ES-4124 Intelligent Layer 3+ Switch User’s Guide Version 3.8 4/2007 Edition 1 DEFAULT LOGIN IP Address http://192.168.1.1 User Name admin Password 1234 www.zyxel.
About This User's Guide About This User's Guide Intended Audience This manual is intended for people who want to configure the ES-4124 using the web configurator or via commands. You should have at least a basic knowledge of TCP/IP networking concepts and topology. Related Documentation • Quick Start Guide The Quick Start Guide contains information on setting up your hardware. • Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information.
Document Conventions Document Conventions Warnings and Notes These are how warnings and notes are shown in this User’s Guide. 1 " Warnings tell you about things that could harm you or your device. Notes tell you other important information (for example, other things you may need to configure or helpful tips) or recommendations. Syntax Conventions • The ES-4124 may be referred to as the “Switch”, the “device”, the “system” or the “product” in this User’s Guide.
Document Conventions Icons Used in Figures Figures in this User’s Guide may use the following generic icons. The Switch icon is not an exact representation of your device.
Safety Warnings Safety Warnings 1 For your safety, be sure to read and follow all warning notices and instructions. • Do NOT use this product near water, for example, in a wet basement or near a swimming pool. • Do NOT expose your device to dampness, dust or corrosive liquids. • Do NOT store things on the device. • Do NOT install, use, or service this device during a thunderstorm. There is a remote risk of electric shock from lightning. • Connect ONLY suitable accessories to the device.
Safety Warnings This product is recyclable. Dispose of it properly.
Safety Warnings 8 ES-4124 User’s Guide
Contents Overview Contents Overview Introduction ............................................................................................................................ 35 Getting to Know Your Switch ..................................................................................................... 37 Hardware Installation and Connection ....................................................................................... 41 Hardware Overview .......................................................
Contents Overview IP Multicast .............................................................................................................................. 253 Differentiated Services ............................................................................................................. 255 DHCP ...................................................................................................................................... 263 VRRP ...............................................................
Table of Contents Table of Contents About This User's Guide .......................................................................................................... 3 Document Conventions............................................................................................................ 4 Safety Warnings........................................................................................................................ 6 Contents Overview .......................................................
Table of Contents 3.1.3 Mini-GBIC Slots ......................................................................................................... 46 3.2 Rear Panel ........................................................................................................................... 48 3.2.1 Power Connector ....................................................................................................... 48 3.2.2 External Backup Power Supply Connector ...............................................
Table of Contents 7.4 Introduction to VLANs ........................................................................................................ 79 7.5 Switch Setup Screen 7.6 IP Setup ........................................................................................................ 79 ............................................................................................................................ 81 7.6.1 IP Interfaces ................................................................
Table of Contents 11.1 STP/RSTP Overview ..................................................................................................... 109 11.1.1 STP Terminology ................................................................................................... 109 11.1.2 How STP Works .....................................................................................................110 11.1.3 STP Port States .......................................................................................
Table of Contents 16.1.2 MAC Authentication ............................................................................................... 144 16.2 Port Authentication Configuration .................................................................................... 145 16.2.1 Activate IEEE 802.1x Security ........................................................................... 145 16.2.2 Activate MAC Authentication .................................................................................
Table of Contents Chapter 22 Multicast ................................................................................................................................ 175 22.1 Multicast Overview ......................................................................................................... 175 22.1.1 IP Multicast Addresses ........................................................................................... 175 22.1.2 IGMP Filtering .........................................................
Table of Contents 24.5.2 DHCP Snooping VLAN Configure .......................................................................... 215 24.6 ARP Inspection Status ..................................................................................................... 216 24.6.1 ARP Inspection VLAN Status ................................................................................. 216 24.6.2 ARP Inspection Log Status .................................................................................... 217 24.
Table of Contents 29.1 IGMP Overview ............................................................................................................... 245 29.1.1 How IGMP Works ................................................................................................... 246 29.2 Port-based IGMP ............................................................................................................. 247 29.3 Configuring IGMP ............................................................................
Table of Contents 33.5 Configuring DHCP VLAN Settings ................................................................................ 268 33.5.1 Example: DHCP Relay for Two VLANs .................................................................. 270 Chapter 34 VRRP ...................................................................................................................................... 271 34.1 VRRP Overview ....................................................................................
Table of Contents 36.3.4 Configuring SNMP .............................................................................................. 294 36.3.5 Configuring SNMP Trap Group 36.3.6 Setting Up Login Accounts ........................................................................... 296 ................................................................................. 297 36.4 SSH Overview .................................................................................................................
Table of Contents 42.1 ARP Table Overview ....................................................................................................... 323 42.1.1 How ARP Works .................................................................................................... 323 42.2 Viewing the ARP Table ................................................................................................... 323 Chapter 43 Routing Table ...............................................................................
Table of Contents Chapter 46 User and Enable Mode Commands..................................................................................... 385 46.1 Overview .......................................................................................................................... 385 46.2 show Commands ............................................................................................................. 385 46.2.1 show system-information ..........................................................
Table of Contents 48.2.6 mirror ..................................................................................................................... 407 48.2.7 gvrp ....................................................................................................................... 407 48.2.8 ingress-check ........................................................................................................ 408 48.2.9 frame-type ..........................................................................
Table of Contents 52.1 Problems Starting Up the Switch ..................................................................................... 425 52.2 Problems Accessing the Switch ...................................................................................... 425 52.2.1 Pop-up Windows, JavaScripts and Java Permissions ........................................... 426 52.3 Problems with the Password ...........................................................................................
List of Figures List of Figures Figure 1 Backbone Application .............................................................................................................. 37 Figure 2 Bridging Application ................................................................................................................ 38 Figure 3 High Performance Switched Workgroup Application ............................................................... 39 Figure 4 Shared Server Using VLAN Example .......................
List of Figures Figure 39 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN ...................... 99 Figure 40 Protocol Based VLAN Configuration Example .................................................................... 101 Figure 41 Advanced Application > VLAN: Port Based VLAN Setup (All Connected) .......................... 102 Figure 42 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) ...........................
List of Figures Figure 82 Advanced Application > Multicast > Multicast Setting ......................................................... 177 Figure 83 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN ................. 179 Figure 84 Advanced Application > Multicast > Multicast Setting > IGMP Filtering Profile ................... 180 Figure 85 MVR Network Example .......................................................................................................
List of Figures Figure 125 IP Application > OSPF Configuration > OSPF Interface ................................................... 241 Figure 126 IP Application > OSPF Configuration > OSPF Virtual Link ............................................... 242 Figure 127 IP Multicast ........................................................................................................................ 245 Figure 128 IGMP Version 1 Example ..........................................................................
List of Figures Figure 168 Management > Maintenance ............................................................................................ 283 Figure 169 Load Factory Default: Start ................................................................................................ 284 Figure 170 Reboot System: Confirmation ........................................................................................... 285 Figure 171 Management > Maintenance > Firmware Upgrade .................................
List of Figures Figure 211 Java (Sun) .......................................................................................................................... 431 Figure 212 Network Number and Host ID ............................................................................................ 442 Figure 213 Subnetting Example: Before Subnetting ............................................................................ 444 Figure 214 Subnetting Example: After Subnetting ..................................
List of Tables List of Tables Table 1 Panel Connections .................................................................................................................... 45 Table 2 LEDs ......................................................................................................................................... 49 Table 3 Navigation Panel Sub-links Overview .......................................................................................
List of Tables Table 39 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP .................... 139 Table 40 Advanced Application > Port Authentication > 802.1x .......................................................... 146 Table 41 Advanced Application > Port Authentication > MAC Authentication ..................................... 147 Table 42 Advanced Application > Port Security ...................................................................................
List of Tables Table 82 IP Application > Static Routing .............................................................................................. 229 Table 83 IP Application > RIP .............................................................................................................. 232 Table 84 OSPF vs. RIP ........................................................................................................................ 233 Table 85 OSPF: Router Types .....................................
List of Tables Table 125 Management > Diagnostic .................................................................................................. 307 Table 126 Syslog Severity Levels ........................................................................................................ 309 Table 127 Management > Syslog ........................................................................................................ 310 Table 128 Management > Syslog > Server Setup ..................................
P ART I Introduction Getting to Know Your Switch (37) Hardware Installation and Connection (41) Hardware Overview (45) 35
CHAPTER 1 Getting to Know Your Switch This chapter introduces the main features and applications of the Switch. 1.1 Introduction The ES-4124 is a stand-alone layer 3 Ethernet switch with 24 10/100Mbps ports, two RJ-45 Gigabit ports for stacking and 2 GbE dual personality interfaces for uplink as well as a console port and a management port for local management. A dual personality interface includes one Gigabit port and one slot for a mini-GBIC transceiver (SFP module) with one port active at a time.
Chapter 1 Getting to Know Your Switch 1.1.2 Bridging Example In this example application the Switch connects different company departments (RD and Sales) to the corporate backbone. It can alleviate bandwidth contention and eliminate server and network bottlenecks. All users that need high bandwidth can connect to high-speed department servers via the Switch. You can provide a super-fast uplink connection by using a Gigabit Ethernet/mini-GBIC port on the Switch.
Chapter 1 Getting to Know Your Switch Figure 3 High Performance Switched Workgroup Application 1.1.4 IEEE 802.1Q VLAN Application Examples A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical networks. Stations on a logical network belong to one group. A station can belong to more than one group. With VLAN, a station cannot directly talk to or hear from stations that are not in the same group(s) unless such traffic first goes through a router.
Chapter 1 Getting to Know Your Switch • Web Configurator. This is recommended for everyday management of the Switch using a (supported) web browser. See Chapter 4 on page 53. • Command Line Interface. Line commands offer an alternative to the Web Configurator and may be necessary to configure advanced features. See Chapter 45 on page 331. • FTP. Use File Transfer Protocol for firmware upgrades and configuration backup/restore. See Section 35.8 on page 287. • SNMP.
CHAPTER 2 Hardware Installation and Connection This chapter shows you how to install and connect the Switch. 2.1 Freestanding Installation 1 Make sure the Switch is clean and dry. 2 Set the Switch on a smooth, level surface strong enough to support the weight of the Switch and the connected cables. Make sure there is a power outlet nearby. 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and the power cord.
Chapter 2 Hardware Installation and Connection " For proper ventilation, allow at least 4 inches (10 cm) of clearance at the front and 3.4 inches (8 cm) at the back of the Switch. This is especially important for enclosed rack installations. 2.2 Mounting the Switch on a Rack This section lists the rack mounting requirements and precautions and describes the installation steps. 2.2.1 Rack-mounted Installation Requirements • Two mounting brackets. • Eight M3 flat head screws and a #2 Philips screwdriver.
Chapter 2 Hardware Installation and Connection 3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch. 4 You may now mount the Switch on a rack. Proceed to the next section. 2.2.3 Mounting the Switch on a Rack 1 Position a mounting bracket (that is already attached to the Switch) on one side of the rack, lining up the two screw holes on the bracket with the screw holes on the side of the rack.
Chapter 2 Hardware Installation and Connection 44 ES-4124 User’s Guide
CHAPTER 3 Hardware Overview This chapter describes the front panel and rear panel of the Switch and shows you how to make the hardware connections. 3.1 Panel Connections The figure below shows the front panel of the Switch. Figure 8 Front Panel RJ-45 Gigabit Ports for stacking 10/100 Mbps Ethernet Ports LEDs Console Port Management Port RJ-45 Gigabit / Mini-GBIC Dual Personality Interfaces The following table describes the ports on the panels.
Chapter 3 Hardware Overview Table 1 Panel Connections (continued) CONNECTOR DESCRIPTION Console Port Only connect this port if you want to configure the Switch using the command line interface (CLI) via the console port. Management Port Connect to a computer using an RJ-45 Ethernet cable for local configuration of the Switch. 3.1.
Chapter 3 Hardware Overview There are two pairs of Gigabit Ethernet/mini-GBIC ports. The mini-GBIC ports have priority over the Gigabit ports. This means that if a mini-GBIC port and the corresponding Gigabit port are connected at the same time, the Gigabit port will be disabled. You can change transceivers while the Switch is operating. You can use different transceivers to connect to Ethernet switches with different types of fiber-optic connectors.
Chapter 3 Hardware Overview Figure 11 Opening the Transceiver’s Latch Example 2 Pull the transceiver out of the slot. Figure 12 Transceiver Removal Example 3.2 Rear Panel The following figures show the rear panels of the AC and DC power input model switches. The rear panel contains a connector for backup power supply (BPS) and the power receptacle. For the DC power input model, it also contains a power switch. Figure 13 Rear Panel - AC Model Figure 14 Rear Panel - DC Model 3.2.
Chapter 3 Hardware Overview To connect the power to the ES-4124 AC unit, insert the female end of power cord to the power receptacle on the rear panel. Connect the other end of the supplied power cord to a 100~240V AC, 1.5A power outlet. Make sure that no objects obstruct the airflow of the fans. The ES-4124 DC unit requires DC power supply input of -48V DC to -60V DC, 1.5A Max no tolerance.
Chapter 3 Hardware Overview Table 2 LEDs (continued) LED COLOR STATUS DESCRIPTION Green Blinking The system is transmitting/receiving to/from a 10/1000 Mbps Ethernet network. On The link to a 10/1000 Mbps Ethernet network is up. Blinking The system is transmitting/receiving to/from a 100 Mbps Ethernet network. On The link to a 100 Mbps Ethernet network is up. Off The link to an Ethernet network is down. On The Ethernet port is negotiating in full-duplex mode.
P ART II Basic Configuration The Web Configurator (53) Initial Setup Example (63) System Status and Port Statistics (69) Basic Setting (75) 51
CHAPTER 4 The Web Configurator This section introduces the configuration and functions of the web configurator. 4.1 Introduction The web configurator is an HTML-based management interface that allows easy Switch setup and management via Internet browser. Use Internet Explorer 6.0 and later or Netscape Navigator 7.0 and later versions. The recommended screen resolution is 1024 by 768 pixels. In order to use the web configurator you need to allow: • Web browser pop-up windows from your device.
Chapter 4 The Web Configurator Figure 15 Web Configurator: Login 4 Click OK to view the first web configurator screen. 4.3 The Status Screen The Status screen is the first screen that displays when you access the web configurator. The following figure shows the navigating components of a web configurator screen. Figure 16 Web Configurator Home Screen (Status) B C DE A A - Click the menu items to open submenu links, and then click on a submenu link to open the screen in the main window.
Chapter 4 The Web Configurator B - Click this link to save your configuration into the Switch’s nonvolatile memory. Nonvolatile memory is saved in the configuration file from which the Switch booted from and it stays the same even if the Switch’s power is turned off. See Section 35.3 on page 284 for information on saving your settings to a specific configuration file. C - Click this link to go to the status page of the Switch. D - Click this link to logout of the web configurator.
Chapter 4 The Web Configurator The following table lists the various web configurator screens within the sub-links.
Chapter 4 The Web Configurator The following table describes the links in the navigation panel. Table 5 Navigation Panel Links LINK DESCRIPTION Basic Settings System Info This link takes you to a screen that displays general system and hardware monitoring information. General Setup This link takes you to a screen where you can configure general identification information about the Switch.
Chapter 4 The Web Configurator Table 5 Navigation Panel Links (continued) LINK DESCRIPTION Auth and Acct This link takes you to a screen where you can configure authentication and accounting services via external servers. The external servers can be either RADIUS (Remote Authentication Dial-In User Service) or TACACS+ (Terminal Access Controller Access-Control System Plus).
Chapter 4 The Web Configurator 4.3.1 Change Your Password After you log in for the first time, it is recommended you change the default administrator password. Click Management, Access Control and then Logins to display the next screen. Figure 17 Change Administrator Login Password 4.4 Saving Your Configuration When you are done modifying the settings in a screen, click Apply to save your changes back to the run-time memory. Settings in the run-time memory are lost when the Switch’s power is turned off.
Chapter 4 The Web Configurator 6 Forget the password and/or IP address. 7 Prevent all services from accessing the Switch. 8 Change a service port number but forget it. " Be careful not to lock yourself and others out of the Switch. If you do lock yourself out, try using out-of-band management (via the management port) to configure the Switch. 4.
Chapter 4 The Web Configurator Figure 18 Resetting the Switch: Via the Console Port Bootbase Version: V0.7 | 02/17/2006 11:56:33 RAM:Size = 64 Mbytes DRAM POST: Testing: 65536K OK DRAM Test SUCCESS ! FLASH: Intel 32M ZyNOS Version: V3.80(AIC.0)b0 | 01/19/2007 19:06:37 Press any key to enter debug mode within 3 seconds..................... Enter Debug Mode ES-4124> atlc Starting XMODEM upload (CRC mode).... CCCCCCCCCCCCCCCC Total 393216 bytes received. Erasing.. ..............................................
Chapter 4 The Web Configurator 62 ES-4124 User’s Guide
CHAPTER 5 Initial Setup Example This chapter shows how to set up the Switch for an example network. 5.1 Overview The following lists the configuration steps for the example network: • • • • • Configure an IP interface Configure DHCP server settings Create a VLAN Set port VLAN ID Enable RIP 5.1.1 Configuring an IP Interface On a layer-3 switch, an IP interface (also known as an IP routing domain) is not bound to a physical port. The default IP address of the Switch is 192.168.1.
Chapter 5 Initial Setup Example 2 Open your web browser and enter 192.168.0.1 (the default MGMT port IP address) in the address bar to access the web configurator. See Section 4.2 on page 53 for more information. 3 Click Basic Setting and IP Setup in the navigation panel. 4 Configure the related fields in the IP Setup screen. For the Sales network, enter 192.168.2.1 as the IP address and 255.255.255.0 as the subnet mask.
Chapter 5 Initial Setup Example 5.1.3 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port(s) belongs. You can do this with port-based VLAN or tagged static VLAN with fixed port members. In this example, you want to configure port 1 as a member of VLAN 2. Figure 21 Initial Setup Network Example: VLAN 1 Click Advanced Application > VLAN in the navigation panel and click the Static VLAN link.
Chapter 5 Initial Setup Example " The VLAN Group ID field in this screen and the VID field in the IP Setup screen refer to the same VLAN ID. 3 Since the VLAN2 network is connected to port 1 on the Switch, select Fixed to configure port 1 to be a permanent member of the VLAN only. 4 To ensure that VLAN-unaware devices (such as computers and hubs) can receive frames properly, clear the TX Tagging check box to set the Switch to remove VLAN tags before sending.
Chapter 5 Initial Setup Example 5.1.5 Enabling RIP To exchange routing information with other routing devices across different routing domains, enable RIP (Routing Information Protocol) in the RIP screen. 1 Click IP Application and RIP in the navigation panel. 2 Select Both in the Direction field to set the Switch to broadcast and receive routing information. 3 In the Version field, select RIP-1 for the RIP packet format that is universally supported.
Chapter 5 Initial Setup Example 68 ES-4124 User’s Guide
CHAPTER 6 System Status and Port Statistics This chapter describes the system status (web configurator home page) and port details screens. 6.1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details. 6.2 Port Status Summary To view the port statistics, click Status in all web configurator screens to display the Status screen as shown next. Figure 23 Status The following table describes the labels in this screen.
Chapter 6 System Status and Port Statistics Table 6 Status (continued) LABEL DESCRIPTION Link This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or 1000M for 1000Mbps) and the duplex (F for full duplex or H for half). It also shows the cable type (Copper or Fiber) for the combo ports. State If STP (Spanning Tree Protocol) is enabled, this field displays the STP state of the port (see Section 11.1.3 on page 111 for more information).
Chapter 6 System Status and Port Statistics Figure 24 Status: Port Details The following table describes the labels in this screen. Table 7 Status > Port Details LABEL DESCRIPTION Port Info Port NO. This field displays the port number you are viewing. Name This field displays the name of the port. Link This field displays the speed (either 10M for 10Mbps, 100M for 100Mbps or 1000M for 1000Mbps) and the duplex (F for full duplex or H for half duplex). It also shows the cable type (Copper or Fiber).
Chapter 6 System Status and Port Statistics Table 7 Status > Port Details (continued) LABEL Up Time DESCRIPTION This field shows the total amount of time the connection has been up. Tx Packet The following fields display detailed information about packets transmitted. TX Packet This field shows the number of good packets (unicast, multicast and broadcast) transmitted. Multicast This field shows the number of good multicast packets transmitted.
Chapter 6 System Status and Port Statistics Table 7 Status > Port Details (continued) LABEL DESCRIPTION 512-1023 This field shows the number of packets (including bad packets) received that were between 512 and 1023 octets in length. 10241518 This field shows the number of packets (including bad packets) received that were between 1024 and 1518 octets in length. Giant This field shows the number of packets dropped because they were bigger than the maximum frame size.
Chapter 6 System Status and Port Statistics 74 ES-4124 User’s Guide
CHAPTER 7 Basic Setting This chapter describes how to configure the System Info, General Setup, Switch Setup, IP Setup and Port Setup screens. 7.1 Overview The System Info screen displays general Switch information (such as firmware version number) and hardware polling information (such as fan speeds). The General Setup screen allows you to configure general Switch identification information.
Chapter 7 Basic Setting Figure 25 Basic Setting > System Info The following table describes the labels in this screen. Table 8 Basic Setting > System Info LABEL DESCRIPTION System Name This field displays the descriptive name of the Switch for identification purposes. ZyNOS F/W Version This field displays the version number of the Switch 's current firmware including the date created. Ethernet Address This field refers to the Ethernet MAC (Media Access Control) address of the Switch.
Chapter 7 Basic Setting Table 8 Basic Setting > System Info (continued) LABEL DESCRIPTION Current This field displays this fan's current speed in Revolutions Per Minute (RPM). MAX This field displays this fan's maximum speed measured in Revolutions Per Minute (RPM). MIN This field displays this fan's minimum speed measured in Revolutions Per Minute (RPM). "<41" is displayed for speeds too small to measure (under 2000 RPM).
Chapter 7 Basic Setting The following table describes the labels in this screen. Table 9 Basic Setting > General Setup 78 LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes. This name consists of up to 64 printable characters; spaces are allowed. Location Enter the geographic location of your Switch. You can use up to 32 printable ASCII characters; spaces are allowed. Contact Person's Name Enter the name of the person in charge of this Switch.
Chapter 7 Basic Setting Table 9 Basic Setting > General Setup (continued) LABEL DESCRIPTION End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Saving Time. The time field uses the 24 hour format. Here are a couple of examples: Daylight Saving Time ends in the United States on the first Sunday of November. Each time zone in the United States stops using Daylight Saving Time at 2 A.M. local time.
Chapter 7 Basic Setting Figure 27 Basic Setting > Switch Setup The following table describes the labels in this screen. Table 10 Basic Setting > Switch Setup LABEL DESCRIPTION VLAN Type Choose 802.1Q or Port Based. The VLAN Setup screen changes depending on whether you choose 802.1Q VLAN type or Port Based VLAN type in this screen. See Chapter 8 on page 89 for more information.
Chapter 7 Basic Setting Table 10 Basic Setting > Switch Setup (continued) LABEL DESCRIPTION Priority Queue Assignment IEEE 802.1p defines up to eight separate traffic types by inserting a tag into a MAC-layer frame that contains bits to define class of service. Frames without an explicit priority tag are given the default priority of the ingress port. Use the next two fields to configure the priority level-to-physical queue mapping.
Chapter 7 Basic Setting Figure 28 Basic Setting > IP Setup The following table describes the labels in this screen. Table 11 Basic Setting > IP Setup LABEL DESCRIPTION Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation, for example 192.168.1.254. Domain Name Server DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa.
Chapter 7 Basic Setting Table 11 Basic Setting > IP Setup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to reset the fields to your previous configuration.
Chapter 7 Basic Setting Figure 29 Basic Setting > Port Setup The following table describes the labels in this screen. Table 12 Basic Setting > Port Setup LABEL DESCRIPTION Port This is the port index number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them.
Chapter 7 Basic Setting Table 12 Basic Setting > Port Setup (continued) LABEL DESCRIPTION Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory causing packet discards and frame losses. Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port. The Switch uses IEEE 802.3x flow control in full duplex mode and backpressure flow control in half duplex mode. IEEE 802.
Chapter 7 Basic Setting 86 ES-4124 User’s Guide
P ART III Advanced Setup VLAN (89) Static MAC Forward Setup (105) Filtering (107) Spanning Tree Protocol (109) Bandwidth Control (129) Broadcast Storm Control (131) Mirroring (133) Link Aggregation (135) Port Authentication (143) Port Security (149) Classifier (153) Policy Rule (159) Queuing Method (165) VLAN Stacking (169) Multicast (175) Authentication & Accounting (189) IP Source Guard (203) Loop Guard (223) 87
CHAPTER 8 VLAN The type of screen you see here depends on the VLAN Type you selected in the Switch Setup screen. This chapter shows you how to configure 802.1Q tagged and port-based VLANs. 8.1 Introduction to IEEE 802.1Q Tagged VLANs A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN membership of a frame across bridges - they are not confined to the switch on which they were created. The VLANs can be created statically by hand or dynamically through GVRP.
Chapter 8 VLAN 8.2 Automatic VLAN Registration GARP and GVRP are the protocols used to automatically register VLAN membership across switches. 8.2.1 GARP GARP (Generic Attribute Registration Protocol) allows network switches to register and deregister attribute values with other GARP participants within a bridged LAN. GARP is a protocol that provides a generic mechanism for protocols that serve a more specific application, for example, GVRP. 8.2.1.1 GARP Timers Switches join VLANs by making a declaration.
Chapter 8 VLAN 8.3 Port VLAN Trunking Enable VLAN Trunking on a port to allow frames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices. Refer to the following figure. Suppose you want to create VLAN groups 1 and 2 (V1 and V2) on devices A and B.
Chapter 8 VLAN 8.5.1 Static VLAN Status See Section 8.1 on page 89 for more information on Static VLAN. Click Advanced Application > VLAN from the navigation panel to display the VLAN Status screen as shown next. Figure 32 Advanced Application > VLAN: VLAN Status The following table describes the labels in this screen. Table 14 Advanced Application > VLAN: VLAN Status LABEL DESCRIPTION The Number of VLAN This is the number of VLANs configured on the Switch. Index This is the VLAN index number.
Chapter 8 VLAN The following table describes the labels in this screen. Table 15 Advanced Application > VLAN > VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen. VID This is the VLAN identification number that was configured in the Static VLAN screen. Port Number This column displays the ports that are participating in a VLAN. A tagged port is marked as T, an untagged port is marked as U and ports not participating in a VLAN are marked as “–“.
Chapter 8 VLAN The following table describes the related labels in this screen. Table 16 Advanced Application > VLAN > Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings. Name Enter a descriptive name for the VLAN group for identification purposes. This name consists of up to 64 printable characters; spaces are allowed. VLAN Group ID Enter the VLAN ID for this static entry; the valid range is between 1 and 4094.
Chapter 8 VLAN Figure 35 Advanced Application > VLAN > VLAN Port Setting The following table describes the labels in this screen. Table 17 Advanced Application > VLAN > VLAN Port Setting LABEL DESCRIPTION GVRP GVRP (GARP VLAN Registration Protocol) is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network. Select this check box to permit VLAN groups beyond the local Switch.
Chapter 8 VLAN Table 17 Advanced Application > VLAN > VLAN Port Setting (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 8.
Chapter 8 VLAN 8.7 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown. " Subnet based VLAN applies to un-tagged packets and is applicable only when you use IEEE 802.1Q tagged VLAN. Figure 37 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN The following table describes the labels in this screen.
Chapter 8 VLAN Table 18 Advanced Application > VLAN > VLAN Port Setting > Subnet Based VLAN Setup LABEL DESCRIPTION Mask-Bits Enter the bit number of the subnet mask. To find the bit number, convert the subnet mask to binary format and add all the 1’s together. Take “255.255.255.0” for example. 255 converts to eight 1s in binary. There are three 255s, so add three eights together and you get the bit number (24).
Chapter 8 VLAN For example, port 1, 2, 3 and 4 belong to static VLAN 100, and port 4, 5, 6, 7 belong to static VLAN 120. You configure a protocol based VLAN A with priority 3 for ARP traffic received on port 1, 2 and 3. You also have a protocol based VLAN B with priority 2 for Apple Talk traffic received on port 6 and 7.
Chapter 8 VLAN The following table describes the labels in this screen. Table 19 Advanced Application > VLAN > VLAN Port Setting > Protocol Based VLAN Setup LABEL DESCRIPTION Active Check this box to activate this protocol based VLAN. Port Type a port to be included in this protocol based VLAN. This port must belong to a static VLAN in order to participate in a protocol based VLAN. See Chapter 8 on page 89 for more details on setting up VLANs.
Chapter 8 VLAN 6 Leave the priority set to 0 and click Add. Figure 40 Protocol Based VLAN Configuration Example To add more ports to this protocol based VLAN. 1 Click the index number of the protocol based VLAN entry. Click 1 2 Change the value in the Port field to the next port you want to add. 3 Click Add. 8.11 Port-based VLAN Setup Port-based VLANs are VLANs where the packet forwarding decision is based on the destination MAC address and its associated port.
Chapter 8 VLAN The port-based VLAN setup screen is shown next. The CPU management port forms a VLAN with all Ethernet ports. 8.11.1 Configure a Port-based VLAN Select Port Based as the VLAN Type in the Switch Setup screen and then click VLAN from the navigation panel to display the next screen.
Chapter 8 VLAN Figure 42 Advanced Application > VLAN: Port Based VLAN Setup (Port Isolation) ES-4124 User’s Guide 103
Chapter 8 VLAN The following table describes the labels in this screen. Table 20 Advanced Application > VLAN: Port Based VLAN Setup LABEL DESCRIPTION Setting Wizard Choose All connected or Port isolation. All connected means all ports can communicate with each other, that is, there are no virtual LANs. All incoming and outgoing ports are selected. This option is the most flexible but also the least secure.
CHAPTER 9 Static MAC Forward Setup Use these screens to configure static MAC address forwarding. 9.1 Overview This chapter discusses how to configure forwarding rules based on MAC addresses of devices on your network. 9.2 Configuring Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table. Static MAC addresses do not age out. When you set up static MAC address rules, you are setting static MAC addresses for a port.
Chapter 9 Static MAC Forward Setup The following table describes the labels in this screen. Table 21 Advanced Application > Static MAC Forwarding LABEL DESCRIPTION Active Select this check box to activate your rule. You may temporarily deactivate a rule without deleting it by clearing this check box. Name Enter a descriptive name for identification purposes for this static MAC address forwarding rule.
CHAPTER 10 Filtering This chapter discusses MAC address port filtering. 10.1 Configure a Filtering Rule Filtering means sifting traffic going through the Switch based on the source and/or destination MAC addresses and VLAN group (ID). Click Advanced Application > Filtering in the navigation panel to display the screen as shown next. Figure 44 Advanced Application > Filtering The following table describes the related labels in this screen.
Chapter 10 Filtering Table 22 Advanced Application > FIltering (continued) 108 LABEL DESCRIPTION Action Select Discard source to drop frame from the source MAC address (specified in the MAC field). The Switch can still send frames to the MAC address. Select Discard destination to drop frames to the destination MAC address (specified in the MAC address). The Switch can still receive frames originating from the MAC address.
CHAPTER 11 Spanning Tree Protocol The Switch supports Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) as defined in the following standards. • IEEE 802.1D Spanning Tree Protocol • IEEE 802.1w Rapid Spanning Tree Protocol • IEEE 802.1s Multiple Spanning Tree Protocol The Switch also allows you to set up multiple STP configurations (or trees). Ports can then be assigned to the trees. 11.
Chapter 11 Spanning Tree Protocol Path cost is the cost of transmitting a frame onto a LAN through that port. The recommended cost is assigned according to the speed of the link to which a port is attached. The slower the media, the higher the cost.
Chapter 11 Spanning Tree Protocol 11.1.3 STP Port States STP assigns five port states to eliminate packet looping. A bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops. Table 24 STP Port States PORT STATE DESCRIPTION Disabled STP is disabled (default). Blocking Only configuration and management BPDUs are received and processed. Listening All BPDUs are received and processed. Note: The listening state does not exist in RSTP.
Chapter 11 Spanning Tree Protocol 11.1.5 Multiple STP Multiple Spanning Tree Protocol (IEEE 802.1s) is backward compatible with STP/RSTP and addresses the limitations of existing spanning tree protocols (STP and RSTP) in networks to include the following features: • One Common and Internal Spanning Tree (CIST) that represents the entire network’s connectivity. • Grouping of multiple bridges (or switching devices) into regions that appear as one single bridge on the network.
Chapter 11 Spanning Tree Protocol Figure 47 MSTP Network Example A VLAN 1 VLAN 2 B 11.1.5.2 MST Region An MST region is a logical grouping of multiple network devices that appears as a single device to the rest of the network. Each MSTP-enabled device can only belong to one MST region. When BPDUs enter an MST region, external path cost (of paths outside this region) is increased by one. Internal path cost (of paths within this region) is increased by one when BPDUs traverse the region.
Chapter 11 Spanning Tree Protocol Figure 48 MSTIs in Different Regions 11.1.5.4 Common and Internal Spanning Tree (CIST) A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP/RSTP. The CIST is the default MST instance (MSTID 0). Any VLANs that are not members of an MST instance are members of the CIST. In an MSTP-enabled network, there is only one CIST that runs between MST regions and single spanning tree devices.
Chapter 11 Spanning Tree Protocol Figure 50 Advanced Application > Spanning Tree Protocol This screen differs depending on which STP mode (RSTP, MRSTP or MSTP) you configure on the Switch. This screen is described in detail in the section that follows the configuration section for each STP mode. Click Configuration to activate one of the STP standards on the Switch. 11.3 Spanning Tree Configuration Use the Spanning Tree Configuration screen to activate one of the STP modes on the Switch.
Chapter 11 Spanning Tree Protocol 11.4 Configure Rapid Spanning Tree Protocol Use this screen to configure RSTP settings, see Section 11.1 on page 109 for more information on RSTP. Click RSTP in the Advanced Application > Spanning Tree Protocol screen. Figure 52 Advanced Application > Spanning Tree Protocol > RSTP The following table describes the labels in this screen.
Chapter 11 Spanning Tree Protocol Table 26 Advanced Application > Spanning Tree Protocol > RSTP (continued) LABEL DESCRIPTION Bridge Priority Bridge priority is used in determining the root switch, root port and designated port. The switch with the highest priority (lowest numeric value) becomes the STP root switch. If all switches have the same priority, the switch with the lowest MAC address will then become the root switch. Select a value from the drop-down list box.
Chapter 11 Spanning Tree Protocol 11.5 Rapid Spanning Tree Protocol Status Click Advanced Application > Spanning Tree Protocol in the navigation panel to display the status screen as shown next. See Section 11.1 on page 109 for more information on RSTP. " This screen is only available after you activate RSTP on the Switch. Figure 53 Advanced Application > Spanning Tree Protocol > Status: RSTP The following table describes the labels in this screen.
Chapter 11 Spanning Tree Protocol Table 27 Advanced Application > Spanning Tree Protocol > Status: RSTP (continued) LABEL DESCRIPTION Topology Changed Times This is the number of times the spanning tree has been reconfigured. Time Since Last Change This is the time since the spanning tree was last reconfigured. 11.6 Configure Multiple Rapid Spanning Tree Protocol To configure MRSTP, click MRSTP in the Advanced Application > Spanning Tree Protocol screen. See Section 11.
Chapter 11 Spanning Tree Protocol Table 28 Advanced Application > Spanning Tree Protocol > MRSTP (continued) LABEL DESCRIPTION Active Select this check box to activate an STP tree. Clear this checkbox to disable an STP tree. Note: You must also activate Multiple Rapid Spanning Tree in the Advanced Application > Spanning Tree Protocol > Configuration screen to enable MRSTP on the Switch. Bridge Priority Bridge priority is used in determining the root switch, root port and designated port.
Chapter 11 Spanning Tree Protocol Table 28 Advanced Application > Spanning Tree Protocol > MRSTP (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 11.
Chapter 11 Spanning Tree Protocol Table 29 Advanced Application > Spanning Tree Protocol > Status: MRSTP (continued) LABEL DESCRIPTION Max Age (second) This is the maximum time (in seconds) a switch can wait without receiving a configuration message before attempting to reconfigure. Forwarding Delay (second) This is the time (in seconds) the root switch will wait before changing states (that is, listening to learning to forwarding). Note: The listening state does not exist in RSTP.
Chapter 11 Spanning Tree Protocol Figure 56 Advanced Application > Spanning Tree Protocol > MSTP ES-4124 User’s Guide 123
Chapter 11 Spanning Tree Protocol The following table describes the labels in this screen. Table 30 Advanced Application > Spanning Tree Protocol > MSTP LABEL DESCRIPTION Status Click Status to display the MSTP Status screen (see Figure 57 on page 126). Active Select this check box to activate MSTP on the Switch. Clear this checkbox to disable MSTP on the Switch.
Chapter 11 Spanning Tree Protocol Table 30 Advanced Application > Spanning Tree Protocol > MSTP (continued) LABEL DESCRIPTION VLAN Range Enter the start of the VLAN ID range that you want to add or remove from the VLAN range edit area in the Start field. Enter the end of the VLAN ID range that you want to add or remove from the VLAN range edit area in the End field. Next click: • Add - to add this range of VLAN(s) to be mapped to the MST instance.
Chapter 11 Spanning Tree Protocol " This screen is only available after you activate MSTP on the Switch. Figure 57 Advanced Application > Spanning Tree Protocol > Status: MSTP The following table describes the labels in this screen. Table 31 Advanced Application > Spanning Tree Protocol > Status: MSTP 126 LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you want to activate. Click MSTP to edit MSTP settings on the Switch.
Chapter 11 Spanning Tree Protocol Table 31 Advanced Application > Spanning Tree Protocol > Status: MSTP (continued) LABEL DESCRIPTION Forwarding Delay (second) This is the time (in seconds) the root switch will wait before changing states (that is, listening to learning to forwarding). Cost to Bridge This is the path cost from the root port on this Switch to the root switch.
Chapter 11 Spanning Tree Protocol 128 ES-4124 User’s Guide
CHAPTER 12 Bandwidth Control This chapter shows you how you can cap the maximum bandwidth using the Bandwidth Control screen. 12.1 Bandwidth Control Overview Bandwidth control means defining a maximum allowable bandwidth for incoming and/or outgoing traffic flows on a port. 12.1.1 CIR and PIR The Committed Information Rate (CIR) is the guaranteed bandwidth for the incoming traffic flow on a port.
Chapter 12 Bandwidth Control Figure 58 Advanced Application > Bandwidth Control The following table describes the related labels in this screen. Table 32 Advanced Application > Bandwidth Control LABEL DESCRIPTION Active Select this check box to enable bandwidth control on the Switch. Port This field displays the port number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
CHAPTER 13 Broadcast Storm Control This chapter introduces and shows you how to configure the broadcast storm control feature. 13.1 Broadcast Storm Control Setup Broadcast storm control limits the number of broadcast, multicast and destination lookup failure (DLF) packets the Switch receives per second on the ports. When the maximum number of allowable broadcast, multicast and/or DLF packets is reached per second, the subsequent packets are discarded.
Chapter 13 Broadcast Storm Control The following table describes the labels in this screen. Table 33 Advanced Application > Broadcast Storm Control LABEL DESCRIPTION Active Select this check box to enable traffic storm control on the Switch. Clear this check box to disable this feature. Port This field displays a port number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
CHAPTER 14 Mirroring This chapter discusses port mirroring setup screens. 14.1 Port Mirroring Setup Port mirroring allows you to copy a traffic flow to a monitor port (the port you copy the traffic to) in order that you can examine the traffic from the monitor port without interference. Click Advanced Application > Mirroring in the navigation panel to display the Mirroring screen. Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port.
Chapter 14 Mirroring The following table describes the labels in this screen. Table 34 Advanced Application > Mirroring LABEL DESCRIPTION Active Select this check box to activate port mirroring on the Switch. Clear this check box to disable the feature. Monitor Port The monitor port is the port you copy the traffic to in order to examine it in more detail without interfering with the traffic flow on the original port(s). Enter the port number of the monitor port.
CHAPTER 15 Link Aggregation This chapter shows you how to logically aggregate physical links to form one logical, higherbandwidth link. 15.1 Link Aggregation Overview Link aggregation (trunking) is the grouping of physical ports into one logical higher-capacity link. You may want to trunk ports if for example, it is cheaper to use multiple lower-speed links than to under-utilize a high-speed, but more costly, single-port link. However, the more ports you aggregate then the fewer available ports you have.
Chapter 15 Link Aggregation • You must connect all ports point-to-point to the same Ethernet switch and configure the ports for LACP trunking. • LACP only works on full-duplex links. • All ports in the same trunk group must have the same media type, speed, duplex mode and flow control settings. Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network topology loops. 15.2.
Chapter 15 Link Aggregation Table 37 Advanced Application > Link Aggregation Status (continued) LABEL DESCRIPTION Synchronized Ports These are the ports that are currently transmitting data as one logical link in this trunk group. Aggregator ID Link Aggregator ID consists of the following: system priority, MAC address, key, port priority and port number. Refer to Section 15.2.1 on page 136 for more information on this field. Status This field displays how these ports were added to the trunk group.
Chapter 15 Link Aggregation The following table describes the labels in this screen. Table 38 Advanced Application > Link Aggregation > Link Aggregation Setting LABEL DESCRIPTION Link Aggregation Setting This is the only screen you need to configure to enable static link aggregation. Group ID The field identifies the link aggregation group, that is, one logical link containing multiple ports. Active Select this option to activate a trunk group. Port This field displays the port number.
Chapter 15 Link Aggregation Figure 63 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP The following table describes the labels in this screen. Table 39 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP LABEL Link Aggregation Control Protocol DESCRIPTION Note: Do not configure this screen unless you want to enable dynamic link aggregation. Active Select this checkbox to enable Link Aggregation Control Protocol (LACP).
Chapter 15 Link Aggregation Table 39 Advanced Application > Link Aggregation > Link Aggregation Setting > LACP LABEL DESCRIPTION * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them.
Chapter 15 Link Aggregation Figure 65 Trunking Example - Configuration Screen Your trunk group 1 (T1) configuration is now complete; you do not need to go to any additional screens.
Chapter 15 Link Aggregation 142 ES-4124 User’s Guide
CHAPTER 16 Port Authentication This chapter describes the IEEE 802.1x and MAC authentication methods. 16.1 Port Authentication Overview Port authentication is a way to validate access to ports on the Switch to clients based on an external server (authentication server). The Switch supports the following methods for port authentication: • IEEE 802.1x2 - An authentication server validates access to a port based on a username and password provided by the user.
Chapter 16 Port Authentication Figure 66 IEEE 802.1x Authentication Process 1 New Connection 2 Login Info Request 3 Login Credentials 4 Authentication Request 5 Authentication Reply Session Granted/Denied 16.1.2 MAC Authentication MAC authentication works in a very similar way to IEEE 802.1x authentication. The main difference is that the Switch does not prompt the client for login credentials.
Chapter 16 Port Authentication 16.2 Port Authentication Configuration To enable port authentication, first activate the port authentication method(s) you want to use (both on the Switch and the port(s)) then configure the RADIUS server settings in the Auth and Acct > Radius Server Setup screen. Click Advanced Application > Port Authentication in the navigation panel to display the screen as shown. Figure 68 Advanced Application > Port Authentication 16.2.1 Activate IEEE 802.
Chapter 16 Port Authentication The following table describes the labels in this screen. Table 40 Advanced Application > Port Authentication > 802.1x LABEL DESCRIPTION Active Select this check box to permit 802.1x authentication on the Switch. Note: You must first enable 802.1x authentication on the Switch before configuring it on each port. Port This field displays a port number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Chapter 16 Port Authentication Figure 70 Advanced Application > Port Authentication > MAC Authentication The following table describes the labels in this screen. Table 41 Advanced Application > Port Authentication > MAC Authentication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch. Note: You must first enable MAC authentication on the Switch before configuring it on each port.
Chapter 16 Port Authentication Table 41 Advanced Application > Port Authentication > MAC Authentication (continued) LABEL DESCRIPTION * Use this row to make the setting the same for all ports. Use this row first and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. 148 Active Select this checkbox to permit MAC authentication on this port.
CHAPTER 17 Port Security This chapter shows you how to set up port security. 17.1 About Port Security Port security allows only packets with dynamically learned MAC addresses and/or configured static MAC addresses to pass through a port on the Switch. The Switch can learn up to 16K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 16K. For maximum port security, enable this feature, disable MAC address learning and configure static MAC address(es) for a port.
Chapter 17 Port Security Figure 71 Advanced Application > Port Security The following table describes the labels in this screen. Table 42 Advanced Application > Port Security LABEL DESCRIPTION Active Select this option to enable port security on the Switch. Port This field displays a port number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports.
Chapter 17 Port Security Table 42 Advanced Application > Port Security (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh.
Chapter 17 Port Security 152 ES-4124 User’s Guide
CHAPTER 18 Classifier This chapter introduces and shows you how to configure the packet classifier on the Switch. 18.1 About the Classifier and QoS Quality of Service (QoS) refers to both a network's ability to deliver data with minimum delay, and the networking methods used to control the use of bandwidth. Without QoS, all traffic data is equally likely to be dropped when the network is congested.
Chapter 18 Classifier Figure 72 Advanced Application > Classifier The following table describes the labels in this screen. Table 43 Advanced Application > Classifier LABEL DESCRIPTION Active Select this option to enable this rule. Name Enter a descriptive name for this rule for identifying purposes. Packet Format Specify the format of the packet. Choices are All, 802.3 tagged, 802.3 untagged, Ethernet II tagged and Ethernet II untagged. A value of 802.
Chapter 18 Classifier Table 43 Advanced Application > Classifier (continued) LABEL DESCRIPTION Ethernet Type Select an Ethernet type or select Other and enter the Ethernet type number in hexadecimal value. Refer to Table 45 on page 156 for information. Source MAC Address Select Any to apply the rule to all MAC addresses. To specify a source, select the second choice and type a MAC address in valid MAC address format (six hexadecimal character pairs).
Chapter 18 Classifier 18.3 Viewing and Editing Classifier Configuration To view a summary of the classifier configuration, scroll down to the summary table at the bottom of the Classifier screen. To change the settings of a rule, click a number in the Index field. " When two rules conflict with each other, a higher layer rule has priority over lower layer rule. Figure 73 Advanced Application > Classifier: Summary Table The following table describes the labels in this screen.
Chapter 18 Classifier Some of the most common IP ports are: Table 46 Common IP Ports PORT NUMBER PORT NAME 21 FTP 23 Telnet 25 SMTP 53 DNS 80 HTTP 110 POP3 18.4 Classifier Example The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00:50:ba:ad:4f:81 on port 2. After you have configured a classifier, you can configure a policy (in the Policy screen) to define action(s) on the classified traffic flow.
Chapter 18 Classifier Figure 74 Classifier: Example 158 ES-4124 User’s Guide
CHAPTER 19 Policy Rule This chapter shows you how to configure policy rules. 19.1 Policy Rules Overview A classifier distinguishes traffic into flows based on the configured criteria (refer to Chapter 18 on page 153 for more information). A policy rule ensures that a traffic flow gets the requested treatment in the network. 19.1.
Chapter 19 Policy Rule 19.2 Configuring Policy Rules You must first configure a classifier in the Classifier screen. Refer to Section 18.2 on page 153 for more information. Click Advanced Applications > Policy Rule in the navigation panel to display the screen as shown.
Chapter 19 Policy Rule The following table describes the labels in this screen. Table 47 Advanced Application > Policy Rule LABEL DESCRIPTION Active Select this option to enable the policy. Name Enter a descriptive name for identification purposes. Classifier(s) This field displays the active classifier(s) you configure in the Classifier screen. Select the classifier(s) to which this policy rule applies. To select more than one classifier, press [SHIFT] and select the choices at the same time.
Chapter 19 Policy Rule Table 47 Advanced Application > Policy Rule (continued) LABEL DESCRIPTION Outgoing Select Send the packet to the mirror port to send the packet to the mirror port. Select Send the packet to the egress port to send the packet to the egress port. Select Send the matching frames (broadcast or DLF, multicast, marked for dropping or to be sent to the CPU) to the egress port to send the broadcast, multicast, DLF, marked-to-drop or CPU frames to the egress port.
Chapter 19 Policy Rule 19.4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out-of-profile traffic on a traffic flow classified using the Example classifier (refer to Section 18.4 on page 157).
Chapter 19 Policy Rule 164 ES-4124 User’s Guide
CHAPTER 20 Queuing Method This chapter introduces the queuing methods supported. 20.1 Queuing Method Overview Queuing is used to help solve performance degradation when there is network congestion. Use the Queuing Method screen to configure queuing algorithms for outgoing traffic. See also Priority Queue Assignment in Switch Setup and 802.1p Priority in Port Setup for related information.
Chapter 20 Queuing Method 20.1.3 Weighted Round Robin Scheduling (WRR) Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle. A queue is a given an amount of bandwidth irrespective of the incoming traffic on that port. This queue then moves to the back of the list. The next queue is given an equal amount of bandwidth, and then moves to the end of the list; and so on, depending on the number of queues being used.
Chapter 20 Queuing Method Figure 78 Advanced Application > Queuing Method The following table describes the labels in this screen. Table 49 Advanced Application > Queuing Method LABEL DESCRIPTION Method Select SPQ (Strictly Priority Queuing), WFQ (Weighted Fair Queuing) or WRR (Weighted Round Robin). Strictly Priority services queues based on priority only. When the highest priority queue empties, traffic on the next highest-priority queue begins. Q7 has the highest priority and Q0 the lowest.
Chapter 20 Queuing Method Table 49 Advanced Application > Queuing Method (continued) LABEL DESCRIPTION * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them. 168 Weight When you select WFQ or WRR enter the queue weight here.
CHAPTER 21 VLAN Stacking This chapter shows you how to configure VLAN stacking on your Switch. See the chapter on VLANs for more background information on Virtual LAN 21.1 VLAN Stacking Overview A service provider can use VLAN stacking to allow it to distinguish multiple customers VLANs, even those with the same (customer-assigned) VLAN ID, within its network. Use VLAN stacking to add an outer VLAN tag to the inner IEEE 802.1Q tagged frames that enter the network.
Chapter 21 VLAN Stacking Figure 79 VLAN Stacking Example 21.2 VLAN Stacking Port Roles Each port can have three VLAN stacking “roles”, Normal, Access Port and Tunnel (the latter is for Gigabit ports only). • Select Normal for “regular” (non-VLAN stacking) IEEE 802.1Q frame switching. • Select Access Port for ingress ports on the service provider's edge devices (1 and 2 in the VLAN stacking example figure). The incoming frame is treated as "untagged", so a second VLAN tag (outer VLAN tag) can be added.
Chapter 21 VLAN Stacking 21.3 VLAN Tag Format A VLAN tag (service provider VLAN stacking or customer IEEE 802.1Q) consists of the following three fields. Table 50 VLAN Tag Format Type Priority VID Type is a standard Ethernet type code identifying the frame and indicates that whether the frame carries IEEE 802.1Q tag information. SP TPID (Service Provider Tag Protocol Identifier) is the service provider VLAN stacking tag type. Many vendors use 0x8100 or 0x9100.
Chapter 21 VLAN Stacking Table 52 802.1Q Frame (SP)TPID (Service Provider) Tag Protocol IDentifier Data Frame data VID FCS Frame Check Sequence VLAN ID 21.4 Configuring VLAN Stacking Click Advanced Applications > VLAN Stacking to display the screen as shown. Figure 80 Advanced Application > VLAN Stacking The following table describes the labels in this screen. Table 53 Advanced Application > VLAN Stacking LABEL DESCRIPTION Active Select this checkbox to enable VLAN stacking on the Switch.
Chapter 21 VLAN Stacking Table 53 Advanced Application > VLAN Stacking (continued) LABEL DESCRIPTION Role Select Normal to have the Switch ignore frames received (or transmitted) on this port with VLAN stacking tags. Anything you configure in SPVID and Priority are ignored. Select Access Port to have the Switch add the SP TPID tag to all incoming frames received on this port. Select Access Port for ingress ports at the edge of the service provider's network.
Chapter 21 VLAN Stacking 174 ES-4124 User’s Guide
CHAPTER 22 Multicast This chapter shows you how to configure various multicast features. 22.1 Multicast Overview Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast delivers IP packets to just a group of hosts on the network. IGMP (Internet Group Management Protocol) is a network-layer protocol used to establish membership in a multicast group - it is not used to carry user data.
Chapter 22 Multicast The Switch forwards multicast traffic destined for multicast groups (that it has learned from IGMP snooping or that you have manually configured) to ports that are members of that group. IGMP snooping generates no additional network traffic, allowing you to significantly reduce multicast traffic passing through your Switch. 22.1.4 IGMP Snooping and VLANs The Switch can perform IGMP snooping on up to 16 VLANs.
Chapter 22 Multicast Figure 82 Advanced Application > Multicast > Multicast Setting The following table describes the labels in this screen. Table 55 Advanced Application > Multicast > Multicast Setting LABEL DESCRIPTION IGMP Snooping Use these settings to configure IGMP Snooping. Active Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group.
Chapter 22 Multicast Table 55 Advanced Application > Multicast > Multicast Setting (continued) LABEL DESCRIPTION Reserved Multicast Group Multicast addresses (224.0.0.0 to 224.0.0.255) are reserved for the local scope. For examples, 224.0.0.1 is for all hosts in this subnet, 224.0.0.2 is for all multicast routers in this subnet, etc. A router will not forward a packet with the destination IP address within this range. See the IANA web site for more information.
Chapter 22 Multicast Figure 83 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN The following table describes the labels in this screen. Table 56 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN LABEL DESCRIPTION Mode Select auto to have the Switch learn multicast group membership information of any VLANs automatically. Select fixed to have the Switch only learn multicast group membership information of the VLAN(s) that you specify below.
Chapter 22 Multicast Table 56 Advanced Application > Multicast > Multicast Setting > IGMP Snooping VLAN LABEL DESCRIPTION Index This is the number of the IGMP snooping VLAN entry in the table. Name This field displays the descriptive name for this VLAN group. VID This field displays the ID number of the VLAN group. Delete Check the rule(s) that you want to remove in the Delete column, then click the Delete button. Cancel Click Cancel to clear the Delete check boxes. 22.
Chapter 22 Multicast Table 57 Advanced Application > Multicast > Multicast Setting > IGMP Filtering Profile LABEL DESCRIPTION Add Click Add to save the profile to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Clear Click Clear to clear the fields to the factory defaults.
Chapter 22 Multicast 22.6.2 MVR Modes You can set your Switch to operate in either dynamic or compatible mode. In dynamic mode, the Switch sends IGMP leave and join reports to the other multicast devices (such as multicast routers or servers) in the multicast VLAN. This allows the multicast devices to update the multicast forwarding table to forward or not forward multicast traffic to the receiver ports. In compatible mode, the Switch does not send any IGMP reports.
Chapter 22 Multicast " Your Switch automatically creates a static VLAN (with the same VID) when you create a multicast VLAN in this screen. Figure 87 Advanced Application > Multicast > Multicast Setting > MVR The following table describes the related labels in this screen. Table 58 Advanced Application > Multicast > Multicast Setting > MVR LABEL DESCRIPTION Active Select this check box to enable MVR to allow one single multicast VLAN to be shared among different subscriber VLANs on the network.
Chapter 22 Multicast Table 58 Advanced Application > Multicast > Multicast Setting > MVR (continued) LABEL DESCRIPTION * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them.
Chapter 22 Multicast Figure 88 Advanced Application > Multicast > Multicast Setting > MVR: Group Configuration The following table describes the labels in this screen. Table 59 Advanced Application > Multicast > Multicast Setting > MVR: Group Configuration LABEL DESCRIPTION Multicast VLAN ID Select a multicast VLAN ID (that you configured in the MVR screen) from the dropdown list box. Name Enter a descriptive name for identification purposes.
Chapter 22 Multicast Figure 89 MVR Configuration Example To configure the MVR settings on the Switch, create a multicast group in the MVR screen and set the receiver and source ports. Figure 90 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers, configure multicast group settings in the Group Configuration screen. The following figure shows an example where two multicast groups (News and Movie) are configured for the multicast VLAN 200.
Chapter 22 Multicast Figure 91 MVR Group Configuration Example Figure 92 MVR Group Configuration Example ES-4124 User’s Guide 187
Chapter 22 Multicast 188 ES-4124 User’s Guide
CHAPTER 23 Authentication & Accounting This chapter describes how to configure authentication and accounting settings on the Switch. 23.1 Authentication, Authorization and Accounting Authentication is the process of determining who a user is and validating access to the Switch. The Switch can authenticate users who try to log in based on user accounts configured on the Switch itself.
Chapter 23 Authentication & Accounting 23.1.2 RADIUS and TACACS+ RADIUS and TACACS+ are security protocols used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device. In essence, RADIUS and TACACS+ authentication both allow you to validate an unlimited number of users from a central location. The following table describes some key differences between RADIUS and TACACS+.
Chapter 23 Authentication & Accounting Figure 95 Advanced Application > Auth and Acct > RADIUS Server Setup The following table describes the labels in this screen. Table 61 Advanced Application > Auth and Acct > RADIUS Server Setup LABEL DESCRIPTION Authentication Server Use this section to configure your RADIUS authentication settings. Mode This field is only valid if you configure multiple RADIUS servers.
Chapter 23 Authentication & Accounting Table 61 Advanced Application > Auth and Acct > RADIUS Server Setup (continued) LABEL DESCRIPTION Delete Check this box if you want to remove an existing RADIUS server entry from the Switch. This entry is deleted when you click Apply. Apply Click Apply to save your changes to the Switch’s run-time memory.
Chapter 23 Authentication & Accounting Figure 96 Advanced Application > Auth and Acct > TACACS+ Server Setup The following table describes the labels in this screen. Table 62 Advanced Application > Auth and Acct > TACACS+ Server Setup LABEL DESCRIPTION Authentication Server Use this section to configure your TACACS+ authentication settings. Mode This field is only valid if you configure multiple TACACS+ servers.
Chapter 23 Authentication & Accounting Table 62 Advanced Application > Auth and Acct > TACACS+ Server Setup (continued) LABEL DESCRIPTION Shared Secret Specify a password (up to 32 alphanumeric characters) as the key to be shared between the external TACACS+ server and the Switch. This key is not sent over the network. This key must be the same on the external TACACS+ server and the Switch. Delete Check this box if you want to remove an existing TACACS+ server entry from the Switch.
Chapter 23 Authentication & Accounting Figure 97 Advanced Application > Auth and Acct > Auth and Acct Setup The following table describes the labels in this screen. Table 63 Advanced Application > Auth and Acct > Auth and Acct Setup LABEL DESCRIPTION Authentication Use this section to specify the methods used to authenticate users accessing the Switch.
Chapter 23 Authentication & Accounting Table 63 Advanced Application > Auth and Acct > Auth and Acct Setup (continued) 196 LABEL DESCRIPTION Login These fields specify which database the Switch should use (first, second and third) to authenticate administrator accounts (users for Switch management). Configure the local user accounts in the Access Control > Logins screen. The TACACS+ and RADIUS are external servers.
Chapter 23 Authentication & Accounting Table 63 Advanced Application > Auth and Acct > Auth and Acct Setup (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 23.2.
Chapter 23 Authentication & Accounting Table 64 Supported VSAs FUNCTION ATTRIBUTE Egress Bandwidth Assignment Vendor-Id = 890 Vendor-Type = 2 Vendor-data = egress rate (Kbps in decimal format) Privilege Assignment Vendor-ID = 890 Vendor-Type = 3 Vendor-Data = "shell:priv-lvl=N" or Vendor-ID = 9 (CISCO) Vendor-Type = 1 (CISCO-AVPAIR) Vendor-Data = "shell:priv-lvl=N" where N is a privilege level (from 0 to 14).
Chapter 23 Authentication & Accounting 23.3.1 Attributes Used for Authentication The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication. 23.3.1.1 Attributes Used for Authenticating Privilege Access User-Name - the format of the User-Name attribute is $enab#$, where # is the privilege level (1=14) User-Password NAS-Identifier NAS-IP-Address 23.3.1.2 Attributes Used to Login Users User-Name User-Password NAS-Identifier NAS-IP-Address 23.3.1.
Chapter 23 Authentication & Accounting 23.3.2.
Chapter 23 Authentication & Accounting Table 68 RADIUS Attributes - Exec Events via Console ATTRIBUTE START INTERIM-UPDATE STOP Calling-Station-Id D D D NAS-Identifier D D D NAS-Port-Type D D D Acct-Status-Type D D D Acct-Delay-Time D D D Acct-Session-Id D D D Acct-Authentic D D D Acct-Input-Octets D D Acct-Output-Octets D D Acct-Session-Time D D Acct-Input-Packets D D Acct-Output-Packets D D Acct-Terminate-Cause D Acct-Input-Gigawords D D Acct-Output-Giga
Chapter 23 Authentication & Accounting 202 ES-4124 User’s Guide
CHAPTER 24 IP Source Guard Use IP source guard to filter unauthorized DHCP and ARP packets in your network. 24.1 IP Source Guard Overview IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in your network. A binding contains these key attributes: • • • • MAC address VLAN ID IP address Port number When the Switch receives a DHCP or ARP packet, it looks up the appropriate MAC address, VLAN ID, IP address, and port number in the binding table.
Chapter 24 IP Source Guard Trusted ports are connected to DHCP servers or other switches. The Switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high. The Switch learns dynamic bindings from trusted ports. " The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports. Untrusted ports are connected to subscribers.
Chapter 24 IP Source Guard 24.1.1.3 DHCP Relay Option 82 Information The Switch can add information to DHCP requests that it does not discard. This provides the DHCP server more information about the source of the requests. The Switch can add the following information: • Slot ID (1 byte), port ID (1 byte), and source VLAN ID (2 bytes) • System name (up to 32 bytes) This information is stored in an Agent Information field in the option 82 field of the DHCP headers of client DHCP request frames.
Chapter 24 IP Source Guard 24.1.2.1 ARP Inspection and MAC Address Filters When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet. You can configure how long the MAC address filter remains in the Switch. These MAC address filters are different than regular MAC address filters (Chapter 10 on page 107). • They are stored only in volatile memory.
Chapter 24 IP Source Guard 24.2 IP Source Guard Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized packets in the network. The Switch learns the bindings by snooping DHCP packets (dynamic bindings) and from information provided manually by administrators (static bindings). To open this screen, click Advanced Application > IP Source Guard.
Chapter 24 IP Source Guard Figure 101 IP Source Guard Static Binding The following table describes the labels in this screen. Table 70 IP Source Guard Static Binding 208 LABEL DESCRIPTION MAC Address Enter the source MAC address in the binding. IP Address Enter the IP address assigned to the MAC address in the binding. VLAN Enter the source VLAN ID in the binding. Port Specify the port(s) in the binding.
Chapter 24 IP Source Guard 24.4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping.
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 71 DHCP Snooping LABEL DESCRIPTION Database Status This section displays the current settings for the DHCP snooping database. You can configure them in the DHCP Snooping Configure screen. See Section 24.5 on page 212. Agent URL This field displays the location of the DHCP snooping database.
Chapter 24 IP Source Guard Table 71 DHCP Snooping (continued) LABEL DESCRIPTION Successful writes This field displays the number of times the Switch updated the bindings in the DHCP snooping database successfully. Failed writes This field displays the number of times the Switch was unable to update the bindings in the DHCP snooping database. Database detail First successful access This field displays the first time the Switch accessed the DHCP snooping database for any reason.
Chapter 24 IP Source Guard 24.5 DHCP Snooping Configure Use this screen to enable DHCP snooping on the Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and configure the DHCP snooping database. The DHCP snooping database stores the current bindings on a secure, external TFTP server so that they are still available after a restart. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure.
Chapter 24 IP Source Guard Table 72 DHCP Snooping Configure (continued) LABEL DESCRIPTION Database If Timeout interval is greater than Write delay interval, it is possible that the next update is scheduled to occur before the current update has finished successfully or timed out. In this case, the Switch waits to start the next update until it completes the current one. Agent URL Enter the location of the DHCP snooping database.
Chapter 24 IP Source Guard Figure 104 DHCP Snooping Port Configure The following table describes the labels in this screen. Table 73 DHCP Snooping Port Configure 214 LABEL DESCRIPTION Port This field displays the port number. If you configure the * port, the settings are applied to all of the ports. Server Trusted state Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted).
Chapter 24 IP Source Guard 24.5.2 DHCP Snooping VLAN Configure Use this screen to enable DHCP snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82 information (Chapter 33 on page 263) to DHCP requests that the Switch relays to a DHCP server for each VLAN. To open this screen, click Advanced Application > IP Source Guard > DHCP Snooping > Configure > VLAN. Figure 105 DHCP Snooping VLAN Configure The following table describes the labels in this screen.
Chapter 24 IP Source Guard 24.6 ARP Inspection Status Use this screen to look at the current list of MAC address filters that were created because the Switch identified an unauthorized ARP packet. When the Switch identifies an unauthorized ARP packet, it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection.
Chapter 24 IP Source Guard Figure 107 ARP Inspection VLAN Status The following table describes the labels in this screen. Table 76 ARP Inspection VLAN Status LABEL DESCRIPTION Show VLAN range Use this section to specify the VLANs you want to look at in the section below. Enabled VLAN Select this to look at all the VLANs on which ARP inspection is enabled in the section below. Selected VLAN Select this to look at all the VLANs in a specific range in the section below.
Chapter 24 IP Source Guard Figure 108 ARP Inspection Log Status The following table describes the labels in this screen. Table 77 ARP Inspection Log Status 218 LABEL DESCRIPTION Clearing log status table Click Apply to remove all the log messages that were generated by ARP packets and that have not been sent to the syslog server yet. Total number of logs This field displays the number of log messages that were generated by ARP packets and that have not been sent to the syslog server yet.
Chapter 24 IP Source Guard 24.7 ARP Inspection Configure Use this screen to enable ARP inspection on the Switch. You can also configure the length of time the Switch stores records of discarded ARP packets and global settings for the ARP inspection log. To open this screen, click Advanced Application > IP Source Guard > ARP Inspection > Configure. Figure 109 ARP Inspection Configure The following table describes the labels in this screen.
Chapter 24 IP Source Guard Table 78 ARP Inspection Configure (continued) LABEL DESCRIPTION Syslog rate Enter the maximum number of syslog messages the Switch can send to the syslog server in one batch. This number is expressed as a rate because the batch frequency is determined by the Log Interval. You must configure the syslog server (Chapter 38 on page 309) to use this. Enter 0 if you do not want the Switch to send log messages generated by ARP packets to the syslog server.
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 79 ARP Inspection Port Configure LABEL DESCRIPTION Port This field displays the port number. If you configure the * port, the settings are applied to all of the ports. Trusted State Select whether this port is a trusted port (Trusted) or an untrusted port (Untrusted). The Switch does not discard ARP packets on trusted ports for any reason.
Chapter 24 IP Source Guard The following table describes the labels in this screen. Table 80 ARP Inspection VLAN Configure 222 LABEL DESCRIPTION VLAN Use this section to specify the VLANs you want to manage in the section below. Start VID Enter the lowest VLAN ID you want to manage in the section below. End VID Enter the highest VLAN ID you want to manage in the section below. Apply Click this to display the specified range of VLANs in the section below.
CHAPTER 25 Loop Guard This chapter shows you how to configure the Switch to guard against loops on the edge of your network. 25.1 Loop Guard Overview Loop guard allows you to configure the Switch to shut down a port if it detects that packets sent out on that port loop back to the Switch. While you can use Spanning Tree Protocol (STP) to prevent loops in the core of your network. STP cannot prevent loops that occur on the edge of your network.
Chapter 25 Loop Guard The following figure shows port N on switch A connected to switch B. Switch B is in loop state. When broadcast or multicast packets leave port N and reach switch B, they are sent back to port N on A as they are rebroadcast from B. Figure 113 Switch in Loop State B A N The loop guard feature checks to see if a loop guard enabled port is connected to a switch in loop state. This is accomplished by periodically sending a probe packet and seeing if the packet returns on the same port.
Chapter 25 Loop Guard " After resolving the loop problem on your network you can re-activate the disabled port via the web configurator (see Section 7.7 on page 83) or via commands (see Section 45.12.4 on page 375). 25.2 Loop Guard Setup Click Advanced Application > Loop Guard in the navigation panel to display the screen as shown. " The loop guard feature can not be enabled on the ports that have Spanning Tree Protocol (RSTP, MRSTP or MSTP) enabled.
Chapter 25 Loop Guard Table 81 Advanced Application > Loop Guard (continued) 226 LABEL DESCRIPTION Active Select this check box to enable the loop guard feature on this port. The Switch sends probe packets from this port to check if the Switch it is connected to is in loop state. If the Switch that this port is connected is in loop state the Switch will shut down this port. Clear this check box to disable the loop guard feature. Apply Click Apply to save your changes to the Switch’s run-time memory.
P ART IV IP Application Static Route (229) RIP (231) OSPF (233) IGMP (245) DVMRP (249) IP Multicast (253) Differentiated Services (255) DHCP (263) VRRP (271) 227
CHAPTER 26 Static Route This chapter shows you how to configure static routes. 26.1 Configuring Static Routing Static routes tell the Switch how to forward IP traffic when you configure the TCP/IP parameters manually. Click IP Application > Static Routing in the navigation panel to display the screen as shown. Figure 117 IP Application > Static Routing The following table describes the related labels you use to create a static route.
Chapter 26 Static Route Table 82 IP Application > Static Routing (continued) 230 LABEL DESCRIPTION Metric The metric represents the “cost” of transmission for routing purposes. IP routing uses hop count as the measurement of cost, with a minimum of 1 for directly connected networks. Enter a number that approximates the cost for this link. The number need not be precise, but it must be between 1 and 15. In practice, 2 or 3 is usually a good number.
CHAPTER 27 RIP This chapter shows you how to configure RIP (Routing Information Protocol). 27.1 RIP Overview RIP (Routing Information Protocol) allows a routing device to exchange routing information with other routers. The Direction field controls the sending and receiving of RIP packets. When set to: • Both - the Switch will broadcast its routing table periodically and incorporate the RIP information that it receives.
Chapter 27 RIP Figure 118 IP Application > RIP The following table describes the labels in this screen. Table 83 IP Application > RIP 232 LABEL DESCRIPTION Active Select this check box to enable RIP on the Switch. Index This field displays the index number of an IP interface. Network This field displays the IP interface configured on the Switch. Refer to the section on IP Setup for more information on configuring IP domains. Direction Select the RIP direction from the drop-down list box.
CHAPTER 28 OSPF This chapter describes the OSPF (Open Shortest Path First) routing protocol and shows you how to configure OSPF. 28.1 OSPF Overview OSPF (Open Shortest Path First) is a link-state protocol designed to distribute routing information within an autonomous system (AS). An autonomous system is a collection of networks using a common routing protocol to exchange routing information. OSPF offers some advantages over traditional vector-space routing protocols (such as RIP).
Chapter 28 OSPF The following figure depicts an OSPF network example. The backbone is area 0 with a backbone router. The internal routers are in area 1 and 2. The area border routers connect area 1 and 2 to the backbone. Figure 119 OSPF Network Example 28.1.2 How OSPF Works Layer 3 devices exchange routing information to build synchronized link state database within the same AS or area.
Chapter 28 OSPF Figure 120 OSPF Router Election Example You can assign a priority to an interface which determines whether this router will be elected to be a DR or BDR. The router with the highest priority becomes the DR, while a router with a priority of 0 does not participate in router elections. In Figure 120 on page 235 you can assign a priority of 0 to routers B and C, thereby ensuring they do not become DR or BDR and assign a priority of 1 to router A to make sure that it does become the DR. 28.1.
Chapter 28 OSPF Figure 121 IP Application > OSPF Status The following table describes the labels in this screen. Table 86 IP Application > OSPF Status LABEL DESCRIPTION OSPF This field displays whether OSPF is activated (Running) or not (Down). Interface The text box displays the OSPF status of the interface(s) on the Switch. Neighbor The text box displays the status of the neighboring router participating in the OSPF network.
Chapter 28 OSPF Table 87 OSPF Status: Common Output Fields (continued) FIELD DESCRIPTION State This field displays the state of the Switch (backup or DR (designated router)). Priority This field displays the priority of the Switch. This number is used in the designated router election. Designated Router This field displays the router ID of the designated router. Backup Designated Router This field displays the router ID of a backup designated router.
Chapter 28 OSPF Figure 122 IP Application > OSPF Configuration: Activating and General Settings The follow table describes the related labels in this screen. Table 88 IP Application > OSPF Configuration: Activating and General Settings LABEL DESCRIPTION Active OSPF is disabled by default. Select this option to enable it. Router ID Router ID uniquely identifies the Switch in an OSPF. Enter a unique ID (that uses the format of an IP address in dotted decimal notation) for the Switch.
Chapter 28 OSPF 28.4 Configure OSPF Areas To ensure that the Switch receives only routing information from a trusted layer 3 devices, activate authentication. The OSPF supports three authentication methods: • None – no authentication is used. • Simple – authenticate link state updates using an 8 printable ASCII character password. • MD5 – authenticate link state updates using a 16 printable ASCII character password. To configure an area, set the related fields in the OSPF Configuration screen.
Chapter 28 OSPF Table 89 IP Application > OSPF Configuration: Area Setup (continued) LABEL DESCRIPTION Stub Network Select this option to set the area as a stub area. If you enter 0.0.0.0 in the Area ID field, the settings in the Stub Area fields are ignored. No Summary Select this option to set the Switch to not send/receive LSAs. Default Route Cost Specify a cost (between 0 and 16777214) used to add a default route into a stub area for routes which are external to an OSPF domain.
Chapter 28 OSPF In the OSPF Configuration screen, click Interface to display the OSPF Interface screen. Figure 125 IP Application > OSPF Configuration > OSPF Interface The following table describes the labels in this screen. Table 91 IP Application > OSPF Configuration > OSPF Interface LABEL DESCRIPTION Network Select an IP interface. Area ID Select the area ID (that uses the format of an IP address in dotted decimal notation) of an area to associate the interface to that area.
Chapter 28 OSPF Table 91 IP Application > OSPF Configuration > OSPF Interface (continued) LABEL DESCRIPTION Priority The priority you assign to the interface is used in router elections to decide which router is going to be the Designated Router (DR) or the Backup Designated Router (BDR). You can assign a number between 0 and 255. A priority of 0 means that the router will not participate in router elections. Add Click Add to save your changes to the Switch’s run-time memory.
Chapter 28 OSPF The following table describes the related labels in this screen. Table 92 IP Application > OSPF Configuration > OSPF Virtual Link LABEL DESCRIPTION Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes. Area ID Select the area ID (that uses the format of an IP address in dotted decimal notation) of an area to associate the interface to that area. Peer Router ID Enter the ID of a peer border router.
Chapter 28 OSPF 244 ES-4124 User’s Guide
CHAPTER 29 IGMP This chapter shows you how to configure the Switch as a multicast router. See also Section 22.4 on page 178 for information on IGMP snooping. 29.1 IGMP Overview IP multicast is an IETF standard for distributing data to multiple recipients. The following figure shows a multicast session and the relationship between a multicast server, multicast routers and multicast hosts. A multicast server transmits multicast packets and multicast routers forward multicast packets to multicast hosts.
Chapter 29 IGMP IGMP (Internet Group Management Protocol) is used by multicast hosts to indicate their multicast group membership to multicast routers. Multicast routers can also use IGMP to periodically check if multicast hosts still want to receive transmission from a multicast server. In other words, multicast routers check if any hosts on their network are still members of a specific multicast group. The Switch supports IGMP version 1 (IGMP-v1), version 2 (IGMP-v2) and IGMP version 3 (IGMP-v3).
Chapter 29 IGMP Figure 129 IGMP Version 2 Example 1 Query 2 Report 3 Leave IGMP version 3 allows a multicast host to join a multicast group and specify from which source (multicast server) it wants to receive multicast packets. Alternatively, a multicast host can specify from which multicast servers it does not want to receive multicast packets. In the following figure multicast server X (IP address 10.1.1.1) and multicast server Z (IP address 13.2.2.
Chapter 29 IGMP Figure 131 IP Application > IGMP The following table describes the labels in this screen. Table 93 IP Application > IGMP LABEL DESCRIPTION Active Select this check box to enable IGMP on the Switch. Note: You cannot enable both IGMP snooping and IGMP at the same time. Refer to Section 22.4 on page 178 for more information on IGMP snooping. 248 Unknown Multicast Frame Specify the action to perform when the Switch receives an unknown multicast frame.
CHAPTER 30 DVMRP This chapter introduces DVMRP and tells you how to configure it. 30.1 DVMRP Overview DVMRP (Distance Vector Multicast Routing Protocol) is a protocol used for routing multicast data within an autonomous system (AS). This DVMRP implementation is based on draft-ietfidmr-dvmrp-v3-10. DVMRP provides multicast forwarding capability to a layer 3 switch that runs both the IPv4 protocol (with IP Multicast support) and the IGMP protocol. The DVMRP metric is a hop count of 32.
Chapter 30 DVMRP Figure 132 How DVMRP Works 30.2.1 DVMRP Terminology DVMRP probes are used to discover other DVMRP Neighbors on a network. DVMRP reports are used to exchange DVMRP source routing information. These packets are used to build the DVMRP multicast routing table that is used to build source trees and also perform Reverse Path Forwarding (RPF) checks on incoming multicast packets. RPF checks prevent duplicate packets being filtered when loops exist in the network topology.
Chapter 30 DVMRP Table 94 IP Application > DVMRP LABEL DESCRIPTION Active Select Active to enable DVMRP on the Switch. You should do this if you want the Switch to act as a multicast router. Threshold Threshold is the maximum time to live (TTL) value. TTL is used to limit the scope of multicasting. You should reduce this value if you do not wish to flood Layer 3 devices many hops away with multicast traffic. This applies only to multicast traffic this Switch sends out.
Chapter 30 DVMRP Figure 136 DVMRP: Duplicate VID Error Message 30.4 Default DVMRP Timer Values The following are some default DVMRP timer values.
CHAPTER 31 IP Multicast This chapter shows you how to configure the IP Multicast screen. 31.1 IP Multicast Overview Traditionally, IP packets are transmitted in one of either two ways - Unicast (one sender to one recipient) or Broadcast (one sender to everybody on the network). IP Multicast is a third way to deliver IP packets to a group of hosts on the network - not everybody. You can configure the Switch to untag (remove the VLAN tags from) IP multicast packets that the Switch forwards.
Chapter 31 IP Multicast Table 96 IP Application > IP Multicast LABEL DESCRIPTION Port This read-only field displays the port number. * Settings in this row apply to all ports. Use this row only if you want to make some settings the same for all ports. Use this row first to set the common settings and then make adjustments on a port-by-port basis. Note: Changes in this row are copied to all the ports as soon as you make them.
CHAPTER 32 Differentiated Services This chapter shows you how to configure Differentiated Services (DiffServ) on the Switch. 32.1 DiffServ Overview Quality of Service (QoS) is used to prioritize source-to-destination traffic flows. All packets in the flow are given the same priority. You can use CoS (class of service) to give different priorities to different packet types.
Chapter 32 Differentiated Services 32.1.2 DiffServ Network Example The following figure depicts a DiffServ network consisting of a group of directly connected DiffServ-compliant network devices. The boundary node (A in Figure 139) in a DiffServ network classifies (marks with a DSCP value) the incoming packets into different traffic flows (Platinum, Gold, Silver, Bronze) based on the configured marking rules. A network administrator can then apply various traffic policies to the traffic flows.
Chapter 32 Differentiated Services • Green (low loss priority level) packets are forwarded. TRTCM operates in one of two modes: color-blind or color-aware. In color-blind mode, packets are marked based on evaluating against the PIR and CIR regardless of if they have previously been marked or not. In the color-aware mode, packets are marked based on both existing color and evaluation against the PIR and CIR. If the packets do not match any of colors, then the packets proceed unchanged. 32.2.
Chapter 32 Differentiated Services 32.3 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802.1p priority mapping on the selected port(s). Click IP Application > DiffServ in the navigation panel to display the screen as shown. Figure 142 IP Application > DiffServ The following table describes the labels in this screen. Table 97 IP Application > DiffServ LABEL DESCRIPTION Active Select this option to enable DiffServ on the Switch.
Chapter 32 Differentiated Services " You cannot enable both TRTCM and Bandwidth Control at the same time. Figure 143 IP Application > DiffServ > 2-rate 3 Color Marker The following table describes the labels in this screen. Table 98 IP Application > DiffServ > 2-rate 3 Color Marker LABEL DESCRIPTION Active Select this to activate TRTCM (Two Rate Three Color Marker) on the Switch. The Switch evaluates and marks the packets based on the TRTCM settings.
Chapter 32 Differentiated Services Table 98 IP Application > DiffServ > 2-rate 3 Color Marker (continued) LABEL DESCRIPTION DSCP Use this section to specify the DSCP values that you want to assign to packets based on the color they are marked via TRTCM. green Specify the DSCP value to use for packets with low packet loss priority. yellow Specify the DSCP value to use for packets with medium packet loss priority. red Specify the DSCP value to use for packets with high packet loss priority.
Chapter 32 Differentiated Services The following table describes the labels in this screen. Table 100 IP Application > DiffServ > DSCP Setting LABEL DESCRIPTION 0 … 63 This is the DSCP classification identification number. To set the IEEE 802.1p priority mapping, select the priority level from the drop-down list box. Apply Click Apply to save your changes to the Switch’s run-time memory.
Chapter 32 Differentiated Services 262 ES-4124 User’s Guide
CHAPTER 33 DHCP This chapter shows you how to configure the DHCP feature. 33.1 DHCP Overview DHCP (Dynamic Host Configuration Protocol RFC 2131 and RFC 2132) allows individual computers to obtain TCP/IP configuration at start-up from a server. You can configure the Switch as a DHCP server or a DHCP relay agent. When configured as a server, the Switch provides the TCP/IP configuration for the clients.
Chapter 33 DHCP 33.2 DHCP Status Click IP Application > DHCP in the navigation panel. The DHCP Status screen displays. Figure 145 IP Application > DHCP Status The following table describes the labels in this screen. Table 101 IP Application > DHCP Status LABEL DESCRIPTION Server Status This section displays configuration settings related to the Switch’s DHCP server mode. Index This is the index number. VID This field displays the VLAN ID for which the Switch is a DHCP server.
Chapter 33 DHCP The following table describes the labels in this screen. Table 102 IP Application > DHCP Server Status Detail LABEL DESCRIPTION Start IP Address This field displays the starting IP address of the IP address pool configured for this DHCP server instance. End IP Address This field displays the last IP address of the IP address pool configured for this DHCP server instance. Subnet Mask This field displays the subnet mask value sent to clients from this DHCP server instance.
Chapter 33 DHCP The DHCP Relay Agent Information feature adds an Agent Information field to the Option 82 field. The Option 82 field is in the DHCP headers of client DHCP request frames that the Switch relays to a DHCP server. Relay Agent Information can include the System Name of the Switch if you select this option. You can change the System Name in Basic Settings > General Setup.
Chapter 33 DHCP Table 104 IP Application > DHCP > Global (continued) LABEL DESCRIPTION Apply Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh. 33.4.
Chapter 33 DHCP 33.5 Configuring DHCP VLAN Settings Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients. Click IP Application > DHCP in the navigation panel, then click the VLAN link In the DHCP Status screen that displays. " You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the Switch. See Section 7.6 on page 81 for information on how to do this.
Chapter 33 DHCP The following table describes the labels in this screen. Table 105 IP Application > DHCP > VLAN LABEL DESCRIPTION VID Enter the ID number of the VLAN to which these DHCP settings apply. DHCP Status Select whether the Switch should function as a DHCP Server or Relay for the specified VID. If you select Server then fields related to DHCP relay configuration are grayed out and vice versa.
Chapter 33 DHCP 33.5.1 Example: DHCP Relay for Two VLANs The following example displays two VLANs (VIDs 1 and 2) for a campus network. Two DHCP servers are installed to serve each VLAN. The system is set up to forward DHCP requests from the dormitory rooms (VLAN 1) to the DHCP server with an IP address of 192.168.1.100. Requests from the academic buildings (VLAN 2) are sent to the other DHCP server with an IP address of 172.23.10.100. Figure 151 DHCP Relay for Two VLANs DHCP:192.168.1.
CHAPTER 34 VRRP This chapter shows you how to configure and monitor the Virtual Router Redundancy Protocol (VRRP) on the Switch. 34.1 VRRP Overview Each host on a network is configured to send packets to a statically configured default gateway (this Switch). The default gateway can become a single point of failure. Virtual Router Redundancy Protocol (VRRP), defined in RFC 2338, allows you to create redundant backup gateways to ensure that the default gateway of a host is always available.
Chapter 34 VRRP If switch A (the master router) is unavailable, switch B takes over. Traffic is then processed by switch B. 34.2 VRRP Status Click IP Application > VRRP in the navigation panel to display the VRRP Status screen as shown next. Figure 154 IP Application > VRRP Status The following table describes the labels in this screen. Table 106 IP Application > VRRP Status 272 LABEL DESCRIPTION Index This field displays the index number of a rule.
Chapter 34 VRRP 34.3 VRRP Configuration The following sections describe the different parts of the VRRP Configuration screen. 34.3.1 IP Interface Setup Before configuring VRRP, first create an IP interface (or routing domain) in the IP Setup screen (see the Section 7.6 on page 81 for more information). Click IP Application, VRRP and click the Configuration link to display the VRRP Configuration screen as shown next. " " You can only configure VRRP on interfaces with unique VLAN IDs.
Chapter 34 VRRP Table 107 IP Application > VRRP Configuration > IP Interface LABEL DESCRIPTION Index This field displays the index number of an entry. Network This field displays the IP address and number of subnet mask bit of an IP domain. Authentication Select None to disable authentication. This is the default setting. Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface.
Chapter 34 VRRP 34.3.3 Configuring VRRP Parameters After you set up an IP interface, configure the VRRP parameters in the VRRP Configuration screen. Figure 156 IP Application > VRRP Configuration > VRRP Parameters The following table describes the labels in this screen. Table 108 IP Application > VRRP Configuration > VRRP Parameters LABEL DESCRIPTION Active Select this option to enable this VRRP entry. Name Enter a descriptive name (up to 32 printable ASCII characters) for identification purposes.
Chapter 34 VRRP 34.3.4 Configuring VRRP Parameters View the VRRP configuration summary at the bottom of the screen. Figure 157 VRRP Configuration: Summary The following table describes the labels in this screen. Table 109 VRRP Configuring: VRRP Parameters LABEL DESCRIPTION Index This field displays the index number of an entry. Active This field shows whether a VRRP entry is enabled (Yes) or disabled (No). Name This field displays a descriptive name of an entry.
Chapter 34 VRRP Figure 158 VRRP Configuration Example: One Virtual Router Network 172.21.1.1 172.21.1.100 172.21.1.10 You want to set switch A as the master router. Configure the VRRP parameters in the VRRP Configuration screens on the switches as shown in the figures below.
Chapter 34 VRRP Figure 162 VRRP Example 1: VRRP Status on Switch B 34.4.2 Two Subnets Example The following figure depicts an example in which two switches share the network traffic. Hosts in the two network groups use different default gateways. Each switch is configured to backup a virtual router using VRRP. You wish to configure switch A as the master router for virtual router VR1 and as a backup for virtual router VR2. On the other hand, switch B is the master for VR2 and a backup for VR1.
Chapter 34 VRRP Figure 165 VRRP Example 2: VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration, the VRRP Status screens for both switches are shown next.
Chapter 34 VRRP 280 ES-4124 User’s Guide
P ART V Management Maintenance (283) Access Control (289) Diagnostic (307) Syslog (309) Cluster Management (313) MAC Table (319) IP Table (321) ARP Table (323) Routing Table (325) Configure Clone (327) 281
CHAPTER 35 Maintenance This chapter explains how to configure the maintenance screens that let you maintain the firmware and configuration files. 35.1 The Maintenance Screen Use this screen to manage firmware and your configuration files. Click Management > Maintenance in the navigation panel to open the following screen. Figure 168 Management > Maintenance The following table describes the labels in this screen.
Chapter 35 Maintenance Table 110 Management > Maintenance (continued) LABEL DESCRIPTION Save Click Config 1 to save the current configuration settings to Configuration 1 on the Configuration Switch. Click Config 2 to save the current configuration settings to Configuration 2 on the Switch. Reboot System Click Config 1 to reboot the system and load Configuration 1 on the Switch. Click Config 2 to reboot the system and load Configuration 2 on the Switch.
Chapter 35 Maintenance 35.4 Reboot System Reboot System allows you to restart the Switch without physically turning the power off. It also allows you to load configuration one (Config 1) or configuration two (Config 2) when you reboot. Follow the steps below to reboot the Switch. 1 In the Maintenance screen, click the Config 1 button next to Reboot System to reboot and load configuration one. The following screen displays.
Chapter 35 Maintenance 35.6 Restore a Configuration File Restore a previously saved configuration from your computer to the Switch using the Restore Configuration screen. Figure 172 Management > Maintenance > Restore Configuration Type the path and file name of the configuration file you wish to restore in the File Path text box or click Browse to display the Choose File screen (below) from which you can locate it. After you have specified the file, click Restore.
Chapter 35 Maintenance 35.8 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands. First, understand the filename conventions. 35.8.1 Filename Conventions The configuration file (also known as the romfile or ROM) contains the factory default settings in the screens such as password, Switch setup, IP Setup, and so on. Once you have customized the Switch’s settings, they can be saved back to your computer under a filename of your choosing.
Chapter 35 Maintenance 5 Enter bin to set transfer mode to binary. 6 Use put to transfer files from the computer to the Switch, for example, put firmware.bin ras transfers the firmware on your computer (firmware.bin) to the Switch and renames it to “ras”. Similarly, put config.cfg config transfers the configuration file on your computer (config.cfg) to the Switch and renames it to “config”. Likewise get config config.
CHAPTER 36 Access Control This chapter describes how to control access to the Switch. 36.1 Access Control Overview A console port and FTP are allowed one session each, Telnet and SSH share nine sessions, up to five Web sessions (five different usernames and passwords) and/or limitless SNMP access control sessions are allowed.
Chapter 36 Access Control 36.3 About SNMP Simple Network Management Protocol (SNMP) is an application layer protocol used to manage and monitor TCP/IP-based devices. SNMP is used to exchange management information between the network management system (NMS) and a network element (NE). A manager station can manage and monitor the Switch through the network via SNMP version one (SNMPv1), SNMP version 2c or SNMP version 3. The next figure illustrates an SNMP management operation.
Chapter 36 Access Control 36.3.1 SNMP v3 and Security SNMP v3 enhances security for SNMP management. SNMP managers can be required to authenticate with agents before conducting SNMP management sessions. Security can be further enhanced by encrypting the SNMP messages sent from the managers. Encryption protects the contents of the SNMP messages. When the contents of the SNMP messages are encrypted, only the intended recipients can read them. 36.3.
Chapter 36 Access Control Table 115 SNMP System Traps (continued) OPTION OBJECT LABEL temperature TemperatureEventOn voltage reset timesync OBJECT ID DESCRIPTION 1.3.6.1.4.1.890.1.5.8.24.31.2.1 This trap is sent when the temperature goes above or below the normal operating range. TemperatureEventClear 1.3.6.1.4.1.890.1.5.8.24.31.2.2 This trap is sent when the temperature returns to the normal operating range. VoltageEventOn 1.3.6.1.4.1.890.1.5.8.24.31.2.
Chapter 36 Access Control Table 116 SNMP InterfaceTraps (continued) OPTION OBJECT LABEL OBJECT ID DESCRIPTION autonegotiation AutonegotiationFailedEventO 1.3.6.1.4.1.890.1.5.8.24.31.2.1 n This trap is sent when an Ethernet interface fails to autonegotiate with the peer Ethernet interafce. AutonegotiationFailedEventCl 1.3.6.1.4.1.890.1.5.8.24.31.2.2 ear This trap is sent when an Ethernet interface autonegotiates with the peer Ethernet interafce.
Chapter 36 Access Control Table 119 SNMP Switch Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION stp STPNewRoot 1.3.6.1.2.1.17.0.1 This trap is sent when the STP root switch changes. MRSTPNewRoot 1.3.6.1.4.1.890.1.5.8.24.43.2.1 This trap is sent when the MRSTP root switch changes. MSTPNewRoot 1.3.6.1.4.1.890.1.5.8.24.107.7 0.1 This trap is sent when the MSTP root switch changes. STPTopologyChange 1.3.6.1.2.1.17.0.2 This trap is sent when the STP topology changes. MRSTPTopologyChange 1.3.6.
Chapter 36 Access Control Figure 176 Management > Access Control > SNMP The following table describes the labels in this screen. Table 120 Management > Access Control > SNMP LABEL DESCRIPTION General Setting Use this section to specify the SNMP version and community (password) values. Version Select the SNMP version for the Switch. The SNMP version on the Switch must match the version on the SNMP manager. Choose SNMP version 2c (v2c), SNMP version 3 (v3) or both (v3v2c).
Chapter 36 Access Control Table 120 Management > Access Control > SNMP (continued) LABEL DESCRIPTION Username Enter the username to be sent to the SNMP manager along with the SNMP v3 trap. Note: This username must match an existing account on the Switch (configured in Management > Access Control > Logins screen). User Information Use this section to configure users for authentication with managers using SNMP v3.
Chapter 36 Access Control Figure 177 Management > Access Control > SNMP > Trap Group The following table describes the labels in this screen. Table 121 Management > Access Control > SNMP > Trap Group LABEL DESCRIPTION Trap Destination IP Select one of your configured trap destination IP addresses. These are the IP addresses of the SNMP managers. You must first configure a trap destination IP address in the SNMP Setting screen.
Chapter 36 Access Control • A non-administrator (username is something other than admin) is someone who can view but not configure Switch settings. Click Management > Access Control > Logins to view the screen as shown. Figure 178 Management > Access Control > Logins The following table describes the labels in this screen. Table 122 Management > Access Control > Logins LABEL DESCRIPTION Administrator This is the default administrator account with the “admin” user name.
Chapter 36 Access Control 36.4 SSH Overview Unlike Telnet or FTP, which transmit data in clear text, SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. Figure 179 SSH Communication Example 36.5 How SSH works The following table summarizes how a secure connection is established between two remote hosts.
Chapter 36 Access Control 2 Encryption Method Once the identification is verified, both the client and server must agree on the type of encryption method to use. 3 Authentication and Data Transmission After the identification is verified and data encryption activated, a secure tunnel is established between the client and the server. The client then sends its authentication information (user name and password) to the server to log in to the server. 36.
Chapter 36 Access Control Figure 181 HTTPS Implementation " If you disable HTTP in the Service Access Control screen, then the Switch blocks all HTTP connection attempts. 36.8 HTTPS Example If you haven’t changed the default HTTPS port on the Switch, then in your browser enter “https://Switch IP Address/” as the web site address where “Switch IP Address” is the IP address or domain name of the Switch you wish to access. 36.8.
Chapter 36 Access Control 36.8.2 Netscape Navigator Warning Messages When you attempt to access the Switch HTTPS server, a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate. Click Examine Certificate if you want to verify that the certificate is from the Switch. If Accept this certificate temporarily for this session is selected, then click OK to continue in Netscape.
Chapter 36 Access Control Figure 185 Example: Lock Denoting a Secure Connection 36.9 Service Port Access Control Service Access Control allows you to decide what services you may use to access the Switch. You may also change the default service port and configure “trusted computer(s)” for each service in the Remote Management screen (discussed later). Click Access Control to go back to the main Access Control screen.
Chapter 36 Access Control The following table describes the fields in this screen. Table 123 Management > Access Control > Service Access Control LABEL DESCRIPTION Services Services you may use to access the Switch are listed here. Active Select this option for the corresponding services that you want to allow to access the Switch. Service Port For Telnet, SSH, FTP, HTTP or HTTPS services, you may change the default service port by typing the new port number in the Server Port field.
Chapter 36 Access Control Table 124 Management > Access Control > Remote Management (continued) LABEL DESCRIPTION Telnet/FTP/ HTTP/ICMP/ SNMP/SSH/ HTTPS Select services that may be used for managing the Switch from the specified trusted computers. Apply Click Apply to save your changes to the Switch’s run-time memory.
Chapter 36 Access Control 306 ES-4124 User’s Guide
CHAPTER 37 Diagnostic This chapter explains the Diagnostic screen. 37.1 Diagnostic Click Management > Diagnostic in the navigation panel to open this screen. Use this screen to check system logs, ping IP addresses or perform port tests. Figure 188 Management > Diagnostic The following table describes the labels in this screen. Table 125 Management > Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi-line text box.
Chapter 37 Diagnostic 308 ES-4124 User’s Guide
CHAPTER 38 Syslog This chapter explains the syslog screens. 38.1 Syslog Overview The syslog protocol allows devices to send event notification messages across an IP network to syslog servers that collect the event messages. A syslog-enabled device can generate a syslog message and send it to a syslog server. Syslog is defined in RFC 3164. The RFC defines the packet format, content and system log related information of syslog messages. Each syslog message has a facility and severity level.
Chapter 38 Syslog Figure 189 Management > Syslog The following table describes the labels in this screen. Table 127 Management > Syslog LABEL DESCRIPTION Syslog Select Active to turn on syslog (system logging) and then configure the syslog setting Logging Type This column displays the names of the categories of logs that the device can generate. Active Select this option to set the device to generate logs for the corresponding category.
Chapter 38 Syslog Figure 190 Management > Syslog > Server Setup The following table describes the labels in this screen. Table 128 Management > Syslog > Server Setup LABEL DESCRIPTION Active Select this check box to have the device send logs to this syslog server. Clear the check box if you want to create a syslog server entry but not have the device send logs to it (you can edit the entry later). Server Address Enter the IP address of the syslog server.
Chapter 38 Syslog 312 ES-4124 User’s Guide
CHAPTER 39 Cluster Management This chapter introduces cluster management. 39.1 Clustering Management Status Overview Cluster Management allows you to manage switches through one Switch, called the cluster manager. The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another.
Chapter 39 Cluster Management Figure 191 Clustering Application Example 39.2 Cluster Management Status Click Management > Cluster Management in the navigation panel to display the following screen. " A cluster can only have one manager.
Chapter 39 Cluster Management The following table describes the labels in this screen. Table 130 Management > Cluster Management LABEL DESCRIPTION Status This field displays the role of this Switch within the cluster. Manager Member (you see this if you access this screen in the cluster member switch directly and not via the cluster manager) None (neither a manager nor a member of a cluster) Manager This field displays the cluster manager switch’s hardware MAC address.
Chapter 39 Cluster Management 39.2.1.1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example. Figure 194 Example: Uploading Firmware to a Cluster Member Switch C:\>ftp 192.168.1.1 Connected to 192.168.1.1. 220 Switch FTP version 1.0 ready at Thu Jan 1 00:58:46 1970 User (192.168.0.
Chapter 39 Cluster Management Figure 195 Management > Clustering Management > Configuration The following table describes the labels in this screen. Table 132 Management > Clustering Management > Configuration LABEL DESCRIPTION Clustering Manager Active Select Active to have this Switch become the cluster manager switch. A cluster can only have one manager. Other (directly connected) switches that are set to be cluster managers will not be visible in the Clustering Candidates list.
Chapter 39 Cluster Management Table 132 Management > Clustering Management > Configuration (continued) LABEL Apply DESCRIPTION Click Apply to save your changes to the Switch’s run-time memory. The Switch loses these changes if it is turned off or loses power, so use the Save link on the top navigation panel to save your changes to the non-volatile memory when you are done configuring. Cancel Click Cancel to begin configuring this screen afresh.
CHAPTER 40 MAC Table This chapter introduces the MAC Table screen. 40.1 MAC Table Overview The MAC Table screen (a MAC table is also known as a filtering database) shows how frames are forwarded or filtered across the Switch’s ports. It shows what device MAC address, belonging to what VLAN group (if any) is forwarded to which port(s) and whether the MAC address is dynamic (learned by the Switch) or static (manually entered in the Static MAC Forwarding screen).
Chapter 40 MAC Table 40.2 Viewing the MAC Table Click Management > MAC Table in the navigation panel to display the following screen. Figure 197 Management > MAC Table The following table describes the labels in this screen. Table 133 Management > MAC Table 320 LABEL DESCRIPTION Sort by Click one of the following buttons to display and arrange the data according to that button type. The information is then displayed in the summary table below.
CHAPTER 41 IP Table This chapter introduces the IP table. 41.1 IP Table Overview The IP Table screen shows how packets are forwarded or filtered across the Switch’s ports. It shows what device IP address, belonging to what VLAN group (if any) is forwarded to which port(s) and whether the IP address is dynamic (learned by the Switch) or static (belonging to the Switch). The Switch uses the IP table to determine how to forward packets. See the following figure.
Chapter 41 IP Table 41.2 Viewing the IP Table Click Management > IP Table in the navigation panel to display the following screen. Figure 199 Management > IP Table The following table describes the labels in this screen. Table 134 Management > IP Table 322 LABEL DESCRIPTION Sort by Click one of the following buttons to display and arrange the data according to that button type. The information is then displayed in the summary table below.
CHAPTER 42 ARP Table This chapter introduces ARP Table. 42.1 ARP Table Overview Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address, also known as a Media Access Control or MAC address, on the local area network. An IP (version 4) address is 32 bits long. In an Ethernet LAN, MAC addresses are 48 bits long. The ARP Table maintains an association between each MAC address and its corresponding IP address. 42.1.
Chapter 42 ARP Table Figure 200 Management > ARP Table The following table describes the labels in this screen. Table 135 Management > ARP Table 324 LABEL DESCRIPTION Index This is the ARP Table entry number. IP Address This is the learned IP address of a device connected to a Switch port with corresponding MAC address below. MAC Address This is the MAC address of the device with corresponding IP address above.
CHAPTER 43 Routing Table This chapter introduces the routing table. 43.1 Overview The routing table contains the route information to the network(s) that the Switch can reach. The Switch automatically updates the routing table with the RIP information received from other Ethernet devices. 43.2 Viewing the Routing Table Status Use this screen to view routing table information. Click Management > Routing Table in the navigation panel to display the screen as shown.
Chapter 43 Routing Table 326 ES-4124 User’s Guide
CHAPTER 44 Configure Clone This chapter shows you how you can copy the settings of one port onto other ports. 44.1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports. Click Management > Configure Clone to open the following screen.
Chapter 44 Configure Clone The following table describes the labels in this screen. Table 137 Management > Configure Clone 328 LABEL DESCRIPTION Source/ Destination Port Enter the source port under the Source label. This port’s attributes are copied. Enter the destination port or ports under the Destination label. These are the ports which are going to have the same attributes as the source port. You can enter individual ports separated by a comma or a range of ports by using a dash.
P ART VI Commands and Troubleshooting Introducing Commands (331) User and Enable Mode Commands (385) Configuration Mode Commands (391) Interface Commands (403) IEEE 802.
CHAPTER 45 Introducing Commands This chapter introduces commands and gives a summary of commands available. 45.1 Overview In addition to the web configurator, you can use commands to configure the Switch. Use commands for advanced Switch diagnosis and troubleshooting. If you have problems with your Switch, customer support may request that you issue some of these commands to assist them in troubleshooting.
Chapter 45 Introducing Commands • • • • • 9600 bps No parity 8 data bits 1 stop bit No flow control 45.2.1.1 Initial Screen When you turn on your Switch, it performs several internal tests as well as line initialization. You can view the initialization information using the console port. After the initialization, the login screen displays (refer to Section 45.3 on page 332). Copyright (c) 1994 - 2007 ZyXEL Communications Corp.
Chapter 45 Introducing Commands • The required fields in a command are enclosed in angle brackets <>, for instance, ping means that you must specify an IP number for this command. • The optional fields in a command are enclosed in square brackets [], for instance, configure snmp-server [contact ] [location ] • • • • • • • means that the contact and location fields are optional. “Command” refers to a command used in the command line interface (CI command).
Chapter 45 Introducing Commands 45.7 Privilege Levels You can use a command whose privilege level is equal to or less than that of your login account. For example, if your login account has a privilege level of 12, you can use all commands with privilege levels from 0 to 12. 0 privilege level commands are available to all login accounts.
Chapter 45 Introducing Commands The following table describes command interpreter modes and how to access them. Table 138 Command Interpreter Mode Summary MODE .DESCRIPTION HOW TO LOGIN/ ACCESS PROMPT User Commands available in this mode are a subset of enable mode. You can perform basic tests and display general system information. Default login level for a read-only account. sysname> The first part of the prompt is the system name.
Chapter 45 Introducing Commands 45.9.1 List of Available Commands Enter “help” to display a list of available commands and the corresponding sub commands. sysname> help Commands available: help logout exit history enable show ip show hardware-monitor show system-information show alarm-status show cpu-utilization show version flash show version ping ping [vlan ][..
Chapter 45 Introducing Commands Enter ? to display detailed help information about the sub commands and parameters. sysname> ping ? help destination ip address Description of ping help sysname> 45.10 Using Command History The Switch keeps a list of recently used commands available to you for reuse. You can use any commands in the history again by pressing the up (y) or down (z) arrow key to scroll through the previously used commands and press [ENTER].
Chapter 45 Introducing Commands 45.11.1 Switch Configuration File When you configure the Switch using either the CLI (Command Line Interface) or web configurator, the settings are saved as a series of commands in a configuration file on the Switch. You can perform the following with a configuration file: • Back up Switch configuration once the Switch is set up to work in your network. • Restore Switch configuration.
Chapter 45 Introducing Commands Table 139 Command Summary: User Mode (continued) COMMAND DESCRIPTION PRIVILEGE Accesses Enable (or privileged) mode. See Section 45.12.2 on page 339. Enable the highest privilege level for executing commands. 0 enable <0-14> Accesses Enable mode commands up to the privilege level specified. See Section 45.12.2 on page 339. 0 ip Displays IP related information.
Chapter 45 Introducing Commands Table 140 Command Summary: Enable Mode (continued) COMMAND DESCRIPTION PRIVILEGE Perform a physical wire-pair test of the Ethernet connections on the specified port(s). 13 cablediagnostics clear arp inspection filter Delete all ARP inspection filters from the Switch. 13 arp inspection log Delete all ARP inspection log entries from the Switch. 13 arp inspection statistics Delete all statistics records of ARP packets going through the Switch.
Chapter 45 Introducing Commands Table 140 Command Summary: Enable Mode (continued) COMMAND erase ethernet oam DESCRIPTION PRIVILEGE Resets to the factory default settings. 13 help Displays help information for this command. 13 interface portchannel Resets to the factory default settings on a per port basis. 13 interface portchannel [bandwidthlimit...] Resets to the factory default settings on a per port basis and optionally on a per feature configuration basis.
Chapter 45 Introducing Commands Table 140 Command Summary: Enable Mode (continued) COMMAND DESCRIPTION PRIVILEGE renew dhcp snooping database Loads dynamic bindings from the default DHCP snooping database. 13 Loads dynamic bindings from the specified DHCP snooping database. 13 authentication Displays whether authentication and privilege checking is enabled on the Switch and what methods are used for authentication.
Chapter 45 Introducing Commands Table 140 Command Summary: Enable Mode (continued) COMMAND DESCRIPTION PRIVILEGE log Displays the log settings configured on the Switch. It also displays the log entries recorded on the Switch. 3 statistics Displays statistics regarding the total number of ARP packets received on the Switch. 3 statistics vlan Displays statistics regarding the total number of ARP packets received on the Switch based on the VLAN(s) specified.
Chapter 45 Introducing Commands Table 140 Command Summary: Enable Mode (continued) COMMAND PRIVILEGE ethernet oam discovery Displays OAM configuration details and operational status of the specified ports. 3 ethernet oam statistics Displays the number of OAM packets transferred for the specified ports. 3 ethernet oam summary Displays the configuration details of each OAM activated port. 3 Displays GARP information.
Chapter 45 Introducing Commands Table 140 Command Summary: Enable Mode (continued) COMMAND DESCRIPTION PRIVILEGE Displays the protocol based VLAN settings for the specified port(s). 3 Displays IP related information. 0 arp Displays the ARP table. 3 dvmrp group Displays DVMRP group information. 3 dvmrp interface Displays DVMRP interface information. 3 dvmrp neighbor Displays DVMRP neighbor information. 3 dvmrp prune Displays the DVMRP prune information.
Chapter 45 Introducing Commands Table 140 Command Summary: Enable Mode (continued) COMMAND DESCRIPTION PRIVILEGE source binding [] [...] Displays the static bindings configured on the Switch based on MAC address or VLAN ID of the static binding. 3 source binding help Displays help information for the source binding command. 3 tcp Displays IP TCP information. 3 udp Displays IP UDP information. 3 lacp Displays LACP (Link Aggregation Control Protocol) settings.
Chapter 45 Introducing Commands Table 140 Command Summary: Enable Mode (continued) COMMAND DESCRIPTION PRIVILEGE Displays MSTP configuration for the Switch. 3 Displays MSTP instance configuration. 3 Displays multicast status, including the port number, vlan ID and multicast group number of multicast group members on the Switch. 3 Displays multicast VLAN status. 3 multi-login Displays multi-login information 3 mvr DIsplays all MVR settings. 3 Displays the specified MVR group settings.
Chapter 45 Introducing Commands Table 140 Command Summary: Enable Mode (continued) COMMAND DESCRIPTION PRIVILEGE Displays current operating configuration. 3 interface portchannel [bandwidthlimit...] Displays current operating configuration on a port by port basis. Optionally specifies which settings are displayed. 3 help Displays the help information for this command. 3 service-control Displays service control settings. 3 snmp-server Displays SNMP settings.
Chapter 45 Introducing Commands Table 140 Command Summary: Enable Mode (continued) COMMAND [command ] DESCRIPTION PRIVILEGE Connects to an SSH server with the specified SSH version and addition commands to be executed on the server. 0 test interface portchannel Performs an internal loopback test on the specified ports. 13 traceroute [in-band|out-ofband|vlan ][ttl <1-255>] [wait <1-60>] [queries <1-10>] Determines the path a packet takes to a device.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND authentication adminpassword DESCRIPTION PRIVILEGE exec [broadcast] Enables sending accounting information for administrative sessions via SSH, Telnet and console port sessions to all configured accounting servers at the same time. 13 system Enables accounting of system events and specifies the protocol method.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE entries <01024> Specifies the maximum number (1-1024) of log messages that can be generated by ARP packets and not sent to the syslog server. If the number of log messages in the Switch exceeds this number, the Switch stops recording log messages and simply starts counting the number of entries that were dropped due to unavailable buffer.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND classifier cluster defaultmanagement 352 DESCRIPTION PRIVILEGE <[packetformat <802.3untag|802.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND dhcp dhcp-vlan dhcp relay server DESCRIPTION PRIVILEGE Specifies the VLAN ID of the DHCP VLAN. 13 helper-address Enables DHCP relay on the specified VLAN and sets the IP address of 1 DHCP server.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE database Specifies the location of the DHCP snooping database. The location should be expressed like this: tftp://{domain name or IP address}/directory, if applicable/file name; for example, tftp://192.168.10.1/ database.txt.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND https DESCRIPTION PRIVILEGE cert-regeneration Re-generates a certificate. 13 timeout <0-65535> Sets the HTTPS timeout period. 13 Enables IGMP filtering on the Switch. 13 Sets the range of multicast address(es) in a profile. 13 Enables IGMP snooping. 13 igmpfiltering profile start-address end-address igmpsnooping 8021p-priority <0-7> Sets the 802.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE Creates a static route. 13 [metric ] [name ] [inactive] Sets the metric of a static route or deactivates a static route. 13 Creates a static binding for DHCP snooping and ARP inspection. 13 Specifies the port(s) for this static binding. 13 Enables Link Aggregation Control Protocol (LACP).
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE Disables a static MAC address port filtering rule. 13 Configures a static MAC address forwarding rule. 13 Disables a static MAC address forwarding rule. 13 Enables port mirroring. 13 Enables port mirroring on a specified port. 13 mode zynos Changes the CLI mode to the ZyNOS format. 13 mrstp Activates the specified STP configuration.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE max-hop <1-255> Sets the maximum hop value before BPDUs are discarded in the MST Region. 13 revision <0-65535> Sets the revision number for this MST Region configuration. 13 Enables multi-login. 14 Enters the MVR (Multicast VLAN Registration) configuration mode. Refer to Section 45.13 on page 383 for more information.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE Disables logging of messages generated by ARP inspection for the specified VLAN(s). 13 bandwidth-control Disable bandwidth control on the Switch. 13 bcp-transparency Disables Bridge Control Protocol Transparency 13 Disables the classifier. Each classifier has one rule. If you disable a classifier you cannot use policy rule related information.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE vlan option Sets the Switch to not add the slot number, port number and VLAN ID to DHCP requests that it broadcasts to the DHCP VLAN, if specified, or VLAN. 13 database Removes the location of the DHCP snooping database.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE 13 source binding vlan lacp Disables the link aggregation control protocol (dynamic trunking) on the Switch. 13 logins username Disables login access to the specified name. 14 loopguard Disables loopguard on the Switch. 13 mac-authentication Disables MAC authentication on the Switch.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE Disables the assignment of specific ports from an MST instance. 13 multi-login Disables another administrator from logging into Telnet or the CLI. 14 mvr Removes an MVR configuration from the Switch. 13 password privilege <0-14> Disables a password to execute commands of the specified privilege level. 14 policy Deletes the policy.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND service-control DESCRIPTION PRIVILEGE ftp Disables FTP access to the Switch. 13 http Disables web browser control to the Switch. 13 https Disables secure web browser access to the Switch. 13 icmp Disables ICMP access to the Switch such as pinging and tracerouting. 13 snmp Disables SNMP management. 13 ssh Disables SSH (Secure Shell) server access to the Switch.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE Disables sending all system type traps to a manager. The options are “coldstart”, “warmstart”, “fanspeed”, “temperature”, “voltage”, “reset”, “timesync”, “intrusionlock” or “loopguard”. 13 Disables STP. 13 Disables STP on listed ports. 13 key Disables the secure shell server encryption key.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE Disables the Two Rate Three Color Marker feature on the Switch. 13 Disables the specified trunk group. 13 interface Removes ports from the specified trunk group. 13 lacp Disables LACP in the specified trunk group. 13 vlan Deletes the static VLAN entry.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND policy DESCRIPTION PRIVILEGE Configures a policy. A classifier distinguishes traffic into flows based on the configured criteria. A policy rule ensures that a traffic flow gets the requested treatment in the network. 13 Enables 802.1x authentication on the Switch. 13 Enables 802.1x authentication on the specified port(s).
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE portsecurity Enables port security on the device. 13 Enables port security on the specified port(s). 13 address-limit Limits the number of (dynamic) MAC addresses that may be learned on a port. 13 learn inactive Disables MAC address learning on the specified port(s). 13 MAC-freeze Stops MAC address learning on the port(s).
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE exit Leaves the IGMP configuration mode. 13 non-querier Sets the Switch to Non-Querier mode. (If a multicast router with a lower IP address, it will stop sending Query messages on that network.) 13 no non-querier Disables non-querier mode on 13 the Switch, (a multicast router always sends Query messages).
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND ES-4124 User’s Guide DESCRIPTION PRIVILEGE area virtual-link name Sets a descriptive name for the virtual link for identification purposes. 13 exit Leaves the router OSPF configuration mode. 13 network area Creates an OSPF area. 13 no area Removes the specified area.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE redistribute rip metric-type <1|2> metric <065535> Sets the Switch to learn RIP routing information which will use the specified metric information. 13 redistribute static metrictype <1|2> metric <065535> Sets the Switch to learn static routing information which will use the specified metric information. 13 passive-iface Sets the interface to be passive.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND snmp-server DESCRIPTION PRIVILEGE http Allows HTTP access on the specified service port and defines the timeout period. 13 https Allows HTTPS access on the specified service port. 13 icmp Allows ICMP management packets. 13 snmp Allows SNMP management. 13 ssh Allows SSH access on the specified service port.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE ip Enables sending all IP type traps to a manager. The options are “ping” or “traceroute”. 13 switch Enables sending all Switch type traps to a manager. 13 switch Enables sending all Switch type traps to a manager. The options are “stp”, “mactable” or “rmon”. 13 system Enables sending all system type traps to a manager.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE Adds a remote host to which the Switch can access using SSH service. 13 stormcontrol Enables broadcast storm control on the Switch. 13 subnetbased-vlan Enables subnet based VLAN on the Switch. 13 dhcp-vlan-override Sets the Switch to force the DHCP clients to obtain their IP addresses through the DHCP VLAN.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE Specifies the mode for TACACS+ server selection. 13 Sets the time in hour, minute and second format. 13 date Sets the date in year, month and day format. 13 daylight-savingtime Enables daylight saving time. 13 end-date Sets the day and time when Daylight Saving Time ends.
Chapter 45 Introducing Commands Table 141 Command Summary: Configuration Mode (continued) COMMAND DESCRIPTION PRIVILEGE Sets the SP TPID (Service 13 Provider Tag Protocol Identifier). <802.1q|portbased> Specifies the VLAN type. 13 wfq Sets the queuing method to WFQ (Weighted Fair Queuing). 13 wrr Sets the queuing method to WRR (Weighted Round Robin). 13 vlan-type 45.12.
Chapter 45 Introducing Commands Table 142 interface port-channel Commands (continued) COMMAND DESCRIPTION PRIVILEGE egress Enables bandwidth limits allowed for outgoing traffic on the port(s). 13 egress Sets the maximum bandwidth allowed for outgoing traffic on the port(s). 13 bpdu-control Sets how Bridge Protocol Data Units (BPDUs) are used in STP port states. 13 broadcast-limit Enables broadcast storm control limit on the Switch.
Chapter 45 Introducing Commands Table 142 interface port-channel Commands (continued) COMMAND DESCRIPTION PRIVILEGE flow-control Enables interface flow control. Flow control regulates transmissions to match the bandwidth of the receiving port. 13 frame-type Choose to accept both tagged and untagged incoming frames or just tagged incoming frames on a port. 13 Enables strict priority queuing starting with the specified queue and subsequent higher queues on the Gigabit ports.
Chapter 45 Introducing Commands Table 142 interface port-channel Commands (continued) COMMAND DESCRIPTION PRIVILEGE Enables port mirroring for incoming, outgoing or both incoming and outgoing traffic. Port mirroring copies traffic from one or all ports to another or all ports for external analysis. 13 Enables the port(s) multicast limit. 13 Sets how many multicast packets the port(s) receives per second. 13 Sets a name for the port(s).
Chapter 45 Introducing Commands Table 142 interface port-channel Commands (continued) COMMAND DESCRIPTION PRIVILEGE gvrp Disable GVRP on the port(s). 13 igmp-filtering profile Disables IGMP filtering. 13 igmp-group-limit Disables IGMP group limitation. 13 igmp-immediateleave Disables the IGMP immidiate leave function. 13 ipmc egressuntag-vlan Disables the port(s) removing VLAN tags from outgoing multicast frames when forwarding. 13 inactive Enables the port(s) on the Switch.
Chapter 45 Introducing Commands Table 142 interface port-channel Commands (continued) COMMAND DESCRIPTION PRIVILEGE Sets the duplex mode (half or full) and speed (10, 100 or 1000 Mbps) of the connection on the interface. Selecting auto (auto-negotiation) makes one port able to negotiate with a peer automatically to obtain the connection speed and duplex mode that both ends support. 13 Enables Two Rate Three Color Marker on the port(s). 13 cir Sets the Commit Information Rate on the port(s).
Chapter 45 Introducing Commands Use these commands to configure the IP routing domains. Table 143 interface route-domain Commands COMMAND DESCRIPTION PRIVILEG E interface route-domain / Enables a routing domain for configuration. 13 Exits from the interface routingdomain command mode. 13 dvmrp Enables this function to permit VLAN groups beyond the local Switch.
Chapter 45 Introducing Commands Table 143 interface route-domain Commands (continued) DESCRIPTION PRIVILEG E ip dvmrp Disables DVMRP in this routing domain. 13 ip igmp Disables IP IGMP in this routing domain. 13 ip ospf authentication-key Disables OSPF authentication key settings in this routing domain. 13 ip ospf authentication-sama Sets the routing domain not to use the same OSPF authentication settings as the area. 13 ip ospf cost Disables the OSPF cost in the routing domain.
Chapter 45 Introducing Commands Table 144 Command Summary: config-vlan Commands (continued) DESCRIPTION PRIVILEG E Specifies a name for identification purposes. 13 fixed Sets fixed port(s) to normal port(s). 13 forbidden Sets forbidden port(s) to normal port(s). 13 inactive Enables the specified VLAN. 13 ip address Deletes the IP address and subnet mask from this VLAN. 13 ip address defaultgateway Deletes the default gateway from this VLAN.
Chapter 45 Introducing Commands Table 145 Command Summary: mvr Commands (continued) COMMAND 384 DESCRIPTION PRIVILEGE group Disables the specified MVR group setting. 13 inactive Enables MVR. 13 receiver-port Disables the receiver port(s).An MVR receiver port can only receive multicast traffic in a multicast VLAN. 13 source-port Disables the source port(s).An MVR source port can send and receive multicast traffic in a multicast VLAN.
CHAPTER 46 User and Enable Mode Commands This chapter describes some commands which you can perform in the User and Enable modes. 46.1 Overview The following command examples show how you can use User and Enable modes to diagnose and manage your Switch. 46.2 show Commands These are the commonly used show commands. 46.2.1 show system-information Syntax: show system-information This command shows the general system information (such as the firmware version and system up time). An example is shown next.
Chapter 46 User and Enable Mode Commands 46.2.2 show ip Syntax: show ip This command displays the IP related information (such as IP address and subnet mask) on all Switch interfaces. The following figure shows the default interface settings. sysname> show ip Management IP Address IP[192.168.0.1], Netmask[255.255.255.0], VID[0] IP Interface IP[192.168.1.1], Netmask[255.255.255.0], VID[1] sysname> 46.2.3 show logging Syntax: show logging This command displays the system logs.
Chapter 46 User and Enable Mode Commands This command displays statistics of a port. The following example shows that port 2 is up and the related information. sysname# show interface 2 Port Info Port NO.
Chapter 46 User and Enable Mode Commands 46.3 ping Syntax: ping < [in-band|out-of-band|vlan ] [ size -> <0-1472> ] [ -t ]> where = The IP address or host name of an Ethernet device. [in-band|out-ofband|vlan ] = Specifies the network interface or the VLAN ID to which the Ethernet device belongs. out-of-band refers to the management port while in-band means the other ports on the Switch. [ size <0-1472> ] = Specifies the packet size to send.
Chapter 46 User and Enable Mode Commands This command displays information about the route to an Ethernet device. The following example displays route information to an Ethernet device with an IP address of 192.168.1.100. sysname> traceroute 192.168.1.100 traceroute to 192.168.1.100, 30 hops max, 40 byte packet 1:192.168.1.100 (10 ms) (10 ms) (0 ms) traceroute done: sysname> 46.5 Copy Port Attributes Use the copy running-config command to copy attributes of one port to another port or ports.
Chapter 46 User and Enable Mode Commands 46.6.1 Using a Different Configuration File You can store up to two configuration files on the Switch. Only one configuration file is used at a time. By default the Switch uses the first configuration file (with an index number of 1). You can set the Switch to use a different configuration file. There are two ways in which you can set the Switch to use a different configuration file: restart the Switch (cold reboot) and restart the system (warm reboot).
CHAPTER 47 Configuration Mode Commands This chapter describes how to enable and configure your Switch’s features using commands. For more background information, see the feature specific chapters which proceed the commands chapters. 47.1 Enabling IGMP Snooping To enable IGMP snooping on the Switch. Enter igmp-snooping and press [ENTER]. You can also set how to treat traffic from an unknown multicast group by typing the unknownmulticast-frame parameter.
Chapter 47 Configuration Mode Commands An example is shown next. • Enable IGMP snooping on the Switch. • Set the host-timeout and leave-timeout values to 30 seconds • Set the Switch to drop packets from unknown multicast groups. sysname(config)# sysname(config)# sysname(config)# sysname(config)# igmp-snooping igmp-snooping host-timeout 30 igmp-snooping leave-timeout 30 igmp-snooping unknown-multicast-frame drop 47.
Chapter 47 Configuration Mode Commands 47.3 Enabling STP Use the spanning-tree or the mrstp commands to enable and configure STP on the Switch. The difference between the commands is that spanning-tree only allows you to set up one spanning tree configuration and the mrstp command allows you to set up multiple ones.
Chapter 47 Configuration Mode Commands forward-delay <430> = Specifies the maximum time (in seconds) the Switch will wait before changing states. This delay is required because every Switch must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a blocking state; otherwise, temporary data loops might result.
Chapter 47 Configuration Mode Commands Disables port mirroring on the Switch. 47.4.2 Resetting Commands Use the no command to reset Switch settings to their default values. Syntax: no https timeout Resets the https session timeout to default. An example is shown next. The session timeout is reset to 300 seconds. sysname(config)# no https timeout Cache timeout 300 47.4.3 Re-enable commands The no command can also be used to re-enable features which have been disabled.
Chapter 47 Configuration Mode Commands where = Disables the trunk group. lacp = Disables LACP in the trunk group. interface = Removes ports from the trunk group. An example is shown next. • Disable trunk one (T1). • Disable LAPC on trunk three (T3). • Remove ports one, three, four and five from trunk two (T2). sysname(config)# no trunk T1 sysname(config)# no trunk T3 lacp sysname(config)# no trunk T2 interface 1,3-5 47.4.4.
Chapter 47 Configuration Mode Commands where key = Disables the secure shell server encryption key. Your Switch supports SSH versions 1 and 2 using RSA and DSA authentication. known-hosts = Removes a specific remote host from the list of all known hosts. known-hosts [1024|ssh-rsa|ssh-dsa] = Removes remote known hosts with a specified public key type (1024-bit RSA1, RSA or DSA). An example is shown next. • Disable the secure shell RSA1 encryption key.
Chapter 47 Configuration Mode Commands 47.6 Static Route Commands You can create and configure static routes on the Switch by using the ip route command. Syntax: ip route ip route [metric ][name ] --> [inactive] where = Specifies the network IP address of the final destination. = Specifies the subnet mask of this destination. = Specifies the IP address of the gateway.
Chapter 47 Configuration Mode Commands where name = Names the filtering rule. mac = Specifies the MAC address you want to filter. vlan = Specifies which VLAN this rule applies to. drop = Selects the behavior of the rule. • src - drop packets coming from the specified MAC address • dst- drop packets going to the specified MAC address • both - drop packets coming from or going to the specified MAC address An example is shown next.
Chapter 47 Configuration Mode Commands • Enable dynamic link aggregation (LACP) on trunk 1. sysname(config)# trunk t1 sysname(config)# trunk t1 interface 5-8 sysname(config)# trunk t1 lacp 47.9 Enabling Port Authentication To enable a port authentication, you need to specify your RADIUS server details and select the ports which require external authentication. You can set up multiple RADIUS servers and specify how the Switch will process authentication requests. 47.9.
Chapter 47 Configuration Mode Commands radius-server timeout <11000> = Specifies the timeout period (in seconds) the Switch will wait for a response from a RADIUS server. If 2 RADIUS servers are configured, this is the total time the Switch will wait for a response from either server. mode = Specifies the way the Switch will process requests from the clients to the RADIUS server. (Only applicable with multiple RADIUS servers configured.
Chapter 47 Configuration Mode Commands • Specify the timeout period of 30 seconds that the Switch will wait for a response from the RADIUS server. • Enable port authentication on ports 4 to 8. • Activate reauthentication on the ports. • Specify 1800 seconds as the interval for client reauthentication. sysname(config)# --> secretKey sysname(config)# sysname(config)# sysname(config)# sysname(config)# sysname(config)# 402 radius-server host 1 10.10.10.
CHAPTER 48 Interface Commands These are some commonly used configuration commands that belong to the interface group of commands. 48.1 Overview The interface commands allow you to configure the Switch on a port by port basis. 48.2 Interface Command Examples This section provides examples of some frequently used interface commands. 48.2.1 interface port-channel Use this command to enable the specified ports for configuration. Indicate multiple, nonsequential ports separated by a comma.
Chapter 48 Interface Commands The Switch supports the following IEEE 802.3ah features: • Discovery - this identifies the devices on each end of the Ethernet link and their OAM configuration. • Remote Loopback - this can initiate a loopback test between Ethernet devices.
Chapter 48 Interface Commands • Perform a remote loopback test from port 7. sysname# show ethernet oam discovery 7 Port 7 Local client -----------OAM configurations: Mode : Active Unidirectional : Not supported Remote loopback : Supported Link events : Not supported Variable retrieval: Not supported Max. OAMPDU size : 1518 Operational status: Link status Info.
Chapter 48 Interface Commands An example is shown next. • Enable ports 1, 3, 4 and 5 for configuration. • Set the BPDU control to tunnel, to forward BPDUs received on ports one, three, four and five. sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# bpdu-control tunnel sysname(config-interface)# 48.2.4 broadcast-limit Syntax: broadcast-limit broadcast-limit where broadcastlimit = Enables broadcast storm control limit on the Switch.
Chapter 48 Interface Commands • • • • Enable port one for configuration. Set the outgoing traffic bandwidth limit to 5000Kbps. Set the guaranteed bandwidth allowed for incoming traffic to 4000Kbps. Set the maximum bandwidth allowed for incoming traffic to 8000Kbps. sysname(config)# interface sysname(config-interface)# sysname(config-interface)# sysname(config-interface)# port-channel 1 bandwidth-limit egress 5000 bandwidth-limit cir 4000 bandwidth-limit pir 8000 48.2.
Chapter 48 Interface Commands • Enable the IEEE 802.1Q tagged VLAN command to configure tagged VLAN for the Switch. • Enable ports one, three, four and five for configuration. • Enable GVRP on the interface. sysname(config)# vlan1q gvrp sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# gvrp 48.2.8 ingress-check The ingress-check command enables the device to discard incoming frames for VLANs that do not have this port as a member. Syntax: ingress-check An example is shown next.
Chapter 48 Interface Commands where = ... Sets the interface WFQ weighting. A weight value of one to eight is given to each variable from wt 1 to wt 8. An example is shown next. • Enable WFQ queuing on the Switch. • Enable port 2 and ports 6 to 8 for configuration. • Set the queue weights from Q0 to Q7. sysname# configure sysname(config)# wfq sysname(config)# interface port-channel 2,6-8 sysname(config-interface)# weight 8 7 6 5 4 3 2 1 48.2.
Chapter 48 Interface Commands • Set the IEEE 802.1p quality of service priority as four (4). sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# qos priority 4 48.2.13 name Syntax: name where = Sets a name for your port interface(s). An example is shown next. • Enable ports one, three, four and five for configuration. • Set a name for the ports. sysname(config)# interface port-channel 1,3-5 sysname(config-interface)# name Test 48.2.
Chapter 48 Interface Commands • Select ports 3-6 for internal loopback test. • Execute the test command. • View the results. sysname(config)# interface port-channel 3-6 sysname(config-interface)# test 3-6 Testing internal loopback on port 3 :Passed! Ethernet Port 3 Test ok. Testing internal loopback on port 4 :Passed! Ethernet Port 4 Test ok. Testing internal loopback on port 5 :Passed! Ethernet Port 5 Test ok. Testing internal loopback on port 6 :Passed! Ethernet Port 6 Test ok. 48.
Chapter 48 Interface Commands 412 ES-4124 User’s Guide
CHAPTER 49 IEEE 802.1Q Tagged VLAN Commands This chapter describes the IEEE 802.1Q Tagged VLAN and associated commands. 49.1 Configuring Tagged VLAN The following procedure shows you how to configure tagged VLAN. 1 Use the IEEE 802.1Q tagged VLAN commands to configure tagged VLAN for the Switch. • Use the vlan command to configure or create a VLAN on the Switch. The Switch automatically enters the config-vlan mode.Use the inactive command to deactivate the VLAN(s).
Chapter 49 IEEE 802.1Q Tagged VLAN Commands 49.2 Global VLAN1Q Tagged VLAN Configuration Commands This section shows you how to configure and monitor the IEEE 802.1Q Tagged VLAN. 49.2.1 GARP Status Syntax: show garp This command shows the Switch’s GARP timer settings, including the join, leave and leave all timers. An example is shown next. sysname# show garp GARP Timer -----------------------Join Timer = 200 Leave Timer = 600 Leave All Timer = 10000 sysname# 49.2.
Chapter 49 IEEE 802.1Q Tagged VLAN Commands The following example sets the Join Timer to 300 milliseconds, the Leave Timer to 800 milliseconds and the Leave All Timer to 11000 milliseconds. sysname (config)# garp join 300 leave 800 leaveall 11000 49.2.3 GVRP Timer Syntax: show vlan1q gvrp This command shows the Switch’s GVRP settings. An example is shown next. sysname# show vlan1q gvrp GVRP Support --------------------gvrpEnable = YES sysname # 49.2.
Chapter 49 IEEE 802.1Q Tagged VLAN Commands The following example sets the default VID to 200 on ports 1 to 5. sysname (config)# interface port-channel 1-5 sysname (config-interface)# pvid 200 49.3.2 Set Acceptable Frame Type Syntax: frame-type where = Specifies all Ethernet frames (tagged and untagged), only tagged Ethernet frames or only untagged Ethernet frames.
Chapter 49 IEEE 802.1Q Tagged VLAN Commands where = The VLAN ID [1 – 4094]. = A name to identify the SVLAN entry. = This is the Switch port list. • Enter fixed to register the to the static VLAN table with . • Enter normal to confirm registration of the to the static VLAN table with . • Enter forbidden to block a from joining the static VLAN table with .
Chapter 49 IEEE 802.1Q Tagged VLAN Commands 49.3.5 Delete VLAN ID Syntax: no vlan where = The VLAN ID [1 – 4094]. This command deletes the specified VLAN ID entry from the static VLAN table. The following example deletes entry 2 in the static VLAN table. sysname (config)# no vlan 2 49.4 Enable VLAN Syntax: vlan This command enables the specified VLAN ID in the SVLAN (Static VLAN) table. 49.
Chapter 49 IEEE 802.1Q Tagged VLAN Commands • The TagCtl section of the last column shows which ports are tagged and which are untagged. sysname# show vlan The Number of VLAN: 3 Idx.
Chapter 49 IEEE 802.
CHAPTER 50 Multicast VLAN Registration Commands This chapter shows you how to use Multicast VLAN Registration (mvr) commands. 50.1 Overview Use the mvr commands in the configuration mode to create and configure multicast VLANs. " If you want to enable IGMP snooping see Section 47.1 on page 391. 50.2 Create Multicast VLAN Use the following commands in the config-mvr mode to configure a multicast VLAN group.
Chapter 50 Multicast VLAN Registration Commands mode = Specifies dynamic (sends IGMP reports to all source ports in the multicast VLAN) or compatible (does not send IGMP reports). group name = A name to identify the MVR IP multicast group. start-address = Specifies the starting IP multicast address of the multicast group in dotted decimal notation. end-address = Specifies the ending IP multicast address of the multicast group in dotted decimal notation.
CHAPTER 51 Routing Domain Command Examples 51.0.1 interface route-domain Syntax: interface route-domain / where = This is the IP address of the Switch in the routing domain. Specify the IP address is dotted decimal notation. For example, 192.168.1.1. = The number of bits in the subnet mask. Enter the subnet mask number preceded with a “/”. To find the bit number, convert the subnet mask to binary and add all of the 1’s together. Take “255.255.255.
Chapter 51 Routing Domain Command Examples 424 ES-4124 User’s Guide
CHAPTER 52 Troubleshooting This chapter covers potential problems and possible remedies. 52.1 Problems Starting Up the Switch Table 146 Troubleshooting the Start-Up of Your Switch PROBLEM CORRECTIVE ACTION None of the LEDs turn on when you turn on the Switch. Check the power connection and make sure the power source is turned on. If the error persists, you may have a hardware problem. In this case, you should contact your vendor. 52.
Chapter 52 Troubleshooting 52.2.1 Pop-up Windows, JavaScripts and Java Permissions In order to use the web configurator you need to allow: • Web browser pop-up windows from your device. • JavaScripts (enabled by default). • Java permissions (enabled by default). " Internet Explorer 6 screens are used here. Screens for other Internet Explorer versions may vary. 52.2.1.1 Internet Explorer Pop-up Blockers You may have to disable pop-up blocking to log into your device.
Chapter 52 Troubleshooting Figure 205 Internet Options 3 Click Apply to save this setting. 52.2.1.1.2 Enable pop-up Blockers with Exceptions Alternatively, if you only want to allow pop-up windows from your device, see the following steps. 1 In Internet Explorer, select Tools, Internet Options and then the Privacy tab. 2 Select Settings…to open the Pop-up Blocker Settings screen.
Chapter 52 Troubleshooting Figure 206 Internet Options 3 Type the IP address of your device (the web page that you do not want to have blocked) with the prefix “http://”. For example, http://192.168.1.1. 4 Click Add to move the IP address to the list of Allowed sites. Figure 207 Pop-up Blocker Settings 5 Click Close to return to the Privacy screen.
Chapter 52 Troubleshooting 6 Click Apply to save this setting. 52.2.1.2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer, check that JavaScripts are allowed. 1 In Internet Explorer, click Tools, Internet Options and then the Security tab. Figure 208 Internet Options 2 3 4 5 6 Click the Custom Level... button. Scroll down to Scripting. Under Active scripting make sure that Enable is selected (the default).
Chapter 52 Troubleshooting Figure 209 Security Settings - Java Scripting 52.2.1.3 Java Permissions 1 2 3 4 5 From Internet Explorer, click Tools, Internet Options and then the Security tab. Click the Custom Level... button. Scroll down to Microsoft VM. Under Java permissions make sure that a safety level is selected. Click OK to close the window.
Chapter 52 Troubleshooting 52.2.1.3.1 JAVA (Sun) 1 From Internet Explorer, click Tools, Internet Options and then the Advanced tab. 2 Make sure that Use Java 2 for
Chapter 52 Troubleshooting 432 ES-4124 User’s Guide
P ART VII Appendices and Index Product Specifications (355) IP Addresses and Subnetting (441) Legal Information (449) Customer Support (453) Index (457) 433
APPENDIX A Product Specifications The following tables summarize the Switch’s hardware and firmware features. Table 149 Hardware Specifications SPECIFICATION DESCRIPTION Dimensions Standard 19” rack mountable 438 mm (W) x 270 mm (D) x 44.45 mm (H) Weight 3.6 Kg Power Specification One Backup Power Supply (BPS) connector AC: 100 - 240 VAC 50/60Hz 1.5A max internal universal power supply DC: -48 VDC ~ -60 VDC 1.
Appendix A Product Specifications Table 150 Firmware Specifications 436 FEATURE DESCRIPTION Default IP Address In band: 192.168.1.1 Out of band (Management port): 192.168.0.1 Default Subnet Mask 255.255.255.0 (24 bits) Administrator User Name admin Default Password 1234 Number of Login Accounts Configurable on the Switch 4 management accounts configured on the Switch. Authentication via RADIUS and TACACS+ also available.
Appendix A Product Specifications Table 150 Firmware Specifications FEATURE DESCRIPTION Multicast VLAN Registration (MVR) Multicast VLAN Registration (MVR) is designed for applications (such as Media-on-Demand (MoD)) using multicast traffic across a network. MVR allows one single multicast VLAN to be shared among different subscriber VLANs on the network. This improves bandwidth utilization by reducing multicast traffic in the subscriber VLANs and simplifies multicast group management.
Appendix A Product Specifications Table 150 Firmware Specifications FEATURE DESCRIPTION Firmware Upgrade Download new firmware (when available) from the ZyXEL web site and use the web configurator, CLI or an FTP/TFTP tool to put it on the Switch. Note: Only upload firmware for your specific model! Configuration Backup & Restoration Make a copy of the Switch’s configuration and put it back on the Switch later if you decide you want to revert back to an earlier configuration.
Appendix A Product Specifications Table 151 Switching Specifications (continued) Layer 3 Features IP Capability IPV4 support 64 IP routing domains 4K IP address table Wire speed IP forwarding Routing protocols Unicast: RIP-V1/V2, OSPF V2 Multicast: DVMRP, IGMP V1/V2/V3 Static Routing VRRP IP services DHCP relay; VLAN based DHCP server/relay DHCP Snooping Security IEEE 802.
Appendix A Product Specifications Table 152 Standards Supported (continued) 440 STANDARD DESCRIPTION RFC 3164 Syslog RFC 3376 Internet Group Management Protocol, Version 3 RFC 3414 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMP v3) RFC 3580 RADIUS - Tunnel Protocol Attribute IEEE 802.1x Port Based Network Access Control IEEE 802.1D MAC Bridges IEEE 802.1p Traffic Types - Packet Priority IEEE 802.1Q Tagged VLAN IEEE 802.
APPENDIX B IP Addresses and Subnetting This appendix introduces IP addresses and subnet masks. IP addresses identify individual devices on a network. Every networking device (including computers, servers, routers, printers, etc.) needs an IP address to communicate across the network. These networking devices are also known as hosts. Subnet masks determine the maximum number of possible hosts on a network. You can also use subnet masks to divide one network into multiple sub-networks.
Appendix B IP Addresses and Subnetting Figure 212 Network Number and Host ID How much of the IP address is the network number and how much is the host ID varies according to the subnet mask. Subnet Masks A subnet mask is used to determine which bits are part of the network number, and which bits are part of the host ID (using a logical AND operation). The term “subnet” is short for “subnetwork”. A subnet mask has 32 bits.
Appendix B IP Addresses and Subnetting Subnet masks are expressed in dotted decimal notation just like IP addresses. The following examples show the binary and decimal notation for 8-bit, 16-bit, 24-bit and 29-bit subnet masks. Table 154 Subnet Masks BINARY DECIMAL 1ST OCTET 2ND OCTET 3RD OCTET 4TH OCTET 8-bit mask 11111111 00000000 00000000 00000000 255.0.0.0 16-bit mask 11111111 11111111 00000000 00000000 255.255.0.0 24-bit mask 11111111 11111111 11111111 00000000 255.255.255.
Appendix B IP Addresses and Subnetting Table 156 Alternative Subnet Mask Notation (continued) SUBNET MASK ALTERNATIVE NOTATION LAST OCTET (BINARY) LAST OCTET (DECIMAL) 255.255.255.192 /26 1100 0000 192 255.255.255.224 /27 1110 0000 224 255.255.255.240 /28 1111 0000 240 255.255.255.248 /29 1111 1000 248 255.255.255.252 /30 1111 1100 252 Subnetting You can use subnetting to divide one network into multiple sub-networks.
Appendix B IP Addresses and Subnetting Figure 214 Subnetting Example: After Subnetting In a 25-bit subnet the host ID has 7 bits, so each sub-network has a maximum of 27 – 2 or 126 possible hosts (a host ID of all zeroes is the subnet’s address itself, all ones is the subnet’s broadcast address). 192.168.1.0 with mask 255.255.255.128 is subnet A itself, and 192.168.1.127 with mask 255.255.255.128 is its broadcast address.
Appendix B IP Addresses and Subnetting Table 158 Subnet 2 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1. 64 IP Address (Binary) 11000000.10101000.00000001. 01000000 Subnet Mask (Binary) 11111111.11111111.11111111. 11000000 Subnet Address: 192.168.1.64 Lowest Host ID: 192.168.1.65 Broadcast Address: 192.168.1.127 Highest Host ID: 192.168.1.126 Table 159 Subnet 3 IP/SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192.168.1.
Appendix B IP Addresses and Subnetting Table 161 Eight Subnets (continued) SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Subnet Planning The following table is a summary for subnet planning on a network with a 24-bit network number. Table 162 24-bit Network Number Subnet Planning NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 1 255.255.255.
Appendix B IP Addresses and Subnetting Table 163 16-bit Network Number Subnet Planning (continued) NO. “BORROWED” HOST BITS SUBNET MASK NO. SUBNETS NO. HOSTS PER SUBNET 14 255.255.255.252 (/30) 16384 2 15 255.255.255.254 (/31) 32768 1 Configuring IP Addresses Where you obtain your network number depends on your particular situation. If the ISP or your network administrator assigns you a block of registered IP addresses, follow their instructions in selecting the IP addresses and the subnet mask.
APPENDIX C Legal Information Copyright Copyright © 2007 by ZyXEL Communications Corporation. The contents of this publication may not be reproduced in any part or as a whole, transcribed, stored in a retrieval system, translated into any language, or transmitted in any form or by any means, electronic, mechanical, magnetic, optical, chemical, photocopying, manual, or otherwise, without the prior written permission of ZyXEL Communications Corporation. Published by ZyXEL Communications Corporation.
Appendix C Legal Information FCC Warning This device has been tested and found to comply with the limits for a Class A digital switch, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a commercial environment. This device generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
Appendix C Legal Information condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal or higher value, and will be solely at the discretion of ZyXEL. This warranty shall not apply if the product has been modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. Note Repair or replacement, as provided under this warranty, is the exclusive remedy of the purchaser.
Appendix C Legal Information 452 ES-4124 User’s Guide
APPENDIX D Customer Support Please have the following information ready when you contact customer support. Required Information • • • • Product model and serial number. Warranty Information. Date that you received your device. Brief description of the problem and the steps you took to solve it. Corporate Headquarters (Worldwide) • • • • • • • Support E-mail: support@zyxel.com.tw Sales E-mail: sales@zyxel.com.tw Telephone: +886-3-578-3942 Fax: +886-3-578-2439 Web Site: www.zyxel.com, www.europe.zyxel.
Appendix D Customer Support Denmark • • • • • • Support E-mail: support@zyxel.dk Sales E-mail: sales@zyxel.dk Telephone: +45-39-55-07-00 Fax: +45-39-55-07-07 Web Site: www.zyxel.dk Regular Mail: ZyXEL Communications A/S, Columbusvej, 2860 Soeborg, Denmark Finland • • • • • • Support E-mail: support@zyxel.fi Sales E-mail: sales@zyxel.fi Telephone: +358-9-4780-8411 Fax: +358-9-4780 8448 Web Site: www.zyxel.
Appendix D Customer Support • • • • Telephone: +7-3272-590-698 Fax: +7-3272-590-689 Web Site: www.zyxel.kz Regular Mail: ZyXEL Kazakhstan, 43, Dostyk ave.,Office 414, Dostyk Business Centre, 050010, Almaty, Republic of Kazakhstan North America • • • • • • • Support E-mail: support@zyxel.com Sales E-mail: sales@zyxel.com Telephone: +1-800-255-4101, +1-714-632-0882 Fax: +1-714-632-0858 Web Site: www.us.zyxel.com FTP Site: ftp.us.zyxel.com Regular Mail: ZyXEL Communications Inc., 1130 N. Miller St.
Appendix D Customer Support • Web Site: www.zyxel.es • Regular Mail: ZyXEL Communications, Arte, 21 5ª planta, 28033 Madrid, Spain Sweden • • • • • • Support E-mail: support@zyxel.se Sales E-mail: sales@zyxel.se Telephone: +46-31-744-7700 Fax: +46-31-744-7701 Web Site: www.zyxel.se Regular Mail: ZyXEL Communications A/S, Sjöporten 4, 41764 Göteborg, Sweden Ukraine • • • • • • Support E-mail: support@ua.zyxel.com Sales E-mail: sales@ua.zyxel.
Index Index Numerics 802.1P priority 85 A access control limitations 289 login account 297 remote management 304 service port 303 SNMP 290 accounting setup 194 accounts and modes 334 address learning, MAC 97, 99 Address Resolution Protocol (ARP) 323, 327, 328 administrator password 298 age 124 aggregator ID 137, 138 aging time 80 allowing pop-up windows 426 alternative subnet mask notation 443 applications backbone 37 bridging 38 IEEE 802.
Index CLI syntax conventions 332 cloning a port See port cloning cluster management 313 and switch passwords 318 cluster manager 313, 317 cluster member 313, 318 cluster member firmware upgrade 316 network example 313 setup 316 specification 313 status 314 switch models 313 VID 317 web configurator 315 cluster manager 313 cluster member 313 command interface 40 Command Line Interface introduction 331 Command Line Interface (CLI) 331 Command Line Interface, See also commands accessing 331 commands 331 acces
Index service level 255 what it does 255 DSCP (DiffServ Code Point) 255 DVMRP Autonomous System 249 default timer setting 252 error message 251 graft 250 how it works 249 implementation 249 probe 250 prune 250 report 250 setup 250 terminology 250 threshold 251 DVMRP (Distance Vector Multicast Routing Protocol) 249 dynamic link aggregation 135 E egress port 104 enable mode 334 examples 385 Ethernet broadcast address 323 Ethernet port test 307 Ethernet ports 46 default settings 46 external authentication se
Index IEEE 802.1x activate 145, 146, 192, 194 reauthentication 146 IEEE 802.
Index firmware 285 restoring configuration 286 maintenance 283 current configuration 283 main screen 283 management 331 Management Information Base (MIB) 290 management interface, See also CLI management port 104 managing the device good habits 40 using FTP. See FTP. using SNMP. See SNMP. using Telnet. See command interface. using the command interface. See command interface. using the web configurator. See web configurator.
Index interface 234, 236, 240 link state database 234, 236 network example 234 priority 234 redistribute route 238 route cost 240 router elections 234 router ID 238 router types 233 status 235 stub area 233, 240 virtual link 234 virtual links 242 vs RIP 233 OSPF (Open Shortest Path First) 233 P password 59 administrator 298 problems 431 PHB (Per-Hop Behavior) 255 ping, test connection 307 policy 161, 162 and classifier 161 and DiffServ 159 configuration 161 example 163 overview 159 rules 159, 160 viewing
Index and authentication 190 Network example 189 server 190 settings 190 setup 190 Rapid Spanning Tree Protocol, See RSTP.
Index Max Age 117, 118, 120, 122 path cost 110, 117, 120 port priority 117, 120 port state 111 root port 110 status 118, 121, 125 terminology 109 vs loop guard 223 stub area 233, 240 stub area, See also OSPF 240 subnet 441 subnet based VLANs 96 and DHCP VLAN 97 and priority 96 configuration 97 subnet mask 442 subnetting 444 switch lockout 59 switch reset 60 switch setup 79 switching 438 syntax conventions 4 syslog 206, 309 protocol 309 server setup 310 settings 309 setup 309 severity levels 309 system info
Index Virtual Router status 272 Virtual Router (VR) 271 Virtual Router Redundancy Protocol (VRRP) 271 VLAN 79, 89, 438 acceptable frame type 95 automatic registration 90 ID 89 ingress filtering 95 introduction 79 number of VLANs 92 port isolation 95 port number 93 port settings 94 port-based VLAN 101 port-based, all connected 104 port-based, isolation 104 port-based, wizard 104 static VLAN 93 status 92, 93 tagged 89 trunking 91, 95 type 80, 91 VLAN (Virtual Local Area Network) 79 VLAN commands examples 413
Index 466 ES-4124 User’s Guide
