Home
/
ZyXEL Communications
/
ES-2048
/
User Manual

ZyXEL Communications ES-2048, User Manual

Share

Page: 234 / 306

ZyXEL Communications ES-2048 User Manual Download Page 234

Chapter 27 Access Control

ES-2048 User’s Guide

234

2

Encryption Method
Once the identification is verified, both the client and server must agree on the type of
encryption method to use.

3

Authentication and Data Transmission
After the identification is verified and data encryption activated, a secure tunnel is
established between the client and the server. The client then sends its authentication
information (user name and password) to the server to log in to the server.

27.6 SSH Implementation on the Switch

Your Switch supports SSH version 2 using RSA authentication and three encryption methods
(DES, 3DES and Blowfish). The SSH server is implemented on the Switch for remote
management and file transfer on port 22. Only one SSH connection is allowed at a time.

27.6.1 Requirements for Using SSH

You must install an SSH client program on a client computer (Windows or Linux operating
system) that is used to connect to the Switch over SSH.

27.7 Introduction to HTTPS

HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web
protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-
level protocol that enables secure transactions of data by ensuring confidentiality (an
unauthorized party cannot read the transferred data), authentication (one party can identify the
other party) and data integrity (you know if data has been changed).
It relies upon certificates, public keys, and private keys.
HTTPS on the Switch is used so that you may securely access the Switch using the web
configurator. The SSL protocol specifies that the SSL server (the Switch) must always
authenticate itself to the SSL client (the computer which requests the HTTPS connection with
the Switch), whereas the SSL client only should authenticate itself when the SSL server
requires it to do so. Authenticating client certificates is optional and if selected means the SSL-
client must send the Switch a certificate. You must apply for a certificate for the browser from
a CA that is a trusted CA on the Switch.
Please refer to the following figure.

1

HTTPS connection requests from an SSL-aware web browser go to port 443 (by default)
on the Switch’s WS (web server).

2

HTTP connection requests from a web browser go to port 80 (by default) on the Switch’s
WS (web server).

«
...
232
233
234
235
236
...
»

Summary of Contents for ES-2048

Page 1: ...zyxel com ES 2048 Layer 2 Ethernet Switch User s Guide Version 3 80 8 2007 Edition 1 DEFAULT LOGIN In band IP Address http 192 168 1 1 Out of band IP Address http 192 168 0 1 User Name admin Password...

Page 2: ...ES 2048 User s Guide 2...

Page 3: ...configurator and in some cases are necessary to configure advanced features Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information It is re...

Page 4: ...y stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER k...

Page 5: ...Guide 5 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Switch icon is not an exact representation of your device The Switch Computer Notebook computer Serv...

Page 6: ...f fuse Make sure to connect the cables to the correct ports Place connecting cables carefully so that no one will step on them or stumble over them Always disconnect all cables from this device before...

Page 7: ...Safety Warnings ES 2048 User s Guide 7 This product is recyclable Dispose of it properly...

Page 8: ...Safety Warnings ES 2048 User s Guide 8...

Page 9: ...tistics 61 Basic Setting 67 Advanced 79 VLAN 81 Static MAC Forward Setup 97 Filtering 99 Spanning Tree Protocol 101 Bandwidth Control 115 Broadcast Storm Control 117 Mirroring 119 Link Aggregation 121...

Page 10: ...S 2048 User s Guide 10 Syslog 243 Cluster Management 247 MAC Table 253 ARP Table 255 Configure Clone 257 Troubleshooting Product Specifications 259 Troubleshooting 261 Product Specifications 265 Appen...

Page 11: ...tion 31 1 1 2 Bridging Example 32 1 1 3 High Performance Switching Example 32 1 1 4 IEEE 802 1Q VLAN Application Examples 33 1 2 Ways to Manage the Switch 34 1 3 Good Habits for Managing the Switch 34...

Page 12: ...ch 53 4 6 1 Reload the Configuration File 54 4 7 Logging Out of the Web Configurator 54 4 8 Help 55 Chapter 5 Initial Setup Example 57 5 1 Overview 57 5 1 1 Creating a VLAN 57 5 1 2 Setting Port VID 5...

Page 13: ...Configuring Subnet Based VLAN 89 8 8 Protocol Based VLANs 90 8 9 Configuring Protocol Based VLAN 91 8 10 Create an IP based VLAN Example 92 8 11 Port based VLAN Setup 93 8 11 1 Configure a Port based...

Page 14: ...r 15 Link Aggregation 121 15 1 Link Aggregation Overview 121 15 2 Dynamic Link Aggregation 121 15 2 1 Link Aggregation ID 122 15 3 Link Aggregation Status 122 15 4 Link Aggregation Setting 123 15 5 Li...

Page 15: ...MVR Ports 149 19 6 2 MVR Modes 150 19 6 3 How MVR Works 150 19 7 General MVR Configuration 150 19 8 MVR Group Configuration 152 19 8 1 MVR Configuration Example 153 Chapter 20 Authentication Accounti...

Page 16: ...n VLAN Configure 189 Chapter 22 Loop Guard 191 22 1 Loop Guard Overview 191 22 2 Loop Guard Setup 193 Part IV IP Application 195 Chapter 23 Static Route 197 23 1 Static Routing Overview 197 23 2 Confi...

Page 17: ...ory Default 218 26 3 Save Configuration 218 26 4 Reboot System 219 26 5 Firmware Upgrade 219 26 6 Restore a Configuration File 220 26 7 Backup a Configuration File 220 26 8 FTP Command Line 221 26 8 1...

Page 18: ...stic 241 28 1 Diagnostic 241 Chapter 29 Syslog 243 29 1 Syslog Overview 243 29 2 Syslog Setup 243 29 3 Syslog Server Setup 244 Chapter 30 Cluster Management 247 30 1 Cluster Management Status Overview...

Page 19: ...1 Power Hardware Connections and LEDs 261 34 2 Switch Access and Login 262 Chapter 35 Product Specifications 265 35 1 Cable Pin Assignments 270 Part VII Appendices and Index 273 Appendix A IP Addresse...

Page 20: ...Table of Contents ES 2048 User s Guide 20...

Page 21: ...onfigurator Logout Screen 55 Figure 19 Initial Setup Network Example VLAN 57 Figure 20 Initial Setup Network Example Port VID 59 Figure 21 Initial Setup Example Management IP Address 59 Figure 22 Stat...

Page 22: ...regation Link Aggregation Setting 123 Figure 59 Advanced Application Link Aggregation Link Aggregation Setting LACP 125 Figure 60 Trunking Example Physical Connections 126 Figure 61 Trunking Example C...

Page 23: ...p Guard vs STP 191 Figure 101 Switch in Loop State 192 Figure 102 Loop Guard Probe Packet 192 Figure 103 Loop Guard Network Loop 192 Figure 104 Advanced Application Loop Guard 193 Figure 105 Static Ro...

Page 24: ...t Access Control Remote Management 238 Figure 141 Management Diagnostic 241 Figure 142 Management Syslog 244 Figure 143 Management Syslog Syslog Server Setup 245 Figure 144 Clustering Application Exam...

Page 25: ...sed VLAN Setup 92 Table 20 Port Based VLAN Setup 96 Table 21 Advanced Application Static MAC Forwarding 98 Table 22 Advanced Application FIltering 99 Table 23 STP Path Costs 102 Table 24 STP Port Stat...

Page 26: ...54 RADIUS Attributes Exec Events via Console 168 Table 55 RADIUS Attributes Exec Events via Telnet SSH 168 Table 56 RADIUS Attributes Exec Events via Console 168 Table 57 IP Source Guard 175 Table 58...

Page 27: ...agement Status 249 Table 99 FTP Upload to Cluster Member Example 250 Table 100 Management Cluster Management Configuration 251 Table 101 Management MAC Table 254 Table 102 Management ARP Table 256 Tab...

Page 28: ...List of Tables ES 2048 User s Guide 28...

Page 29: ...29 PART I Introduction and Hardware Getting to Know Your Switch 31 Hardware Installation and Connection 37 Hardware Overview 41...

Page 30: ...30...

Page 31: ...g the switch is easy In addition the switch can also be managed via Telnet any terminal emulator program on the console port or third party SNMP management See Chapter 35 on page 265 for a full list o...

Page 32: ...need high bandwidth can connect to high speed department servers via the Switch You can provide a super fast uplink connection by using a Gigabit Ethernet mini GBIC port on the Switch Moreover the Swi...

Page 33: ...allows a physical network to be partitioned into multiple logical networks Stations on a logical network belong to one group A station can belong to more than one group With VLAN a station cannot dir...

Page 34: ...t Cluster Management allows you to manage multiple switches through one switch called the cluster manager See Chapter 30 on page 247 1 3 Good Habits for Managing the Switch Do the following things reg...

Page 35: ...35 PART II Basic Configuration The Web Configurator 47 Initial Setup Example 57 System Status and Port Statistics 61 Basic Setting 67...

Page 36: ...36...

Page 37: ...ight of the switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the switch to allow air circulation and the attachment of cables and t...

Page 38: ...Installation Requirements Two mounting brackets Eight M3 flat head screws and a 2 Philips screwdriver Four M5 flat head screws and a 2 Philips screwdriver Failure to use the proper screws may damage...

Page 39: ...may now mount the switch on a rack Proceed to the next section 2 2 3 Mounting the Switch on a Rack 1 Position a mounting bracket that is already attached to the switch on one side of the rack lining...

Page 40: ...Chapter 2 Hardware Installation and Connection ES 2048 User s Guide 40...

Page 41: ...h and shows you how to make the hardware connections 3 1 Panel Connections The figures below show the front panel and the rear panel of the switch Figure 8 Front Panel Figure 9 Rear Panel 10 100 Mbps...

Page 42: ...an be 100 Mbps or 1000 Mbps and the duplex mode can be half duplex at 100 Mbps or full duplex An auto negotiating port can detect and adjust to the optimum Ethernet speed 100 1000 Mpbs and duplex mode...

Page 43: ...s This means that if a mini GBIC port and the corresponding Gigabit port are connected at the same time the Gigabit port will be disabled You can change transceivers while the switch is operating You...

Page 44: ...ng the Transceiver s Latch Example 2 Pull the transceiver out of the slot Figure 13 Transceiver Removal Example 3 1 4 Power Connector Make sure you are using the correct power source as shown on the p...

Page 45: ...ps Off The port is not connected at 100 Mbps or to an Ethernet device 2 RJ 45 Gigabit Ethernet Ports 1000 Green Blinking The port is receiving or transmitting data On The port is connected at 1000 10...

Page 46: ...Chapter 3 Hardware Overview ES 2048 User s Guide 46...

Page 47: ...he web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissio...

Page 48: ...reen Status A Click the menu items to open submenu links and then click on a submenu link to open the screen in the main window B C D E These are quick links which allow you to perform certain tasks n...

Page 49: ...display web help pages The help pages provide descriptions for all of the configuration screens In the navigation panel click a main link to reveal a list of submenu links Table 3 Navigation Panel Sub...

Page 50: ...Security Queuing Method Multicast Multicast Setting IGMP Snooping VLAN IGMP Filtering Profile MVR Group Configuration Authentication and Accounting RADIUS Server Setup TACACS Server Setup Auth and Ac...

Page 51: ...om one port or ports to another port in order that you can examine the traffic from the first port without interference Link Aggregation This link takes you to a screen where you can logically aggrega...

Page 52: ...s reboot the system Access Control This link takes you to screens where you can change the system login password and configure SNMP and remote management Diagnostic This link takes you to a screen whe...

Page 53: ...gement managing through the data ports if you do one of the following 1 Delete the management VLAN default is VLAN 1 2 Delete all port based VLANs with the CPU port as a member The CPU port is the man...

Page 54: ...any key to enter Debug Mode within 3 seconds press any key to enter debug mode 4 Type atlc after the Enter Debug Mode message 5 Wait for the Starting XMODEM upload message before activating XMODEM up...

Page 55: ...gure 18 Web Configurator Logout Screen 4 8 Help The web configurator s online help has descriptions of individual screens and some supplementary information Click the Help link from a web configurator...

Page 56: ...Chapter 4 The Web Configurator ES 2048 User s Guide 56...

Page 57: ...he initial setup Create a VLAN Set port VLAN ID Configure the Switch IP management address 5 1 1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port s belongs You can do...

Page 58: ...xed to configure port 1 to be a permanent member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs can receive frames properly clear the TX Tagging check box to set the...

Page 59: ...port 1 and click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 2 Configuring Switch Management IP Address The...

Page 60: ...formation 3 Click Basic Setting IP Setup in the navigation panel 4 Configure the related fields in the IP Setup screen 5 For the VLAN2 network enter 192 168 2 1 as the IP address and 255 255 255 0 as...

Page 61: ...ng statistical details 6 2 Port Status Summary To view the port statistics click Status in all web configurator screens to display the Status screen as shown next Figure 22 Status The following table...

Page 62: ...is field displays FORWARDING if the link is up otherwise it displays STOP LACP This fields displays whether LACP Link Aggregation Control Protocol has been enabled on the port TxPkts This field shows...

Page 63: ...type Copper or Fiber Status If STP Spanning Tree Protocol is enabled this field displays the STP state of the port see Section 11 1 on page 101 for more information If STP is disabled this field disp...

Page 64: ...d packets for which transmission is inhibited by exactly one collision Multiple This is a count of successfully transmitted packets for which transmission was inhibited by more than one collision Exce...

Page 65: ...ved that were between 512 and 1023 octets in length 1024 1518 This field shows the number of packets including bad packets received that were between 1024 and 1518 octets in length Giant This field sh...

Page 66: ...Chapter 6 System Status and Port Statistics ES 2048 User s Guide 66...

Page 67: ...allows you to set the system time manually or get the current time and date from an external server when you turn on your Switch The real time is then displayed in the Switch logs The Switch Setup sc...

Page 68: ...ay choose the temperature unit Centigrade or Fahrenheit in this field Temperature MAC CPU and PHY refer to the location of the temperature sensors on the Switch printed circuit board Current This show...

Page 69: ...lays the minimum speed at which a normal fan should work Status Normal indicates that this fan is functioning above the minimum speed Error indicates that this fan is functioning below the minimum spe...

Page 70: ...ocked for 60 seconds Please wait Current Time This field displays the time you open this menu or refresh the menu New Time hh min ss Enter the new time in hour minute and second format The new time th...

Page 71: ...the navigation panel to display the screen as shown The VLAN setup screens change depending on whether you choose 802 1Q or Port Based in the VLAN Type field in this screen Refer to the chapter on VL...

Page 72: ...le before they age out and must be relearned GARP Timer Switches join VLANs by making a declaration A declaration is made by issuing a Join message using GARP Declarations are withdrawn by issuing a L...

Page 73: ...ndex queues gets through faster while traffic in lower index queues is dropped if the network is congested Priority Level The following descriptions are based on the traffic types defined in the IEEE...

Page 74: ...able to use a domain name instead of an IP address Default Management Specify which traffic flow In Band or Out of band the Switch is to send packets originating from itself such as SNMP traps or pac...

Page 75: ...bnet Mask Enter the IP subnet mask of your Switch in dotted decimal notation for example 255 255 255 0 Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation f...

Page 76: ...d displays whether the Switch can be managed using the IP address Delete Check the management IP addresses that you want to remove in the Delete column then click the Delete button Cancel Click Cancel...

Page 77: ...trol is used to regulate transmission of signals to match the bandwidth of the receiving port The Switch uses IEEE802 3x flow control in full duplex mode and backpressure flow control in half duplex m...

Page 78: ...Chapter 7 Basic Setting ES 2048 User s Guide 78...

Page 79: ...ering 99 Spanning Tree Protocol 101 Bandwidth Control 115 Broadcast Storm Control 117 Mirroring 119 Link Aggregation 121 Port Authentication 129 Port Security 135 Queuing Method 139 Multicast 143 Auth...

Page 80: ...80...

Page 81: ...he remaining twelve bits define the VLAN ID giving a possible maximum number of 4 096 VLANs Note that user priority and VLAN ID are independent of each other A frame with VID VLAN Identifier of null 0...

Page 82: ...LANs groups beyond the local Switch Please refer to the following table for common IEEE 802 1Q VLAN terminology Table 13 IEEE 802 1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanen...

Page 83: ...VLAN Trunking enabled on a port s in each intermediary switch you only need to create VLAN groups in the end devices A and B C D and E automatically allow frames with VLAN group tags 1 and 2 VLAN grou...

Page 84: ...Advanced Application VLAN VLAN Detail Table 14 Advanced Application VLAN VLAN Status LABEL DESCRIPTION The Number of VLAN This is the number of VLANs configured on the Switch Index This is the VLAN i...

Page 85: ...etail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that was configured in the Static VLAN screen Port Number This column displays...

Page 86: ...row are copied to all the ports as soon as you make them Control Select Normal for the port to dynamically join this VLAN group using GVRP This is the default selection Select Fixed for the port to be...

Page 87: ...is row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied...

Page 88: ...have a subnet based VLAN with priority 5 and VID of 200 for traffic received from IP subnet 192 168 1 0 24 video services Lastly you configure VLAN with priority 3 and VID of 300 for traffic received...

Page 89: ...Override When DHCP snooping is enabled DHCP clients can renew their IP address through the DHCP VLAN or via another DHCP server on the subnet based VLAN Select this checkbox to force the DHCP clients...

Page 90: ...lications VLAN screens Priority Select the priority level that the Switch assigns to frames belonging to this VLAN Add Click Add to save your changes to the Switch s run time memory The Switch loses t...

Page 91: ...3 will be grouped together and all upstream Apple Talk traffic from port 6 and 7 will be in another group and have higher priority than ARP traffic when they go through the uplink port to a backbone s...

Page 92: ...otation is 0800 and Novell IPX protocol is 8137 Note Protocols in the hexadecimal number range of 0x0000 to 0x05ff are not allowed to be used for protocol based VLANs VID Enter the ID of a VLAN to whi...

Page 93: ...e destination MAC address and its associated port Port based VLANs require allowed outgoing ports to be defined for each port Therefore if you wish to allow two subscriber ports to talk to each other...

Page 94: ...ement port forms a VLAN with all Ethernet ports 8 11 1 Configure a Port based VLAN Select Port Based as the VLAN Type in the Basic Setting Switch Setup screen and then click Advanced Application VLAN...

Page 95: ...Chapter 8 VLAN ES 2048 User s Guide 95 Figure 41 Port Based VLAN Setup Port Isolation...

Page 96: ...ugh which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the incoming port for t...

Page 97: ...address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address...

Page 98: ...es power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved valu...

Page 99: ...ng in the navigation panel to display the screen as shown next Figure 43 Advanced Application Filtering The following table describes the related labels in this screen Table 22 Advanced Application FI...

Page 100: ...link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear...

Page 101: ...exists between any two stations on the network The Switch uses IEEE 802 1w RSTP Rapid Spanning Tree Protocol that allows faster convergence of the spanning tree than STP while also being backwards com...

Page 102: ...connected LANs and disables all other ports that participate in STP Network packets are therefore only forwarded between enabled ports eliminating any possible network loops STP aware switches exchang...

Page 103: ...Spanning Tree Instance MSTI MSTI allows multiple VLANs to use the same spanning tree Load balancing is possible as traffic from different VLANs can use distinct paths in a region 11 1 4 1 MSTP Networ...

Page 104: ...ppears as a single device to the rest of the network Each MSTP enabled device can only belong to one MST region When BPDUs enter an MST region external path cost of paths outside this region is increa...

Page 105: ...ree CIST A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of...

Page 106: ...ion Spanning Tree Protocol Figure 49 Advanced Application Spanning Tree Protocol Configuration The following table describes the labels in this screen Table 25 Advanced Application Spanning Tree Proto...

Page 107: ...Select this check box to activate RSTP Clear this checkbox to disable RSTP Note You must also activate Rapid Spanning Tree in the Advanced Application Spanning Tree Protocol Configuration screen to en...

Page 108: ...se temporary data loops might result The allowed range is 4 to 30 seconds As a general rule Note 2 Forward Delay 1 Max Age 2 Hello Time 1 Port This field displays the port number Settings in this row...

Page 109: ...ch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Del...

Page 110: ...10 11 6 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Section 11 1 4 on page 103 for more information on MSTP Fig...

Page 111: ...it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result The allowe...

Page 112: ...check box to add this port to the MST instance Priority Configure the priority for each port here Priority decides which port should be disabled when more than one port forms a loop in a switch Ports...

Page 113: ...n the Switch CST This section describes the Common Spanning Tree settings Bridge Root refers to the base of the spanning tree the root bridge Our Bridge is this switch This Switch may also be the root...

Page 114: ...is is the number of times the spanning tree has been reconfigured Time Since Last Change This is the time since the spanning tree was last reconfigured Instance These fields display the MSTI to VLAN m...

Page 115: ...eak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion The CIR and PIR should be set for all ports that use the same upli...

Page 116: ...Rate Specify the guaranteed bandwidth allowed in kilobits per second Kbps for the incoming traffic flow on a port The commit rate should be less than the peak rate The sum of commit rates cannot be gr...

Page 117: ...ets the Switch receives per second on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this featu...

Page 118: ...ts on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per...

Page 119: ...to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference Click Advanced Application Mirroring in the navigation panel to...

Page 120: ...Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are...

Page 121: ...and dynamic link aggregation In a properly planned network it is recommended to implement static link aggregation only This ensures increased network stability and control over the trunk groups on you...

Page 122: ...y default See Section 15 1 on page 121 for more information Figure 57 Advanced Application Link Aggregation Status The following table describes the labels in this screen Table 33 Link Aggregation ID...

Page 123: ...hat are currently transmitting data as one logical link in this trunk group Aggregator ID Link Aggregator ID consists of the following system priority MAC address key port priority and port number Ref...

Page 124: ...is the only screen you need to configure to enable static link aggregation Group ID The field identifies the link aggregation group that is one logical link containing multiple ports Active Select thi...

Page 125: ...ink Aggregation Control Protocol LACP System Priority LACP system priority is a number between 1 and 65 535 The switch with the lowest system priority and lowest port number if system priority is the...

Page 126: ...he common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them LACP Timeout Timeout is the time interval between the...

Page 127: ...Chapter 15 Link Aggregation ES 2048 User s Guide 127 Figure 61 Trunking Example Configuration Screen Your trunk group 1 T1 configuration is now complete you do not need to go to any additional screens...

Page 128: ...Chapter 15 Link Aggregation ES 2048 User s Guide 128...

Page 129: ...information on configuring your RADIUS server settings If you enable IEEE 802 1x authentication and MAC authentication on the same port the Switch performs IEEE 802 1x authentication first If a user...

Page 130: ...t for login credentials The login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication...

Page 131: ...rver settings in the Auth and Acct Radius Server Setup screen Click Advanced Application Port Authentication in the navigation panel to display the screen as shown Figure 64 Advanced Application Port...

Page 132: ...w first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this checkbox to permit...

Page 133: ...ed to the RADIUS server Password Type the password the Switch sends along with the MAC address of a client for authentication with the RADIUS server You can enter up to 32 printable ASCII characters T...

Page 134: ...this port You must first allow MAC authentication on the Switch before configuring it on each port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes...

Page 135: ...ith no limit on individual ports other than the sum cannot exceed 16K For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is no...

Page 136: ...wards packets whose MAC address es is in the MAC address table on this port Packets with no matching MAC address es are dropped Clear this check box to disable the port security feature The Switch for...

Page 137: ...e Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Cl...

Page 138: ...Chapter 17 Port Security ES 2048 User s Guide 138...

Page 139: ...smitted until Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent SP does not automatically adapt to...

Page 140: ...ed This works in a looping fashion until a queue is empty Weighted Round Robin Scheduling WRR uses the same algorithm as round robin scheduling but services queues based on their priority and queue we...

Page 141: ...number you configure in the Weight field Queues with larger weights get more guaranteed bandwidth than queues with smaller weights Weighted Round Robin Scheduling services queues on a rotating basis b...

Page 142: ...n you select WFQ or WRR Select a queue Q0 to Q7 to have the Switch use Strictly Priority to service the subsequent queue s after and including the specified queue for the gigabit ports For example if...

Page 143: ...P addresses in the Class D range 224 0 0 0 to 239 255 255 255 are used for IP multicasting Certain IP multicast numbers are reserved by IANA for special purposes see the IANA web site for more informa...

Page 144: ...is referred to as fixed mode In fixed mode the Switch does not learn multicast group membership of any VLANs other than those explicitly added as an IGMP snooping VLAN 19 2 Multicast Status Click Adva...

Page 145: ...e timeout value from 1 to 16 711 450 in seconds This defines how many seconds the Switch waits for an IGMP report before removing an IGMP snooping membership entry when an IGMP leave message is receiv...

Page 146: ...ion to limit the number of multicast groups this port is allowed to join Max Group Num Enter the number of multicast groups this port is allowed to join Once a port is registered in the specified numb...

Page 147: ...Multicast Setting screen first Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top...

Page 148: ...This field displays the descriptive name for this VLAN group VID This field displays the ID number of the VLAN group Delete Check the rule s that you want to remove in the Delete column then click the...

Page 149: ...ce port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic Once configured the Switch maintains a forwardi...

Page 150: ...rt to the Switch to join the appropriate multicast group If the IGMP report matches one of the configured MVR multicast group addresses on the Switch an entry is created in the forwarding table on the...

Page 151: ...be shared among different subscriber VLANs on the network Name Enter a descriptive name up to 32 printable ASCII characters for identification purposes Multicast VLAN ID Enter the VLAN ID 1 to 4094 o...

Page 152: ...affic None Select this option to set the port not to participate in MVR No MVR multicast traffic is sent or received on this port Tagging Select this checkbox if you want the port to tag the VLAN ID i...

Page 153: ...o Section 19 1 1 on page 143 for more information on IP multicast addresses End Address Enter the ending IP multicast address of the multicast group in dotted decimal notation Enter the same IP addres...

Page 154: ...the receiver and source ports Figure 78 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers configure multicast group settings in the Group Configura...

Page 155: ...Chapter 19 Multicast ES 2048 User s Guide 155 Figure 80 MVR Group Configuration Example...

Page 156: ...Chapter 19 Multicast ES 2048 User s Guide 156...

Page 157: ...tch itself or it can use an external server to authorize a large number of users Accounting is the process of recording what a user is doing The Switch can use an external server to track when users l...

Page 158: ...ACS or both and then set up the authentication priority and accounting settings Click Advanced Application Auth and Acct in the navigation panel to display the screen as shown Figure 82 Advanced Appli...

Page 159: ...the Switch waits for an authentication request response from the RADIUS server If you are using index priority for your authentication and you are using two RADIUS servers then the timeout value is d...

Page 160: ...US accounting server Index This is a read only number representing a RADIUS accounting server entry IP Address Enter the IP address of an external RADIUS accounting server in dotted decimal notation U...

Page 161: ...ternate between the TACACS servers that it sends authentication requests to Timeout Specify the amount of time in seconds that the Switch waits for an authentication request response from the TACACS s...

Page 162: ...eout Specify the amount of time in seconds that the Switch waits for an accounting request response from the TACACS server Index This is a read only number representing a TACACS accounting server entr...

Page 163: ...nts via commands See the CLI Reference Guide for local authentication The TACACS and RADIUS are external servers Before you specify the priority make sure you have set up the corresponding database co...

Page 164: ...unting is enabled system accounting is disabled Exec Configure the Switch to send information when an administrator logs in and logs out via the console port telnet or SSH Dot1x Configure the Switch t...

Page 165: ...e IANA Internet Assigned Numbers Authority ZyXEL s vendor ID is 890 Vendor Type A vendor specified attribute identifying the setting you want to modify Vendor data A value you want to assign to the se...

Page 166: ...entication Refer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting This section lists the attributes used by authentication and accounting functions on the Switch In cases where the a...

Page 167: ...AS IP Address 20 3 1 3 Attributes Used by the IEEE 802 1x Authentication User Name NAS Identifier NAS IP Address NAS Port NAS Port Type This value is set to Ethernet 15 on the Switch Calling Station I...

Page 168: ...DATE STOP User Name Y Y Y NAS Identifier Y Y Y NAS IP Address Y Y Y Service Type Y Y Y Acct Status Type Y Y Y Acct Delay Time Y Y Y Acct Session Id Y Y Y Acct Authentic Y Y Y Acct Session Time Y Y Acc...

Page 169: ...Y Y Acct Session Id Y Y Y Acct Authentic Y Y Y Acct Input Octets Y Y Acct Output Octets Y Y Acct Session Time Y Y Acct Input Packets Y Y Acct Output Packets Y Y Acct Terminate Cause Y Acct Input Giga...

Page 170: ...Chapter 20 Authentication Accounting ES 2048 User s Guide 170...

Page 171: ...consists of the following features Static bindings Use this to create static bindings in the binding table DHCP snooping Use this to filter unauthorized DHCP packets on the network and to build the bi...

Page 172: ...restarts it loads static bindings from permanent memory but loses the dynamic bindings in which case the devices in the network have to send DHCP requests again As a result it is recommended you conf...

Page 173: ...DHCP Snooping Follow these steps to configure DHCP snooping on the Switch 1 Enable DHCP snooping on the Switch 2 Enable DHCP snooping on each VLAN and configure DHCP relay option 82 3 Configure trust...

Page 174: ...cify the maximum rate at which the Switch receives ARP packets on untrusted ports The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on untrusted p...

Page 175: ...and VLAN ID as an existing static binding the new static binding replaces the original one To open this screen click Advanced Application IP Source Guard Static Binding Table 57 IP Source Guard LABEL...

Page 176: ...is to reset the values above based on the last selected static binding or if not applicable to clear the fields above Clear Click this to clear the fields above Index This field displays a sequential...

Page 177: ...d ES 2048 User s Guide 177 21 4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database To open this screen click Advanced Application IP Source Guard DHCP Snoopin...

Page 178: ...te the DHCP snooping database again It displays Not Running if the current bindings have not changed since the last update This section displays information about the last time the Switch updated the...

Page 179: ...d leases This field displays the number of bindings the Switch ignored because the lease time had already expired Unsupported vlans This field displays the number of bindings the Switch ignored becaus...

Page 180: ...e labels in this screen Table 60 DHCP Snooping Configure LABEL DESCRIPTION Active Select this to enable DHCP snooping on the Switch You still have to enable DHCP snooping on specific VLAN and specify...

Page 181: ...the DHCP snooping database before it gives up Write delay interval Enter how long 10 65535 seconds the Switch waits to update the DHCP snooping database the first time the current bindings change afte...

Page 182: ...tions The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DE...

Page 183: ...ttings are applied to all VLANs Enabled Select Yes to enable DHCP snooping on the VLAN You still have to enable DHCP snooping on the Switch and specify trusted ports Note The Switch will drop all DHCP...

Page 184: ...a sequential number for each MAC address filter Mac Address This field displays the source MAC address in the MAC address filter VID This field displays the source VLAN ID in the MAC address filter P...

Page 185: ...ch ARP inspection is enabled in the section below Selected VLAN Select this to look at all the VLANs in a specific range in the section below Then enter the lowest VLAN ID Start VID and the highest VL...

Page 186: ...f the ARP packet Num Pkts This field displays the number of ARP packets that were consolidated into this log message The Switch consolidates identical log messages generated by ARP packets in the log...

Page 187: ...ing has no effect on existing MAC address filters Enter how long 1 2147483647 seconds the MAC address filter remains in the Switch after the Switch identifies an unauthorized ARP packet The Switch aut...

Page 188: ...he relationship between Syslog rate and Log interval is illustrated in the following examples 4 invalid ARP packets per second Syslog rate is 5 Log interval is 1 the Switch sends 4 syslog messages eve...

Page 189: ...rate at which ARP packets arrive is too high You can specify the maximum rate at which ARP packets can arrive on untrusted ports Limit These settings have no effect on trusted ports Rate pps Specify t...

Page 190: ...ction on the VLAN Select No to disable ARP inspection on the VLAN Log Specify when the Switch generates log messages for receiving ARP packets from the VLAN None The Switch does not generate any log m...

Page 191: ...blems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a switch are con...

Page 192: ...nabled port N on switch A sending a probe packet P to switch B Since switch B is in loop state the probe packet P returns to port N on A The Switch then shuts down port N to ensure that the rest of th...

Page 193: ...ee Protocol RSTP or MSTP enabled Figure 104 Advanced Application Loop Guard The following table describes the labels in this screen Table 69 Advanced Application Loop Guard LABEL DESCRIPTION Active Se...

Page 194: ...the Switch will shut down this port Clear this check box to disable the loop guard feature Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it...

Page 195: ...195 PART IV IP Application Static Route 197 Differentiated Services 201 DHCP 209...

Page 196: ...196...

Page 197: ...nd data to a server or device that is not reachable through the default gateway for example when sending SNMP traps or using ping to test IP connectivity This figure shows a Telnet session coming in f...

Page 198: ...epresents the cost of transmission for routing purposes IP routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks Enter a number that approximates the co...

Page 199: ...ate neighbor of your Switch that will forward the packet to the destination Metric This field displays the cost of transmission for routing purposes Delete Click Delete to remove the selected entry fr...

Page 200: ...Chapter 23 Static Route ES 2048 User s Guide 200...

Page 201: ...emember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 24 1 1 DSCP and Per Hop Behavior Dif...

Page 202: ...Traffic policing methods measure traffic flows against user defined criteria and identify it as either conforming exceeding or violating the criteria Two Rate Three Color Marker trTCM defined in RFC...

Page 203: ...09 trTCM Color blind Mode 24 2 2 trTCM Color aware Mode In color aware mode the evaluation of the packets uses the existing packet loss priority trTCM can increase a packet loss priority of a packet b...

Page 204: ...IPTION Active Select this option to enable DiffServ on the Switch Port This field displays the index number of a port on the Switch Settings in this row apply to all ports Use this row only if you wan...

Page 205: ...Switch treat all incoming packets as uncolored All incoming packets are evaluated against the CIR and PIR Select color aware to treat the packets as marked by some preceding entity Incoming packets ar...

Page 206: ...gn to packets based on the color they are marked via trTCM green Specify the DSCP value to use for packets with low packet loss priority yellow Specify the DSCP value to use for packets with medium pa...

Page 207: ...ion number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these c...

Page 208: ...Chapter 24 Differentiated Services ES 2048 User s Guide 208...

Page 209: ...5 1 1 DHCP Modes If there is already a DHCP server on your network then you can configure the Switch as a DHCP relay agent When the Switch receives a request from a computer on your network it contact...

Page 210: ...hat it relays to a DHCP server by adding Relay Agent Information This helps provide authentication about the source of the requests The DHCP server can then provide an IP address based on this informa...

Page 211: ...check box to enable DHCP relay Remote DHCP Server 1 3 Enter the IP address of a DHCP server in dotted decimal notation Relay Agent Information Select the Option 82 check box to have the Switch add in...

Page 212: ...sure you select the Option 82 check box to set the Switch to send additional information such as the VLAN ID together with the DHCP requests to the DHCP server This allows the DHCP server to assign t...

Page 213: ...add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This read only field displays the system name you configure in the General Setup...

Page 214: ...sent to the other DHCP server with an IP address of 172 23 10 100 Figure 119 DHCP Relay for Two VLANs For the example network configure the VLAN Setting screen as shown Figure 120 DHCP Relay for Two...

Page 215: ...215 PART V Management Maintenance 217 Access Control 223 Diagnostic 241 Syslog 243 Cluster Management 247 MAC Table 253 ARP Table 255 Configure Clone 257...

Page 216: ...216...

Page 217: ...nance The following table describes the labels in this screen Table 79 Management Maintenance LABEL DESCRIPTION Current This field displays which configuration Configuration 1 or Configuration 2 is cu...

Page 218: ...configuration settings permanently to Configuration 1 on the Switch Click Config 2 to save the current configuration settings to Configuration 2 on the Switch Alternatively click Save on the top right...

Page 219: ...configuration two on the Switch 26 5 Firmware Upgrade Make sure you have downloaded and unzipped the correct model firmware and version to your computer before uploading to the device 1 Be sure to up...

Page 220: ...ally renamed when you restore using this screen 26 7 Backup a Configuration File Backing up your Switch configurations allows you to create various snap shots of your device from which you may restore...

Page 221: ...urrent configuration to a file called config cfg on your computer If your T FTP client does not allow you to have a destination filename different than the source you will need to rename them as the S...

Page 222: ...ients 26 8 4 FTP Restrictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote Management screen does not match the client IP address...

Page 223: ...sessions are allowed A console port access control session and Telnet access control session cannot coexist when multi login is disabled See the CLI Reference Guide for more information on disabling...

Page 224: ...t functions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a...

Page 225: ...SNMPv2c RFC 1757 RMON SNMPv2 SNMPv2c or later version compliant with RFC 2011 SNMPv2 MIB for IP RFC 2012 SNMPv2 MIB for TCP RFC 2013 SNMPv2 MIB for UDP 27 3 3 SNMP Traps The Switch sends traps to an...

Page 226: ...sent when the Switch reboots by an administrator through a management interface timesync RTCNotUpdatedEventOn 1 3 6 1 4 1 890 1 5 8 23 31 2 1 This trap is sent when the Switch fails to get the time a...

Page 227: ...message from the RADIUS server RADIUSNotReachableEvent Clear 1 3 6 1 4 1 890 1 5 8 23 31 2 2 This trap is sent when the RADIUS server can be reached accounting RADIUSAccountingNotReach ableEventOn 1...

Page 228: ...opologyChange 1 3 6 1 2 1 17 0 2 This trap is sent when the STP topology changes MSTPTopologyChange 1 3 6 1 4 1 890 1 5 8 23 107 7 0 2 This trap is sent when the MSTP root switch changes mactable MacT...

Page 229: ...ich is the password for the incoming Get and GetNext requests from the management station The Get Community string is only used by SNMP managers using SNMP version 2c or lower Set Community Enter the...

Page 230: ...This is the lowest security level auth to implement an authentication algorithm for SNMP messages sent by this user priv to implement authentication and encryption for SNMP messages sent by this user...

Page 231: ...SNMP Setting screen Use the rest of the screen to select which traps the Switch sends to that SNMP manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Opti...

Page 232: ...ault password when shipped New Password Enter your new system password Retype to confirm Retype your new system password for confirmation Edit Logins You may configure passwords for up to four users T...

Page 233: ...How SSH works The following table summarizes how a secure connection is established between two remote hosts Figure 133 How SSH Works 1 Host Identification The SSH client sends a connection request to...

Page 234: ...SL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring confidentiality an unauthorized...

Page 235: ...ress is the IP address or domain name of the Switch you wish to access 27 8 1 Internet Explorer Warning Messages When you attempt to access the Switch HTTPS server a Windows dialog box pops up asking...

Page 236: ...tch If Accept this certificate temporarily for this session is selected then click OK to continue in Netscape Select Accept this certificate permanently to import the Switch s certificate into the SSL...

Page 237: ...llows you to decide what services you may use to access the Switch You may also change the default service port and configure trusted computer s for each service in the Remote Management screen discus...

Page 238: ...ort field If you change the default port number then you will have to let people who wish to use the service know the new port number for that service Timeout Type how many minutes a management sessio...

Page 239: ...ot match Telnet FTP HTTP ICMP SNMP SSH HTTPS Select services that may be used for managing the Switch from the specified trusted computers Apply Click Apply to save your changes to the Switch s run ti...

Page 240: ...Chapter 27 Access Control ES 2048 User s Guide 240...

Page 241: ...wing table describes the labels in this screen Table 93 Management Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi line text box Click Clear to empty the...

Page 242: ...Chapter 28 Diagnostic ES 2048 User s Guide 242...

Page 243: ...the documentation of your syslog program for details The following table describes the syslog severity levels 29 2 Syslog Setup Click Management Syslog in the navigation panel to display this screen...

Page 244: ...umn displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category Facility The log facility allo...

Page 245: ...run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done co...

Page 246: ...Chapter 29 Syslog ES 2048 User s Guide 246...

Page 247: ...ble to communicate with one another In the following example switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members Table 97 ZyX...

Page 248: ...48 Figure 144 Clustering Application Example 30 2 Cluster Management Status Click Management Cluster Management in the navigation panel to display the following screen A cluster can only have one mana...

Page 249: ...manager None neither a manager nor a member of a cluster Manager This field displays the cluster manager switch s hardware MAC address The Number of Member This field displays the number of switches...

Page 250: ...1 owner group 393216 Jul 01 12 00 config w w w 1 owner group 0 Jul 01 12 00 fw 00 a0 c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received...

Page 251: ...t If a switch that was previously a cluster member is later set to become a cluster manager then its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in...

Page 252: ...ged from the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below If multiple devices have the same pass...

Page 253: ...how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destination M...

Page 254: ...ary table below MAC Click this button to display and arrange the data according to MAC address VID Click this button to display and arrange the data according to VLAN group Port Click this button to d...

Page 255: ...e device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known...

Page 256: ...Index This is the ARP Table entry number IP Address This is the learned IP address of a device connected to a Switch port with corresponding MAC address below MAC Address This is the MAC address of t...

Page 257: ...can copy the settings of one port onto other ports 33 1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management C...

Page 258: ...6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings you configured in the Basic Setting...

Page 259: ...259 PART VI Troubleshooting Product Specifications Troubleshooting 261 Product Specifications 265...

Page 260: ...260...

Page 261: ...appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or cord to the Switch 4 If the problem continues contact the vendor V The ALM LED is on...

Page 262: ...you changed the IP address use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the Switch 2 Check the hardwar...

Page 263: ...connecting again later Check that you have enabled logins for HTTP or telnet If you have configured a secured client IP address your computer s IP address must match it Refer to the chapter on access...

Page 264: ...Chapter 34 Troubleshooting ES 2048 User s Guide 264...

Page 265: ...ent RJ 45 port Auto negotiation Auto MDI MDIX One console port Compliant with IEEE 802 3ad u x Back pressure flow control for half duplex Flow control for full duplex IEEE 802 3x LEDs Per switch PWR S...

Page 266: ...s the number of broadcast multicast and destination lookup failure DLF packets the Switch receives per second on the ports Two Rate Three Color Marker Two Rate Three Color Marker trTCM defined in RFC...

Page 267: ...TACACS AAA servers Device Management Use the web configurator or commands to easily configure the rich range of features on the Switch Port Cloning Use the port cloning feature to copy the settings yo...

Page 268: ...traffic mirroring Supports IGMP snooping VLAN Port based VLAN setting Tag based IEEE 802 1Q VLAN Number of VLAN 4K 1000 static maximum Supports GVRP Subnet Based VLAN Protocol Based VLAN Port Aggregat...

Page 269: ...Group Management Protocol Version 2 RFC 2475 DiffServ DSCP to IEEE 802 1p priority mapping RFC 2674 P BRIDGE MIB Q BRIDGE MIB RFC 2698 Two Rate Three Color Marker trTCM RFC 2865 Vendor specific Attrib...

Page 270: ...when you connect a modem to the dial backup port 3 Figure 153 Console Dial Backup Port Pin Layout IEEE 802 3ab Gigabit Ethernet IEEE 802 3ad Link Aggregation IEEE 802 3ah Ethernet OAM Operations Admin...

Page 271: ...ND Pin 6 DTE DSR Pin 7 DTE RTS Pin 8 DTE CTS PIN 9 NON The CON AUX port also has these pin assignments The CON AUX switch changes the setting in the firmware only and does not change the CON AUX port...

Page 272: ...Chapter 35 Product Specifications ES 2048 User s Guide 272...

Page 273: ...273 PART VII Appendices and Index IP Addresses and Subnetting 275 Common Services 285 Legal Information 289 Customer Support 293 Index 299...

Page 274: ...274...

Page 275: ...re a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID...

Page 276: ...part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist...

Page 277: ...y a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed...

Page 278: ...s the company network before subnetting Figure 155 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subn...

Page 279: ...1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to bo...

Page 280: ...et 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Add...

Page 281: ...BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30...

Page 282: ...You don t need to change the subnet mask computed by the Switch unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks...

Page 283: ...omputer B which is a DHCP client Neither can access the Internet This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain an IP address autom...

Page 284: ...n not use the same IP address In the following example the computer and the router s LAN port both use 192 168 1 1 as the IP address The computer cannot access the Internet This problem can be solved...

Page 285: ...USER this is the IP protocol number Description This is a brief explanation of the applications that use this service or the situations in which this service is used Table 121 Commonly Used Services...

Page 286: ...net chat program NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that provides transparent file sharing for network environment...

Page 287: ...mainframes midrange systems UNIX systems and network servers SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system...

Page 288: ...Appendix B Common Services ES 2048 User s Guide 288...

Page 289: ...tware described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein with...

Page 290: ...xpressly approved by the party responsible for compliance could void the user s authority to operate the equipment This Class A digital apparatus complies with Canadian ICES 003 Cet appareil num rique...

Page 291: ...rect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact ZyXEL s Service Center for your Return Material Authorization number RMA Products must be ret...

Page 292: ...Appendix C Legal Information ES 2048 User s Guide 292...

Page 293: ...ail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 3 578 3942 Fax 886 3 578 2439 Web www zyxel com www europe zyxel com FTP ftp zyxel com ftp europe zyxel com Regular Mail ZyXEL Co...

Page 294: ...8 Web www zyxel fi Regular Mail ZyXEL Communications Oy Malminkaari 10 00700 Helsinki Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web www zyxel fr Regular Mail...

Page 295: ...awa ku Tokyo 141 0022 Japan Kazakhstan Support http zyxel kz support Sales E mail sales zyxel kz Telephone 7 3272 590 698 Fax 7 3272 590 689 Web www zyxel kz Regular Mail ZyXEL Kazakhstan 43 Dostyk Av...

Page 296: ...rzei 1A 03 715 Warszawa Poland Russia Support http zyxel ru support Sales E mail sales zyxel ru Telephone 7 095 542 89 29 Fax 7 095 542 89 25 Web www zyxel ru Regular Mail ZyXEL Russia Ostrovityanova...

Page 297: ...ZyXEL Thailand Co Ltd 1 1 Moo 2 Ratchaphruk Road Bangrak Noi Muang Nonthaburi 11000 Thailand Ukraine Support E mail support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 Fax...

Page 298: ...Appendix D Customer Support ES 2048 User s Guide 298...

Page 299: ...authorization 157 privilege levels 163 automatic VLAN registration 82 B back up configuration file 220 bandwidth control 115 268 egress rate 116 ingress rate 116 setup 115 basic settings 67 binding 1...

Page 300: ...CP 201 DSCP to IEEE802 1p mapping 206 network example 202 PHB 201 dimensions 265 disclaimer 289 DS Differentiated Services 201 DSCP DSCP to IEEE802 1p mapping 206 service level 201 what it does 201 DS...

Page 301: ...162 reauthentication 132 IEEE 802 1x port authentication 129 IGMP version 143 IGMP Internet Group Management Protocol 143 IGMP filtering 143 profile 148 profiles 145 IGMP snooping 143 and VLANs 144 M...

Page 302: ...the middle attacks 173 max age 111 hops 111 MIB and SNMP 224 supported MIBs 225 MIB Management Information Base 224 mini GBIC ports 43 connection speed 43 connector type 43 transceiver installation 43...

Page 303: ...rroring 119 speed duplex 77 power voltage 69 power consumption 265 power receptacle 42 power specification 265 power status 69 priority level 73 priority queue assignment 73 product registration 291 p...

Page 304: ...AC address 97 static MAC forwarding 89 91 97 static routes 199 static trunking example 126 Static VLAN 85 static VLAN control 86 tagging 86 status 48 61 LEDs 45 link aggregation 122 MSTP 112 port 61 p...

Page 305: ...ttribute See VSA VID 81 84 85 number of possible VIDs 81 priority frame 81 VID VLAN Identifier 81 VLAN 71 81 268 acceptable frame type 87 automatic registration 82 ID 81 IGMP snooping 144 ingress filt...

Page 306: ...Index ES 2048 User s Guide 306...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands