ZyXEL ES-4024A Series (ES-4024A) Ethernet Switch Support Notes Version 3.
ES-4024A Series Switch Support Notes INDEX How to manage & maintain your Switch? Firmware Upgrade Restore a Configuration File Backing Up a Configuration File Load Factory Defaults Physical Switch connection Connecting two switches via Fiber Channel General Networking DHCP option 82 (Relay Agent Information Option) Separating a physical network into many virtual networks Introduction to Virtual LAN Port Based Virtual LAN Setting up Port Based VLAN IEEE 802.
ES-4024A Series Switch Support Notes How to access the Switch through the console port? What is default login password of the console, telnet, and FTP? How to change the password? How to access the Command Line Interface? If I forgot the Switch password, how can I reset the password to default? How do I configure an IP address? Is Online Help available on the Web GUI? How to restart device from Web? How to check the current running firmware version? Is the mini GBIC transceiver hot-swappable? What is so cal
ES-4024A Series Switch Support Notes How to manage & maintain your Switch? Firmware Upgrade From Web GUI: 1. Download (and unzipped) the correct model firmware to your computer. 2. Click Management and then Maintenance in the navigator panel to bring up the following screen. 3. Click on the “Click Here” link of the Firmware Upgrade to bring up the following screen. 4. 5. Browse the firmware located or type in the path into the “File Path” field. Click on the Upgrade button.
ES-4024A Series Switch Support Notes From Console Port: 1. Download (and unzipped) the correct model firmware to your computer. 2. Connect to the console port and open the Terminal Emulation Software. 3. Restarting the switch to enter the debug mode via the terminal. 4. Enter “ATUR”. 5. Use X-modem protocol to transfer (Send File) the firmware. 6. Enter “ATGO” to restart the switch after done uploading the firmware. From Command Line FTP: 1.
ES-4024A Series Switch Support Notes Restore a Configuration File From Web GUI: 1. Click Management and then Maintenance in the navigator panel to bring up the following screen. 2. Click on the “Click Here” link of the Restore Configuration to bring up the following screen. 3. Browse to locate the file with the file name or type in the path and the file name into the “File Path” field. Click on the Restore button. 4. From Console Port: 1.
ES-4024A Series Switch Support Notes 2. 3. 4. 5. Restarting the Switch to enter the debug mode via the terminal. Enter “ATLC” Use X-modem protocol to transfer (Send File) the firmware. Enter “ATGO” to restart the Switch after done uploading the configuration file. From Command Line FTP: 1. Download (and unzipped) the correct model firmware to your computer. 2. Launch the FTP client on your PC to login to Switch. (From the command prompt, type “ftp ”. 3. Press “Enter” for the User name 4.
ES-4024A Series Switch Support Notes Backing Up a Configuration File From Web GUI: 1. Click Management and then Maintenance in the navigator panel to bring up the following screen. 2. Click on the “Click Here” link of the Backup Configuration to bring up the following screen. 3. Click on the “Backup” button to bring up the File Download dialog. Then, clicking on the Save button to backup the configuration rom file to a proper location. From Console Port: 1.
ES-4024A Series Switch Support Notes 4. 5. Use X-modem protocol to transfer (Receive File) the firmware. Enter “ATGO” to restart the Switch after done uploading the configuration file. From Command Line FTP: 1. Download (and unzipped) the correct model firmware to your computer. 2. Launch the FTP client on your PC to login Switch. (From the command prompt, type “ftp ” 3. Press “Enter” for the User name 4. Enter password to get the ftp prompt. 5. Enter “bin” to set transfer mode to binary. 6.
ES-4024A Series Switch Support Notes Load Factory Defaults From Web GUI: 1. Click Management and then Maintenance in the navigator panel to bring up the following screen. 2. 3. 4. 5. 6. Click on the “Click Here” button of the Load Factory Defaults to bring up the following screen. A dialog pops up with the message “Are you sure you want to load factory defaults?”. Click OK to go to the following dialog. Click on the OK button.
ES-4024A Series Switch Support Notes Physical Switch connection How to connect two switches via Fiber Channel Your Switch may come with one or many mini-GB ports. ZyXEL offers Small Form-factor Pluggable (SFP) transceivers for Gigabit Ethernet and Fiber Channel applications.
ES-4024A Series Switch Support Notes z z z ZyXEL Switch with Mini-GB port x2 (note: Each ES-4024A Series Switch comes with 2 Mini-GB Port) SFP-SX Transceiver x2 LC/LC Fiber Cable (62.5/125MM) x1 Here is the photo of the SFP-SX Transceiver & the LC/LC Fiber Cable. Steps to complete this scenario 1. First, pick up your ES-2108-LC and GS-4024Switch and power them up. 12 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Photo of the ES-2108-LC Switch 2. Find both Mini-GB Port on ES-2108-LC and GS-4024. 3. Get one transceiver and plug it into the Mini-GB Port of ES-2108-LC 13 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes 4. Plug another transceiver into the Mini-GB Port of GS-4024 Switch 14 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes 5. Remove both side of the protection cap from the LC/LC Fiber Cable. 6. Plug the LC/LC Fiber Cable into the transceivers on both ES-2108-LC and GS-4024 Switch. If you connected the cable correctly, the LED of the “LINK” will light up. 15 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes 7. Now, connect the first PC “Alpha” to ES-2108-LC and the second PC “Delta” to the GS-4024 via the regular Ethernet cable. 8. Set the NICs in both computers to the same IP Domain. (ex, PC “Alpha” :192.168.1.4/24; PC “Delta” : 192.168.1.5/24) 9. From PC “Alpha”, PING PC “Delta” at 192.168.1.5 10. From PC “Delta”, PING PC” Alpha” at 192.168.1.4 11. Now you can confirm that the network connection between ES-2108-LC and GS-4024 is up and running.
ES-4024A Series Switch Support Notes General Networking DHCP Relay Option 82 Application ISP may want to limit the number of IP address or deliver some specific IP addresses according to certain Switch port, VLAN ID and option 82 string. They can easily to achieve this with DHCP Relay Option 82 feature and a DHCP server supporting Option 82 function. Network DHCP Server 192.168.1.99 Ethernet Port Port 25 DHCP Client 17 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes How to set up DHCP Relay Option 82 Environment Here, we will set up an environment to allow a PC to get DHCP IP address in specific IP pool according to its Switch port, VLAN ID and the option 82 string. In this case, we are using GS-3012 for the demonstration. PC is behind 25th Switch port and the option 82 string is a string “GS-3012”. We use the IP Commander as DHCP server. Its IP is 192.168.1.99 and the IP pool is between 192.168.1.201 and 192.168.1.
ES-4024A Series Switch Support Notes 3. IP Commander settings Open IP Commander. Right click “IP commander and then click “connect new server”. Input the DHCP IP address or domain name and click “ok”. Our IP is 192.168.1.99. 19 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Input user name and password. The default user name is “administrator” and password is “incognito”. 20 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes It will bring up the following screen, please make sure that your DHCP is in “online” status. Then click “wizard” in the top tool bars and select “rule wizard”. 21 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Give a name and description to the new rule. 22 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Assign a range of IP addresses or just one IP address to this rule. In our case, we set the IP pool from 192.168.1.201 to 192.168.1.203. After input IP pool, we select “DHCP Option” in Keywords combobox. 23 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes After select the “DHCP Option”, it will pop up “Add DHCP Option Rule” dialog. Select “option 82 Relay Agent Information”, sub-option 1, binary data. For port 25, VLAN 1, “GS-3012”, please key in “0019000147532d33303132” as the key value and click OK. Please note that the first 2 bytes define port number, the second 2 bytes is VLAN ID and the other bytes are the Option 82 string. 24 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes After you finish above step, you will see the following figure. 25 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Then pop up the following screen and you can just press Next button. Then you can add DHCP template (option) such as gateway, DNS server and so on. 26 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Here we use “192.168.1.1” as gateway IP address of DHCP client PC. 27 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes You can apply DDNS service to DHCP server or not. The rule creation has been finished. 28 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes After finishing all above procedures, your PC will get the IP address 192.168.1.201 when you send a DHCP request. 29 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Separating a physical network into many virtual networks What is Virtual LAN? • VLAN Overview A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network belong to one group called VLAN Group. A station can belong to more than one group. The stations on the same VLAN group can communicate with each other.
ES-4024A Series Switch Support Notes outgoing ports allowed for each port when using port-based VLANs. Note that VLAN only governs the outgoing traffic, in the other word, it is unidirectional. Therefore, if you wish to allow two subscriber ports to talk to each other, e.g., between conference rooms in a hotel, you must define the egress (outgoing port) for both ports. An egress port is an outgoing port, that is, a port through which a data packet leaves.
ES-4024A Series Switch Support Notes Port-based VLAN definition: • • • • • • Egress port for port 1: port 2, port 4, port 5 Egress port for port 2: port 1, port 3 Egress port for port 3: port 2 Egress port for port 4: port 1, port 5 Egress port for port 5: port 1, port 4 Port-based VLAN across different switch Port-based VLAN is specific only to the switch on which it was created. Definitely, Port-based VLAN can't across different switches.
ES-4024A Series Switch Support Notes For Switch-2, port 1, port 2, and port 3 are allowed to communicate back and forth with uplink port 4, but not with other ports. • Switch-2 VLAN 1 member port: port 1 and port 4 • Switch-2 VLAN 2 member port: port 2 and port 4 • Switch-2 VLAN 3 member port: port 3 and port 4 For Switch-3, port 2, port 3, and port 4 are allowed to communicate back and forth with uplink port 1, but not with other ports.
ES-4024A Series Switch Support Notes For Switch-1, port 1, port2, and port 3 are allowed to communicate back and forth with uplink port 4, but not with other ports. • Switch-1 VLAN 1 member port: port 1 and port 4 • Switch-1 VLAN 2 member port: port 2 and port 4 • Switch-1 VLAN 3 member port: port 3 and port 4 How to configure Port-Based VLAN Port-based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port.
ES-4024A Series Switch Support Notes Scenario In this scenario, Port Based VLAN is used to separate one physical Switch into two smaller logical Switches. Port 1~4 and 9, 10 are in one group. And Port 5~10 are in another group. Port-based VLANs are specific only to the switch on which they were created. 35 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Configuring your Switch to fulfill this scenario (GUI) 1. 2. 3. 4. Connect port 1 with a PC or Notebook via the RJ45 Cable. By default the MGMT IP on every port is 192.168.1.1/24 Set your NIC to 192.168.1.2/24 Open an Internet browser such as IE and give http://192.168.1.1 on the URL. 5. By default you will need to put “admin” as the username and “1234” as the password. 6. After you login successfully, you will see a similar screen like below. 7.
ES-4024A Series Switch Support Notes 8. Now, you need to tell the Switch how you are going to separate the physical Switch into some logical small Switches. Thus, we click “Advanced Application” then “VLAN”. On the right screen, check the boxes to suit your need. In this case, we need to make port 1~4 and port 9, 10 in a group in order for them to communicate in both ways. And port 5~10 in another group but these two groups cannot talk with each others.
ES-4024A Series Switch Support Notes 9. Finally, you can now verify your result. If everything works fine, PC A can ping PC B and PC Z. But it cannot ping PC C or PC D. On the same time, this should work vice versa. 10. For example, PC A: 192.168.1.4/24 PC B: 192.168.1.5/24 PC C: 192.168.1.6/24 PC D: 192.168.1.7/24 PC Z: 192.168.1.99/24 11. PING PC B from PC A (Should work) 38 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes 12. PING PC Z from PC A (Should work) 13. PING PC C from PC A (Should NOT work) 39 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Configuring your Switch to fulfill this scenario (CLI) 1. Connect the Switch Console port with your PC or Notebook. 2. Open your Terminal program.(Ex, Hyper Terminal in Windows System) 3. Make sure that your port settings are bps:9600 Data bits:8 Parity: None Stop bits:1 Flow control: None: 4. After you connected successfully, give the correct user name and password. 5. Put “en” or “enable” to go into the privileged mode.
ES-4024A Series Switch Support Notes scenario. 7. When all of the above are done, do not forget to give the “write memory” command under the enable mode to save your configuration. What is IEEE 802.1Q Tag-based VLAN? • Tag-based VLAN Overview Regarding IEEE 802.1Q standard, Tag-based VLAN uses an extra tag in the MAC header to identify the VLAN membership of a frame across bridges. This tag is used for VLAN and QoS (Quality of Service) priority identification.
ES-4024A Series Switch Support Notes process the frame across the network. A tagged frame is four bytes longer than an untagged frame and contains two bytes of TPID (Tag Protocol Identifier, residing within the type/length field of the Ethernet frame) and two bytes of TCI (Tag Control Information, starts after the source address field of the Ethernet frame). • TPID: TPID has a defined value of 8100 in hex. When a frame has the EtherType equal to 8100, this frame carries the tag IEEE 802.1Q / 802.1P.
ES-4024A Series Switch Support Notes • How 802.1Q VLAN works According to the VID information in the tag, the switch forward and filter the frames among ports. These ports with same VID can communicate with each other. IEEE 802.1Q VLAN function contains the following three tasks, Ingress Process, Forwarding Process and Egress Process. 1. Ingress Process: Each port is capable of passing tagged or untagged frames.
ES-4024A Series Switch Support Notes untagged frame is received, Ingress Process insert a tag contained the PVID into the untagged frame. Each physical port has a default VID called PVID (Port VID). PVID is assigned to untagged frames or priority tagged frames (frames with null (0) VID) received on this port. After Ingress Process, all frames have 4-bytes tag and VID information, and then go to Forwarding Process. 2.
ES-4024A Series Switch Support Notes 4. • Forbidden registration: This port is forbidden to be the egress port of specified VID.. • Fixed registration: While ad control is fixed registration, it means this is a static registration entry. This port is the egress port of the specified VID (a member port of the specified VLAN). The frames with specified VID tag can go through this port. • Normal registration: While ad control is normal registration, it means this is a dynamic registration entry.
ES-4024A Series Switch Support Notes Filtering Database. If the value is tagged, the outgoing frame on the egress port is tagged. If the value is untagged, the tag will be removed before frame leaves the egress port. How to connect two switches using VLAN? I want to make VLAN on two layer 2 switches, and I want to connect first switch to second switch with trunk port. There will be 5 VLAN on first Switch and there will be 7 VLAN on second switch. Trunk port will be port 25 on both switches as well.
ES-4024A Series Switch Support Notes ------------------------------------2. Configuration of VLAN on switch B Answer: ------------------------------------In switch A, add port 25 in each VLAN VID:101 (port 1,2,3,"25 TAG") VID:102 (port 4,5,6,,"25 TAG") VID:103 (port 7,8,9,10,"25 TAG") VID:104 (port 23,24,"25 TAG") VID:105 (port 11,12,13,14,"25 TAG") VID:106 (port 15,16,17,"25 TAG") VID:107 (port 18,19.
ES-4024A Series Switch Support Notes VID:102 (port 6,7,8,9,10,"25 TAG") VID:103 (port 11,12,13,14,"25 TAG") VID:104 (port 15,16,17,18,"25 TAG") VID:105 (port 19,20,21,23,22"25 TAG) Clients in same VLAN on both switches can communicate each other.
ES-4024A Series Switch Support Notes Setting up VLAN Trunking With the benefit of deploying VLAN trunking, we can connect two switches by a port that is configured as VLAN trunking port. PC1 with each VLAN tag frames from switch 1 can communicate with PC2 with another VLAN tag frames in switch 2 via VLAN trunking port. In our example, we set up port 5 in switch 1 as the VLAN Trunking port while in switch 2, we set up port 10 as the VLAN Trunking port.
ES-4024A Series Switch Support Notes In the switch 2, the configuration is In the switch 1, we set port 2 as VLAN 2 untag 50 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes In the switch 2, we set port 6 as VLAN 2 untag. The switch 1 IP address: 192.168.1.31 The switch 2 IP address: 192.168.1.21 After the configuration, we can observe that in the switch 1, the PC1 running on port 2 can find the PC2 running on port 6 in the switch 2. 51 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes IP Multicasting How to setup IGMP snooping in your switch? Figure 1: IGMP and IGMP snooping IGMP snooping is designed for application with deployment of multicast traffic. It operates on the underlying IGMP mechanism where a layer two switch passively listens to the IGMP Query, Report and Leave (IGMP version 2) packets transmitted between the IGMP router and clients and collects passing IGMP messages.
ES-4024A Series Switch Support Notes Configuration of IGMP snooping by web In this example, we enable the IGMP function on the GS-4024 (an IGMP router) to connect to a multimedia server. Also, we enable IGMP snooping function on the ES-3124 or other ZyXEL L2 Switch to connect to the multimedia clients. Figure 2: IGMP snooping Example Step one: In the GS-4024, click the IP Application, select IGMP where, IGMP function can be enabled and we can select either IGMP-v1 or IGMP-v2.
ES-4024A Series Switch Support Notes Step two: In the L2 Switch, click Basic Setting and then Switch Setup where we can enable IGMP snooping function with WEB-GUI. Figure 4: IGMP Snooping Setup Configuration of IGMP and IGMP snooping by CLI Step one: Enable IGMP function In the configure mode GS-4024(config)# router igmp Step two: Enable IGMP snooping 54 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes In the configure mode of CLI, L2Switch(config)# igmp-snooping Step three: Display the IGMP Status In the exec mode of CLI GS-4024# show router igmp Step Four: Display the IGMP snooping Status In the exec mode of CLI L2Switch# show igmp-snooping ______________________________________________________________ Note: One thing needs to be mentioned is that in the IGMP router, we do not need to enable IGMP snooping function.
ES-4024A Series Switch Support Notes Overview of MVR MVR refers to Multicast VLAN Registration that enables a media server to transmit multicast stream in a single multicast VLAN while clients receiving multicast VLAN stream can reside in different VLANs. Clients in different VLANs intend to join or leave the multicast group simply by sending the IGMP Join/leave message to a receiver port. The receiver port belongs to one of the multicast group can receive multicast stream from media server.
ES-4024A Series Switch Support Notes Figure 2 MVR Mode Dynamic Mode If we select the dynamic mode in MVR setting, IGMP report message transmitted from the receiver port will be forwarded to a multicast router through its source port. Multicast router knows which multicast groups exist on which interface dynamically. Compatible mode If we select the dynamic mode in MVR setting, IGMP report message transmitted from the receiver port will not be transmitted to a multicast router.
ES-4024A Series Switch Support Notes configured multicast MAC address. If matches, the switch CPU modifies the hardware address table to include this receiver port and VLAN as a forwarding destination of the MVLAN Leave Operation Subscriber sends an IGMP leave message to the switch to leave the multicast. The switch CPU sends an IGMP group-specific query through the receiver port VLAN. If there is another subscriber in the VLAN, subscriber must respond within the max response time.
ES-4024A Series Switch Support Notes Configuration via Web Step 1: We need to create a VLAN for multicast traffic in ES-4024A. In the ES-4024A, Click the Advanced Application and then select the VLAN and in the VLAN Configuration, create a new VLAN 100. Figure 4 VLAN Configuration Step 2, In the ES-4024A, click the Advanced Application and then select the VLAN.
ES-4024A Series Switch Support Notes Figure 5 VLAN Port Setting Step 3, we need to create separate VLANs for different Clients. In the ES-3124, in the Advanced Application, click Multicast to enter the Multicast Setting and configure the MVR VLAN=100. Define port 14, port 15 and port 16 as the receiver ports to forward multicast stream to clients in different VLANs; set port 22 as a source port to receive traffic from the media server. Also, we select mode as dynamic mode.
ES-4024A Series Switch Support Notes Step 4: In the ES-3124, after the MVR configuration, click the Advanced Application to browse the VLAN Status and see we have add a new VLAN 100 in the VLAN list. We also create three separate VLANs, 20, 30, 40 and assign their PVID as 20, 30 and 40 respectively. Figure 7 VLAN Status 61 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Figure 8 VLAN Port Setting Step 5: Before we start to use the MVR, it is quite fundamental to enable the IGMP Snooping first. In the ES-3124 Menu, click the Multicast and go toe the Multicast Setting, activate the IGMP Snooping. Figure 10 Multicast Setting 62 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Step 6: In the ES-3124, in the advanced application, select Multicast, and then in the Multicast setting, and choose MVR and click the Group configuration. Here, we configure 233.1.1.1~ 233.1.1.100 as the range of multicast address and only the clients belong to that range of multicast group will receive the multicast traffic. Figure 11 Group Configuration 63 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Configuration via CLI Step 1: On the ES-3124, in the configure mode, create VLAN 100 ES-3124# config ES-3124(config)# vlan 100 Step 2: In the VLAN 100, set the port 22 to be fixed port. ES-3124(config-vlan)# fixed 22 Step 3: On the ES-3124, in the configure mode, create VLAN 20, and set the port 4 and port 14 to be fixed port.
ES-4024A Series Switch Support Notes ES-3124(config-interface)# pvid 20 ES-3124(config-interface)# exit ES-3124(config)# interface port-channel 14 ES-3124(config-interface)# pvid 20 Step 7: On the ES-3124, set the PVID of specific VLAN 30 ES-3124(config)# interface port-channel 5 ES-3124(config-interface)# pvid 30 ES-3124(config-interface)# exit ES-3124(config)# interface port-channel 15 ES-3124(config-interface)# pvid 30 Step 8: On the ES-3124, set the PVID of specific VLAN 40 ES-3124(config)# interface p
ES-4024A Series Switch Support Notes Step 14: Then, specify the source port 22 and assign it to be tagged ports ES-3124(config-mvr)# source-port 22 ES-3124(config-mvr)# tagged 22 66 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes To ring a network by building reducdent links and connections between Switch What is Spanning Tree Protocol • Spanning Tree Overview Spanning-Tree Protocol (STP) is a Layer 2 protocol designed to run on bridges and switches. The specification for STP is defined in IEEE 802.1d. The main purpose of STP is to ensure that you do not run into a loop situation when you have redundant paths in your network.
ES-4024A Series Switch Support Notes 2. Filtering Database Instability: When multiple copies of a frame arrive at different ports of a switch, the MAC entry instability in Filtering Database will occur. 1. 2. 3. Host sends an unicast frame to Router (source MAC address is Host's MAC, destination MAC address is Router's MAC). Both Switch A and Switch B will receive this frame and learn MAC address of Host on Port 2. Switch A has not yet learned the MAC address of Router.
ES-4024A Series Switch Support Notes How STP Works Spanning Tree provide a loop-free network. When a switch supported STP recognize a loop in the network topology, it blocks one or more redundant ports. Spanning Tree Protocol continually explore the network, so when the network topology changes, STP automatically reconfigure switch ports to avoid the failure by blocking certain port. Spanning tree algorithm aware switches (bridges) exchange configuration messages periodically.
ES-4024A Series Switch Support Notes 2. The bridge ID includes two parts, bridge priority (2 bytes) and bridge MAC address (6 bytes). The 802.1d default bridge priority is 32768. For example, a switch with default priority 32768 (8000 hex), MAC address is 00:A0:C5:12:34:56, its bridge ID is 8000:00A0:C512:3456. 3. On the root bridge, all its ports are designated ports. Designated ports are always in the forwarding state. While in forwarding state, a port can receive and send traffic. 2.
ES-4024A Series Switch Support Notes For each LAN segment (collision domain), there is a designated port. The designated port has the lowest cost to the root bridge. Designated ports are normally in the forwarding state to forward and receive traffic to the segment. If more than one port in the segment have the same path cost, the port on which bridge has lowest bridge ID is selected as a designated port. 1.
ES-4024A Series Switch Support Notes 1. Switch A bridge ID = 8000:00A0:C511:1111, Switch B bridge ID = 8000:00A0:C522:2222, Switch C bridge ID = 2. 3. 0001:00A0:C533:3333. Switch C has the lowest bridge ID, so Switch C is the root bridge. All ports of the root bridge are designated ports, so Port 1 is designated port. For non-root bridge Switch A, Port 1 path cost to root bridge is 19, Port 2 path cost is 119, 100 (Switch A Port 2) + 19 (Switch B Port 1).
ES-4024A Series Switch Support Notes Switching security Setting up 802.1x Radius Authentication. Port-Authentication -- RADIUS settings: Click Advanced Application, Port Authentication in the navigation panel to display configuration screen as shown. Click Enable Authentication Server and set the RADIUS server IP address, UDP port and shared Secret, which is the same as Radius server. Then click Apply to make the settings take effect. Click the 802.1x link to enter the 802.1x settings.
ES-4024A Series Switch Support Notes RADIUS server setup Click RADIUS, RADIUS SERVER in the navigation panel to display configuration screen as shown. You can use the default values or change the Authentication port, Shared Secret. Remember these values MUST be the as the settings of client. Create User Account Click RADIUS, USER ACCOUNT in the navigation panel to display configuration screen as shown. You can use the existed user account or create the new one by clicking Add New User button.
ES-4024A Series Switch Support Notes Windows XP(Supplicant) settings: There are many supplicants we can choose like MeetingHouse Aegis client, Funk Odyssey client and Microsoft 802.1x client. We take Microsoft 802.1x client as an example here. 802.1x/MD5-challenge setup Open the Local Area connection Properties, and then click Authentication page. Check the Enable IEEE 802.1x authentication for this network and select the MD5-challenge in EAP type combobox. Please see the following figure. When the 802.
ES-4024A Series Switch Support Notes After click the icon, there will be a dialog for entering the user name and password. Click ok after input the correct user name and password that are in the database of authentication server. The settings of client site are finished. 76 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes After finishing the above procedures, we can allow the authenticated port the access the server. If the switch port doesn’t be authenticated, the PCs behind the port can’t access the network. 77 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Fault Free Protection Overview of VRRP Traditional network has one and only one gateway to put between internal network and external network. When the link of router has some trouble, the user can’t access to internet anymore. But when we enable VRRP,.if MASTER router fails, and the BACKUP router will take over, and ensure the traffic still go through.
ES-4024A Series Switch Support Notes handles all packets while the others are backup devices. When the master one fails, the backup device with highest priority will take over the packet handling. Terminology: • VRRP Router: A router running the Virtual Router Redundancy Protocol. • Virtual Router: An abstract object managed by VRRP that acts as a default router for hosts on a shared LAN. • Virtual Router Master: VRRP Router with forwarding responsibility of a VR.
ES-4024A Series Switch Support Notes PC IP:192.168.1.x Gateway:192.168.1.100 Switch A – ES-4024 downlink network:192.168.1.6 uplink IP:192.168.254.2 uplink gateway:192.168.254.1 virtual IP:192.168.1.100 Switch B – GS-4012F downlink network:192.168.1.5 uplink IP:192.168.254.3 uplink gateway:192.168.254.1 virtual IP:192.168.1.100 80 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Note1. Please notice that two IPs in switch A and switch B should be in different vlan groups. For example: Switch A: 192.168.1.6 in vlan 1; 192.168.254.2 in vlan 2 Switch B: 192.168.1.5 in vlan 1; 192.168.254.3 in vlan 2 Note2. For VRRP application, you must configure two different VLAN groups for downlink network and uplink network. Otherwise, it’s not secure that the authentication will be forwarded under same VLAN group. Step 1.
ES-4024A Series Switch Support Notes a. Go to GUI menu Advanced Application >> VLAN >> Static VLAN >> choose VLAN1 to show the detail. Modify VLAN1 with all ports with “Fixed” and uncheck “Tx Tagging”. Press Add button then. b. Create the VLAN2 via GUI menu Advanced Application >> VLAN >> Static VLAN, and configure all ports with “Fixed” and uncheck “Tx Tagging”. Press Add button then. See the figure below. c. Configure uplink port in GUI menu. Set the PVID to the same ID with uplink is 20.
ES-4024A Series Switch Support Notes Step 3. Setup the switch A’s IP address of two interfaces for layer 3 routing and its uplink gateway. Take ES-4024 for example. Configure Switch A’s IP setting via GUI menu Basic Setting >> IP Setup. - Default Gateway: 192.168.254.1 1st IP address: 192.168.1.6/24 with VID=1, see figure example as below. 2nd IP address: 192.168.254.2/24 with VID=2 After add the change, it will become as following setting.
ES-4024A Series Switch Support Notes Step 4. Setup the switch A’s VRRP as the Master of group 1. In the GUI menu Advanced Application >> VRRP, enter the “Configuration” link. 1. choose ‘Simple’ for authentication 2. Enter type ‘12345’ for the key. 3. Press ‘add’ button. 4. Then input the VRRP information as following figure. Here we use VRRP=7 and use priority=254 to indicate it is the Master role. 84 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Step 5. Setup the switch B’s VLAN to apply the environment. Refer to Step2 for the same setting. Step 6. Setup the switch B’s IP address of two interfaces and uplink gateway. Similar as switch A’s setting at Step3, but different IP address as following. Configure Switch B’s IP setting via GUI menu Basic Setting >> IP Setup. - Default Gateway: 192.168.254.1 1st IP address for user subnet interface: 192.168.1.5/24 with VID=1, see figure example as below.
ES-4024A Series Switch Support Notes 1. 2. 3. 4. 5. 6. choose ‘Simple’ for authentication type ‘12345’ for the key and press ‘Apply’ button same ‘Virtual Router ID” (=7 in this example) lower priority (=100 in this example) to be a backup role same uplink gateway in this scenario example (192.168.254.1) same primary virtual IP (192.168.1.100 in this example) Note: The design of authentication and key is for the authentication between Master and Backup.
ES-4024A Series Switch Support Notes Scenario 2 – Load Sharing Furthermore, ZyCompany wants to achieve load sharing based on the high availability application. To reach this target, two VRRP groups would be recommended. Each switch is a Master of one VRRP group and also acts a Backup of another VRRP group. Network Admin will need to separate LAN users to two groups, each one use one virtual IP to share LAN traffic loading.
ES-4024A Series Switch Support Notes PCs in group1 IP:192.168.1.x Gateway:192.168.1.100 PCs in group2 IP:192.168.1.x Gateway:192.168.1.200 Switch A – ES-4024 downlink network:192.168.1.5 downlink VLAN ID=1 VLAN Uplink ID Interface IP Uplink gateway Virtual IP VRRP ID VRRP Role 2 192.168.254.2 192.168.254.1 192.168.1.100 7 Master 3 192.168.253.2 192.168.253.1 192.168.1.200 1 Backup Switch B – GS-4012F downlink network:192.168.1.
ES-4024A Series Switch Support Notes Step 1. Here we assume that all setting are based on Scenario1’s configuration. Therefore, we will skip the basic setting in this Scenario. Step 2. ISP2. Add one more VLAN ID on SwitchA for another subnet connecting to Same as Scenario1, in this example, we assume 1. The uplink gateway, ZyWALL, which is VLAN-unaware 2. The network is very simple and we configure all ports are the member of both VLAN1, VLAN2, and VLAN3 groups a.
ES-4024A Series Switch Support Notes Step 4. Setup the switch A’s VRRP as the Backup of VRRP group 1. In the GUI menu Advanced Application >> VRRP, enter the “Configuration” link. 1. authentication: no change 2. key: no change 3. Then input the VRRP information as following figure. Here we use VRRP=1 and use priority=100 to indicate it is the Backup role. Step 5. Setup the switchB’s VLAN to apply the environment. Refer to Step2 for the same setting. Step 6.
ES-4024A Series Switch Support Notes Configure Switch B’s IP setting via GUI menu Basic Setting >> IP Setup. - Default Gateway: no change Add 3rd IP address for another uplink interface: 192.168.253.3/24 with VID=3 Step 7. Setup the switch B as the Master role of VRRP group 1. Please note to use 1. 2. 3. 4. 5. 6. authentication: no change key: no change same ‘Virtual Router ID” (=1 in this example) lower priority (=254 in this example) to be a Master role uplink gateway: 192.168.253.
ES-4024A Series Switch Support Notes For Backup, CLI for VRRP no ip vrrp authentication-key • Description: Resets the VRRP authentication settings ip vrrp authentication-key • • Description: Sets the VRRP authentication key in the routing domain. Ex: ip vrrp authentication-key 12345 router vrrp network / vr-id <1-7> uplink-gateway • • Description: Set VRRP detail information. Ex: router vrrp network 192.168.1.5/24 vr-id 7 uplink-gateway 192.168.254.
ES-4024A Series Switch Support Notes name VRRP-7-B primary-virtual-ip 192.168.1.100 no inactive no preempt 93 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Centralized Management * Current version of NetAtlas does not support ES-4024A Series Introduction of SNMPc and NetAtlas With the number of network device increase, the demand to detect and respond to the network failure or external event in a very short time posts a great challenge to network administrator. How to easily manage and monitor network devices across networks becomes more and more important in network management.
ES-4024A Series Switch Support Notes Overview of SNMPc The following diagram shows the main elements of SNMPc. SNMPc includes the following function ♦ ♦ ♦ ♦ Main Button Bar: Button and controls to execute commands quickly Edit Button Bar: Button to quickly insert map element Event Log Tool: Button display filtered event log entries View Window Area: Map View, Mib Tables and Mib Graph windows are displayed here. ♦ View Window Area: Map View, Mib Tables and Mib Graph windows.
ES-4024A Series Switch Support Notes Overview of EMS The following diagram illustrates the main elements in EMS. EMS contains the four main functions. ♦ ♦ ♦ Menu Shortcut Bar: The buttons execute common commands Device Panel: This is a graphical device display. Device List Panel: View devices in a tree structure. The colors of the device indicate the status of the devices. Green is working and Rd is no response from the device.
ES-4024A Series Switch Support Notes Configuration of adding a new device via SNMPc In the following example, we will illustrate how to get started with SNMPc and Netatlas with adding a new device. Follow the procedures from Step 1 to Step 11. Step 1: In the edit button bar shown in the Figure 4 where you may select the icon to insert a new element. Figure 4 Adding a new Device 97 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Add a new device Step 2: In the map object properties, give the label name and enter the IP address of the selected device. In this example, we configure 172.23.3.11 as its IP address of your Switch as shown in Figure 5 Figure 5 Map Object Properties Step 4: In the map object properties, select Access tab to set the parameters of Read Access Mode to SNMP V2c shown in Figure 6. Change the value of 98 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Read Access Mode to SNMP V2c. Figure 6 Read Access mode Step 5: In the map object properties, select Access tab to set the parameters of Read /Write Access Mode to SNMP V2c shown in Figure 7. Change the value of Read/write Access Mode to SNMP V2c. Figure 7 Read/Write Access Mode 99 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Step 6: In the map object properties, select Access tab to set the parameters of Read community to public as shown in Figure 8. Figure 8 Read Community 100 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Step 7: In the map object propeies, select Access tab to set the parameters of Read community to public in Figure 9. Change the value of Read//write Community to Public. Figure 9 Read/write Community Step 8: In the Selection tool menu, Click the name of your Switch to manage the device. Figure 10 Device Selection 101 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Step 9: After the selection, a pop-up menu will display the NetAtlas switch manager diagram. Click the Switch Manager to enter the EMS Mapping shown in Figure 11 Figure 11 Device Selection Step 10: In the EMS mapping, it display a logical hierarchy for the device. In the device list, you may see the devices are added in the Rootmap shown in 102 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Figure 12. Figure 12 Rootmap Step 11: Click the your Switch to configure the device shown in Figure 13. Figure 13 Device mapping 103 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes VLAN Configuration via EMS In this section, we will give an example to illustrate how to use EMS to create a VLAN2 in GS-4024. Here are the procedures. Step 1: In the device panel list shown in Figure 12, right-click Configuration, Switch Configuration and then Switch Setup tab as shown in Figure 12 and Figure 13. Step 2: Define the VLAN type, there are two types of VLAN, one is 802.1Q and the other is Port-based VLAN. Select 802.
ES-4024A Series Switch Support Notes Figure 14 Selecting a VLAN Type After the VLAN type selection, a pop-up window indicates that you have finished the configuration. Then after we have defined the VLAN type to be the 802.1Q, go back to click the Configuration and then VLAN configuration in 105 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Figure 15. Figure 15 VLAN Configuration Click the New button to create a new VLAN ID in Figure 16. Figure 16 Creating a new VLAN ID Selecting Egress ports and defines them to be tagged or untagged in Figure 17 Figure 17 Selecting the ports 106 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes For more information, reference the user guide of NetAtlas. 107 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Cluster Management Overview Cluster Management allows you to manage up to 24 switches through a single IP to manage up to 24 switches simultaneously in the same broadcast domain and the same VLAN group ID. The cluster manager which can manage other switches is called the master device. The other terminology we use for cluster management is “istacking”. • How Cluster Management works Step 1: 1.
ES-4024A Series Switch Support Notes A clustering member listens on UDP port 263. When a clustering member receives a request with the matching signature, it answers with a HDAP Discover Response. In the response, the clustering member provides identity information about itself. Step 3: 3.
ES-4024A Series Switch Support Notes slave switch. • How to set up Cluster Management in switch Step 1: Go to menu: “Management” Æ ”Cluster Management” Æ ”Clustering Management Configuration” In “Clustering Management Configuration” pages, check the “Active” check box to enable Cluster Manager. In the middle of this page, there is a table shows all the clustering candidates which can be selected and added as the clustering members.
ES-4024A Series Switch Support Notes Select a device in the Clustering Candidate table and enter the password which is the admin password for the candidate device to add the clustering member. Step 3: 111 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Click on the index number to manage the selected clustering member. Step 4: In “Member Menu” pages, you can change any setting of the clustering member, except Cluster Management, Firmware Upgrade and Restore Configuration. Step 5: 112 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Enter “Management”->”Cluster Management”->”Clustering Management Status:” In “Clustering Management Status” pages, you can check the status for each member. Step 6: Enter “Management”->”Cluster Management”->”Clustering Management Configuration:” In “Clustering Management Configuration” pages , by 113 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes checking the remove checkbox and then, click on the Remove button to remove a cluster member. 114 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Overview of RMON Remote Monitoring (RMON) is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data. RMON provides network administrators with more freedom in selecting network-monitoring probes and consoles with features that meet their particular networking needs. RMON was originally developed to address the problem of managing LAN segments and remote sites from a central location.
ES-4024A Series Switch Support Notes requirements. Each group is optional so that vendors do not need to support all the groups within the Management Information Base (MIB). Some RMON groups require support of other RMON groups to function properly. Table 1 summarizes the nine monitoring groups specified in the RFC 1757 Ethernet RMON MIB.
ES-4024A Series Switch Support Notes Matrix Stores and retrieves Source and destination address pairs statistics for and packets, bytes, and errors for each conversations pair. between sets of two addresses. Filters Enables packets to be Bit-filter type (mask or not mask), filter matched by a filter expression (bit level), conditional equation for capturing expression (and, or not) to other filters. or events.
ES-4024A Series Switch Support Notes Event (1.3.6.1.2.1.16.9) All groups in this MIB are optional. (MIB-II is mandatory) Scenario (ES-4024A Series supports RMON 1.2.3.9) In this illustration, SNMPc Enterprise Edition Version 5.1.6c is installed on the PC. And this PC is defined as “RMON management console”. This PC can ping both ZyXEL ES-3148 (both Switch A & Switch B). And there are some probes / networking devices to generate the traffic to the ZyXEL Switches in order to verify the RMON result.
ES-4024A Series Switch Support Notes In this scenario, we are going to monitor the Broadcast Packets by using the RMON MIB. The following will demonstrate the steps to monitor the Broadcast Packets by using SNMPc Enterprise Edition Version 5.1.6c. 1. Methodology of Scenario Verification 1.Open your SNMPc program first, then pick the ZyXEL-3148 Switch (it is first named as device “root”) and give it the correct IP information to get the SNMP information. Also, you can rename it to whatever you want.
ES-4024A Series Switch Support Notes 2. Secondly, click on the “Mib” tab and expend the SNMP Mibs’ tree. You will find that there is an “rmon” group over there and again you can expend its sub-tree. 120 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes 3. Right click the “etherStatsTable” and choose “View Table” 121 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes 4. Find the interface or port that you are looking for. And you can look at the corresponding field and therefore find the value that you want to monitor. In this case, we are looking for the Broadcast Packets. 122 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes Try to generate some broadcast traffic from the probe or your network device, then you should see the BroadcastPkts increasing. 5. In conclusion, if the Switch supports RMON, then you can get the values from the Switch in the RMON Group(s), otherwise, it will return 0 and always stays 0. Without the supporting of RMON, then it is impossible to monitor those elements in the RMON MIB Group 123 All contents copyright (c) 2006 ZyXEL Communications Corporation.
ES-4024A Series Switch Support Notes FAQ What is the default setting of the IP parameters? IP address: 192.168.1.1 Subnet: 255.255.255.0 What is the default login Name and Password of the Web Configurator? ID: admin Password: 1234 How to access my SWITCH through the console port? Connect the male 9-pin end of the console cable to the console port of the Switch.
ES-4024A Series Switch Support Notes How to change the password? Web Configurator is the only place you can change the password. After you log in for the first time, it is recommended you change the default administrator password. From Web Configurator: Click Advanced Application, Access Control, and then Logins to display the next screen. From there you can change a new password. How to access the Command Line Interface? There are two ways to access the Command Line Interface.
ES-4024A Series Switch Support Notes 2. 3. 4. 5. 6. Power off and then power on the Switch, and press any key to enter the debug mode when the screen shows “Press any key to enter Debug Mode within 3 seconds.” Type “atlc” and press the enter key When the message “starting XMODEM upload” appears, do XMODEM upload of the default rom file to the Switch After it is done uploading the rom file successfully, type “atgo” to leave the debug mode. The system will be restarted automatically.
ES-4024A Series Switch Support Notes Is Online Help available on the Web Configurator? Yes, the Web Configurator’s Online Help is available. Clicking on the Help link will bring up a description of the online help of that screen. How to restart device from Web? 1. Click Management and then Maintenance in the navigation panel to display the following screen. 2. Click on the “Click Here” button next to the Reboot System will restart the Switch.
ES-4024A Series Switch Support Notes operating. What is so called "Dual-Personality interface" in Ethernet Switching? Dual-Personality GbE interface means that one 1000Base-T Copper port and one SFP port share the same physical interface. Only one of them can be used at one of a time. Dual-Personality interface is also called "Combo Port" in some cases. 128 All contents copyright (c) 2006 ZyXEL Communications Corporation.
