ZyXEL Communications ES-2024A User Manual Download Page 127 | Manualshive

Page: 127 / 221

background image

ES-2024A User’s Guide

126

Chapter 22 Access Control

Figure 72

SSH Login Example

22.8 Introduction to HTTPS

HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web
protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-
level protocol that enables secure transactions of data by ensuring confidentiality (an
unauthorized party cannot read the transferred data), authentication (one party can identify the
other party) and data integrity (you know if data has been changed).

It relies upon certificates, public keys, and private keys.

HTTPS on the switch is used so that you may securely access the switch using the web
configurator. The SSL protocol specifies that the SSL server (the switch) must always
authenticate itself to the SSL client (the computer which requests the HTTPS connection with
the switch), whereas the SSL client only should authenticate itself when the SSL server
requires it to do so. Authenticating client certificates is optional and if selected means the SSL-
client must send the switch a certificate. You must apply for a certificate for the browser from
a CA that is a trusted CA on the switch.

Please refer to the following figure.

C:\>ssh2

[email protected]

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the host key has just been changed.
Please contact your system administrator.
Add correct host key to "C:/Documents and Settings/Administrator/Application
Data/SSH/hostkeys/key_22_192.168.1.1.pub" to get rid of this message.
Received server key's fingerprint: xigil-gidot-homug-duzab-tocyh-pamyb-
ronep-tisaf-hebip-gokeb-goxix You can get a public key's fingerprint by
running % ssh-keygen -F publickey.pub
on the keyfile. Agent forwarding is disabled to avoid attacks by corrupted
servers. X11 forwarding is disabled to avoid attacks by corrupted servers.
Are you sure you want to continue connecting (yes/no)?

yes

Do you want to change the host key on disk (yes/no)?

yes

Agent forwarding re-enabled.
X11 forwarding re-enabled.
Host key saved to C:/Documents and Settings/Administrator/Application Data/
SSH/hostkeys/key_22_192.168.1.1.pub host key for 192.168.1.1, accepted by
Administrator Thu May 12 2005 09:52:21
admin's password:
Authentication successful.
Copyright (c) 1994 - 2005 ZyXEL Communications Corp.
ras>

«
...
125
126
127
128
129
...
»

Summary of Contents for ES-2024A

Page 1: ...ES 2024A Ethernet Switch User s Guide Version 3 60 6 2005...

Page 2: ...tocopying manual or otherwise without the prior written permission of ZyXEL Communications Corporation Published by ZyXEL Communications Corporation All rights reserved Disclaimer ZyXEL does not assum...

Page 3: ...radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residenti...

Page 4: ...cord or power adaptor to the right supply voltage 110V AC in North America or 230V AC in Europe Do NOT use the device if the power supply is damaged as it might cause electrocution If the power supply...

Page 5: ...an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warr...

Page 6: ...2860 Soeborg Denmark sales zyxel dk 45 39 55 07 07 FINLAND support zyxel fi 358 9 4780 8411 www zyxel fi ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland sales zyxel fi 358 9 4780 8448 F...

Page 7: ...EL Communications UK Ltd 11 The Courtyard Eastern Road Bracknell Berkshire RG12 2XB United Kingdom UK sales zyxel co uk 44 0 8702 909091 ftp zyxel co uk is the prefix number you enter to make an inter...

Page 8: ...Backbone Application 25 1 4 2 Bridging Example 26 1 4 3 High Performance Switched Example 26 1 4 4 IEEE 802 1Q VLAN Application Examples 27 1 4 4 1 Tag based VLAN Example 27 1 4 4 2 VLAN Shared Serve...

Page 9: ...word 43 4 4 Switch Lockout 44 4 5 Resetting the Switch 44 4 5 1 Reload the Factory default Configuration File 44 4 6 Logging Out of the Web Configurator 45 4 7 Help 46 Chapter 5 Initial Setup Example...

Page 10: ...AN 68 8 5 1 Static VLAN Status 68 8 5 2 Configure a Static VLAN 69 8 5 3 Configure VLAN Port Settings 71 8 6 Port based VLAN Setup 72 8 6 1 Configure a Port based VLAN 72 Chapter 9 Static MAC Forwardi...

Page 11: ...tus 94 15 4 Link Aggregation Setup 95 Chapter 16 Port Authentication 99 16 1 Overview 99 16 1 1 RADIUS 99 16 2 Port Authentication Configuration 99 16 2 1 Activate IEEE 802 1x Security 100 16 2 2 Conf...

Page 12: ...116 21 7 1 Filename Conventions 116 21 7 1 1 Example FTP Commands 117 21 7 2 FTP Command Line Procedure 117 21 7 3 GUI based FTP Clients 118 21 7 4 FTP over WAN Restrictions 118 Chapter 22 Access Cont...

Page 13: ...141 25 1 Overview 141 25 2 Viewing the MAC Table 142 Chapter 26 ARP Table 143 26 1 Overview 143 26 1 1 How ARP Works 143 26 2 Viewing the ARP Table 143 Chapter 27 Introducing the Commands 145 27 1 Ove...

Page 14: ...8 2 5 show mac address table 169 28 3 ping 170 28 4 traceroute 170 28 5 Enabling RSTP 171 28 6 Configuration File Maintenance 171 28 6 1 Restarting the Switch 171 28 6 2 Resetting to the Factory Defau...

Page 15: ...7 29 5 1 Set Port VID 187 29 5 2 Set Acceptable Frame Type 188 29 5 3 Enable or Disable Port GVRP 188 29 5 4 Modify Static VLAN 188 29 5 4 1 Modify a Static VLAN Table Example 189 29 5 4 2 Forwarding...

Page 16: ...eb Configurator Home Screen Status 40 Figure 17 Change Administrator Login Password 44 Figure 18 Resetting the Switch Via the Console Port 45 Figure 19 Web Configurator Logout Screen 46 Figure 20 Init...

Page 17: ...Figure 58 Firmware Upgrade 114 Figure 59 Restore Configuration 114 Figure 60 Backup Configuration 115 Figure 61 Load Factory Default Conformation 115 Figure 62 Load Factory Default Start 116 Figure 6...

Page 18: ...nd Example 168 Figure 101 show logging Command Example 168 Figure 102 show interface Command Example 169 Figure 103 show mac address table Command Example 170 Figure 104 ping Command Example 170 Figur...

Page 19: ...ure 132 ingress check Command Example 187 Figure 133 vlan1q port default vid Command Example 188 Figure 134 frame type Command Example 188 Figure 135 no gvrp Command Example 188 Figure 136 Modifying S...

Page 20: ...p 75 Table 18 Static MAC Forwarding 78 Table 19 FIltering 79 Table 20 STP Path Costs 81 Table 21 STP Port States 82 Table 22 Spanning Tree Protocol Status 83 Table 23 Spanning Tree Protocol Configurat...

Page 21: ...ble 57 Command Summary Enable Mode 152 Table 58 Command Summary Configuration Mode 155 Table 59 interface port channel Commands 162 Table 60 Command Summary config vlan Commands 164 Table 61 Troublesh...

Page 22: ...ventions Enter means for you to type one or more characters Select or Choose means for you to use one of the predefined choices Command and arrow keys are enclosed in square brackets ENTER means the E...

Page 23: ...omments questions or suggestions for improvement to techwriters zyxel com tw or send regular mail to The Technical Writing Team ZyXEL Communications Corp 6 Innovation Road II Science Based Industrial...

Page 24: ...FC 2131 and RFC 2132 allows individual computers to obtain TCP IP configuration at start up from a server You can configure the switch as a DHCP client to obtain TCP IP information such as the IP addr...

Page 25: ...u to significantly reduce multicast traffic passing through your switch STP Spanning Tree Protocol RSTP Rapid STP R STP detects and breaks network loops and provides backup links between switches brid...

Page 26: ...switch or daisy chain to other switches Mini GBIC Slots Install SPF transceivers in these slots to connect to other Ethernet switches at longer distances than the Ethernet port Console Port Use the c...

Page 27: ...need high bandwidth can connect to high speed department servers via the switch You can provide a super fast uplink connection by using a Gigabit Ethernet mini GBIC port on the switch Moreover the sw...

Page 28: ...1Q VLAN Application Examples This section shows a workgroup and a shared server example using 802 1Q tagged VLANs A VLAN Virtual Local Area Network allows a physical network to be partitioned into mul...

Page 29: ...Shared Server Example Shared resources such as a server can be used by all ports in the same VLAN as the server as shown in the following example In this example only ports that need access to the se...

Page 30: ...gh clearance around the switch to allow air circulation and the attachment of cables and the power cord 4 Remove the adhesive backing from the rubber feet 5 Attach the rubber feet to each corner on th...

Page 31: ...eavy Take all necessary precautions to anchor the rack securely before installing the unit 2 2 2 Attaching the Mounting Brackets to the Switch 1 Position a mounting bracket on one side of the switch l...

Page 32: ...Connection 31 Figure 8 Mounting the Switch on a Rack 2 Using a 2 Philips screwdriver install the M5 flat head screws through the mounting bracket holes into the rack 3 Repeat steps 1 and 2 to attach...

Page 33: ...ES 2024A User s Guide 32 Chapter 2 Hardware Installation and Connection...

Page 34: ...e following parameters VT100 terminal emulation 9600 bps 10 100 Mbps Ethernet Ports Gigabit Ethernet Mini GBIC Ports Console Port Table 1 Front Panel LABEL DESCRIPTION CONSOLE Only connect this port i...

Page 35: ...00Mpbs and duplex mode full duplex or half duplex of the connected device An auto crossover auto MDI MDI X port automatically works with a straight through or crossover Ethernet cable 3 1 2 1 Default...

Page 36: ...dule 1 Insert the transceiver into the slot with the exposed section of PCB board facing down Figure 10 Transceiver Installation Example 2 Press the transceiver firmly until it clicks into place 3 The...

Page 37: ...2 Pull the transceiver out of the slot Figure 13 Transceiver Removal Example 3 2 Rear Panel The following figure shows the rear panel of the switch The power receptacle is on the read panel Figure 14...

Page 38: ...ps Ethernet network is up Amber Blinking The system is transmitting receiving to from a 100 Mbps Ethernet network On The link to a 100 Mbps Ethernet network is up Off The link to an Ethernet network i...

Page 39: ...ES 2024A User s Guide 38 Chapter 3 Hardware Overview...

Page 40: ...he web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissio...

Page 41: ...The Status Screen The Status screen is the first screen that displays when you access the web configurator The following figure shows the navigating components of a web configurator screen Figure 16...

Page 42: ...APPLICATION IP APPLICATION MANAGEMENT System Info General Setup Switch Setup IP Setup Port Setup VLAN VLAN Status VLAN Port Setting Static VLAN Static MAC Forwarding Filtering Static Routing DiffServ...

Page 43: ...settings for individual switch ports Advanced Application VLAN This link takes you to screens where you can configure port based or 802 1Q VLAN depending on what you configured in the Switch Setup men...

Page 44: ...defines how the switch should forward traffic by configuring the TCP IP parameters manually DiffServ This link takes you to screens where you can enable DiffServ and set DSCP to IEEE802 1p mappings Ad...

Page 45: ...at all Note Be careful not to lock yourself and others out of the switch 4 5 Resetting the Switch If you lock yourself and others from the switch or forget the switch password you will need to reload...

Page 46: ...actory default configuration file upload type atgo to restart the switch Figure 18 Resetting the Switch Via the Console Port The switch is now reinitialized with the factory default configuration file...

Page 47: ...gure 19 Web Configurator Logout Screen 4 7 Help The web configurator s online help has descriptions of individual screens and some supplementary information Click the Help link from a web configurator...

Page 48: ...tion steps for the initial setup Create a VLAN Set port VLAN ID Configure the switch IP management address 5 1 1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port s be...

Page 49: ...he IP Setup screen refer to the same VLAN ID 3 Since the VLAN2 network is connected to port 10 on the switch select Fixed to configure port 10 to be a permanent member of the VLAN only 4 To ensure tha...

Page 50: ...mple Port VID 1 Click Advanced Applications and VLAN in the navigation panel Then click the VLAN Port Setting link 2 Enter 2 in the PVID field for port 10 and click Apply to save the settings 5 1 3 Co...

Page 51: ...s in the address bar to access the web configurator See Section 4 2 on page 39 for more information 3 Click Basic Setting and IP Setup in the navigation panel 4 Configure the related fields in the IP...

Page 52: ...d port details screens 6 1 Overview The home screen of the web configurator displays a port statistical summary table with links to each port showing statistical details 6 2 Port Status Summary To vie...

Page 53: ...t See the chapter on STP for details on STP states LACP This fields displays whether LACP Link Aggregation Control Protocol has been enabled on the port TxPkts This field shows the number of transmitt...

Page 54: ...the port is stopped to break a loop or duplicate path LACP This field shows if LACP is enabled on this port or not TxPkts This field shows the number of transmitted frames on this port RxPkts This fie...

Page 55: ...at were too short shorter than 64 octets including the ones with CRC errors Distribution 64 This field shows the number of packets including bad packets received that were 64 octets in length 65 127 T...

Page 56: ...Setup screen allows you to set up and configure global switch features The IP Setup screen allows you to configure a switch IP address subnet mask s and DNS domain name server for management purposes...

Page 57: ...e the refresh interval by typing a new number in the text box and then clicking Set Interval Stop Click Stop to halt statistic polling Table 8 System Info continued LABEL DESCRIPTION Table 9 General S...

Page 58: ...nds when you turn on the switch Not all time servers support all protocols so you may have to use trial and error to find a protocol that works The main differences between them are the time format Da...

Page 59: ...and Leave IGMP version 2 packets transferred between IP multicast routers switches and IP multicast hosts to learn the IP multicast group membership It checks IGMP packets passing through it picks out...

Page 60: ...ress table before they age out and must be relearned GARP Timer Switches join VLANs by making a declaration A declaration is made by issuing a Join message using GARP Declarations are withdrawn by iss...

Page 61: ...e switch traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested Priority Level The following descriptions are based on t...

Page 62: ...his option if you have a DHCP server that can assign the switch an IP address and subnet mask a default gateway IP address and a domain name server IP address Static IP Address Select this option if y...

Page 63: ...IP Addresses Configure the fields to set additional management IP address IP Address Enter the IP address for managing the switch by the members of the VLAN specified in the VID field below IP Subnet...

Page 64: ...uplex 100M Half Duplex or 100M Full Duplex For Gigabit Ethernet mini GBIC ports 25 and 26 select Auto 100M Full Duplex or 1000M Full Duplex Selecting Auto auto negotiation allows one port to negotiate...

Page 65: ...ng port causing it to temporarily stop sending signals when the receiving port memory buffers fill Back Pressure flow control is typically used in half duplex mode to send a collision signal to the se...

Page 66: ...received at an Ethernet port has a CFI set to 1 then that frame should not be forwarded as it is to an untagged port The remaining twelve bits define the VLAN ID giving a possible maximum number of 4...

Page 67: ...GVRP GARP VLAN Registration Protocol is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network Enable this function to permit VLANs grou...

Page 68: ...LAN Trunking enabled on a port s in each intermediary switch you only need to create VLAN groups in the end devices A and B C D and E automatically allow frames with VLAN group tags 1 and 2 VLAN group...

Page 69: ...tag sent to a group whether it has a VLAN tag or not blocked from a VLAN group regardless of its VLAN tag You can also tag all outgoing frames that were previously untagged from a port with the specif...

Page 70: ...marked as T an untagged port is marked as U and ports not participating in a VLAN are marked as Elapsed Time This field shows how long it has been since a normal VLAN was registered or a static VLAN...

Page 71: ...onfiguring Control Select Normal for the port to dynamically join this VLAN group using GVRP This is the default selection Select Fixed for the port to be a permanent member of this VLAN group Select...

Page 72: ...mmary table Cancel Click Cancel to clear the Delete check boxes Table 15 VLAN Static VLAN continued LABEL DESCRIPTION Table 16 VLAN VLAN Port Setting LABEL DESCRIPTION GVRP GVRP GARP VLAN Registration...

Page 73: ...Select Port Based as the VLAN Type in the Switch Setup screen see Figure 31 on page 68 and then click VLAN from the navigation panel to display the next screen Ingress Check Select this check box to a...

Page 74: ...ES 2024A User s Guide Chapter 8 VLAN 73 Figure 35 Port Based VLAN Setup All Connected...

Page 75: ...ES 2024A User s Guide 74 Chapter 8 VLAN Figure 36 Port Based VLAN Setup Port Isolation The following table describes the labels in this screen...

Page 76: ...ing These are the ingress ports an ingress port is an incoming port that is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define th...

Page 77: ...ES 2024A User s Guide 76 Chapter 8 VLAN...

Page 78: ...u are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address forwarding together with port security allow only computers in the MAC address table on a por...

Page 79: ...nsert a new rule Cancel Click Cancel to reset the fields Clear Click Clear to begin configuring this screen afresh Index Click an index number to modify a static MAC address rule for a port Active Thi...

Page 80: ...screen as shown next Figure 38 Filtering The following table describes the related labels in this screen Table 19 FIltering LABEL DESCRIPTION Active Make sure to select this check box to activate you...

Page 81: ...ve This field displays Yes when the rule is activated and No when is it deactivated Name This field displays the descriptive name for this rule This is for identification purpose only MAC Address This...

Page 82: ...ing to the speed of the link to which a port is attached The slower the media the higher the cost On each bridge the root port is the port through which this bridge communicates with the root It is th...

Page 83: ...Max Age the bridge assumes that the link to the root bridge is down This bridge then initiates negotiations with other bridges to reconfigure the network to re establish a valid network topology 11 1...

Page 84: ...s the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay M...

Page 85: ...splays how often in seconds this screen refreshes You may change the refresh interval by typing a new number in the text box and then clicking Set Interval Stop Click Stop to halt STP statistic pollin...

Page 86: ...switch ports attached to the network The allowed range is 6 to 40 seconds Forwarding Delay This is the maximum time in seconds a switch will wait before changing states This delay is required because...

Page 87: ...ES 2024A User s Guide 86 Chapter 11 Spanning Tree Protocol...

Page 88: ...aximum allowable bandwidth for incoming and or out going traffic flows on a port Click Advanced Application and then Bandwidth Control in the navigation panel to bring up the screen as shown next Figu...

Page 89: ...a number down to the nearest multiple of 8000 for a number between 104000 and 1000000 Egress Rate Specify the maximum bandwidth allowed in Kilobits per second Kbps for the out going traffic flow on a...

Page 90: ...t frames that can be stored in the switch buffer or sent out from the switch Broadcast frames that arrive when the buffer is full are discarded Enable this feature to reduce broadcast traffic coming i...

Page 91: ...ffic a port receives in Kilobits per second Kbps If you enter a number between 64 and 1728 the switch automatically rounds the number down to the nearest multiple of 64 If you enter a number between 1...

Page 92: ...you copy the traffic to in order that you can examine the traffic from the mirror port without interference 14 2 Port Mirroring Setup Click Advanced Application Mirroring in the navigation panel to di...

Page 93: ...to copy incoming traffic from a specified MAC address on the mirrored port s Enter the source MAC address in the fields provided Egress You can specify to copy all outgoing traffic or traffic to from...

Page 94: ...EEE 802 3ad standard for static and dynamic LACP port trunking The switch supports the link aggregation IEEE802 3ad standard This standard describes the Link Aggregate Control Protocol LACP which is a...

Page 95: ...ys by default Figure 44 Link Aggregation Control Protocol Status The following table describes the labels in this screen Table 27 Link Aggregation ID Local Switch SYSTEM PRIORITY MAC ADDRESS KEY PORT...

Page 96: ...ng multiple ports Aggregator ID Refer to Section 15 2 1 on page 94 for more information on this field Enabled Port These are the ports you have configured in the Link Aggregation screen to be in the t...

Page 97: ...the lowest system priority and lowest port number if system priority is the same becomes the LACP server The LACP server controls the operation of LACP setup Enter a number to set the priority of an a...

Page 98: ...three tries then it is deemed to be down and is removed from the trunk Set a short timeout one second for busy trunked links to ensure that disabled ports are removed from the trunk group as soon as...

Page 99: ...ES 2024A User s Guide 98 Chapter 15 Link Aggregation...

Page 100: ...device user database that is limited to the memory capacity of the device In essence RADIUS authentication allows you to validate an unlimited number of users from a central location Figure 46 RADIUS...

Page 101: ...authentication on the switch Note You must first enable 802 1x authentication on the switch before configuring it on each port Port This field displays a port number Active Select this checkbox to pe...

Page 102: ...Authentication RADIUS LABEL DESCRIPTION Authentication Server IP Address Enter the IP address of the external RADIUS server in dotted decimal notation UDP Port The default port of the RADIUS server f...

Page 103: ...ES 2024A User s Guide 102 Chapter 16 Port Authentication...

Page 104: ...MAC addresses to pass through a port on the switch For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you d...

Page 105: ...t Address Learning MAC address learning reduces outgoing broadcast traffic For MAC address learning to occur on a port the port itself must be active with address learning enabled Limited Number of Le...

Page 106: ...st priority queue Q3 is transmitted first When that queue empties traffic on the next highest priority queue Q2 is transmitted until Q2 empties and then traffic is transmitted on Q1 and so on If highe...

Page 107: ...table describes the labels in this screen Table 35 Queuing Method LABEL DESCRIPTION Method Select Strictly Priority or Weighted Round Robin Scheduling Strict Priority Queuing SPQ services queues based...

Page 108: ...ivate deactivate this static route Name Enter a descriptive name up to 32 printable ASCII characters for identification purposes Destination IP Address This parameter specifies the IP network address...

Page 109: ...of the route Click a number to edit the static route entry Active This field displays Yes when the static route is activated and NO when it is deactivated Name This field displays the descriptive name...

Page 110: ...applications do not have to request a particular service or give advanced notice of where the traffic is going 20 1 1 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field...

Page 111: ...sociated policies 20 2 Activating DiffServ Activate DiffServ to allow the switch to enable DiffServ on the selected port s Click IP Application DiffServ in the navigation panel to display the screen a...

Page 112: ...EEE802 1P mapping 20 3 1 Configuring DSCP Settings To change the DSCP IEEE 802 1p mapping click the DSCP Setting link in the DiffServ screen to display the screen as shown next Figure 56 DiffServ DSCP...

Page 113: ...LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save the...

Page 114: ...n file to the switch Backup Configuration Access this screen to back up the current switch configuration Load Factory Default Click the button to clear all switch configuration information you configu...

Page 115: ...locate it After you have specified the file click Upgrade After the firmware upgrade process is complete see the System Info screen to verify your current firmware version number 21 3 Restore a Config...

Page 116: ...ckup 2 Click Save to display the Save As screen 3 Choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box C...

Page 117: ...Maintenance screen click the Click Here button next to Reboot System to display the next screen Figure 63 Reboot System Confirmation 2 Click OK to display the screen shown next Figure 64 Reboot Syste...

Page 118: ...ce and the IP address of your switch 3 Press ENTER when prompted for a username 4 Enter your password as requested the default is 1234 5 Enter bin to set transfer mode to binary 6 Use put to transfer...

Page 119: ...iately General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server Login Type Anonymous This is when a user I D and password is automatically suppl...

Page 120: ...y A console port or Telnet session can coexist with one FTP session up to five Web sessions five different usernames and passwords and or limitless SNMP access control sessions 22 2 The Access Control...

Page 121: ...rough which network administrators perform network management functions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects t...

Page 122: ...rted are outlined in the following table 22 3 3 Configuring SNMP From the Access Control screen display the SNMP screen You can click Access Control to go back to the Access Control screen Set Allows...

Page 123: ...is something other than admin is someone who can view but not configure switch settings Click Access Control from the navigation panel and then click Logins from this screen Table 45 Access Control S...

Page 124: ...ount with the admin user name You cannot change the default administrator user name Only the administrator has read write access Old Password Type the existing system password 1234 is the default pass...

Page 125: ...to the SSH server The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client...

Page 126: ...thentication and three encryption methods DES 3DES and Blowfish The SSH server is implemented on the switch for remote management and file transfer on port 22 Only one SSH connection is allowed at a t...

Page 127: ...for the browser from a CA that is a trusted CA on the switch Please refer to the following figure C ssh2 admin 192 168 1 1 WARNING HOST IDENTIFICATION HAS CHANGED IT IS POSSIBLE THAT SOMEONE IS DOING...

Page 128: ...t changed the default HTTPS port on the switch then in your browser enter https switch IP Address as the web site address where switch IP Address is the IP address or domain name of the switch you wi...

Page 129: ...d by an Unknown Authority screen pops up asking if you trust the server certificate Click Examine Certificate if you want to verify that the certificate is from the switch If Accept this certificate t...

Page 130: ...76 Security Certificate 2 Netscape 22 9 3 The Main Screen After you accept the certificate and enter the login username and password the switch main screen appears The lock displayed in the bottom ri...

Page 131: ...ES 2024A User s Guide 130 Chapter 22 Access Control Figure 77 Login Screen Internet Explorer Figure 78 Login Screen Netscape...

Page 132: ...e 47 Access Control Service Access Control LABEL DESCRIPTION Services Services you may use to access the switch are listed here Active Select this option for the corresponding services that you want t...

Page 133: ...t set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this sw...

Page 134: ...able describes the labels in this screen Table 49 Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi line text box Click Clear to empty the text box and rese...

Page 135: ...ES 2024A User s Guide 134 Chapter 23 Diagnostic...

Page 136: ...with one another In the following example switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members Figure 82 Clustering Applicati...

Page 137: ...are MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage cluster member...

Page 138: ...o to that cluster member switch s web configurator home page This cluster member web configurator home page and the home page that you d see if you accessed it directly are different Figure 84 Cluster...

Page 139: ...Jul 01 12 00 config 00 a0 c5 d4 88 bf 226 File sent OK ftp 463 bytes received in 0 00Seconds 463000 00Kbytes sec ftp bin 200 Type I OK ftp put 350du1 bin fw 00 a0 c5 d4 88 bf 200 Port command okay 15...

Page 140: ...up to 20 printable characters no spaces are allowed VID This is the VLAN ID and is only applicable if the switch is set to 802 1Q VLAN All switches must be directly connected and in the same VLAN gro...

Page 141: ...configurator password Add Click Add to save this part of the screen to the switch Cancel Click Cancel to begin configuring this part of the screen afresh Refresh Click Refresh to perform auto discove...

Page 142: ...termine how to forward frames See the following figure 1 The switch examines a received frame and learns the port on which this source MAC address came 2 The switch checks to see if the frame s destin...

Page 143: ...utton to display and arrange the data according to VLAN group Port Click this button to display and arrange the data according to port number This field displays Drop if you configure a filtering rule...

Page 144: ...to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The switch fills in its own MAC and IP address in the sender address fields and puts the...

Page 145: ...is the ARP Table entry number IP Address This is the learned IP address of a device connected to a switch port with corresponding MAC address below MAC Address This is the MAC address of the device w...

Page 146: ...gure the switch using either the CLI Command Line Interface or web configurator the settings are saved as a series of commands in a configuration file on the switch You can perform the following with...

Page 147: ...creen When you turn on your switch it performs several internal tests as well as line initialization You can view the initialization information using the console port After the initialization the log...

Page 148: ...ost key has just been changed Please contact your system administrator Add correct host key to C Documents and Settings Administrator Application Data SSH hostkeys key_22_192 168 1 1 pub to get rid of...

Page 149: ...e the up y or down z arrow key to scroll through the command history list The CLI does not accept partial or incomplete commands You may enter a unique part of a command and press TAB to have the swit...

Page 150: ...ble help logout exit history enable show ip cr show hardware monitor C F show system information ping help ping ip host name vlan vlan id ping ip host name cr traceroute help traceroute ip host name v...

Page 151: ...enter the Enable mode the command prompt changes to the pound sign To enter the configuration mode type configure or config The Configure mode command prompt consists of the word config and the pound...

Page 152: ...s use the write memory command to save the changes permanently Figure 98 CLI write memory Note The write memory command is not available in User mode You must save your changes after each CLI session...

Page 153: ...size 0 1472 t Sends Ping request to an Ethernet device in the specified VLAN s with the specified parameters help Displays command help information show ip Displays IP related information system infor...

Page 154: ...s help Displays command help information reload config Restarts the system show cluster Displays cluster management status candidates Displays cluster candidate information member Displays the MAC add...

Page 155: ...multi login information plt DIsplays PLT Port Loopback Test information port access authenticator Displays all port authentication settings port list Displays port authentication settings on the spec...

Page 156: ...server with the specified SSH version command Connects to an SSH server with the specified SSH version and addition commands to be executed on the server traceroute ip host name in band out of band vl...

Page 157: ...P address of a domain name server route ip mask next hop ip Creates a static route ip mask next hop ip metric metric name name inactive Sets the metric of a static route or deactivates a static route...

Page 158: ...t num Enables port mirroring on a specified port mode zynos Changes the CLI mode to the ZyNOS format multi login Enables multi login no bandwidth control Disable bandwidth control on the switch cluste...

Page 159: ...net or the CLI port access authenticator Disables port authentication on the switch port list Disables authentication on the listed ports port list reauthenticate Disables the re authentication mechan...

Page 160: ...own hosts host ip Removes the specified remote hosts from the list of all known hosts known hosts host ip 1024 ssh rsa ssh dsa Removes remote known hosts with the specified public key 1024 bit RSA1 RS...

Page 161: ...number key key string Sets the IP address and or the port number and key of the external RADIUS server remote management index start addr ip end addr ip service telnet ftp http icmp snmp ssh https Sp...

Page 162: ...priority 0 61440 Sets the bridge priority of the switch spq Sets the switch to use Strictly Priority Queuing SPQ ssh known hosts host ip 1024 ssh rsa ssh dsa key Adds a remote host to which the switc...

Page 163: ...olation Enables port isolation wrr Sets the switch to use Weighted Round Robin queuing WRR wt1 wt4 Sets the WRR weight A weight value of one to eight is given to each variable from wt1 to wt4 Table 58...

Page 164: ...ing in the interface dir ingress egress bo th Enables port mirroring for incoming outgoing or both incoming and outgoing traffic Port mirroring copies traffic from one or all ports to another or all p...

Page 165: ...back test vlan trunking Enables VLAN Trunking on ports connected to other switches or routers but not ports directly connected to end users to allow frames belonging to unknown VLAN groups to pass thr...

Page 166: ...port s to normal port s inactive Enables the specified VLAN ip address ip address mask Deletes the IP address and subnet mask from this VLAN ip address default gateway Deletes the default gateway from...

Page 167: ...ES 2024A User s Guide 166 Chapter 27 Introducing the Commands...

Page 168: ...28 2 1 show system information Syntax show system information This command shows the general system information such as the firmware version and system up time An example is shown next Figure 99 show...

Page 169: ...1970 PP2b INFO adjtime task pause 1 day 7 Thu Jan 1 01 06 26 1970 PP23 ERROR ospfReadConf can t get spOSPFArea_t 10 Thu Jan 1 01 06 38 1970 PP23 ERROR ospfReadConf can t get spOSPFArea_t 13 Thu Jan 1...

Page 170: ...ax show mac address table all sort static Where ras show interface 2 Port Info Port NO 2 Link 100M F Status FORWARDING LACP Disabled TxPkts 1744 RxPkts 12 Errors 0 Tx KBs s 0 64 Rx KBs s 0 0 Up Time 1...

Page 171: ...with an IP address of 192 168 1 100 Figure 104 ping Command Example 28 4 traceroute Syntax traceroute ip vlan vlan id ttl 1 255 wait 1 60 queries 1 10 ras show mac address table all Port VLAN ID MAC A...

Page 172: ...ows how to manage the configuration files 28 6 1 Restarting the Switch There are two ways in which you can restart the switch restart the switch cold reboot and restart the system warm reboot Use the...

Page 173: ...e running config to reset the current running configuration 2 Enter write memory to save the changes to the configuration file The following example resets the configuration file to the factory defaul...

Page 174: ...meout Command Example 28 7 3 no trunk Syntax no trunk T1 T2 T3 no trunk T1 T2 T3 lacp no trunk T1 T2 T3 interface port list where An example is shown next Disable trunk one T1 Disable LAPC on trunk th...

Page 175: ...28 7 5 no ssh Syntax no ssh key rsa1 rsa dsa no ssh known hosts host ip no ssh known hosts host ip 1024 ssh rsa ssh dsa where ras config no trunk T1 ras config no trunk T3 lacp ras config no trunk T2...

Page 176: ...ample 28 9 wrr Syntax wrr wt1 wt2 wt3 wt4 where The following example sets the switch to use WRR queuing and sets the queue weights for Q0 to Q3 known hosts host ip Remove specific remote hosts from t...

Page 177: ...eparated by a comma Ranges of port numbers are typed separated by a dash An example is shown next Enter the configuration mode Enable ports one three four and five for configuration Begin configuring...

Page 178: ...trol Set the outgoing traffic bandwidth limit to 70Kbps Set the incoming traffic bandwidth limit to 90Kbps Figure 119 bandwidth limit Command Example 28 10 4 mirror Syntax mirror mirror dir ingress eg...

Page 179: ...col that defines a way for switches to register necessary VLAN members on ports across the network Enable this function to permit VLANs groups beyond the local switch An example is shown next Enable t...

Page 180: ...where An example is shown next Enable port based VLAN tagging on the switch Enable ports one three four and five for configuration Set the outgoing traffic ports as the CPU 0 seven 7 eight 8 and nine...

Page 181: ...gure 124 qos priority Command Example 28 10 9 name Syntax name port name string where An example is shown next Enable ports one three four and five for configuration Set a name for the ports ras confi...

Page 182: ...mode Figure 126 speed duplex Command Example ras config interface port channel 1 3 5 ras config interface name Test auto 10 half 10 full 100 half 100 full 1000 full Sets the duplex mode half or full...

Page 183: ...ES 2024A User s Guide 182 Chapter 28 Command Examples...

Page 184: ...1Q Tagged VLAN uses both explicit and implicit tagging Whether to tag an outgoing frame depends on the setting of the egress port on a per LAN per port basis recall that a port can belong to multiple...

Page 185: ...nters the config vlan mode Use the inactive command to deactivate the VLAN s Use the interface port channel port list command to enter the config interface mode to set the VLAN settings on a port then...

Page 186: ...imer settings including the join leave and leave all timers An example is shown next Figure 129 GARP STATUS Command Example 29 4 2 GARP Timer Syntax garp join msec leave msec leaveall msec where ras c...

Page 187: ...e 130 GARP Timer Command Example 29 4 3 GVRP Timer Syntax show vlan1q gvrp This command shows the switch s GVRP settings An example is shown next Figure 131 GVRP Status Command Example 29 4 4 Enable G...

Page 188: ...eck Enables the device to discard incoming frames for VLANs that are not included in a port member set The following example activates ingress checking on the switch Figure 132 ingress check Command E...

Page 189: ...e or Disable Port GVRP Use the gvrp command to enable GVRP on the port s Use the no gvrp command to disable GVRP The following example turns off GVRP for ports 1 to 5 Figure 135 no gvrp Command Exampl...

Page 190: ...es without a tag Enter no untagged to tag outgoing frames 29 5 4 1 Modify a Static VLAN Table Example The following example configures ports 1 to 5 as fixed and untagged ports in VLAN 2000 Figure 136...

Page 191: ...h ignores the port from which the frame came because the switch does not send a frame to the port from which it came The switch also does not forward frames to forbidden ports 4 If after looking at th...

Page 192: ...1Q Tagged SVLAN Static VLAN table An example is shown next For the AdCtl section of the last column is a port set to normal x is a forbidden port and F is a fixed port For the TagCtl section of the l...

Page 193: ...ES 2024A User s Guide 192 Chapter 29 IEEE 802 1Q Tagged VLAN Commands...

Page 194: ...ain later Check that you have enabled Telnet service access If you have configured a secured client IP address your computer s IP address must match it Refer to the chapter on access control for detai...

Page 195: ...up blocking to log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address 30 2...

Page 196: ...ve this setting 30 2 1 1 2 Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools In...

Page 197: ...bleshooting Figure 141 Internet Options 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 1 1 4 Click Add to move the...

Page 198: ...Click Close to return to the Privacy screen 6 Click Apply to save this setting 30 2 1 2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaScripts...

Page 199: ...43 Internet Options 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that E...

Page 200: ...Java Scripting 30 2 1 3 Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java per...

Page 201: ...leshooting Figure 145 Security Settings Java 30 2 1 3 1 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 make sure that Use Java 2 for applet under Java Sun i...

Page 202: ...at you enter the correct password using the proper casing The administrator username is admin The default administrator password is 1234 The username and password are case sensitive Make sure that you...

Page 203: ...ES 2024A User s Guide 202 Chapter 30 Troubleshooting...

Page 204: ...esses per port Switching Switching fabric 8 8Gbps non blocking Max Frame size 1522 bytes Forwarding frame IEEE 802 3 IEEE 802 1q Ethernet II PPPoE Prevent the forwarding of corrupted packets STP IEEE...

Page 205: ...t CLI through console port and telnet Web based management Up to 64management IP address in different VLAN Clustering up to 24 switches can be manage by one IP SNMP RMON groups history statistics alar...

Page 206: ...S 2024A User s Guide Product Specifications 205 Safety UL 60950 1 CSA 60950 1 EN 60950 1 IEC 60950 1 EMC FCC Part 15 Class A CE EMC Class A Table 66 Physical and Environmental Specifications continued...

Page 207: ...ES 2024A User s Guide 206 Product Specifications...

Page 208: ...first two octets make up the network number and the two remaining octets make up the host ID Class C addresses begin starting from the left with 1 1 0 In a class C address the first three octets make...

Page 209: ...D Subnet masks are expressed in dotted decimal notation just as IP addresses are The natural masks for class A B and C IP addresses are as follows Subnetting With subnetting the class arrangement of a...

Page 210: ...168 1 0 with subnet mask of 255 255 255 0 The first three octets of the address make up the network number class C You want to have two separate networks Divide the network 192 168 1 0 into two separ...

Page 211: ...55 128 is the directed broadcast address for the first subnet Therefore the lowest IP address that can be assigned to an actual host for the first subnet is 192 168 1 1 and the highest is 192 168 1 12...

Page 212: ...dress Binary 11000000 10101000 00000001 00000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 0 Lowest Host ID 192 168 1 1 Broadcast Address 192 168 1 63 Highest Hos...

Page 213: ...11 11111111 11000000 Subnet Address 192 168 1 192 Lowest Host ID 192 168 1 193 Broadcast Address 192 168 1 255 Highest Host ID 192 168 1 254 Table 78 Eight Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS...

Page 214: ...ing The following table is a summary for class B subnet planning Table 80 Class B Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255...

Page 215: ...ES 2024A User s Guide 214 IP Subnetting...

Page 216: ...ing 55 BPDUs Bridge Protocol Data Units 82 Bridge Protocol Data Units BPDUs 82 Broadcast storm control 89 C Cables Connecting 3 CFI Canonical Format Indicator 65 Change password 43 Changes or Modifica...

Page 217: ...ric Shock 3 Electrical Pipes 3 Electrocution 3 Ethernet broadcast address 143 Ethernet port test 133 Ethernet ports 34 Default settings 34 Europe 3 Exposure 3 Extended authentication protocol 99 Exter...

Page 218: ...3 Dynamic 93 ID information 94 Setup 95 Status 94 Liquids Corrosive 3 Lockout 44 Log 133 Login 39 Password 43 Login account 122 Administrator 122 Non administrator 122 Number of 122 Login password 123...

Page 219: ...y level 60 Priority queue assignment 60 Product specification 203 PVID 65 72 PVID Priority Frame 65 Q Qualified Service Personnel 3 Quality of Service QoS 109 Queue weight 106 Queuing 24 105 Queuing a...

Page 220: ...y 81 STP Spanning Tree Protocol 24 Strict Priority Queuing SPQ 105 Subnet Masks 208 Subnetting 208 Supply Voltage 3 Support E mail 5 SVLAN Table 183 Sweden Contact Information 5 Swimming Pool 3 Switch...

Page 221: ...rtual Local Area Network 23 57 VLAN Databases 183 VLAN number 62 VLAN trunking 72 vlan1q port accept 188 vlan1q port gvrp 188 vlan1q svlan active 190 vlan1q svlan delentry 190 vlan1q svlan inactive 19...

Reviews:

No comments

Related manuals for ES-2024A

Brand: ABB Pages: 66

Brand: A-Link Pages: 6

Brand: Idis Pages: 123

Brand: Idis Pages: 29

Brand: Idis Pages: 28

DirectIP DR-1304P

Brand: Idis Pages: 82

Brand: iDirect Pages: 130

Brand: ADTRAN Pages: 2

Brand: FOR-A Pages: 72

Brand: Patton electronics Pages: 12

LBON320AC Series

Brand: Lindsay Broadband Pages: 4

Brand: Moxa Technologies Pages: 36

HIRESCHMANN IT MAMMUTHUS MTM8003-FAN

Brand: Belden Pages: 84

Brand: Patton electronics Pages: 145

ACCULINK 3161 CSU

Brand: Paradyne Pages: 19

Brand: Paradyne Pages: 108

Brand: Amphenol Pages: 43

Brand: Perle Pages: 4

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands