority.
Chapter 24 Multicast Table 79 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping (continued) (continued) LABEL DESCRIPTION Max Group Num. Enter the number of multicast groups this port is allowed to join. Once a port is registered in the specified number of multicast groups, any new IGMP join report frame(s) is dropped on this port. Throttling IGMP throttling controls how the Switch deals with the IGMP reports when the maximum number of the IGMP groups a port can join is reached.
Chapter 24 Multicast Figure 144 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Snooping VLAN The following table describes the labels in this screen. Table 80 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Snooping VLAN LABEL DESCRIPTION Mode Select auto to have the Switch learn multicast group membership information of any VLANs automatically.
Chapter 24 Multicast Table 80 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Snooping VLAN LABEL DESCRIPTION Name This field displays the descriptive name for this VLAN group. VID This field displays the ID number of the VLAN group. Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Check the entry(ies) that you want to remove, then click the Delete button.
Chapter 24 Multicast Table 81 Advanced Application > Multicast > IPv4 Multicast > IGMP Snooping > IGMP Filtering Profile LABEL DESCRIPTION Add Click this to create a new entry. This saves your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Clear Click Clear to reset the fields to the factory defaults.
Chapter 24 Multicast Figure 147 Advanced Application > Multicast > IPv6Multicast > MLD Snooping-proxy The following table describes the fields in the above screen. Table 83 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy LABEL DESCRIPTION MLD Snooping-proxy Use these settings to configure MLD snooping-proxy. Active Select Active to enable MLD snooping-proxy on the Switch to minimize MLD control messages and allow better network performance. 802.
Chapter 24 Multicast The following table describes the fields in the above screen. Table 84 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN LABEL DESCRIPTION VID Enter the ID number of the VLAN on which you want to enable MLD snooping-proxy and configure related settings. Upstream Query Interval Enter the amount of time (in miliseconds) between general query messages sent by the router connected to the upstream port.
Chapter 24 Multicast Table 84 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > VLAN LABEL DESCRIPTION Index This is the index number of the MLD snooping-proxy VLAN entry in the table. Click on an index number to view more details or change the settings. VID This field displays the ID number of the VLAN group. Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries.
Chapter 24 Multicast The following table describes the fields in the above screen. Table 85 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Port Role Setting LABEL DESCRIPTION MLD Snooping-proxy VLAN ID Select the VLAN ID for which you want to configure a port’s MLD snooping-proxy settings. Port This field displays the port number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Chapter 24 Multicast Figure 150 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering The following table describes the fields in the above screen. Table 86 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering LABEL DESCRIPTION Active Select this option to enable MLD filtering on the Switch. Port This field displays the port number. * Settings in this row apply to all ports.
Chapter 24 Multicast 24.4.5 MLD Snooping-proxy Filtering Profile Use this screen to create an MLD filtering profile and set the range of the multicast address(es). Click the Filtering Profile link in the Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering screen to display the screen as shown. Figure 151 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering > Filtering Profile The following table describes the fields in the above screen.
Chapter 24 Multicast Table 87 Advanced Application > Multicast > IPv6 Multicast > MLD Snooping-proxy > Filtering Profile LABEL DESCRIPTION To delete the profile(s) and all the accompanying rules, select the profile(s) that you want to remove, then click the Delete button. You can select the check box in the table heading row to select all profiles. To delete a rule(s) from a profile, select the rule(s) that you want to remove , then click the Delete button.
Chapter 24 Multicast Figure 152 Advanced Application > Multicast > MVR The following table describes the related labels in this screen. Table 88 Advanced Application > Multicast > MVR LABEL DESCRIPTION Active Select this check box to enable MVR to allow one single multicast VLAN to be shared among different subscriber VLANs on the network. Group Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes.
Chapter 24 Multicast Table 88 Advanced Application > Multicast > MVR (continued) LABEL DESCRIPTION * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Changes in this row are copied to all the ports as soon as you make them. Source Port Select this option to set this port as the MVR source port that sends and receives multicast traffic.
Chapter 24 Multicast Figure 153 Advanced Application > Multicast > MVR > Group Configuration The following table describes the labels in this screen. Table 89 Advanced Application > Multicast > MVR > Group Configuration LABEL DESCRIPTION Multicast VLAN ID Select a multicast VLAN ID (that you configured in the MVR screen) from the drop-down list box. Group Name Enter a descriptive name for identification purposes.
Chapter 24 Multicast Table 89 Advanced Application > Multicast > MVR > Group Configuration (continued) LABEL DESCRIPTION Delete Select the entry(ies) that you want to remove, then click the Delete button to remove the selected entry(ies) from the table. If you delete a multicast VLAN, all multicast groups in this VLAN will also be removed. Cancel Select Cancel to clear the checkbox(es) in the table. 24.5.
Chapter 24 Multicast Figure 155 MVR Configuration Example EXAMPLE To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two IPv4 multicast groups (News and Movie) are configured for the multicast VLAN 200.
Figure 157 MVR Group Configuration Example-2 EXAMPLE GS2210 Series User’s Guide 211
Chapter 25 AAA C H A P T E R 25 AAA 25.1 AAA Overview This chapter describes how to configure authentication, authorization and accounting settings on the Switch. The external servers that perform authentication, authorization and accounting functions are known as AAA servers.
Chapter 25 AAA Accounting is the process of recording what a user is doing. The Switch can use an external server to track when users log in, log out, execute commands and so on. Accounting can also record system related actions such as boot up and shut down times of the Switch. Local User Accounts By storing user profiles locally on the Switch, your Switch is able to authenticate and authorize users without interacting with a network AAA server.
Chapter 25 AAA Figure 160 Advanced Application > AAA > RADIUS Server Setup The following table describes the labels in this screen. Table 91 Advanced Application > AAA > RADIUS Server Setup LABEL DESCRIPTION Authentication Server Use this section to configure your RADIUS authentication settings. Mode This field is only valid if you configure multiple RADIUS servers.
Chapter 25 AAA Table 91 Advanced Application > AAA > RADIUS Server Setup (continued) LABEL DESCRIPTION Delete Check this box if you want to remove an existing RADIUS server entry from the Switch. This entry is deleted when you click Apply. Accounting Server Use this section to configure your RADIUS accounting server settings. Timeout Specify the amount of time in seconds that the Switch waits for an accounting request response from the RADIUS accounting server.
Chapter 25 AAA Figure 161 Advanced Application > AAA > TACACS+ Server Setup The following table describes the labels in this screen. Table 92 Advanced Application > AAA > TACACS+ Server Setup LABEL DESCRIPTION Authentication Server Use this section to configure your TACACS+ authentication settings. Mode This field is only valid if you configure multiple TACACS+ servers.
Chapter 25 AAA Table 92 Advanced Application > AAA > TACACS+ Server Setup (continued) LABEL DESCRIPTION Delete Check this box if you want to remove an existing TACACS+ server entry from the Switch. This entry is deleted when you click Apply. Accounting Server Use this section to configure your TACACS+ accounting settings. Timeout Specify the amount of time in seconds that the Switch waits for an accounting request response from the TACACS+ server.
Chapter 25 AAA Figure 162 Advanced Application > AAA > AAA Setup The following table describes the labels in this screen. Table 93 Advanced Application > AAA > AAA Setup LABEL DESCRIPTION Authentication Use this section to specify the methods used to authenticate users accessing the Switch. Privilege Enable These fields specify which database the Switch should use (first, second and third) to authenticate access privilege level for administrator accounts (users for Switch management).
Chapter 25 AAA Table 93 Advanced Application > AAA > AAA Setup (continued) LABEL DESCRIPTION Login These fields specify which database the Switch should use (first, second and third) to authenticate administrator accounts (users for Switch management). Configure the local user accounts in the Access Control > Logins screen. The TACACS+ and RADIUS are external servers. Before you specify the priority, make sure you have set up the corresponding database correctly first.
Chapter 25 AAA Table 93 Advanced Application > AAA > AAA Setup (continued) LABEL DESCRIPTION Mode The Switch supports two modes of recording login events. Select: • start-stop - to have the Switch send information to the accounting server when a user begins a session, during a user’s session (if it lasts past the Update Period), and when a user ends a session. • stop-only - to have the Switch send information to the accounting server only when a user ends a session.
Chapter 25 AAA The following table describes the VSAs supported on the Switch.
25.6.3 Attributes Used for Authentication The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication. 25.6.3.1 Attributes Used for Authenticating Privilege Access User-Name - The format of the User-Name attribute is $enab#$, where # is the privilege level (1-14). User-Password NAS-Identifier NAS-IP-Address 25.6.3.2 Attributes Used to Login Users User-Name User-Password NAS-Identifier NAS-IP-Address 25.6.3.3 Attributes Used by the IEEE 802.
Chapter 26 IP Source Guard C H A P T E R 26 IP Source Guard 26.1 IP Source Guard Overview Use IPv4 and IPv6 source guard to filter unauthorized DHCP and ARP packets in your network. IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in your network.
Chapter 26 IP Source Guard • Use the ARP Inspection VLAN Status screen (Section 26.8 on page 238) to look at various statistics about ARP packets in each VLAN. • Use the ARP Inspection Log Status screen (Section 26.9 on page 238) to look at log messages that were generated by ARP packets and that have not been sent to the syslog server yet. • Use the ARP Inspection Configure screen (Section 26.10 on page 240) to enable ARP inspection on the Switch.
Chapter 26 IP Source Guard 26.2 IP Source Guard Screen Use this screen to go to the configuration screens where you can configure IPv4 or IPv6 source guard settings. Click Advanced Application > IP Source Guard in the navigation panel. Figure 163 Advanced Application > IP Source Guard The following table describes the labels in this screen.
Chapter 26 IP Source Guard Figure 164 Advanced Application > IP Source Guard > IPv4 Source Guard Setup The following table describes the labels in this screen. Table 97 Advanced Application > IP Source Guard > IPv4 Source Guard Setup LABEL DESCRIPTION Index This field displays a sequential number for each binding. MAC Address This field displays the source MAC address in the binding. IP Address This field displays the IP address assigned to the MAC address in the binding.
Chapter 26 IP Source Guard Figure 165 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > Static Binding The following table describes the labels in this screen. Table 98 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > Static Binding LABEL DESCRIPTION ARP Freeze ARP Freeze allows you to automatically create static bindings from the current ARP entries (either dynamically learned or static ARP entries) until the Switch’s binding table is full.
Chapter 26 IP Source Guard Table 98 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > Static Binding LABEL DESCRIPTION Index This field displays a sequential number for each binding. MAC Address This field displays the source MAC address in the binding. IP Address This field displays the IP address assigned to the MAC address in the binding. Lease This field displays how long the binding is valid. Type This field displays how the Switch learned the binding.
Chapter 26 IP Source Guard Figure 166 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping The following table describes the labels in this screen. Table 99 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping LABEL DESCRIPTION Database Status This section displays the current settings for the DHCP snooping database. You can configure them in the DHCP Snooping Configure screen. See Section 26.6 on page 231.
Chapter 26 IP Source Guard Table 99 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping LABEL Abort timer DESCRIPTION This field displays how long (in seconds) the Switch waits to update the DHCP snooping database after the current bindings change. This section displays information about the current update and the next update of the DHCP snooping database. Agent running This field displays the status of the current update or access of the DHCP snooping database.
Chapter 26 IP Source Guard Table 99 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping LABEL DESCRIPTION Binding collisions This field displays the number of bindings the Switch ignored because the Switch already had a binding with the same MAC address and VLAN ID. Invalid interfaces This field displays the number of bindings the Switch ignored because the port number was a trusted interface or does not exist anymore.
Chapter 26 IP Source Guard Figure 167 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure The following table describes the labels in this screen. Table 100 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure LABEL DESCRIPTION Active Select this to enable DHCP snooping on the Switch. You still have to enable DHCP snooping on specific VLAN and specify trusted ports.
Chapter 26 IP Source Guard Table 100 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure (continued) (continued) LABEL Renew DHCP Snooping URL DESCRIPTION Enter the location of a DHCP snooping database, and click Renew if you want the Switch to load it. You can use this to load dynamic bindings from a different DHCP snooping database than the one specified in Agent URL.
Chapter 26 IP Source Guard The following table describes the labels in this screen. Table 101 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > Port LABEL DESCRIPTION Port This field displays the port number. If you configure the * port, the settings are applied to all of the ports. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Chapter 26 IP Source Guard Figure 169 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > VLAN The following table describes the labels in this screen. Table 102 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > VLAN LABEL DESCRIPTION Show VLAN Use this section to specify the VLANs you want to manage in the section below. Start VID Enter the lowest VLAN ID you want to manage in the section below.
Chapter 26 IP Source Guard Figure 170 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > VLAN > Port The following table describes the labels in this screen. Table 103 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP Snooping > Configure > VLAN > Port LABEL DESCRIPTION VID Enter the ID number of the VLAN you want to configure here. Port Enter the number of port(s) to which you want to apply the specified DHCP option 82 profile.
Chapter 26 IP Source Guard 26.7 ARP Inspection Status Use this screen to look at the current list of MAC address filters that were created because the Switch identified an unauthorized ARP packet. When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet. To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection.
Chapter 26 IP Source Guard 26.8 ARP Inspection VLAN Status Use this screen to look at various statistics about ARP packets in each VLAN. To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > VLAN Status. Figure 172 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > VLAN Status The following table describes the labels in this screen.
Chapter 26 IP Source Guard Figure 173 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Log Status The following table describes the labels in this screen. Table 106 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Log Status LABEL DESCRIPTION Clearing log status table Click Apply to remove all the log messages that were generated by ARP packets and that have not been sent to the syslog server yet.
Chapter 26 IP Source Guard 26.10 ARP Inspection Configure Use this screen to enable ARP inspection on the Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global settings for the ARP inspection log. To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Configure.
Chapter 26 IP Source Guard Table 107 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Configure (continued) LABEL Syslog rate DESCRIPTION Enter the maximum number of syslog messages the Switch can send to the syslog server in one batch. This number is expressed as a rate because the batch frequency is determined by the Log Interval. You must configure the syslog server (Chapter 47 on page 395) to use this.
Chapter 26 IP Source Guard The following table describes the labels in this screen. Table 108 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Configure > Port LABEL DESCRIPTION Port This field displays the port number. If you configure the * port, the settings are applied to all of the ports. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Chapter 26 IP Source Guard Figure 176 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Configure > VLAN The following table describes the labels in this screen. Table 109 Advanced Application > IP Source Guard > IPv4 Source Guard Setup > ARP Inspection > Configure > VLAN LABEL DESCRIPTION VLAN Use this section to specify the VLANs you want to manage in the section below. Start VID Enter the lowest VLAN ID you want to manage in the section below.
Chapter 26 IP Source Guard • VLAN ID • Port number • MAC address Enable IPv6 source guard on a port for the Switch to check incoming IPv6 packets on that port. A packet is allowed when it matches any entry in the IPSG binding table. If a user tries to send IPv6 packets to the Switch that do not match an entry in the IPSG binding table, the Switch will drop these packets. The Switch forwards matching traffic normally. 26.
Chapter 26 IP Source Guard Table 110 Advanced Application > IP Source Guard > IPv6 Source Binding Status (continued) LABEL DESCRIPTION VLAN This field displays the source VLAN ID in the binding. If the entry is blank, this field will not be checked in the binding. Port This field displays the port number in the binding. If this field is blank, the binding applies to all ports.
Chapter 26 IP Source Guard The following table describes the labels in this screen. Table 111 Advanced Application > IP Source Guard > IPv6 Static Binding Setup LABEL DESCRIPTION Source Address Enter the IPv6 address or IPv6 prefix and prefix length in the binding. MAC Address Enter the source MAC address in the binding. If this binding doesn’t check this field, select Any. Note: You cannot choose Any for all three of MAC Address, VLAN and Port. You must fill in at least one.
Chapter 26 IP Source Guard Figure 179 Advanced Application > IP Source Guard > IPv6 Source Guard Policy Setup The following table describes the labels in this screen. Table 112 Advanced Application > IP Source Guard > IPv6 Static Binding Setup LABEL DESCRIPTION Name Enter a descriptive name for identification purposes for this IPv6 source guard policy. Validate Address Select Validate Address to have IPv6 source guard forward valid addresses that are stored in the binding table.
Chapter 26 IP Source Guard Figure 180 Advanced Application > IP Source Guard > IPv6 Source Guard Port Setup The following table describes the labels in this screen. Table 113 Advanced Application > IP Source Guard > IPv6 Source Guard Port Setup LABEL DESCRIPTION Port This field displays the port number. If you configure the * port, the settings are applied to all of the ports. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Chapter 26 IP Source Guard Figure 181 Advanced Application > IP Source Guard > IPv6 Snooping Policy Setup The following table describes the labels in this screen. Table 114 Advanced Application > IP Source Guard > IPv6 Snooping Policy Setup LABEL DESCRIPTION Name Enter a descriptive name for identification purposes for this IPv6 snooping policy. Protocol Select DHCP to let the Switch sniff DHCPv6 packets sent from a DHCPv6 server to a DHCPv6 client.
Chapter 26 IP Source Guard 26.17 IPv6 Snooping VLAN Setup Use this screen to enable a DHCPv6 snooping policy on a specific VLAN interface. To open this screen, click Advanced Application > IP Source Guard > IPv6 Snooping VLAN Setup. Figure 182 Advanced Application > IP Source Guard > IPv6 Snooping VLAN Setup The following table describes the labels in this screen.
Chapter 26 IP Source Guard Figure 183 Advanced Application > IP Source Guard > IPv6 DHCP Trust Setup The following table describes the labels in this screen. Table 116 Advanced Application > IP Source Guard > IPv6 DHCP Trust Setup LABEL DESCRIPTION Active Select this to specify whether ports are trusted or untrusted ports for DHCP snooping. If you do not select this then IPv6 DHCP Trust is not used and all ports are automatically trusted. Port This field displays the port number.
Chapter 26 IP Source Guard 26.19 Technical Reference This section provides technical background information on the topics discussed in this chapter. 26.19.1 DHCP Snooping Overview Use DHCP snooping to filter unauthorized DHCP packets on the network and to build the binding table dynamically. This can prevent clients from getting IP addresses from unauthorized DHCP servers. 26.19.1.1 Trusted vs. Untrusted Ports Every port is either a trusted port or an untrusted port for DHCP snooping.
Chapter 26 IP Source Guard Figure 184 DHCP Snooping Database File Format TYPE DHCP-SNOOPING VERSION 1 BEGIN ... ... END The helps distinguish between the bindings in the latest update and the bindings from previous updates. Each binding consists of 72 bytes, a space, and another checksum that is used to validate the binding when it is read.
Chapter 26 IP Source Guard Figure 185 Example: Man-in-the-middle Attack In this example, computer B tries to establish a connection with computer A. Computer X is in the same broadcast domain as computer A and intercepts the ARP request for computer A. Then, computer X does the following things: • It pretends to be computer A and responds to computer B. • It pretends to be computer B and sends a message to computer A.
Chapter 26 IP Source Guard 26.19.2.3 Syslog The Switch can send syslog messages to the specified syslog server (Chapter 47 on page 395) when it forwards or discards ARP packets. The Switch can consolidate log messages and send log messages in batches to make this mechanism more efficient. 26.19.2.4 Configuring ARP Inspection Follow these steps to configure ARP inspection on the Switch. 1 Configure DHCP snooping. See Section 26.19.1.4 on page 253.
Chapter 27 Loop Guard C H A P T E R 27 Loop Guard 27.1 Loop Guard Overview This chapter shows you how to configure the Switch to guard against loops on the edge of your network. Loop guard allows you to configure the Switch to shut down a port if it detects that packets sent out on that port loop back to the Switch. While you can use Spanning Tree Protocol (STP) to prevent loops in the core of your network. STP cannot prevent loops that occur on the edge of your network. Figure 186 Loop Guard vs.
• It will receive its own broadcast messages that it sends out as they loop back. It will then re-broadcast those messages again. The following figure shows port N on switch A connected to switch B. Switch B is in loop state. When broadcast or multicast packets leave port N and reach switch B, they are sent back to port N on A as they are rebroadcast from B. Figure 187 Switch in Loop State The loop guard feature checks to see if a loop guard enabled port is connected to a switch in loop state.
Chapter 27 Loop Guard 27.2 Loop Guard Setup Click Advanced Application > Loop Guard in the navigation panel to display the screen as shown. Note: The loop guard feature can not be enabled on the ports that have Spanning Tree Protocol (RSTP, MRSTP or MSTP) enabled. Figure 190 Advanced Application > Loop Guard The following table describes the labels in this screen. Table 117 Advanced Application > Loop Guard LABEL DESCRIPTION Active Select this option to enable loop guard on the Switch.
Chapter 27 Loop Guard Table 117 Advanced Application > Loop Guard (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh.
Chapter 28 VLAN Mapping C H A P T E R 28 VLAN Mapping This chapter shows you how to configure VLAN mapping on the Switch. 28.1 VLAN Mapping Overview With VLAN mapping enabled, the Switch can map the VLAN ID and priority level of packets received from a private network to those used in the service provider’s network.
28.2 Enabling VLAN Mapping Click Advanced Application and then VLAN Mapping in the navigation panel to display the screen as shown. Figure 192 VLAN Mapping The following table describes the labels in this screen. Table 118 VLAN Mapping LABEL DESCRIPTION Active Select this option to enable VLAN mapping on the Switch. Port This field displays the port number. * Use this row to make the setting the same for all ports. Use this row first and then make adjustments on a port-by-port basis.
Chapter 28 VLAN Mapping 28.3 Configuring VLAN Mapping Click the VLAN Mapping Configure link in the VLAN Mapping screen to display the screen as shown. Use this screen to enable and edit the VLAN mapping rule(s). Figure 193 VLAN Mapping Configure The following table describes the labels in this screen. Table 119 VLAN Mapping Configure LABEL DESCRIPTION Active Check this box to activate this rule. Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes.
Chapter 28 VLAN Mapping Table 119 VLAN Mapping Configure (continued) LABEL DESCRIPTION VID This is the customer VLAN ID in the incoming packets. Translated VID This is the VLAN ID that replaces the customer VLAN ID in the tagged packets. Priority This is the priority level that replaces the customer priority level in the tagged packets. Delete Check the rule(s) that you want to remove in the Delete column and then click the Delete button. Cancel Click Cancel to clear the Delete check boxes.
Chapter 29 Layer 2 Protocol Tunneling C H A P T E R 29 Layer 2 Protocol Tunneling 29.1 Layer 2 Protocol Tunneling Overview This chapter shows you how to configure layer 2 protocol tunneling on the Switch. 29.1.1 What You Can Do Use the Layer 2 Protocol Tunnel screen (Section 29.2 on page 265) to enable layer 2 protocol tunneling on the Switch and specify a MAC address with which the Switch uses to encapsulate the layer 2 protocol packets by replacing the destination MAC address in the packets. 29.1.
To emulate a point-to-point topology between two customer switches at different sites, such as A and B, you can enable protocol tunneling on edge switches 1 and 2 for PAgP (Port Aggregation Protocol), LACP or UDLD (UniDirectional Link Detection). Figure 195 L2PT Network Example 29.1.2.1 Layer 2 Protocol Tunneling Mode Each port can have two layer 2 protocol tunneling modes, Access and Tunnel.
Chapter 29 Layer 2 Protocol Tunneling Figure 196 Advanced Application > Layer 2 Protocol Tunneling The following table describes the labels in this screen. Table 120 Advanced Application > Layer 2 Protocol Tunneling LABEL DESCRIPTION Active Select this to enable layer 2 protocol tunneling on the Switch. Destination MAC Address Specify a MAC address with which the Switch uses to encapsulate the layer 2 protocol packets by replacing the destination MAC address in the packets.
Chapter 29 Layer 2 Protocol Tunneling Table 120 Advanced Application > Layer 2 Protocol Tunneling (continued) LABEL DESCRIPTION VTP Select this option to have the Switch tunnel VTP (VLAN Trunking Protocol) packets so that all customer switches can use consistent VLAN configuration through the service provider’s network.
Chapter 30 PPPoE C H A P T E R 30 PPPoE 30.1 PPPoE Intermediate Agent Overview This chapter describes how the Switch gives a PPPoE termination server additional information that the server can use to identify and authenticate a PPPoE client. A PPPoE Intermediate Agent (PPPoE IA) is deployed between a PPPoE server and PPPoE clients.
Chapter 30 PPPoE The Tag_Type is 0x0105 for vendor-specific tags, as defined in RFC 2516. The Tag_Len indicates the length of Value, i1 and i2. The Value is the 32-bit number 0x00000DE9, which stands for the “ADSL Forum” IANA entry. i1 and i2 are PPPoE intermediate agent sub-options, which contain additional information about the PPPoE client. 30.1.2.2 Sub-Option Format There are two types of sub-option: “Agent Circuit ID Sub-option” and “Agent Remote ID Sub-option”. They have the following formats.
Chapter 30 PPPoE Working Text (WT)-101. The default access node identifier is the host name of the PPPoE intermediate agent and the eth indicates “Ethernet”. Table 125 PPPoE IA Circuit ID Sub-option Format: Defined in WT-101 SubOpt Length 0x01 N (1 byte) (1 byte) Value Access Node Identifier Space eth Space Slot ID / Port No : VLAN ID (1 byte) (3 byte) (1 byte) (1 byte) (1 byte) (2 byte) (1 byte) (4 bytes) (20 byte) 30.1.2.
Chapter 30 PPPoE 30.3 PPPoE Intermediate Agent Use this screen to configure the Switch to give a PPPoE termination server additional subscriber information that the server can use to identify and authenticate a PPPoE client. Click Advanced Application > PPPoE > Intermediate Agent in the navigation panel to display the screen as shown. Figure 198 Advanced Application > PPPoE > Intermediate Agent The following table describes the labels in this screen.
Chapter 30 PPPoE Table 126 Advanced Application > PPPoE > Intermediate Agent (continued) LABEL delimiter DESCRIPTION Select a delimiter to separate the identifier-string, slot ID, port number and/or VLAN ID from each other. You can use a pound key (#), semi-colon (;), period (.), comma (,), forward slash (/) or space. Apply Click Apply to save your changes to the Switch’s run-time memory.
Table 127 Advanced Application > PPPoE > Intermediate Agent > Port (continued) LABEL DESCRIPTION Server Trusted State Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted). Trusted ports are uplink ports connected to PPPoE servers.
Chapter 30 PPPoE The following table describes the labels in this screen. Table 128 Advanced Application > PPPoE > Intermediate Agent > Port > VLAN LABEL DESCRIPTION Show Port Enter a port number to show the PPPoE Intermediate Agent settings for the specified VLAN(s) on the port. Show VLAN Use this section to specify the VLANs you want to configure in the section below. Start VID End VID Enter the lowest VLAN ID you want to configure in the section below.
Chapter 30 PPPoE The following table describes the labels in this screen. Table 129 Advanced Application > PPPoE > Intermediate Agent > VLAN LABEL DESCRIPTION Show VLAN Use this section to specify the VLANs you want to configure in the section below. Start VID Enter the lowest VLAN ID you want to configure in the section below. End VID Enter the highest VLAN ID you want to configure in the section below. Apply Click Apply to display the specified range of VLANs in the section below.
Chapter 31 Error Disable C H A P T E R 31 Error Disable 31.1 Error Disable Overview This chapter shows you how to configure the rate limit for control packets on a port, and set the Switch to take an action (such as to shut down a port or stop sending packets) on a port when the Switch detects a pre-configured error. It also shows you how to configure the Switch to automatically undo the action after the error is gone. 31.1.
Chapter 31 Error Disable 31.2 Error Disable Screen Use this screen to go to the screens where you can configure error disable related settings. Click Advanced Application > Errdisable in the navigation panel to open the following screen. Figure 202 Advanced Application > Errdisable The following table describes the labels in this screen.
Chapter 31 Error Disable Figure 203 Advanced Application > Errdisable > Errdisable Status The following table describes the labels in this screen. Table 131 Advanced Application > Errdisable > Errdisable Status LABEL DESCRIPTION Inactive-reason mode reset Port List Enter the number of the port(s) (separated by a comma) on which you want to reset inactivereason status. Cause Select the cause of inactive-reason mode you want to reset here.
Chapter 31 Error Disable Table 131 Advanced Application > Errdisable > Errdisable Status (continued) LABEL DESCRIPTION Active This field displays whether the control packets (ARP, BPDU, and/or IGMP) on the port is being detected or not. It also shows whether loop guard, anti-arp scanning, BPDU guard or ZULD is enabled on the port. Mode This field shows the action that the Switch takes for the cause. • • • inactive-port - The Switch disables the port.
Figure 204 Advanced Application > Errdisable > CPU protection The following table describes the labels in this screen. Table 132 Advanced Application > Errdisable > CPU protection LABEL DESCRIPTION Reason Select the type of control packet you want to configure here. Port This field displays the port number. * Use this row to make the setting the same for all ports. Use this row first and then make adjustments to each port if necessary.
Chapter 31 Error Disable Figure 205 Advanced Application > Errdisable > Errdisable Detect The following table describes the labels in this screen. Table 133 Advanced Application > Errdisable > Errdisable Detect LABEL DESCRIPTION Cause This field displays the types of control packet that may cause CPU overload. * Use this row to make the setting the same for all entries. Use this row first and then make adjustments to each entry if necessary.
Figure 206 Advanced Application > Errdisable > Errdisable Recovery The following table describes the labels in this screen. Table 134 Advanced Application > Errdisable > Errdisable Recovery LABEL DESCRIPTION Active Select this option to turn on the error-disable recovery function on the Switch. Reason This field displays the supported features that allow the Switch to shut down a port or discard packets on a port according to the feature requirements and what action you configure.
Chapter 32 Private VLAN C HAPTER 32 30 Private VLAN This chapter shows you how to configure the Switch to prevent communications between ports in a VLAN. 32.1 Private VLAN Overview Private VLAN allows you to do port isolation within a VLAN in a simple way. You specify which port(s) in a VLAN is not isolated by adding it to the promiscuous port list. The Switch automatically adds other ports in this VLAN to the isolated port list and blocks traffic between the isolated ports.
Figure 208 Advanced Application > Private VLAN The following table describes the labels in this screen. Table 135 Advanced Application > Private VLAN LABEL DESCRIPTION Active Check this box to enable private VLAN in a VLAN. Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes. VLAN ID Enter a VLAN ID from 1 to 4094. This is the VLAN to which this rule applies.
Chapter 33 Green Ethernet C H A P T E R 33 Green Ethernet This chapter shows you how to configure the Switch to reduce the power consumed by switch ports. 33.1 Green Ethernet Overview Green Ethernet reduces switch port power consumption in the following ways. IEEE 802.3az Energy Efficient Ethernet (EEE) If EEE is enabled, both sides of a link support EEE and there is no traffic, the port enters Low Power Idle (LPI) mode.
Chapter 33 Green Ethernet Figure 209 Advanced Application > Green Ethernet The following table describes the labels in this screen. Table 136 Advanced Application > Green Ethernet LABEL DESCRIPTION EEE Select this to activate Energy Efficient Ethernet globally. Auto Power Down Select this to activate Auto Power Down globally. Short Reach Select this to activate Short Reach globally. Port This field displays the port number. * Use this row to make the setting the same for all ports.
Chapter 34 Link Layer Discovery Protocol (LLDP) C HAPTER 34 31 Link Layer Discovery Protocol (LLDP) 34.1 LLDP Overview The LLDP (Link Layer Discovery Protocol) is a layer 2 protocol. It allows a network device to advertise its identity and capabilities on the local network. It also allows the device to maintain and store information from adjacent devices which are directly connected to the network device.
Chapter 34 Link Layer Discovery Protocol (LLDP) The next figure demonstrates that the network devices Switches and Routers (S and R) transmit and receive device information via LLDPDU and the network manager can query the information using Simple Network Management Protocol (SNMP). Figure 210 LLDP Overview 34.2 LLDP-MED Overview LLDP-MED (Link Layer Discovery Protocol for Media Endpoint Devices) is an extension to the standard LLDP developed by the Telecommunications Industry Association (TIA) TR-41.
Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 211 LLDP-MED Overview 34.3 LLDP Screens Click Advanced Application > LLDP in the navigation panel to display the screen as shown next. Figure 212 Advanced Application > LLDP The following table describes the labels in this screen. Table 137 Advanced Application > LLDP LABEL DESCRIPTION LLDP LLDP Local Status Click here to show a screen with the Switch’s LLDP information.
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 137 Advanced Application > LLDP (continued) LABEL LLDP Configuration DESCRIPTION Click here to show a screen to configure LLDP parameters. LLDP-MED LLDP-MED Configuration Click here to show a screen to configure LLDP-MED (Link Layer Discovery Protocol for Media Endpoint Devices) parameters. LLDP-MED Network Policy Click here to show a screen to configure LLDP-MED (Link Layer Discovery Protocol for Media Endpoint Devices) network policy parameters.
Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 213 Advanced Application > LLDP > LLDP Local Status The following table describes the labels in this screen. Table 138 Advanced Application > LLDP > LLDP Local Status LABEL DESCRIPTION Basic TLV Chassis ID TLV This displays the chassis ID of the local Switch, that is the Switch you’re configuring. The chassis ID is identified by the chassis ID subtype. Chassis ID Subtype - this displays how the chassis of the Switch is identified.
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 138 Advanced Application > LLDP > LLDP Local Status LABEL DESCRIPTION System Description TLV This shows the firmware version of the Switch. System Capabilities TLV This shows the System Capabilities enabled and supported on the local Switch. Management Address TLV The Management Address TLV identifies an address associated with the local LLDP agent that may be used to reach higher layer entities to assist discovery by network management.
Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 214 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail GS2210 Series User’s Guide 293
Chapter 34 Link Layer Discovery Protocol (LLDP) The following table describes the labels in this screen. Table 139 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail LABEL DESCRIPTION Basic TLV These are the Basic TLV flags Port ID TLV The port ID TLV identifies the specific port that transmitted the LLDP frame. • • Port Description TLV Port ID Subtype: This shows how the port is identified. Port ID: This is the ID of the port. This displays the local port description.
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 139 Advanced Application > LLDP > LLDP Local Status > LLDP Local Port Status Detail LABEL DESCRIPTION Network Policy TLV This displays a network policy for the specified application. Location Identification TLV This shows the location information of a caller by its ELIN (Emergency Location Identifier Number) or the IETF Geopriv Civic Address based Location Configuration Information (Civic Address LCI).
Chapter 34 Link Layer Discovery Protocol (LLDP) 34.5.1 LLDP Remote Port Status Detail This screen displays detailed LLDP status of the remote device conencted to the Switch. Click Advanced Application > LLDP > LLDP Remote Status (Click Here) and then click an index number, for example 1, in the Index column in the LLDP Remote Status screen to display the screen as shown next.
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 141 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (Basic TLV) LABEL DESCRIPTION Port ID TLV • • Time To Live TLV This displays the time-to-live (TTL) multiplier of LLDP frames. The device information on the neighboring devices ages out and is discarded when its corresponding TTL expires. The TTL value is to multiply the TTL multiplier by the LLDP frames transmitting interval.
Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 217 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail> (Dot 1 and Dot3 TLV) The following table describes the labels in the Dot1 and Dot3 parts of the screen. Table 142 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (Dot1 and Dot3 TLV) LABEL DESCRIPTION Dot1 TLV Port VLAN ID TLV This displays the VLAN ID of this port on the remote device.
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 142 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (Dot1 and Dot3 TLV) LABEL Vlan Name TLV DESCRIPTION This shows the VLAN ID and name for remote device port. • • Protocol Identity TLV VLAN ID VLAN Name The Protocol Identity TLV allows the Switch to advertise the particular protocols that are accessible through its port.
Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 218 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (MED TLV) GS2210 Series User’s Guide 300
Chapter 34 Link Layer Discovery Protocol (LLDP) The following table describes the labels in the MED TLV part of the screen. Table 143 Advanced Application > LLDP > LLDP Remote Status > LLDP Remote Port Status Detail (MED TLV) LABEL DESCRIPTION MED TLV LLDP Media Endpoint Discovery (MED) is an extension of LLDP that provides additional capabilities to support media endpoint devices.
Chapter 34 Link Layer Discovery Protocol (LLDP) 34.6 LLDP Configuration Use this screen to configure global LLDP settings on the Switch. Click Advanced Application > LLDP > LLDP Configuration (Click Here) to display the screen as shown next. Figure 219 Advanced Application > LLDP > LLDP Configuration The following table describes the labels in this screen. Table 144 Advanced Application > LLDP > LLDP Configuration LABEL DESCRIPTION Active Select to enable LLDP on the Switch. It is enabled by default.
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 144 Advanced Application > LLDP > LLDP Configuration LABEL DESCRIPTION Port This displays the Switch’s port number. * means all ports. * Use this row to make the setting the same for all ports. Use this row first and then make adjustments to each port if necessary. Changes in this row are copied to all the ports as soon as you make them. Admin Status Select whether LLDP transmission and/or reception is allowed on this port.
Chapter 34 Link Layer Discovery Protocol (LLDP) The following table describes the labels in this screen. Table 145 Advanced Application > LLDP > LLDP Configuration > Basic TLV Setting LABEL DESCRIPTION Port This displays the Switch’s port number. * Use this row to make the setting the same for all ports. Use this row first and then make adjustments to each port if necessary. Changes in this row are copied to all the ports as soon as you make them.
Chapter 34 Link Layer Discovery Protocol (LLDP) The following table describes the labels in this screen. Table 146 Advanced Application > LLDP > LLDP Configuration > Org-specific TLV Setting LABEL DESCRIPTION Port This displays the Switch’s port number. * Use this row to make the setting the same for all ports. Use this row first and then make adjustments to each port if necessary. Changes in this row are copied to all the ports as soon as you make them.
Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 222 Advanced Application > LLDP > LLDP-MED Configuration The following table describes the labels in this screen. Table 147 Advanced Application > LLDP > LLDP-MED Configuration LABEL DESCRIPTION Port This displays the Switch’s port number. Select * to configure all ports simultaneously. * Use this row to make the setting the same for all ports. Use this row first and then make adjustments to each port if necessary.
Chapter 34 Link Layer Discovery Protocol (LLDP) Figure 223 Advanced Application > LLDP > LLDP-MED Network Policy The following table describes the labels in this screen. Table 148 Advanced Application > LLDP > LLDP-MED Network Policy LABEL DESCRIPTION Port Enter the port number to set up the LLDP-MED network policy. Application Type Select the type of application used in the network policy.
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 148 Advanced Application > LLDP > LLDP-MED Network Policy LABEL DESCRIPTION Select an entry’s check box to select a specific entry. Otherwise, select the check box in the table heading row to select all entries. Delete Check the rules that you want to remove, then click the Delete button. Cancel Click Cancel to clear the selected check boxes. 34.
The following table describes the labels in this screen. Table 149 Advanced Application > LLDP > LLDP-MED Location LABEL DESCRIPTION Port Enter the port number you want to set up the location within the LLDP-MED network. Location Coordinates The LLDP-MED uses geographical coordinates and Civic Address to set the location information of the remote device. Geographical based coordinates includes latitude, longitude, altitude and datum.
Chapter 34 Link Layer Discovery Protocol (LLDP) Table 149 Advanced Application > LLDP > LLDP-MED Location LABEL DESCRIPTION ELIN Number Enter a numerical digit string, corresponding to the ELIN identifier which is used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP. The valid length is from 10 to 25 characters. Add Click Add after finish entering the location information. Cancel Click Cancel to begin entering the location information afresh.
Chapter 35 Anti-Arpscan C H A P T E R 35 Anti-Arpscan 35.1 Anti-Arpscan Overview Address Resolution Protocol (ARP), RFC 826, is a protocol used to convert a network-layer IP address to a link-layer MAC address. ARP scan is used to scan the network of a certain interface for alive hosts. It shows the IP address and MAC addresses of all hosts found. Hackers could use ARP scan to find targets in your network. Anti-arpscan is used to detect unusual ARP scan activity and block suspicious hosts or ports.
Chapter 35 Anti-Arpscan • Go to Basic Setting > Port Setup. Clear Active and click Apply. Then select Active and click Apply again. • Go to Advanced Application > Errdiable > Errdisable Recovery and set the interval for Antiarpscan. After the interval expires, the closed port(s) will become active and start receiving packets again. • Use the command port no inactive. • Refer to the port logs to see when a port was closed. 35.
Chapter 35 Anti-Arpscan Figure 226 Advanced Application > Anti-Arpscan > Host Status The following table describes the labels in this screen. Table 151 Advanced Application > Anti-Arpscan > Host Status LABEL DESCRIPTION Clear Filtered host: A filtered host is a blocked IP address. Port List Type a port number or a series of port numbers separated by commas and spaces, and then click Clear to unblock all hosts connected to these ports. Filtered host: This table lists information on blocked hosts.
Chapter 35 Anti-Arpscan The following table describes the labels in this screen. Table 152 Advanced Application > Anti-Arpscan > Trust Host LABEL DESCRIPTION Name Type a descriptive name of up to 32 printable ASCII characters to identify this host. Host IP Type the IP address of the host. Mask A trusted host may consist of a subnet of IP addresses. Type a subnet mask to create a single host or a subnet of hosts. Add Click this to create the trusted host.
The following table describes the labels in this screen. Table 153 Advanced Application > Anti-Arpscan > Configure LABEL DESCRIPTION Active Select this to enable Anti-arpscan on the Switch. Port Threshold A port threshold is determined by the number of packets received per second on the port. If the received packet rate is over the threshold, then the port is put into an Err-Disable state. Type the maximum number of packets per second allowed on the port before it is blocked.
Chapter 36 BPDU Guard C H A P T E R 36 BPDU Guard 36.1 BPDU Guard Overview A BPDU (Bridge Protocol Data Units) is a data frame that contains information about STP. STP-aware switches exchange BPDUs periodically. The BPDU guard feature allows you to prevent any new STP-aware switch from connecting to an existing network and causing STP topology changes in the network. If there is any BPDU detected on the port(s) on which BPDU guard is enabled, the Switch disables the port(s) automatically.
Chapter 36 BPDU Guard Figure 229 Advanced Application > BPDU Guard Staus The following table describes the labels in this screen. Table 154 Advanced Application > BPDU Guard Staus LABEL DESCRIPTION BPDU guard globally configuration This field displays whether BPDU guard is activated on the Switch. Port This is the number of the port on the Switch. Active This shows whether BPDU guard is activated on the port.
Figure 230 Advanced Application > BPDU Guard > BPDU Guard Configuration The following table describes the labels in this screen. Table 155 Advanced Application > BPDU Guard > BPDU Guard Configuration LABEL DESCRIPTION Active Select this option to enable BPDU guard on the Switch. Port This field displays the Switch’s port number. * Use this row to make the setting the same for all ports. Use this row first and then make adjustments on a port-by-port basis.
Chapter 37 OAM C H A P T E R 37 OAM 37.1 OAM Overview Link layer Ethernet OAM (Operations, Administration and Maintenance) as described in IEEE 802.3ah is a link monitoring protocol. It utilizes OAM Protocol Data Units or OAM PDUs to transmit link status information between directly connected Ethernet devices. Both devices must support IEEE 802.3ah.
Chapter 37 OAM Figure 231 Advanced Application > OAM Status The following table describes the labels in this screen. Table 156 Advanced Application > OAM Status LABEL DESCRIPTION Local This section displays information about the ports on the Switch. Port This field displays the number of the port on the Switch. Mode This field displays the operational state of the port when OAM is enabled on the port. Active - Allows the port to issue and respond to Ethernet OAM commands.
Chapter 37 OAM Figure 232 Advanced Application > OAM Status > OAM Details The following table describes the labels in this screen. Table 157 Advanced Application > OAM Status > OAM Details LABEL DESCRIPTION Discovery This section displays OAM configuration details and operational status of the port on the Switch and/or the remote device.
Chapter 37 OAM Table 157 Advanced Application > OAM Status > OAM Details (continued) LABEL Mode DESCRIPTION This field displays the OAM mode. The device in active mode (typically the service provider's device) controls the device in passive mode (typically the subscriber's device). Active: The port initiates OAM discovery; sends information PDUs; and may send event notification PDUs, variable request/response PDUs, or loopback control PDUs.
Chapter 37 OAM Table 157 Advanced Application > OAM Status > OAM Details (continued) LABEL Discovery state DESCRIPTION This field indicates the state in the OAM discovery process. OAM-enabled devices use this process to detect each other and to exchange information about their OAM configuration and capabilities. OAM discovery is a handshake protocol. Fault: One of the devices is transmitting OAM PDUs with link fault information, or the interface is not operational.
Chapter 37 OAM Table 157 Advanced Application > OAM Status > OAM Details (continued) LABEL DESCRIPTION Unsupported OAMPDU Tx This field displays the number of unsupported OAM PDUs sent on the port. Unsupported OAMPDU Rx This field displays the number of unsupported OAM PDUs received on the port. 37.3 OAM Configuration Use this screen to turn on Ethernet OAM on the Switch and port(s) and configure the related settings.
Chapter 37 OAM Table 158 Advanced Application > OAM > OAM Configuration (continued) LABEL DESCRIPTION Mode Specify the OAM mode on the port. Select Active to allow the port to issue and respond to Ethernet OAM commands. Select Passive to allow the port to respond to Ethernet OAM commands. Remote Loopback Supported Select this check box to enable the remote loopback feature on the port. Otherwise, clear the check box to disable it.
Chapter 37 OAM Table 159 Advanced Application > OAM > OAM Remote Loopback (continued) LABEL DESCRIPTION Packet Size Define the allowable packet size of the loopback test frames. Test Click Test to begin the test. Remote Loopback Mode Port Enter the number of the port from which the Switch sends loopback control PDUs to initiate or terminate a remote-loopack test.
Chapter 38 ZULD C H A P T E R 38 ZULD 38.1 ZULD Overview A unidirectional link is a connection where the link is up on both ends, but only one end can receive packets. This may happen if OAM was initially enabled but then disabled, there are misconfigured transmitting or receiving lines or the hardware is malfunctioning. Zyxel Unidirectional Link Detection (ZULD) is a layer-2 protocol that can detect and disable these physical one-way links before they cause loops or communication malfunction.
Chapter 38 ZULD • If OAM is enabled initially and later disabled on one end of a link, the link will be unidirectional as that end cannot send OAMPDUs. • OAM discovery, the sending of OAMPDUs to other ports, is initiated by an active port. • When ZULD detects a unidirectional link, it sends a syslog and SNMP trap and may shut down the affected port (Aggresssive Mode).
Chapter 38 ZULD Table 160 Advanced Application > ZULD Status (continued) LABEL DESCRIPTION Mode This field indicates what ZULD will do when a unidirectional link is detected. In Normal mode, ZULD only sends a syslog and trap when it detects a unidirectional link. In Aggressive mode, ZULD shuts down the port (puts it into an ErrDisable state) as well as sends a syslog and trap when it detects a unidirectional link.
Chapter 38 ZULD Figure 237 Advanced Application > ZULD > Configuration The following table describes the labels in this screen. Table 161 Advanced Application > ZULD > Configuration LABEL DESCRIPTION Active Select this to enable ZULD on the Switch. Port Use port * to configure all ports to have the same settings. Alternatively, select individual ports for different settings. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
C H A P T E R 39 Static Route 39.1 Static Routing Overview This chapter shows you how to configure static routes. The Switch uses IP for communication with management computers, for example using HTTP, Telnet, SSH, or SNMP. Use IP static routes to have the Switch respond to remote management stations that are not reachable through the default gateway.
Chapter 39 Static Route Figure 239 IP Application > Static Routing To enable IPv4 static route, configure the static route settings in the IP Application > Static Routing > IPv4 Static Route screen. 39.3 IPv4 Static Route Click IP Application > Static Routing > IPv4 Static Route in the navigation panel to display the screen as shown. Figure 240 IP Application > Static Routing > IPv4 Static Route The following table describes the related labels you use to create a static route.
Chapter 39 Static Route Table 162 IP Application > Static Routing > IPv4 Static Route (continued) LABEL DESCRIPTION Metric The metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.
C H A P T E R 40 Differentiated Services 40.1 DiffServ Overview This chapter shows you how to configure Differentiated Services (DiffServ) on the Switch. Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types.
Chapter 40 Differentiated Services DiffServ Network Example The following figure depicts a DiffServ network consisting of a group of directly connected DiffServcompliant network devices. The boundary node (A in Figure 242) in a DiffServ network classifies (marks with a DSCP value) the incoming packets into different traffic flows (Platinum, Gold, Silver, Bronze) based on the configured marking rules. A network administrator can then apply various traffic policies to the traffic flows.
Chapter 40 Differentiated Services Figure 243 IP Application > DiffServ The following table describes the labels in this screen. Table 163 IP Application > DiffServ LABEL DESCRIPTION Active Select this option to enable DiffServ on the Switch. Port This field displays the index number of a port on the switch. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Chapter 40 Differentiated Services The following table shows the default DSCP-to-IEEE802.1p mapping. Table 164 Default DSCP-IEEE 802.1p Mapping DSCP VALUE 0–7 8 – 15 16 – 23 24 – 31 32 – 39 40 – 47 48 – 55 56 – 63 IEEE 802.1p 0 1 2 3 4 5 6 7 40.3.1 Configuring DSCP Settings To change the DSCP-IEEE 802.1p mapping click the DSCP Setting link in the DiffServ screen to display the screen as shown next.
C H A P T E R 41 DHCP 41.1 DHCP Overview This chapter shows you how to configure the DHCP feature. DHCP (Dynamic Host Configuration Protocol RFC 2131 and RFC 2132) allows individual computers to obtain TCP/IP configuration at start-up from a server. If you configure the Switch as a DHCP relay agent, then the Switch forwards DHCP requests to DHCP server on your network.
Chapter 41 DHCP 41.2 DHCP Configuration Click IP Application > DHCP in the navigation panel to display the screen as shown. Click the link next to DHCPv4 to open screens where you can enable and configure DHCPv4 relay settings and create option 82 profiles. Click the link next to DHCPv6 to open a screen where you can configure DHCPv6 relay settings. Figure 245 IP Application > DHCP 41.3 DHCPv4 Status Click IP Application > DHCP > DHCPv4 in the navigation panel. The DHCP Status screen displays.
Chapter 41 DHCP The Switch can be configured as a global DHCP relay. This means that the Switch forwards all DHCP requests from all domains to the same DHCP server. You can also configure the Switch to relay DHCP information based on the VLAN membership of the DHCP clients. 41.4.1 DHCPv4 Relay Agent Information The Switch can add information about the source of client DHCP requests that it relays to a DHCP server by adding Relay Agent Information.
Chapter 41 DHCP Table 170 DHCP Relay Agent Remote ID Sub-option Format SubOpt Code Length 2 N (1 byte) (1 byte) Value MAC Address or String The 1 in the first field identifies this as an Agent Circuit ID sub-option and 2 identifies this as an Agent Remote ID sub-option. The next field specifies the length of the field. 41.4.2 DHCPv4 Option 82 Profile Use this screen to create DHCPv4 option 82 profiles.
Chapter 41 DHCP Table 171 IP Application > DHCP > DHCPv4 > Option 82 Profile (continued) LABEL string DESCRIPTION Enter a string of up to 64 ASCII characters that the Switch adds into the client DHCP requests. Spaces are allowed. Remote-ID Use this section to configure the Remote ID sub-option to include information that identifies the relay agent (the Switch). Enable Select this option to have the Switch append the Remote ID sub-option to the option 82 field of DHCP requests.
Chapter 41 DHCP The following table describes the labels in this screen. Table 172 IP Application > DHCP > DHCPv4 > Global LABEL DESCRIPTION Active Select this check box to enable DHCPv4 relay. Remote DHCP Server 1 .. 3 Enter the IP address of a DHCPv4 server in dotted decimal notation. Option 82 Profile Select a pre-defined DHCPv4 option 82 profile that the Switch applies to all ports.
Chapter 41 DHCP Table 173 IP Application > DHCP > DHCPv4 > Global > Port (continued) LABEL DESCRIPTION Cancel Click this to reset the values above based on the last selected entry or, if not applicable, to clear the fields above. Clear Click Clear to reset the fields to the factory defaults. Index This field displays a sequential number for each entry. Click an index number to change the settings. Port This field displays the port(s) to which the Switch applies the settings.
Chapter 41 DHCP Figure 251 DHCP Relay Configuration Example EXAMPLE 41.4.6 Configuring DHCPv4 VLAN Settings Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients. Click IP Application > DHCP > DHCPv4 in the navigation panel, then click the VLAN link In the DHCP Status screen that displays. Note: You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the Switch. See Section 5.1.
Chapter 41 DHCP Table 174 IP Application > DHCP > DHCPv4 > VLAN (continued) LABEL DESCRIPTION Add Click this to create a new entry or to update an existing one. This saves your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh.
Chapter 41 DHCP Table 175 IP Application > DHCP > DHCPv4 > VLAN > Port (continued) LABEL DESCRIPTION Option 82 Profile Select a pre-defined DHCP option 82 profile that the Switch applies to the specified port(s) in this VLAN. The Switch adds the Circuit ID sub-option and/or Remote ID sub-option specified in the profile to DHCP requests that it relays to a DHCP server. The profile you select here has priority over the one you select in the DHCP > DHCPv4 > VLAN screen.
Chapter 41 DHCP Figure 255 DHCP Relay for Two VLANs Configuration Example EXAMPLE 41.5 DHCPv6 Relay A DHCPv6 relay agent is on the same network as the DHCPv6 clients and helps forward messages between the DHCPv6 server and clients. When a client cannot use its link-local address and a wellknown multicast address to locate a DHCPv6 server on its network, it then needs a DHCPv6 relay agent to send a message to a DHCPv6 server that is not attached to the same network.
Chapter 41 DHCP Figure 256 IP Application > DHCP > DHCPv6 The following table describes the labels in this screen. Table 176 IP Application > DHCP > DHCPv6 LABEL DESCRIPTION VID Enter the ID number of the VLAN you want to configure here. Helper Address Enter the remote DHCPv6 server address for the specified VLAN.
C H A P T E R 42 ARP Setup 42.1 ARP Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The ARP table maintains an association between each MAC address and its corresponding IP address. 42.1.
Chapter 42 ARP Setup Switch and then sends an ICMP request after getting the ARP reply from the Switch. The Switch finds no matched entry for host B in the ARP table and broadcasts the ARP request to all the devices on the LAN. When the Switch receives the ARP reply from host B, it updates its ARP table and also forwards host A’s ICMP request to host B.
Chapter 42 ARP Setup Therefore in the following example, the Switch can learn host A’s MAC address from the ARP request sent by host A. The Switch then forwards host B’s ICMP reply to host A right after getting host B’s MAC address and ICMP reply. 42.2 ARP Setup Click IP Application > ARP Setup in the navigation panel to display the screen as shown. Click the link next to ARP Learning to open a screen where you can set the ARP learning mode for each port. Figure 257 IP Application > ARP Setup 42.2.
Chapter 42 ARP Setup Figure 258 IP Application > ARP Setup > ARP Learning The following table describes the labels in this screen. Table 177 IP Application > ARP Setup > ARP Learning LABEL DESCRIPTION Port This field displays the port number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis.
C H A P T E R 43 Maintenance 43.1 Overview This chapter explains how to configure the screens that let you maintain the firmware and configuration files. 43.1.1 What You Can Do • Use the Maintenance screen (Section 43.2 on page 354) to upload the latest firmware. • Use the Firmware Upgrade screen (Section 43.3 on page 357) to upload the latest firmware. • Use the Restore Configuration screen (Section 43.4 on page 359) to upload a stored device configuration file.
Chapter 43 Maintenance Figure 259 Management > Maintenance The following table describes the labels in this screen. Table 178 Management > Maintenance LABEL DESCRIPTION Current This field displays which configuration (Configuration 1 or Configuration 2) is currently operating on the Switch. Firmware Upgrade Click Click Here to go to the Firmware Upgrade screen. Restore Configuration Click Click Here to go to the Restore Configuration screen.
Chapter 43 Maintenance Table 178 Management > Maintenance (continued) LABEL DESCRIPTION Reboot System Click Config 1 to reboot the Switch and load Configuration 1 on the Switch. Click Config 2 to reboot the Switch and load Configuration 2 on the Switch. Click Factory Default to reboot the Switch and load the Zyxel factory default configuration settings on the Switch. Click Custom Default to reboot the Switch and load a saved customized default file on the Switch.
Chapter 43 Maintenance Note: If a customized default file was not saved, clicking Custom Default loads the Config 2 file on the Switch. Note: If a Config 2 file was not saved, nor was a customized default file, clicking Custom Default loads the Zyxel factory default configuration settings on the Switch. Alternatively, click Save on the top right-hand corner in any screen to save the configuration changes to the current configuration.
Chapter 43 Maintenance Make sure you have downloaded (and unzipped) the correct model firmware and version to your computer before uploading to the device. Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device. Click Management > Maintenance > Firmware Upgrade to view the screen as shown next.
Chapter 43 Maintenance Table 179 Management > Maintenance > Firmware Upgrade LABEL Apply Cancel DESCRIPTION Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Click Cancel to begin configuring this screen afresh. Firmware Choose to upload the new firmware to (Firmware) 1 or (Firmware) 2.
Chapter 43 Maintenance Follow the steps below to back up the current Switch configuration to your computer in this screen. 1 Click Backup. 2 If the current configuration file is open and/or downloaded to your computer automatically, you can click File > Save As to save the file to a specific place. If a dialog box pops up asking whether you want to open or save the file, click Save or Save File to download it to the default downloads folder on your computer.
Chapter 43 Maintenance Table 180 Management > Maintenance > Auto Configuration LABEL DESCRIPTION Filename This field displays the name of the auto configuration file that is loaded after you reboot the Switch. None - Auto configuration is not enabled, or an auto configuration file is not found on the TFTP server after you reboot the Switch. Active Select the checkbox to enable auto configuration. Mode This field shows DHCP.
Chapter 43 Maintenance Figure 267 Custom Default Enabled If Custom Default is disabled, the Custom Default buttons in the Management > Maintenance screen won’t be available.
43.8 Tech-Support The Tech-Support feature is a log enhancement tool that logs useful information such as CPU utilization history, memory and Mbuf (Memory Buffer) log and crash reports for issue analysis by customer support should you have difficulty with your Switch. The Tech Support menu eases your effort in obtaining reports and it is also available in CLI command by typing “Show tech-support” command. Click Management > Maintenance > Tech-Support to see the following screen.
Chapter 43 Maintenance Table 181 Management > Maintenance > Tech-Support LABEL DESCRIPTION Crash Click Download to see the crash log report. The log will include information of the last crash and is stored in flash memory. CPU history Click Download to see the CPU history log report. The 7-days log is stored in RAM and you will need to save it, otherwise it will be lost when the Switch is shutdown or during power outage. Memory Section Click Download to see the memory section log report.
Chapter 43 Maintenance This is a sample FTP session saving the current configuration to a file called “config.cfg” on your computer. If your (T)FTP client does not allow you to have a destination filename different than the source, you will need to rename them as the Switch only recognizes “config” and “ras”. Be sure you keep unaltered copies of both files for later use. Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device. 43.9.
Chapter 43 Maintenance 43.9.5 FTP Restrictions FTP will not work when: • FTP service is disabled in the Service Access Control screen. • The IP address(es) in the Remote Management screen does not match the client IP address. If it does not match, the Switch will disconnect the FTP session immediately.
Chapter 44 Access Control C H A P T E R 44 Access Control 44.1 Access Control Overview This chapter describes how to control access to the Switch. A console port and FTP are allowed one session each, Telnet and SSH share nine sessions, up to five Web sessions (five different user names and passwords) and/or limitless SNMP access control sessions are allowed.
Chapter 44 Access Control Figure 270 Management > Access Control The following table describes the labels in this screen. Table 184 Management > Access Control LABEL DESCRIPTION SNMP Click this link to configure your SNMP settings. Logins Click this link to assign which users can access the Switch via web configurator at any one time. Service Access Control Click this link to decide what services you may use to access the Switch.
Chapter 44 Access Control The following table describes the labels in this screen. Table 185 Management > Access Control > SNMP LABEL DESCRIPTION General Setting Use this section to specify the SNMP version and community (password) values. Version Select the SNMP version for the Switch. The SNMP version on the Switch must match the version on the SNMP manager. Choose SNMP version 2c (v2c), SNMP version 3 (v3) or both (v3v2c). SNMP version 2c is backwards compatible with SNMP version 1.
Chapter 44 Access Control Figure 272 Management > Access Control > SNMP > Trap Group The following table describes the labels in this screen. Table 186 Management > Access Control > SNMP > Trap Group LABEL DESCRIPTION Trap Destination IP Select one of your configured trap destination IP addresses. These are the IP addresses of the SNMP managers. You must first configure a trap destination IP address in the SNMP Setting screen.
Chapter 44 Access Control Figure 273 Management > Access Control > SNMP > Trap Group > Port The following table describes the labels in this screen. Table 187 Management > Access Control > SNMP > Trap Group > Port LABEL DESCRIPTION Option Select the trap type you want to configure here. Port This field displays a port number. * Settings in this row apply to all ports. Use this row only if you want to make some of the settings the same for all ports.
Chapter 44 Access Control Figure 274 Management > Access Control > SNMP > User The following table describes the labels in this screen. Table 188 Management > Access Control > SNMP > User LABEL User Information DESCRIPTION Note: Use the username and password of the login accounts you specify in this screen to create accounts on the SNMP v3 manager. Username Specify the username of a login account on the Switch.
Chapter 44 Access Control Table 188 Management > Access Control > SNMP > User (continued) LABEL DESCRIPTION Group SNMP v3 adopts the concept of View-based Access Control Model (VACM) group. SNMP managers in one group are assigned common access rights to MIBs. Specify in which SNMP group this user is. admin - Members of this group can perform all types of system configuration, including the management of administrator accounts.
Chapter 44 Access Control Figure 275 Management > Access Control > Logins The following table describes the labels in this screen. Table 189 Management > Access Control > Logins LABEL DESCRIPTION Administrator This is the default administrator account with the “admin” user name. You cannot change the default administrator user name. Only the administrator has read/write access. Old Password Type the existing system password (1234 is the default password when shipped).
Chapter 44 Access Control Table 189 Management > Access Control > Logins (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 44.
Chapter 44 Access Control 44.6 Remote Management Use this screen to specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. Click Management > Access Control > Remote Management to view the screen as shown next. You can specify a group of one or more “trusted computers” from which an administrator may use a service to manage the Switch. Click Access Control to return to the Access Control screen.
Chapter 44 Access Control Table 191 Management > Access Control > Remote Management (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 44.
Chapter 44 Access Control SNMP itself is a simple request/response protocol based on the manager/agent model. The manager issues a request and the agent returns responses using the following protocol operations: Table 192 SNMP Commands LABEL DESCRIPTION Get Allows the manager to retrieve an object variable from the agent. GetNext Allows the manager to retrieve the next object variable from a table or list within an agent.
Chapter 44 Access Control An OID (Object ID) that begins with “1.3.6.1.4.1.890.1.15” is defined in private MIBs. Otherwise, it is a standard MIB OID. Table 193 SNMP System Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION coldstart coldStart 1.3.6.1.6.3.1.1.5.1 This trap is sent when the Switch is turned on. warmstart warmStart 1.3.6.1.6.3.1.1.5.2 This trap is sent when the Switch restarts. fanspeed zyHwMonitorFanSpeedOutO 1.3.6.1.4.1.890.1.15.3.26.2.
Chapter 44 Access Control Table 193 SNMP System Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION errdisable zyErrdisableDetect 1.3.6.1.4.1.890.1.15.3.24.4.1 This trap is sent when an error is detected on a port, such as a loop occurs or the rate limit for specific control packets is exceeded. zyErrdisableRecovery 1.3.6.1.4.1.890.1.15.3.24.4.
Chapter 44 Access Control Table 194 SNMP Interface Traps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION transceiver-ddm zyTransceiverDdmiTemperature OutOfRange 1.3.6.1.4.1.890.1.15.3.84.3.1 This trap is sent when the transceiver temperature is above or below the normal operating range. zyTransceiverDdmiTxPowerOutO 1.3.6.1.4.1.890.1.15.3.84.3.2 fRange This trap is sent when the transmitted optical power is above or below the normal operating range. zyTransceiverDdmiRxPowerOutO 1.3.6.1.4.1.
Chapter 44 Access Control Table 195 SNMP AAA Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION authentication authenticationFailure 1.3.6.1.6.3.1.1.5.5 This trap is sent when authentication fails due to incorrect user name and/or password. zyAaaAuthenticationFailure 1.3.6.1.4.1.890.1.15.3.8.3.1 This trap is sent when authentication fails due to incorrect user name and/or password. zyRadiusServerAuthenticationSer verNotReachable 1.3.6.1.4.1.890.1.15.3.71.2.
Chapter 44 Access Control Table 197 SNMP Switch Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION stp STPNewRoot 1.3.6.1.2.1.17.0.1 This trap is sent when the STP root switch changes. zyMrstpNewRoot 1.3.6.1.4.1.890.1.15.3.5 2.3.1 This trap is sent when the MRSTP root switch changes. zyMstpNewRoot 1.3.6.1.4.1.890.1.15.3.5 3.3.1 This trap is sent when the MSTP root switch changes. STPTopologyChange 1.3.6.1.2.1.17.0.2 This trap is sent when the STP topology changes. zyMrstpTopologyChange 1.3.
Chapter 44 Access Control Figure 280 How SSH Works 1 Host Identification The SSH client sends a connection request to the SSH server. The server identifies itself with a host key. The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server. The client automatically saves any new server public keys. In subsequent connections, the server public key is checked against the saved version on the client computer.
Chapter 44 Access Control 44.7.2.3 Requirements for Using SSH You must install an SSH client program on a client computer (Windows or Linux operating system) that is used to connect to the Switch over SSH. 44.7.3 Introduction to HTTPS HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol that encrypts and decrypts web pages.
Internet Explorer Warning Messages Internet Explorer 6 When you attempt to access the Switch HTTPS server, a Windows dialog box pops up asking if you trust the server certificate. You see the following Security Alert screen in Internet Explorer. Select Yes to proceed to the web configurator login screen; if you select No, then web configurator access is blocked.
Chapter 44 Access Control Figure 284 Certificate Error (Internet Explorer 7 or 8) EXAMPLE Click Install Certificate... and follow the on-screen instructions to install the certificate in your browser. Figure 285 Certificate (Internet Explorer 7 or 8) EXAMPLE Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server, a This Connection is Unstructed screen may display. If that is the case, click I Understand the Risks and then the Add Exception... button.
Chapter 44 Access Control Figure 286 Security Alert (Mozilla Firefox) Confirm the HTTPS server URL matches. Click Confirm Security Exception to proceed to the web configurator login screen.
44.7.4 Google Chrome Warning Messages When you attempt to access the Switch HTTPS server, a Your connection is not private screen may display. If that is the case, click Advanced and then Proceed to x.x.x.x (unsafe) to proceed to the web configurator login screen. Figure 288 Security Alert (Google Chrome 58.0.3029.110) 44.7.4.1 The Main Screen After you accept the certificate and enter the login username and password, the Switch main screen appears.
Figure 289 Example: Lock Denoting a Secure Connection EXAMPLE GS2210 Series User’s Guide 390
Chapter 45 Diagnostic C H A P T E R 45 Diagnostic 45.1 Overview This chapter explains the Diagnostic screen. You can use this screen to help you identify problems. 45.2 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to ping IP addresses, run a traceroute, perform port tests or show the Switch’s location between devices.
Chapter 45 Diagnostic The following table describes the labels in this screen. Table 198 Management > Diagnostic LABEL DESCRIPTION Ping Test IPv4 Select this option if you want to ping an IPv4 address, and select vlan to specify the ID number of the VLAN to which the Switch is to send ping requests. Otherwise, select - to send ping requests to all VLANs on the Switch. IPv6 Select this option if you want to ping an IPv6 address.
Table 198 Management > Diagnostic (continued) LABEL Cable length DESCRIPTION This displays the total length of the Ethernet cable that is connected to the port when the Pair status is Ok and the Switch chipset supports this feature. This shows N/A if the Pair status is Open or Short. Check the Distance to fault. This shows Unsupported if the Switch chipset does not support to show the cable length.
Chapter 46 System Log C H A P T E R 46 System Log 46.1 Overview A log message stores the information for viewing. 46.2 System Log Click Management > System Log in the navigation panel to open this screen. Use this screen to check current system logs. Note: When a log reaches the maximum number of log messages, new log messages automatically overwrite existing log messages, starting with the oldest existing log message first.
Chapter 47 Syslog Setup C H A P T E R 47 Syslog Setup 47.1 Syslog Overview This chapter explains the syslog screens. The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server. Syslog is defined in RFC 3164. The RFC defines the packet format, content and system log related information of syslog messages.
Chapter 47 Syslog Setup Figure 292 Management > Syslog Setup The following table describes the labels in this screen. Table 200 Management > Syslog Setup LABEL DESCRIPTION Syslog Select Active to turn on syslog (system logging) and then configure the syslog setting Logging Type This column displays the names of the categories of logs that the device can generate. Active Select this option to set the device to generate logs for the corresponding category.
Chapter 47 Syslog Setup Table 200 Management > Syslog Setup LABEL DESCRIPTION Log Level Select the severity level(s) of the logs that you want the device to send to this syslog server. The lower the number, the more critical the logs are. Add Click Add to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring.
Chapter 48 Cluster Management C H A P T E R 48 Cluster Management 48.1 Cluster Management Overview This chapter introduces cluster management. Cluster Management allows you to manage switches through one Switch, called the cluster manager. The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another.
48.1.1 What You Can Do • Use the Cluster Management screen (Section 48.2 on page 399) to view the role of the Switch within the cluster and to access a cluster member switch’s web configurator. • Use the Clustering Management Configuration screen (Section 48.1 on page 398) to configure clustering management. 48.2 Cluster Management Status Use this screen to view the role of the Switch within the cluster and to access a cluster member switch’s web configurator.
Chapter 48 Cluster Management Table 202 Management > Cluster Management: Status (continued) LABEL DESCRIPTION Model This field displays the model name. Status This field displays: Online (the cluster member switch is accessible) Error (for example the cluster member switch password was changed or the switch was set as the manager and so left the member list, etc.) Offline (the switch is disconnected - Offline shows approximately 1.
Chapter 48 Cluster Management The following table describes the labels in this screen. Table 203 Management > Cluster Management > Configuration LABEL DESCRIPTION Clustering Manager Active Select Active to have this Switch become the cluster manager switch. A cluster can only have one manager. Other (directly connected) switches that are set to be cluster managers will not be visible in the Clustering Candidates list.
48.4 Technical Reference This section provides technical background information on the topics discussed in this chapter. 48.4.1 Cluster Member Switch Management Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch's web configurator home page. This cluster member web configurator home page and the home page that you'd see if you accessed it directly are different.
Chapter 48 Cluster Management Figure 297 Example: Uploading Firmware to a Cluster Member Switch C:\>ftp 192.168.1.1 Connected to 192.168.1.1. 220 Switch FTP version 1.0 ready at Thu Jan 1 00:58:46 1970 User (192.168.0.
C H A P T E R 49 MAC Table 49.1 MAC Table Overview This chapter introduces the MAC Table screen. The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forwarded or filtered across the Switch’s ports. It shows what device MAC address, belonging to what VLAN group (if any) is forwarded to which port(s) and whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen). 49.1.
Figure 298 MAC Table Flowchart 49.2 Viewing the MAC Table Use this screen to check whether the MAC address is dynamic or static. Click Management > MAC Table in the navigation panel to display the following screen.
Chapter 49 MAC Table The following table describes the labels in this screen. Table 205 Management > MAC Table LABEL DESCRIPTION Condition Select one of the buttons and click Search to only display the data which matches the criteria you specified. Select All to display any entry in the MAC table of the Switch. Select Static to display the MAC entries manually configured on the Switch. Select MAC and enter a MAC address in the field provided to display a specified MAC entry.
Chapter 50 ARP Table C H A P T E R 50 ARP Table 50.1 Overview This chapter introduces ARP Table. Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The ARP Table maintains an association between each MAC address and its corresponding IP address. 50.1.
Figure 300 Management > ARP Table The following table describes the labels in this screen. Table 206 Management > ARP Table LABEL DESCRIPTION Condition Specify how you want the Switch to remove ARP entries when you click Flush. Select All to remove all of the dynamic entries from the ARP table. Select IP Address and enter an IP address to remove the dynamic entries learned with the specified IP address. Select Port and enter a port number to remove the dynamic entries learned on the specified port.
Chapter 51 Path MTU Table C H A P T E R 51 Path MTU Table 51.1 Path MTU Overview This chapter introduces the IPv6 Path MTU table. The largest size (in bytes) of a packet that can be transferred over a data link is called the maximum transmission unit (MTU). The Switch uses Path MTU Discovery to discover Path MTU (PMTU), that is, the minimum link MTU of all the links in a path to the destination.
Chapter 52 Configure Clone C H A P T E R 52 Configure Clone 52.1 Overview This chapter shows you how you can copy the settings of one port onto other ports. 52.2 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen.
Chapter 52 Configure Clone Figure 302 Management > Configure Clone GS2210 Series User’s Guide 411
Chapter 52 Configure Clone The following table describes the labels in this screen. Table 208 Management > Configure Clone LABEL DESCRIPTION Source/ Destination Enter the source port under the Source label. This port’s attributes are copied. Port Enter the destination port or ports under the Destination label. These are the ports which are going to have the same attributes as the source port. You can enter individual ports separated by a comma or a range of ports by using a dash.
Chapter 53 IPv6 Neighbor Table C H A P T E R 53 IPv6 Neighbor Table 53.1 IPv6 Neighbor Table Overview This chapter introduces the IPv6 neighbor table. An IPv6 host is required to have a neighbor table. If there is an address to be resolved or verified, the Switch sends out a neighbor solicitation message. When the Switch receives a neighbor advertisement in response, it stores the neighbor’s link-layer address in the neighbor table.
Chapter 53 IPv6 Neighbor Table Table 209 Management > IPv6 Neighbor Table (continued) LABEL DESCRIPTION Status This field displays whether the neighbor IPv6 interface is reachable. In IPv6, “reachable” means an IPv6 packet can be correctly forwarded to a neighbor node (host or router) and the neighbor can successfully receive and handle the packet. The available options in this field are: • • • • • • • Type This field displays the type of an address mapping to a neighbor interface.
C H A P T E R 54 Port Status 54.1 Overview This chapter introduces the port status screens. 54.2 Port Status This screen displays a port statistical summary with links to each port showing statistical details. To view the port statistics, click Status in all web configurator screens and then the Port Status link in the Quick Links section of the Status screen to display the Port Status screen as shown next. You can also click Management > Port Status to see the following screen.
Chapter 54 Port Status Table 210 Port Status (continued) LABEL DESCRIPTION State If STP (Spanning Tree Protocol) is enabled, this field displays the STP state of the port. SeeSection 13.1 on page 121 for more information. If STP is disabled, this field displays FORWARDING if the link is up, otherwise, it displays STOP. When LACP (Link Aggregation Control Protocol), STP, and dot1x are in blocking state, it displays Blocking. PD For PoE model(s) only.
Chapter 54 Port Status Figure 305 Port Status > Port Details The following table describes the labels in this screen. Table 211 Port Status: Port Details LABEL DESCRIPTION Port Info Port NO. This field displays the port number you are viewing. Name This field displays the name of the port. Link This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps, 1000M for 1000Mbps, or 10G for 10 Gbps) and the duplex (F for full duplex or H for half duplex).
Chapter 54 Port Status Table 211 Port Status: Port Details (continued) LABEL State DESCRIPTION If STP (Spanning Tree Protocol) is enabled, this field displays the STP state of the port. SeeSection 13.1 on page 121 for more information. If STP is disabled, this field displays FORWARDING if the link is up, otherwise, it displays STOP. When LACP (Link Aggregation Control Protocol), STP, and dot1x are in blocking state, it displays Blocking. LACP This field shows if LACP is enabled on this port or not.
Chapter 54 Port Status Table 211 Port Status: Port Details (continued) LABEL DESCRIPTION Distribution 64 This field shows the number of packets (including bad packets) received that were 64 octets in length. 65-127 This field shows the number of packets (including bad packets) received that were between 65 and 127 octets in length. 128-255 This field shows the number of packets (including bad packets) received that were between 128 and 255 octets in length.
Chapter 54 Port Status The following table describes the labels in this screen. Table 212 Port Status: Utilization LABEL DESCRIPTION Port This identifies the Ethernet port. Link This field displays the speed (either 10M for Mbps, 100M for 100 Mbps, 1000M for 1000 Mbps, or 10G for 10 Gbps) and the duplex (F for full duplex). It also shows the cable type (Copper or Fiber) for the combo ports. This field displays Down if the port is not connected to any device.
C H A P T E R 55 Troubleshooting This chapter offers some suggestions to solve problems you might encounter. The potential problems are divided into the following categories. • Power, Hardware Connections, and LEDs • Switch Access and Login • Switch Configuration 55.1 Power, Hardware Connections, and LEDs The Switch does not turn on. None of the LEDs turn on. 1 Make sure you are using the power adaptor or cord included with the Switch.
Chapter 55 Troubleshooting 4 Disconnect and re-connect the power adaptor or cord to the Switch. 5 If the problem continues, contact the vendor. 55.2 Switch Access and Login I forgot the IP address for the Switch. 1 The default IP address is 192.168.1.1. 2 Use the console port to log in to the Switch. 3 If this does not work, you have to reset the device to its factory defaults. See Section 4.6 on page 44. I forgot the username and/or password.
Chapter 55 Troubleshooting Advanced Suggestions • Try to access the Switch using another service, such as Telnet. If you can access the Switch, check the remote management settings to find out why the Switch does not respond to HTTP. I can see the Login screen, but I cannot log in to the Switch. 1 Make sure you have entered the user name and password correctly. The default user name is admin, and the default password is 1234. These fields are case-sensitive, so make sure [Caps Lock] is not on.
Chapter 55 Troubleshooting 55.3 Switch Configuration I lost my configuration settings after I restarted the Switch. Make sure you save your configuration into the Switch’s nonvolatile memory each time you make changes. Click Save at the top right corner of the web configurator to save the configuration permanently. See also Section 43.2.2 on page 356 for more information about how to save your configuration. I accidentally unplugged the Switch. I’m not sure which configuration file will be loaded.
Chapter 55 Troubleshooting 4 Make sure you’ve put the auto configuration file in the correct directory on the TFTP server. 5 When you enabled DHCP option 60, make sure you’ve entered a Vendor Class Identifier. Check the configurations on the Switch 1 Make sure you’ve enabled auto configuration in the Management > Maintenance > Auto Configuration screen 2 Make sure the Switch is configured as a DHCP client in the Basic Setting > IP Setup screen.
APPENDIX A Customer Support In the event of problems that cannot be solved by using this manual, you should contact your vendor. If you cannot contact your vendor, then contact a Zyxel office for the region in which you bought the device. See http://www.zyxel.com/homepage.shtml and also http://www.zyxel.com/about_zyxel/zyxel_worldwide.shtml for the latest information. Please have the following information ready when you contact an office. Required Information • Product model and serial number.
Appendix A Customer Support Korea • Zyxel Korea Corp. • http://www.zyxel.kr Malaysia • Zyxel Malaysia Sdn Bhd. • http://www.zyxel.com.my Pakistan • Zyxel Pakistan (Pvt.) Ltd. • http://www.zyxel.com.pk Philippines • Zyxel Philippines • http://www.zyxel.com.ph Singapore • Zyxel Singapore Pte Ltd. • http://www.zyxel.com.sg Taiwan • Zyxel Communications Corporation • http://www.zyxel.com/tw/zh/ Thailand • Zyxel Thailand Co., Ltd • http://www.zyxel.co.
Appendix A Customer Support Belgium • Zyxel Communications B.V. • http://www.zyxel.com/be/nl/ • http://www.zyxel.com/be/fr/ Bulgaria • Zyxel България • http://www.zyxel.com/bg/bg/ Czech Republic • Zyxel Communications Czech s.r.o • http://www.zyxel.cz Denmark • Zyxel Communications A/S • http://www.zyxel.dk Estonia • Zyxel Estonia • http://www.zyxel.com/ee/et/ Finland • Zyxel Communications • http://www.zyxel.fi France • Zyxel France • http://www.zyxel.
Appendix A Customer Support Latvia • Zyxel Latvia • http://www.zyxel.com/lv/lv/homepage.shtml Lithuania • Zyxel Lithuania • http://www.zyxel.com/lt/lt/homepage.shtml Netherlands • Zyxel Benelux • http://www.zyxel.nl Norway • Zyxel Communications • http://www.zyxel.no Poland • Zyxel Communications Poland • http://www.zyxel.pl Romania • Zyxel Romania • http://www.zyxel.com/ro/ro Russia • Zyxel Russia • http://www.zyxel.ru Slovakia • Zyxel Communications Czech s.r.o. organizacna zlozka • http://www.
Appendix A Customer Support • http://www.zyxel.ch/ Turkey • Zyxel Turkey A.S. • http://www.zyxel.com.tr UK • Zyxel Communications UK Ltd. • http://www.zyxel.co.uk Ukraine • Zyxel Ukraine • http://www.ua.zyxel.com Latin America Argentina • Zyxel Communication Corporation • http://www.zyxel.com/ec/es/ Brazil • Zyxel Communications Brasil Ltda. • https://www.zyxel.com/br/pt/ Ecuador • Zyxel Communication Corporation • http://www.zyxel.
Appendix A Customer Support North America USA • Zyxel Communications, Inc. - North America Headquarters • http://www.zyxel.com/us/en/ Oceania Australia • Zyxel Communications Corporation • http://www.zyxel.com/au/en/ Africa South Africa • Nology (Pty) Ltd. • http://www.zyxel.co.
APPENDIX B Common Services The following table lists some commonly-used services and their associated protocols and port numbers. For a comprehensive list of port numbers, ICMP type/code numbers and services, visit the IANA (Internet Assigned Number Authority) web site. • Name: This is a short, descriptive name for the service. You can use this one or create a different one, if you like. • Protocol: This is the type of IP protocol used by the service.
Appendix B Common Services Table 213 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION HTTPS TCP 443 HTTPS is a secured http session often used in ecommerce. ICMP User-Defined 1 Internet Control Message Protocol is often used for diagnostic or routing purposes. ICQ UDP 4000 This is a popular Internet chat program. IGMP (MULTICAST) User-Defined 2 Internet Group Multicast Protocol is used when sending packets to a specific group of hosts.
Appendix B Common Services Table 213 Commonly Used Services (continued) NAME PROTOCOL PORT(S) DESCRIPTION SQL-NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems, including mainframes, midrange systems, UNIX systems and network servers. SSH TCP/UDP 22 Secure Shell Remote Login Program. STRM WORKS UDP 1558 Stream Works Protocol. SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server.
APPENDIX C IPv6 Overview IPv6 (Internet Protocol version 6), is designed to enhance IP address size and features. The increase in IPv6 address size to 128 bits (from the 32-bit IPv4 address) allows up to 3.4 x 1038 IP addresses. IPv6 Addressing The 128-bit IPv6 address is written as eight 16-bit hexadecimal blocks separated by colons (:). This is an example IPv6 address 2001:0db8:1a2b:0015:0000:0000:1a2f:0000. IPv6 addresses can be abbreviated in two ways: • Leading zeros in a block can be omitted.
Appendix C IPv6 Unspecified Address An unspecified address (0:0:0:0:0:0:0:0 or ::) is used as the source address when a device does not have its own address. It is similar to “0.0.0.0” in IPv4. Loopback Address A loopback address (0:0:0:0:0:0:0:1 or ::1) allows a host to send packets to itself. It is similar to “127.0.0.1” in IPv4. Multicast Address In IPv6, multicast addresses provide the same functionality as IPv4 broadcast addresses. Broadcasting is not supported in IPv6.
Appendix C IPv6 Subnet Masking Both an IPv6 address and IPv6 subnet mask compose of 128-bit binary digits, which are divided into eight 16-bit blocks and written in hexadecimal notation. Hexadecimal uses four bits for each character (1 ~ 10, A ~ F). Each block’s 16 bits are then represented by four hexadecimal characters. For example, FFFF:FFFF:FFFF:FFFF:FC00:0000:0000:0000. Interface ID In IPv6, an interface ID is a 64-bit identifier.
Appendix C IPv6 Each DHCP client and server has a unique DHCP Unique IDentifier (DUID), which is used for identification when they are exchanging DHCPv6 messages. The DUID is generated from the MAC address, time, vendor assigned ID and/or the vendor's private enterprise number registered with the IANA. It should not change over time even after you reboot the device.
Appendix C IPv6 ICMPv6 Internet Control Message Protocol for IPv6 (ICMPv6 or ICMP for IPv6) is defined in RFC 4443. ICMPv6 has a preceding Next Header value of 58, which is different from the value used to identify ICMP for IPv4. ICMPv6 is an integral part of IPv6. IPv6 nodes use ICMPv6 to report errors encountered in packet processing and perform other diagnostic functions, such as "ping".
Appendix C IPv6 Example - Enabling IPv6 on Windows XP/2003/Vista By default, Windows XP and Windows 2003 support IPv6. This example shows you how to use the ipv6 install command on Windows XP/2003 to enable IPv6. This also displays how to use the ipconfig command to see auto-generated IP addresses. C:\>ipv6 install Installing... Succeeded. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific IP Address. . . . . Subnet Mask . . . . IP Address. . . . .
Appendix C IPv6 5 Click Start and then OK. 6 Now your computer can obtain an IPv6 address from a DHCPv6 server. Example - Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default. DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer. To enable IPv6 in Windows 7: 1 Select Control Panel > Network and Sharing Center > Local Area Connection. 2 Select the Internet Protocol Version 6 (TCP/IPv6) checkbox to enable it. 3 Click OK to save the change.
Appendix C IPv6 4 Click Close to exit the Local Area Connection Status screen. 5 Select Start > All Programs > Accessories > Command Prompt. 6 Use the ipconfig command to check your dynamic IPv6 address. This example shows a global address (2001:b021:2d::1000) obtained from a DHCP server. C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS IPv6 Address. . . . . . Link-local IPv6 Address IPv4 Address. . . . . . Subnet Mask . . . . . . Default Gateway .
APPENDIX D Legal Information Copyright Copyright © 2017 by Zyxel Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of Zyxel Communications Corporation. Published by Zyxel Communications Corporation.
Appendix D Legal Information List of National Codes COUNTRY ISO 3166 2 LETTER CODE COUNTRY ISO 3166 2 LETTER CODE Austria AT Liechtenstein LI Belgium BE Lithuania LT Bulgaria BG Luxembourg LU Croatia HR Malta MT Cyprus CY Netherlands NL Czech Republic CR Norway NO Denmark DK Poland PL Estonia EE Portugal PT Finland FI Romania RO France FR Serbia RS Germany DE Slovakia SK Greece GR Slovenia SI Hungary HU Spain ES SE Iceland IS Sweden Ireland IE Sw
Appendix D Legal Information Die folgende Symbol bedeutet, dass Ihr Produkt und/oder seine Batterie gemäß den örtlichen Bestimmungen getrennt vom Hausmüll entsorgt werden muss. Wenden Sie sich an eine Recyclingstation, wenn dieses Produkt das Ende seiner Lebensdauer erreicht hat. Zum Zeitpunkt der Entsorgung wird die getrennte Sammlung von Produkt und/oder seiner Batterie dazu beitragen, natürliche Ressourcen zu sparen und die Umwelt und die menschliche Gesundheit zu schützen.
Appendix D Legal Information • 產品沒有斷電裝置或者採用電源線的插頭視為斷電裝置的一部分,以下警語將適用 : - 對永久連接之設備, 在設備外部須安裝可觸及之斷電裝置; - 對插接式之設備, 插座必須接近安裝之地點而且是易於觸及的。 About the Symbols Various symbols are used in this product to ensure correct usage, to prevent danger to the user and others, and to prevent property damage. The meaning of these symbols are described below. It is important that you read these descriptions thoroughly and fully understand the contents.
Index Index overview 350 setup 352 Numerics ARP (Address Resolution Protocol) 407 802.
Index C copyright 443 CDP 266 CPU management port 109 certifications viewing 446 CPU protection 276 CFI 94 current time 69 CFI (Canonical Format Indicator) 94 customer support 426 CoS 334 current date 69 changing the password 43 Cisco Discovery Protocol, see CDP CIST 141 D Class of Service 334 classifier 172 and QoS 172 editing 177 example 179 logging 178 match order 178 overview 172 setup 173, 177 status 173 viewing 177 daylight saving time 70 default Ethernet settings 30 default IP 36, 72
Index network example 335 PHB 334 service level 334 firmware 67 upgrade 358, 402 flow control back pressure 76 IEEE802.
Index implementation 385 public keys, private keys 385 neighbor table 413 ping 435 prefix 435 prefix length 435 stateless autoconfiguration 437 unspecified address 436 HTTPS example 385 I IPv6 interface 81 DHCPv6 client 90 enable 86 global address 87 global unicast address 83 link-local address 86 link-local IP 83 neighbor discovery 88 neighbor table 89 stateless autoconfiguration 86 status 82 IEEE 802.1x activate 158 port authentication 156 reauthentication 159 IEEE 802.3at 76 IEEE 802.
Index link aggregation 148 dynamic 148 ID information 149 setup 150 traffic distribution algorithm 150 traffic distribution type 152 trunk group 148 MAC table 404 display criteria 406 how it works 404 sorting criteria 406 transfer type 406 viewing 405 Link Aggregation Control Protocol (LACP) 148 MAC-based VLAN 107 Link Layer Discovery Protocol 287 maintanence configuration backup 359 firmware 358 restoring configuration 359 MAC freeze 168 LLDP 287 Basic TLV 303 global settings 302 local port status
Index status 131 packets statistics 323 PDU size 322 port configuration 319 port operational state 320 remote loopback 319 remote-loopback 325 MST Instance, See MSTI 140 MST region 140 MSTI 134, 140 MSTI (Multiple Spanning Tree Instance) 134 MSTP 121, 123 bridge ID 137 configuration digest 138 forwarding delay 134 Hello Time 137 hello time 134 Max Age 134, 137 maximum hops 134 revision level 134 status 136 one-time schedule 170 Operations, Administration and Maintenance 319 Option 82 340 P PAGP 267 pas
Index port security 167 limit MAC address learning 169 MAC address learning 167 overview 167 setup 167 configuration example 111 isolate traffic 104 priority 105 setup 105 un-tagged packets 104 port setup 74 PVID 94 port status 415 port details 416 port utilization 419 Q port utilization 419 port VLAN ID, see PVID 101 QoS 334 and classifier 172 port VLAN trunking 95 port-based VLAN 108 all connected 111 port isolation 111 settings wizard 111 Quality of Service 334 queue weight 186 queuing 185 SPQ
Index running configuration 356 erase 356 reset 356 static MAC forwarding 113 static multicast address 115 static multicast forwarding 115 static route enable 332 metric 333 S static routes 331 static VLAN 98 control 99 tagging 99 save configuration 43, 356 schedule one-time 170 recurring 170 type 171 status 39, 61 MRSTP 131 MSTP 136 port 415 power 68 STP 127 VLAN 96 Secure Shell See SSH service access control 375 service port 375 Simple Network Management Protocol, see SNMP Small Form-factor Pluggab
Index severity levels 395 U system information 66 system reboot 357 UDLD 267 UniDirectional Link Detection, see UDLD untrusted ports DHCP snooping 252 PPPoE IA 270 T user name 36 default 36 TACACS+ 212, 213 advantages 213 setup 215 user profiles 213 tagged VLAN 93 Tech-Support 363 log enhancement 363 V temperature indicator 68 Terminal Access Controller Access-Control System Plus 212 terminal emulation 33 Vendor Specific Attribute, See VSA 220 ventilation 26 time current 69 VID 97 number of po
Index example 260 priority level 260 tagged 260 traffic flow 260 untagged 260 VLAN ID 260 ZyXEL Unidirectional Link Detection 327 ZyXEL Unidirectional Link Detection (ZULD) 327 VLAN terminology 95 VLAN trunking 101 VLAN Trunking Protocol, see VTP VLAN, protocol based, See protocol based VLAN 104 Voice VLAN 106 VSA 220 VT100 33 VTP 267 W warranty 446 note 446 web configurator getting help 45 home 39 login 36 logout 44 navigation panel 39 weight, queuing 186 Weighted Round Robin Scheduling (WRR) 186 WRR (
