manualshive.com logo in svg

ZyXEL Communications GS2200-24 Series, User Manual

The ZyXEL Communications GS2200-24 Series comes with a comprehensive User Manual that provides detailed instructions for optimal setup and operation. Easily download this manual for free from our website to enhance your product experience and ensure seamless usage.

Share
Download
background image

www.zyxel.com

GS2200-24

Intelligent Layer 2 GbE Switch

Copyright © 2009 
ZyXEL Communications Corporation

Firmware Version 3.90

Edition 1, 6/2009

Default Login Details

IP Address

http://192.168.1.1 

User Name

admin

Password

1234

Summary of Contents for GS2200-24 Series

Page 1: ...com GS2200 24 Intelligent Layer 2 GbE Switch Copyright 2009 ZyXEL Communications Corporation Firmware Version 3 90 Edition 1 6 2009 Default Login Details IP Address http 192 168 1 1 User Name admin Password 1234 ...

Page 2: ......

Page 3: ...re the Switch Web Configurator Online Help The embedded Web Help contains descriptions of individual screens and supplementary information Note It is recommended you use the web configurator to configure the Switch Support Disc Refer to the included CD for support documents Documentation Feedback Send your comments questions or suggestions to techwriters zyxel com tw Thank you The Technical Writin...

Page 4: ...stions about ZyXEL products Forum This contains discussions on ZyXEL products Learn from others who use ZyXEL products and share your experiences as well Customer Support Should problems arise that cannot be solved by the methods listed above you should contact your vendor If you cannot contact your vendor then contact a ZyXEL office for the region in which you bought the device See http www zyxel...

Page 5: ...key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance Log Log Setting means you first click ...

Page 6: ... s Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Switch icon is not an exact representation of your device The Switch Computer Notebook computer Server DSLAM Firewall Telephone Router ...

Page 7: ...ppropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Use ONLY power wires of the appropriate wire gauge see Chapter 41 on page 329 for details for your device Connect it to a power supply of the correct voltage see Chapter 41 on page 329 for details Do NOT allow anything to rest on the power adaptor or cor...

Page 8: ...Safety Warnings GS2200 24 User s Guide 8 ...

Page 9: ...tics 65 Basic Setting 71 Advanced 85 VLAN 87 Static MAC Forward Setup 107 Static Multicast Forward Setup 111 Filtering 115 Spanning Tree Protocol 117 Bandwidth Control 139 Broadcast Storm Control 143 Mirroring 147 Link Aggregation 151 Port Authentication 161 Port Security 165 Classifier 169 Policy Rule 175 Queuing Method 181 VLAN Stacking 185 Multicast 193 AAA 201 IP Source Guard 215 Loop Guard 24...

Page 10: ...agement 269 Maintenance 271 Access Control 279 Diagnostic 301 Syslog 303 Cluster Management 307 MAC Table 315 ARP Table 319 Configure Clone 321 Troubleshooting Product Specifications 323 Troubleshooting 325 Product Specifications 329 Appendices and Index 337 ...

Page 11: ...27 1 1 4 IEEE 802 1Q VLAN Application Examples 27 1 2 Ways to Manage the Switch 28 1 3 Good Habits for Managing the Switch 28 Chapter 2 Hardware Installation and Connection 31 2 1 Installation Scenarios 31 2 2 Desktop Installation Procedure 31 2 3 Mounting the Switch on a Rack 31 2 3 1 Rack mounted Installation Requirements 32 2 3 2 Attaching the Mounting Brackets to the Switch 32 2 3 3 Mounting t...

Page 12: ...the Web Configurator 50 4 8 Help 50 Chapter 5 Initial Setup Example 51 5 1 Overview 51 5 1 1 Creating a VLAN 51 5 1 2 Setting Port VID 53 5 2 Configuring Switch Management IP Address 54 Chapter 6 Tutorials 55 6 1 Overview 55 6 2 How to Use DHCP Snooping on the Switch 55 6 3 How to Use DHCP Relay on the Switch 59 6 3 1 DHCP Relay Tutorial Introduction 59 6 3 2 Creating a VLAN 60 6 3 3 Configuring D...

Page 13: ...s 87 9 3 2 Forwarding Tagged and Untagged Frames 88 9 3 3 Automatic VLAN Registration 88 9 3 4 GARP 88 9 3 5 GVRP 89 9 3 6 Port VLAN Trunking 90 9 3 7 Select the VLAN Type 90 9 3 8 Static VLAN 90 9 4 VLAN Status 91 9 4 1 VLAN Details 92 9 5 Configure a Static VLAN 93 9 6 Configure VLAN Port Settings 95 9 7 Subnet Based VLANs 96 9 7 1 Configuring Subnet Based VLAN 97 9 8 Protocol Based VLANs 99 9 8...

Page 14: ...18 13 3 1 STP Terminology 118 13 3 2 How STP Works 119 13 3 3 STP Port States 119 13 3 4 Multiple RSTP 119 13 3 5 Multiple STP 120 13 4 Spanning Tree Protocol Status Screen 121 13 5 Spanning Tree Configuration 121 13 6 Configure Rapid Spanning Tree Protocol 122 13 7 Rapid Spanning Tree Protocol Status 124 13 8 Configure Multiple Rapid Spanning Tree Protocol 126 13 9 Multiple Rapid Spanning Tree Pr...

Page 15: ... You Can Do 151 17 3 What You Need to Know 151 17 3 1 Dynamic Link Aggregation 152 17 3 2 Link Aggregation ID 152 17 4 Link Aggregation Status 153 17 5 Link Aggregation Setting 155 17 6 Link Aggregation Control Protocol 157 17 7 Technical Reference 158 17 7 1 Static Trunking Example 158 Chapter 18 Port Authentication 161 18 1 Overview 161 18 2 What You Can Do 161 18 3 What You Need to Know 161 18 ...

Page 16: ...8 21 4 Policy Example 179 Chapter 22 Queuing Method 181 22 1 Overview 181 22 2 What You Can Do 181 22 3 What You Need to Know 181 22 3 1 Strictly Priority Queuing 181 22 3 2 Weighted Fair Queuing 182 22 3 3 Weighted Round Robin Scheduling WRR 182 22 4 Configuring Queuing 183 Chapter 23 VLAN Stacking 185 23 1 Overview 185 23 2 What You Can Do 185 23 3 What You Need to Know 185 23 4 Configuring VLAN...

Page 17: ...Setup 208 25 8 Technical Reference 210 25 8 1 Vendor Specific Attribute 210 25 8 2 Supported RADIUS Attributes 212 25 8 3 Attributes Used for Authentication 212 Chapter 26 IP Source Guard 215 26 1 Overview 215 26 2 What You Can Do 215 26 3 What You Need to Know 216 26 4 IP Source Guard 216 26 5 IP Source Guard Static Binding 217 26 6 DHCP Snooping 219 26 7 DHCP Snooping Configure 222 26 7 1 DHCP S...

Page 18: ...rotocol Tunneling Mode 246 28 4 Configuring Layer 2 Protocol Tunneling 247 Part IV IP Application 251 Chapter 29 Static Route 253 29 1 Overview 253 29 2 What You Can Do 254 29 3 Configuring Static Routing 254 Chapter 30 Differentiated Services 257 30 1 Overview 257 30 2 What You Can Do 257 30 3 What You Need to Know 257 30 3 1 DSCP and Per Hop Behavior 258 30 3 2 DiffServ Network Example 258 30 4 ...

Page 19: ...1 32 3 The Maintenance Screen 271 32 3 1 Load Factory Default 272 32 3 2 Save Configuration 273 32 3 3 Reboot System 273 32 4 Firmware Upgrade 274 32 5 Restore a Configuration File 274 32 6 Backup a Configuration File 275 32 7 Technical Reference 276 32 7 1 FTP Command Line 276 32 7 2 Filename Conventions 276 32 7 3 FTP Command Line Procedure 277 32 7 4 GUI based FTP Clients 277 32 7 5 FTP Restric...

Page 20: ... Chapter 36 Cluster Management 307 36 1 Overview 307 36 2 What You Can Do 308 36 3 Cluster Management Status 308 36 4 Clustering Management Configuration 310 36 5 Technical Reference 312 36 5 1 Cluster Member Switch Management 312 Chapter 37 MAC Table 315 37 1 Overview 315 37 2 What You Can Do 315 37 3 What You Need to Know 315 37 4 Viewing the MAC Table 316 Chapter 38 ARP Table 319 38 1 Overview ...

Page 21: ...23 Chapter 40 Troubleshooting 325 40 1 Power Hardware Connections and LEDs 325 40 2 Switch Access and Login 326 40 3 Switch Configuration 328 Chapter 41 Product Specifications 329 Part VII Appendices and Index 337 Appendix A Changing a Fuse 339 Appendix B Common Services 341 Appendix C Legal Information 345 Index 349 ...

Page 22: ...Table of Contents GS2200 24 User s Guide 22 ...

Page 23: ...23 PART I Introduction and Hardware Getting to Know Your Switch 25 Hardware Installation and Connection 31 Hardware Panels 35 ...

Page 24: ...24 ...

Page 25: ...at a time With its built in web configurator managing and configuring the Switch is easy In addition the Switch can also be managed via Telnet any terminal emulator program on the console port or third party SNMP management See Chapter 41 on page 329 for a full list of software features available on the Switch This section shows a few examples of using the Switch in various network environments 1 ...

Page 26: ...itch connects different company departments RD and Sales to the corporate backbone It can alleviate bandwidth contention and eliminate server and network bottlenecks All users that need high bandwidth can connect to high speed department servers via the Switch You can provide a super fast uplink connection by using a Gigabit Ethernet mini GBIC port on the Switch Moreover the Switch eases supervisi...

Page 27: ...re can be retained as all ports can freely communicate with each other Figure 3 High Performance Switched Workgroup Application 1 1 4 IEEE 802 1Q VLAN Application Examples A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple logical networks Stations on a logical network belong to one group A station can belong to more than one group With VLAN a station canno...

Page 28: ... Line commands offer an alternative to the web configurator and in some cases are necessary to configure advanced features See the CLI Reference Guide FTP Use FTP for firmware upgrades and configuration backup restore See Section 32 7 1 on page 276 SNMP The Switch can be monitored by an SNMP manager See Section 33 9 1 on page 288 Cluster Management Cluster Management allows you to manage multiple ...

Page 29: ...how to restore it Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes If you forget your password you will have to reset the Switch to its factory default settings If you backed up an earlier configuration file you would not have to totally re configure the Switch You could simply restore your last configuration ...

Page 30: ...Chapter 1 Getting to Know Your Switch GS2200 24 User s Guide 30 ...

Page 31: ...tch This is especially important for enclosed rack installations 2 2 Desktop Installation Procedure 1 Make sure the Switch is clean and dry 2 Set the Switch on a smooth level surface strong enough to support the weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment o...

Page 32: ...does not make the rack unstable or top heavy Take all necessary precautions to anchor the rack securely before installing the unit 2 3 2 Attaching the Mounting Brackets to the Switch 1 Position a mounting bracket on one side of the Switch lining up the four screw holes on the bracket with the screw holes on the side of the Switch Figure 5 Attaching the Mounting Brackets 2 Using a 2 Philips screwdr...

Page 33: ... the Switch on one side of the rack lining up the two screw holes on the bracket with the screw holes on the side of the rack Figure 6 Mounting the Switch on a Rack 2 Using a 2 Philips screwdriver install the M5 flat head screws through the mounting bracket holes into the rack 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack ...

Page 34: ...Chapter 2 Hardware Installation and Connection GS2200 24 User s Guide 34 ...

Page 35: ...tions 3 2 Front Panel The following figure shows the front panel of the Switch Figure 7 Front Panel The following table describes the port labels on the front panel Ethernet Ports Dual Personality Interfaces Console Port LEDs Table 1 Front Panel Connections LABEL DESCRIPTION 24 10 100 1000 RJ 45 Ethernet Ports Connect these ports to a computer a hub an Ethernet switch or router ...

Page 36: ...x or half duplex of the connected device An auto crossover auto MDI MDI X port automatically works with a straight through or crossover Ethernet cable Four 1000Base T Ethernet ports are paired with a mini GBIC slot to create a dual personality interface The Switch uses up to one connection for each mini GBIC and 1000Base T Ethernet pair The mini GBIC slots have priority over the Gigabit Four Dual ...

Page 37: ...ff Link Aggregation Disabled 3 2 2 2 Auto crossover All ports are auto crossover that is auto MDIX ports Media Dependent Interface Crossover so you may use either a straight through Ethernet cable or crossover Ethernet cable for all Gigabit port connections Auto crossover ports automatically sense whether they need to function as crossover or straight ports so crossover cables can connect both com...

Page 38: ... it clicks into place 3 The Switch automatically detects the installed transceiver Check the LEDs to verify that it is functioning properly 4 Close the transceiver s latch latch styles vary 5 Connect the fiber optic cables to the transceiver Figure 8 Transceiver Installation Example Figure 9 Connecting the Fiber Optic Cables 3 2 3 2 Transceiver Removal Use the following steps to remove a mini GBIC...

Page 39: ...ctor Note Make sure you are using the correct power source as shown on the panel To connect power to the Switch insert the female end of the power cord to the AC power receptacle on the front panel Connect the other end of the supplied power cord to a power outlet Make sure that no objects obstruct the airflow of the fans located on the side of the unit See Chapter 41 on page 329 for information o...

Page 40: ...A hardware failure is detected Off The system is functioning normally Ethernet Ports LNK ACT Green Blinking The system is transmitting receiving to from a 10 Mbps or a 1000 Mbps Ethernet network On The link to a 10 Mbps or a 1000 Mbps Ethernet network is up Amber Blinking The system is transmitting receiving to from a 100 Mbps Ethernet network On The link to a 100 Mbps Ethernet network is up Off T...

Page 41: ...41 PART II Basic Configuration The Web Configurator 43 Initial Setup Example 51 System Status and Port Statistics 65 Basic Setting 71 ...

Page 42: ...42 ...

Page 43: ...e Navigator 7 0 and later versions The recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 4 2 System Login 1 Start your web browser 2 Type http and the IP addre...

Page 44: ...d a time server nor manually entered a time and date in the General Setup screen Figure 13 Web Configurator Login 4 Click OK to view the first web configurator screen 4 3 The Status Screen The Status screen is the first screen that displays when you access the web configurator The following figure shows the navigating components of a web configurator screen Figure 14 Web Configurator Home Screen S...

Page 45: ... Switch s nonvolatile memory Nonvolatile memory is the configuration of your Switch that stays the same even if the Switch s power is turned off C Click this link to go to the status page of the Switch D Click this link to logout of the web configurator E Click this link to display web help pages The help pages provide descriptions for all of the configuration screens In the navigation panel click...

Page 46: ...configure static multicast MAC addresses for port s These static multicast MAC addresses do not age out Filtering This link takes you to a screen to set up filtering rules Spanning Tree Protocol This link takes you to screens where you can configure the RSTP MRSTP MSTP to prevent network loops Bandwidth Control This link takes you to a screen where you can configure bandwidth limits on the Switch ...

Page 47: ...w the Switch should forward traffic by configuring the TCP IP parameters manually DiffServ This link takes you to screens where you can enable DiffServ configure marking rules and set DSCP to IEEE802 1p mappings DHCP This link takes you to screens where you can configure the DHCP settings Management Maintenance This link takes you to screens where you can perform firmware and configuration file ma...

Page 48: ...Your Configuration When you are done modifying the settings in a screen click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off Click the Save link in the upper right hand corner of the web configurator to save your configuration to nonvolatile memory Nonvolatile memory refers to the Switch s storage that remains e...

Page 49: ...ut of the Switch 4 6 Resetting the Switch If you lock yourself and others from the Switch or forget the administrator password you will need to reload the factory default configuration file or reset the Switch back to the factory defaults 4 6 1 Reload the Configuration File Uploading the factory default configuration file replaces the current configuration file with the factory default configurati...

Page 50: ...configuration file upload type atgo to restart the Switch The Switch is now reinitialized with a default configuration file including the default password of 1234 4 7 Logging Out of the Web Configurator Click Logout in a screen to exit the web configurator You have to log in with your password again after you log out This is recommended after you finish a management session for security reasons Fi...

Page 51: ... the initial setup Create a VLAN Set port VLAN ID Configure the Switch IP management address 5 1 1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port s belongs You can do this with port based VLAN or tagged static VLAN with fixed port members In this example you want to configure port 1 as a member of VLAN 2 Figure 17 Initial Setup Network Example VLAN ...

Page 52: ...his screen and the VID field in the IP Setup screen refer to the same VLAN ID 3 Since the VLAN2 network is connected to port 1 on the Switch select Fixed to configure port 1 to be a permanent member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs can receive frames properly clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 5 Click...

Page 53: ...etwork configure 2 as the port VID on port 1 so that any untagged frames received on that port get sent to VLAN 2 Figure 18 Initial Setup Network Example Port VID 1 Click Advanced Applications VLAN in the navigation panel Then click the VLAN Port Setting link 2 Enter 2 in the PVID field for port 1 and click Apply to save your changes back to the run time memory Settings in the run time memory are ...

Page 54: ...b browser and enter 192 168 1 1 the default IP address in the address bar to access the web configurator See Section 4 2 on page 43 for more information 3 Click Basic Setting IP Setup in the navigation panel 4 Configure the related fields in the IP Setup screen 5 For the VLAN2 network enter 192 168 2 1 as the IP address and 255 255 255 0 as the subnet mask 6 In the VID field enter the ID of the VL...

Page 55: ...nt DHCP server A connected to port 5 to assign IP addresses to all devices in VLAN network V Create a VLAN containing ports 5 6 and 7 Connect a computer M to the Switch for management Figure 20 Tutorial DHCP Snooping Tutorial Overview Note For related information about DHCP snooping see Section 26 1 on page 215 The settings in this tutorial are as the following Table 5 Tutorial Settings in this Tu...

Page 56: ...LAN and create a VLAN with ID of 100 Add ports 5 6 and 7 in the VLAN by selecting Fixed in the Control field as shown Deselect Tx Tagging because you don t want outgoing traffic to contain this VLAN tag Click Add Figure 21 Tutorial Create a VLAN and Add Ports to It DHCP Client B 6 1 and 100 100 No DHCP Client C 7 1 and 100 100 No Table 5 Tutorial Settings in this Tutorial HOST PORT CONNECTED VLAN ...

Page 57: ...D of the ports 5 6 and 7 to 100 This tags untagged incoming frames on ports 5 6 and 7 with the tag 100 Figure 22 Tutorial Tag Untagged Frames 4 Go to Advanced Application IP Source Guard DHCP snooping Configure activate and specify VLAN 100 as the DHCP VLAN as shown Click Apply Figure 23 Tutorial Specify DHCP VLAN ...

Page 58: ...l Set the DHCP Server Port to Trusted 7 Go to Advanced Application IP Source Guard DHCP snooping Configure VLAN show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply Then select Yes in the Enabled field of the VLAN 100 entry shown at the bottom section of the screen If you want to add more information in the DHCP request packets such as source VLAN ID or system name you...

Page 59: ...If DHCP Snooping Works You can also telnet or log into the Switch s console Use the command show dhcp snooping binding to see the DHCP snooping binding table as shown next 6 3 How to Use DHCP Relay on the Switch This tutorial describes how to configure your Switch to forward DHCP client requests to a specific DHCP server The DHCP server can then assign a specific IP address based on the informatio...

Page 60: ...Scenario 6 3 2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 102 1 Access the web configurator through the Switch s management port 2 Go to Basic Setting Switch Setup and set the VLAN type to 802 1Q Click Apply to save the settings to the run time memory Figure 28 Tutorial Set VLAN Type to 802 1Q VLAN 102 DHCP Server Port 2 PVID 102 172 16 1 18 A 192 168 2 3 ...

Page 61: ...e Name field and enter 102 in the VLAN Group ID field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 7 Click Add to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off Figure 29 Tutorial Create a Static VLAN ...

Page 62: ... screen Figure 30 Tutorial Click the VLAN Port Setting Link 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to save your changes back to the run time memory Figure 31 Tutorial Add Tag for Frames Received on Port 2 ...

Page 63: ...reen 2 Select the Active check box 3 Enter the DHCP server s IP address 192 168 2 3 in this example in the Remote DHCP Server 1 field 4 Select the Option 82 and the Information check boxes 5 Click Apply to save your changes back to the run time memory Figure 32 Tutorial Set DHCP Server and Relay Information 6 Click the Save link in the upper right corner of the web configurator to save your config...

Page 64: ...lient A is connected to the Switch s port 2 in VLAN 102 2 You configured the correct VLAN ID port number and system name for DHCP relay on both the DHCP server and the Switch 3 You clicked the Save link on the Switch to have your settings take effect ...

Page 65: ...e and port details screens The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details 7 2 What You Can Do Use the Port Status Sumary screen Section 7 3 on page 66 to view the port statistics Use the Port Details screen Section 7 3 1 on page 67 to display individual port statistics ...

Page 66: ...ps 100M for 100Mbps or 1000M for 1000Mbps and the duplex F for full duplex or H for half It also shows the cable type Copper or Fiber for the combo ports State If STP Spanning Tree Protocol is enabled this field displays the STP state of the port see Section 13 1 on page 117 for more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP Thi...

Page 67: ...an individual port on the Switch Figure 34 Status Port Details Rx KB s This field shows the number of kilobytes per second received on this port Up Time This field shows the total amount of time in hours minutes and seconds the port has been up Clear Counter Enter a port number and then click Clear Counter to erase the recorded statistical information for that port or select Any to clear statistic...

Page 68: ...his field shows the number of kilobytes per second received on this port Up Time This field shows the total amount of time the connection has been up Tx Packet The following fields display detailed information about packets transmitted TX Packet This field shows the number of good packets unicast multicast and broadcast transmitted Multicast This field shows the number of good multicast packets tr...

Page 69: ...r of packets including bad packets received that were 64 octets in length 65 127 This field shows the number of packets including bad packets received that were between 65 and 127 octets in length 128 255 This field shows the number of packets including bad packets received that were between 128 and 255 octets in length 256 511 This field shows the number of packets including bad packets received ...

Page 70: ...Chapter 7 System Status and Port Statistics GS2200 24 User s Guide 70 ...

Page 71: ... you to set up and configure global Switch features The IP Setup screen allows you to configure a Switch IP address in each routing domain subnet mask s and DNS domain name server for management purposes 8 2 What You Can Do Use the System Info screen Section 8 3 on page 72 to check the firmware version number Use the General Setup screen Section 8 4 on page 74 to configure general settings such as...

Page 72: ... of the Switch s current firmware including the date created Ethernet Address This field refers to the Ethernet MAC Media Access Control address of the Switch Hardware Monitor Temperature Unit The Switch has temperature sensors that are capable of detecting and reporting if the temperature rises above the threshold You may choose the temperature unit Centigrade or Fahrenheit in this field Temperat...

Page 73: ...sure under 2000 RPM Threshold This field displays the minimum speed at which a normal fan should work Status Normal indicates that this fan is functioning above the minimum speed Error indicates that this fan is functioning below the minimum speed Voltage V The power supply for each voltage has a sensor that is capable of detecting and reporting if the voltage falls out of the tolerance range Curr...

Page 74: ...le describes the labels in this screen Table 9 Basic Setting General Setup LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes This name consists of up to 64 printable characters spaces are allowed Location Enter the geographic location of your Switch You can use up to 32 printable ASCII characters spaces are allowed Contact Person s Name Enter the name of the perso...

Page 75: ...isplays the date you open this menu New Date yyyy mm dd Enter the new date in year month and day format The new date then appears in the Current Date field after you click Apply Time Zone Select the time difference between UTC Universal Time Coordinated formerly known as GMT Greenwich Mean Time and your time zone from the drop down list box Daylight Saving Time Daylight saving is a period from lat...

Page 76: ...e Chapter 9 on page 87 for information on port based and 802 1Q tagged VLANs End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Saving Time The time field uses the 24 hour format Here are a couple of examples Daylight Saving Time ends in the United States on the first Sunday of November Each time zone in the United States stops using Daylight Saving Time at...

Page 77: ... 9 on page 87 for more information GARP Timer Switches join VLANs by making a declaration A declaration is made by issuing a Join message using GARP Declarations are withdrawn by issuing a Leave message A Leave All message terminates all registrations GARP timers set declaration timeout values See the chapter on VLAN setup for more background information Join Timer Join Timer sets the duration of ...

Page 78: ...lowing descriptions are based on the traffic types defined in the IEEE 802 1d standard which incorporates the 802 1p Level 7 Typically used for network control traffic such as router configuration messages Level 6 Typically used for voice traffic that is especially sensitive to jitter jitter is the variations in delay Level 5 Typically used for video that consumes high bandwidth and is sensitive t...

Page 79: ... default IP address is 192 168 1 1 The subnet mask specifies the network number portion of an IP address The factory default subnet mask is 255 255 255 0 You can configure up to 64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre defined VLAN s Note You must configure a VLAN first Figure 38 Basic Setting IP Setup ...

Page 80: ...agement only The default is 1 All ports by default are fixed members of this management VLAN in order to manage the device from any port If a port is not a member of this VLAN then users on that port cannot access the device To access the Switch make sure the port that you are connected to is a member of Management VLAN Management IP Addresses You can create up to 64 IP addresses which are used to...

Page 81: ...the configuration screen Figure 39 Basic Setting Port Setup Default Gateway This field displays the IP address of the default gateway Delete Check the management IP addresses that you want to remove in the Delete column then click the Delete button Cancel Click Cancel to clear the selected check boxes in the Delete column Table 11 Basic Setting IP Setup continued LABEL DESCRIPTION ...

Page 82: ...tically to obtain the connection speed and duplex mode that both ends support When auto negotiation is turned on a port on the Switch negotiates with the peer automatically to determine the connection speed and duplex mode If the peer port does not support auto negotiation or turns off this feature the Switch determines the connection speed by detecting the signal on the cable and using half duple...

Page 83: ...or more information Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 12 Basic Setting Port Setup continued LABEL DESCRI...

Page 84: ...Chapter 8 Basic Setting GS2200 24 User s Guide 84 ...

Page 85: ...ocol 117 Bandwidth Control 139 Broadcast Storm Control 143 Mirroring 147 Link Aggregation 151 Port Authentication 161 Port Security 165 Classifier 169 Policy Rule 175 Queuing Method 181 VLAN Stacking 185 Multicast 193 AAA 201 IP Source Guard 215 Loop Guard 241 Layer 2 Protocol Tunneling 245 ...

Page 86: ...86 ...

Page 87: ...ction 9 6 on page 95 to configure the static VLAN IEEE 802 1Q settings on a port Use the Subnet Based VLAN screen Section 9 7 on page 96 to set up VLANs that allow you to group traffic into logical VLANs based on the source IP subnet you specify Use the Port Based VLAN screen Section 9 9 on page 102 to set up VLANs where the packet forwarding decision is based on the destination MAC address and it...

Page 88: ...le VIDs a VID of 0 is used to identify priority frames and value 4095 FFF is reserved so the maximum possible VLAN configurations are 4 094 9 3 2 Forwarding Tagged and Untagged Frames Each port on the Switch is capable of passing tagged or untagged frames To forward a frame from an 802 1Q VLAN aware switch to an 802 1Q VLAN unaware switch the Switch first decides where to forward the frame and the...

Page 89: ...y VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually Dynamic VLAN This is a VLAN configured by a GVRP registration deregistration process VLAN Administrative Control Registration Fixed Fixed registration ports are permanent VLAN members Registration Forbidden Ports with registration forbidden are forbidden to join the specified VLAN Normal Registration ...

Page 90: ... VLAN Trunking enabled on a port s in each intermediary switch you only need to create VLAN groups in the end devices A and B C D and E automatically allow frames with VLAN group tags 1 and 2 VLAN groups that are unknown to those switches to pass through their VLAN trunking port s Figure 40 Port VLAN Trunking 9 3 7 Select the VLAN Type Select a VLAN type in the Basic Setting Switch Setup screen Fi...

Page 91: ... This is the number of VLANs configured on the Switch The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only when you use the Search button to look for certain VLANs Index This is the VLAN index number Click on an index number to view more VLAN details VID This is the VLAN identification number that was conf...

Page 92: ...SCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that was configured in the Static VLAN screen Port Number This column displays the ports that are participating in a VLAN A tagged port is marked as T an untagged port is marked as U and ports not participating in a VLAN are marked as Elapsed Time This field shows how long it has been since ...

Page 93: ...LAN Static VLAN The following table describes the related labels in this screen Table 16 Advanced Application VLAN Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings Name Enter a descriptive name for the VLAN group for identification purposes This name consists of up to 64 printable characters VLAN Group ID Enter the VLAN ID for this static entry the valid ran...

Page 94: ...nsmitted with this VLAN Group ID Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to change the fields back to their last saved values Clear Click Clear to start configu...

Page 95: ...ble 17 Advanced Application VLAN VLAN Port Setting LABEL DESCRIPTION GVRP GVRP GARP VLAN Registration Protocol is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network Select this check box to permit VLAN groups beyond the local Switch Ingress Check If this check box is selected the Switch discards incoming frames on a port for VLANs...

Page 96: ...k box to allow GVRP on this port Acceptable Frame Type Specify the type of frames allowed on a port Choices are All Tag Only and Untag Only Select All from the drop down list box to accept all untagged or tagged frames on this port This is the default setting Select Tag Only to accept only tagged frames on this port All untagged frames will be dropped Select Untag Only to accept only untagged fram...

Page 97: ...services You also have a subnet based VLAN with priority 5 and VID of 200 for traffic received from IP subnet 192 168 1 0 24 video services Lastly you configure VLAN with priority 3 and VID of 300 for traffic received from IP subnet 10 1 1 0 24 data services All untagged incoming frames will be classified based on their source IP subnet and prioritized accordingly That is video services receive th...

Page 98: ...IP subnet to obtain their IP addresses through the DHCP VLAN Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Active Check this box to activate the IP subnet VLAN you are creating or ed...

Page 99: ... be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch assigns to frames belonging to this VLAN Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memo...

Page 100: ...switch C Figure 48 Protocol Based VLAN Application Example 9 8 1 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown Note Protocol based VLAN applies to un tagged packets and is applicable only when you use IEEE 802 1Q tagged VLAN Figure 49 Advanced Application VLAN VLAN Port Setting Protocol Based VLAN ...

Page 101: ...an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch will assign to frames belonging to this VLAN Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memo...

Page 102: ...r example between conference rooms in a hotel you must define the egress an egress port is an outgoing port that is a port through which a data packet leaves for both ports Port based VLANs are specific only to the Switch on which they were created Note When you activate port based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that ...

Page 103: ... 1 Configure a Port based VLAN Select Port Based as the VLAN Type in the Basic Setting Switch Setup screen and then click Advanced Application VLAN from the navigation panel to display the next screen Figure 50 Port Based VLAN Setup All Connected ...

Page 104: ...Chapter 9 VLAN GS2200 24 User s Guide 104 Figure 51 Port Based VLAN Setup Port Isolation ...

Page 105: ...lick Apply at the bottom of the screen Incoming These are the ingress ports an ingress port is an incoming port that is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the incoming port for the corresponding port listed on the left its outgoing port CPU refers...

Page 106: ...protocol Leave the default value IP 5 Type the VLAN ID of an existing VLAN In our example we already created a static VLAN with an ID of 5 Type 5 6 Leave the priority set to 0 and click Add Figure 52 Protocol Based VLAN Configuration Example To add more ports to this protocol based VLAN 1 Click the index number of the protocol based VLAN entry Click 1 2 Change the value in the Port field to the ne...

Page 107: ...ssign static MAC addresses for a port 10 3 Configuring Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address forwarding together with port security allow o...

Page 108: ...here the MAC address entered in the previous field will be automatically forwarded Add Click Add to save your rule to the Switch s run time memory The Switch loses this rule if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved valu...

Page 109: ...splays the port where the MAC address shown in the next field will be forwarded Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete check boxes Table 21 Advanced Application Static MAC Forwarding continued LABEL DESCRIPTION ...

Page 110: ...Chapter 10 Static MAC Forward Setup GS2200 24 User s Guide 110 ...

Page 111: ... multicast group A static multicast address is a multicast MAC address that has been manually entered in the multicast table Static multicast addresses do not age out Static multicast forwarding allows you the administrator to forward multicast frames to a member without the member having to join the group first If a multicast group has no members then the switch will either flood the multicast fr...

Page 112: ...3 within VLAN group 4 Figure 54 No Static Multicast Forwarding Figure 55 Static Multicast Forwarding to A Single Port Figure 56 Static Multicast Forwarding to Multiple Ports 11 4 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames such as streaming or control frames to specific port s ...

Page 113: ... pair 00000001 is 01 and 00000011 is 03 in hexadecimal so 01 00 5e 00 00 0A and 03 00 5e 00 00 27 are valid multicast MAC addresses VID You can forward frames with matching destination MAC address to port s within a VLAN group Enter the ID that identifies the VLAN group here If you don t have a specific target VLAN enter 1 Port Enter the port s where frames with destination MAC address that matche...

Page 114: ...This field displays the multicast MAC address that identifies a multicast group VID This field displays the ID number of a VLAN group to which frames containing the specified multicast MAC address will be forwarded Port This field displays the port s within a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded Delete Click Delete to remove the sel...

Page 115: ...ination MAC addresses and VLAN group ID 12 2 What You Can Do Use the Filtering screen Section 12 3 on page 115 to create rules for traffic going through the Switch 12 3 Configure a Filtering Rule Use this screen to create rules for traffic going through the Switch Click Advanced Application Filtering in the navigation panel to display the screen as shown next Figure 58 Advanced Application Filteri...

Page 116: ...is six hexadecimal character pairs VID Type the VLAN group identification number Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous co...

Page 117: ...rent STP modes RSTP MRSTP or MSTP you can configure on the Switch Use the Spanning Tree Configuration screen Section 13 5 on page 121 to activate one of the STP modes on the Switch Use the Rapid Spanning Tree Protocol screen Section 13 6 on page 122 to configure RSTP settings Use the Rapid Spanning Tree Protocol Status screen Section 13 7 on page 124 to display the status screen as shown next Use ...

Page 118: ...dresses from the filtering database In RSTP the port states are Discarding Learning and Forwarding Note In this user s guide STP refers to both STP and RSTP 13 3 1 STP Terminology The root bridge is the base of the spanning tree Path cost is the cost of transmitting a frame onto a LAN through that port The recommended cost is assigned according to the speed of the link to which a port is attached ...

Page 119: ...that the link to the root bridge is down This bridge then initiates negotiations with other bridges to reconfigure the network to re establish a valid network topology 13 3 3 STP Port States STP assigns five port states to eliminate packet looping A bridge port is not allowed to go directly from blocking state to forwarding state so as to eliminate transient loops 13 3 4 Multiple RSTP MRSTP Multip...

Page 120: ... is backward compatible with STP RSTP and addresses the limitations of existing spanning tree protocols STP and RSTP in networks to include the following features One Common and Internal Spanning Tree CIST that represents the entire network s connectivity Grouping of multiple bridges or switching devices into regions that appear as one single bridge on the network A VLAN can be mapped to a specifi...

Page 121: ...Protocol This screen differs depending on which STP mode RSTP MRSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration section for each STP mode Click Configuration to activate one of the STP standards on the Switch 13 5 Spanning Tree Configuration Use the Spanning Tree Configuration screen to activate one of the STP modes on the Sw...

Page 122: ...d Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree or Multiple Spanning Tree See Section 13 1 on page 117 for background information on STP Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turn...

Page 123: ...generations by the root switch The allowed range is 1 to 10 seconds Max Age This is the maximum time in seconds the Switch can wait without receiving a BPDU before attempting to reconfigure All Switch ports except for designated ports should receive BPDUs at regular intervals Any port that ages out STP information provided in the last BPDU becomes the designated port for the attached LAN If it is ...

Page 124: ... loop in a switch Ports with a higher priority numeric value are disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port It is recommended to assign this value according to the speed of the bridge The slower the media the higher the cost see Table 24 on page 118 for more information App...

Page 125: ... in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds the Switch can wait without receiving a configuration message before attempting to reconfigure Forwarding Delay second This is the time in seconds the root switch will wait before changing states that is listeni...

Page 126: ...The following table describes the labels in this screen Table 29 Advanced Application Spanning Tree Protocol MRSTP LABEL DESCRIPTION Status Click Status to display the MRSTP Status screen see Figure 63 on page 124 Tree This is a read only index number of the STP trees Active Select this check box to activate an STP tree Clear this checkbox to disable an STP tree Note You must also activate Multipl...

Page 127: ... maximum time in seconds the Switch will wait before changing states This delay is required because every switch must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result The allowed range is 4 to 30 seconds As a g...

Page 128: ...ff or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 29 Advanced Application Spanning Tree Protocol MRSTP continued LABEL DESCRIPTION Table 30 Advanced Application Spanning Tree Protocol Status MRSTP LABEL DESCRIPTION Configuration Click Conf...

Page 129: ...ds the root switch will wait before changing states that is listening to learning to forwarding Note The listening state does not exist in RSTP Cost to Bridge This is the path cost from the root port on this Switch to the root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree Topology Changed Times...

Page 130: ... 130 13 10 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Section 13 3 5 on page 120 for more information on MSTP Figure 66 Advanced Application Spanning Tree Protocol MSTP ...

Page 131: ...elay This is the maximum time in seconds the Switch will wait before changing states This delay is required because every switch must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result The allowed range is 4 to 3...

Page 132: ...common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to add this port to the MST instance Priority Configure the priority for each port here Priority decides which port should be disabled when more than one port forms a loop in a switch Ports with a higher priority numeric value ...

Page 133: ... 13 3 5 on page 120 for more information on MSTP Note This screen is only available after you activate MSTP on the Switch Figure 67 Advanced Application Spanning Tree Protocol Status MSTP Delete Check the rule s that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to begin configuring this screen afresh Table 31 Advanced Application Spanning Tree Protoc...

Page 134: ...st from the root port on this Switch to the root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree Configuration Name This field displays the configuration name for this MST region Revision Number This field displays the revision number for this MST region Configuration Digest A configuration diges...

Page 135: ...s are using STP or RSTP the link for VLAN 2 will be blocked as STP and RSTP allow only one link in the network and block the redundant link Figure 68 STP RSTP Network Example Internal Cost This is the path cost from the root port in this MST instance to the regional root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the roo...

Page 136: ...ion external path cost of paths outside this region is increased by one Internal path cost of paths within this region is increased by one when BPDUs traverse the region Devices that belong to the same MST region are configured to have the same MSTP configuration identification settings These include the following parameters Name of the MST region Revision level as the unique number for the MST re...

Page 137: ...T represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of an MST instance are members of the CIST In an MSTP enabled network there is only one CIST that runs between MST regions and single spanning tree devices A network may contain multiple MST regions and other network ...

Page 138: ...Chapter 13 Spanning Tree Protocol GS2200 24 User s Guide 138 ...

Page 139: ...can cap the maximum bandwidth using the Bandwidth Control screen Bandwidth control means defining a maximum allowable bandwidth for incoming and or out going traffic flows on a port 14 2 What You Can Do Use the Bandwidth Control screen Section 14 3 on page 140 to limit the bandwidth for traffic going through the Switch ...

Page 140: ...ol on the Switch Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to activate ingress rate...

Page 141: ...me memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields Table 33 Advanced Application Bandwidth Control continued LABEL DESCRIPTION ...

Page 142: ...Chapter 14 Bandwidth Control GS2200 24 User s Guide 142 ...

Page 143: ...d on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port 15 2 What You Can Do Use the Broadcast Storm Control screen Section 15 3 on page 144 to limit the number of ...

Page 144: ...k box to disable this feature Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and s...

Page 145: ...me memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields Table 34 Advanced Application Broadcast Storm Control continued LABEL DESCRIPTION ...

Page 146: ...Chapter 15 Broadcast Storm Control GS2200 24 User s Guide 146 ...

Page 147: ...g allows you to copy a traffic flow to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference 16 2 What You Can Do Use the Mirroring screen Section 16 3 on page 148 to select a monitor port and specify the traffic flow to be copied to the monitor port ...

Page 148: ...this check box to activate port mirroring on the Switch Clear this check box to disable the feature Monitor Port The monitor port is the port you copy the traffic to in order to examine it in more detail without interfering with the traffic flow on the original port s Enter the port number of the monitor port Port This field displays the port number Settings in this row apply to all ports Use this...

Page 149: ...re Egress outgoing Ingress incoming and Both Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields Table 35 Advanced Application Mirroring continued L...

Page 150: ...Chapter 16 Mirroring GS2200 24 User s Guide 150 ...

Page 151: ...ted to form a trunk group 17 2 What You Can Do Use the Link Aggregation Status screen Section 17 4 on page 153 to view ports you have configured to be in the trunk group ports that are currently transmitting data as one logical link in the trunk group and so on Use the Link Aggregation Setting screen Section 17 5 on page 155 to configure to enable static link aggregation Use the Link Aggregation C...

Page 152: ...must connect all ports point to point to the same Ethernet switch and configure the ports for LACP trunking LACP only works on full duplex links All ports in the same trunk group must have the same media type speed duplex mode and flow control settings Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network topology loops 17 3 2 Link Aggregation ID LACP aggre...

Page 153: ...nk group that is one logical link containing multiple ports Enabled Ports These are the ports you have configured in the Link Aggregation screen to be in the trunk group The port number s displays only when this trunk group is activated and there is a port belonging to this group Synchronized Ports These are the ports that are currently transmitting data as one logical link in this trunk group Agg...

Page 154: ...c based on a combination of the packet s source and destination MAC addresses src ip means the Switch distributes traffic based on the packet s source IP address dst ip means the Switch distributes traffic based on the packet s destination IP address src dst ip means the Switch distributes traffic based on a combination of the packet s source and destination IP addresses Status This field displays...

Page 155: ...vanced Application Link Aggregation Link Aggregation Setting The following table describes the labels in this screen Table 39 Advanced Application Link Aggregation Link Aggregation Setting LABEL DESCRIPTION Link Aggregation Setting This is the only screen you need to configure to enable static link aggregation Group ID The field identifies the link aggregation group that is one logical link contai...

Page 156: ... MAC addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distribute traffic based on a combination of the packet s source and destination IP addresses Port This field displays the port number Group Select the trunk group to which a port belongs Note When you enabl...

Page 157: ... on dynamic link aggregation Figure 77 Advanced Application Link Aggregation Link Aggregation Setting LACP The following table describes the labels in this screen Table 40 Advanced Application Link Aggregation Link Aggregation Setting LACP LABEL DESCRIPTION Link Aggregation Control Protocol Note Do not configure this screen unless you want to enable dynamic link aggregation Active Select this chec...

Page 158: ...rts Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them LACP Timeout Timeout is the time interval between the individual port exchanges of LACP packets in order to check that the peer port in the trunk g...

Page 159: ... B Figure 78 Trunking Example Physical Connections 2 Configure static trunking Click Advanced Application Link Aggregation Link Aggregation Setting In this screen activate trunk group T1 select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below Click Apply when you are done Figure 79 Trunking Example Configuratio...

Page 160: ...Chapter 17 Link Aggregation GS2200 24 User s Guide 160 ...

Page 161: ... 1x screen Section 18 5 on page 163 to activate IEEE 802 1x security 18 3 What You Need to Know IEEE 802 1x authentication uses the RADIUS Remote Authentication Dial In User Service RFC 2138 2139 protocol to validate users See Section 25 3 2 on page 202 for more information on configuring your RADIUS server settings 18 3 1 IEEE 802 1x Authentication The following figure illustrates how a client co...

Page 162: ...entication Configuration To enable port authentication first activate the port authentication method both on the Switch and the port s then configure the RADIUS server settings in the Auth and Acct Radius Server Setup screen Click Advanced Application Port Authentication in the navigation panel to display the screen as shown Figure 81 Advanced Application Port Authentication New Connection Authent...

Page 163: ...ced Application Port Authentication 802 1x LABEL DESCRIPTION Active Select this check box to permit 802 1x authentication on the Switch Note You must first enable 802 1x authentication on the Switch before configuring it on each port Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this r...

Page 164: ... port Reauthenticati on Timer Specify how often a client has to re enter his or her username and password to stay connected to the port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring ...

Page 165: ...r than the sum cannot exceed 16K For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address learning is still enabled even though the port security is not activated 19 2 What You Can Do Use th...

Page 166: ... of the port s separated by a comma on which you want to enable port security and disable MAC address learning After you click MAC freeze all previously learned MAC addresses on the specified port s will become static MAC addresses and display in the Static MAC Forwarding screen MAC freeze Click MAC freeze to have the Switch automatically select the Active check boxes and clear the Address Learnin...

Page 167: ...o occur on a port the port itself must be active with address learning enabled Limited Number of Learned MAC Address Use this field to limit the number of dynamic MAC addresses that may be learned on a port For example if you set this field to 5 on port 2 then only the devices with these five learned MAC addresses may access port 2 at any one time A sixth device would have to wait until one of the...

Page 168: ...Chapter 19 Port Security GS2200 24 User s Guide 168 ...

Page 169: ...mum delay and the networking methods used to control the use of bandwidth Without QoS all traffic data is equally likely to be dropped when the network is congested This can cause a reduction in network performance and make the network inadequate for time critical application such as video on demand A classifier groups traffic into data flows according to specific criteria such as the source addre...

Page 170: ...4 Configuring the Classifier Use the Classifier screen to define the classifiers After you define the classifier you can specify actions or policy to act upon the traffic that matches the rules To configure policy rules refer to Chapter 21 on page 175 Click Advanced Application Classifier in the navigation panel to display the configuration screen as shown Figure 84 Advanced Application Classifier...

Page 171: ...r 3 Specify the fields below to configure a layer 3 classifier IP Protocol Select an IP protocol type or select Other and enter the protocol number in decimal value Refer to Table 46 on page 173 for more information You may select Establish Only for TCP protocol type This means that the Switch will pick out the packets that are sent to establish TCP connections Source IP Address Address Prefix Ent...

Page 172: ...rt the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields back to your previous configuration Clear Click Clear to set the above fi...

Page 173: ...t common TCP and UDP port numbers are See Appendix B on page 341 for information on commonly used port numbers Table 45 Common Ethernet Types and Protocol Numbers ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X 75 Internet 0801 NBS Internet 0802 ECMA Internet 0803 Chaosnet 0804 X 25 Level 3 0805 XNS Compat 0807 Banyan Systems 0BAD BBN Simnet 5208 IBM SNA 80D5 AppleTalk AARP 80F3 Table 46 Common IP P...

Page 174: ...een shows an example where you configure a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 After you have configured a classifier you can configure a policy in the Policy screen to define action s on the classified traffic flow Figure 86 Classifier Example ...

Page 175: ...on page 169 for more information A policy rule ensures that a traffic flow gets the requested treatment in the network 21 2 What You Can Do Use the Policy screen Section 21 3 on page 175 to enable the policy and display the active classifier s you configure in the Classifier screen 21 3 Configuring Policy Rules You must first configure a classifier in the Classifier screen Refer to Section 20 4 on...

Page 176: ...er a descriptive name for identification purposes Classifier s This field displays the active classifier s you configure in the Classifier screen Select the classifier s to which this policy rule applies To select more than one classifier press SHIFT and select the choices at the same time Parameters Set the fields below for this policy You only have to set the field s that is related to the actio...

Page 177: ...le the classifier with the name of class 2 class a or class B takes priority over the classifier with the name of class 1 or class A Let s say you set two classifiers Class 1 and Class 2 and both identify all traffic from MAC address 11 22 33 44 55 66 on port 3 If Policy 1 applies to Class 1 and the action is to drop the packets Policy 2 applies to Class 2 and the action is to foward the packets t...

Page 178: ...to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields back to your previous configuration Clear Click Clear to set the above fields back to the factory defaults Table 48 Advanced Application Policy Rule continued LABEL DESCRIPTION Table 49 Advanced Application Policy Rule Summary Table LABEL DESCRIPTION Index This field displays the p...

Page 179: ...Guide 179 21 4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier refer to Section 20 5 on page 174 Figure 89 Policy Example ...

Page 180: ...Chapter 21 Policy Rule GS2200 24 User s Guide 180 ...

Page 181: ...bandwidth across the different traffic queues 22 3 What You Need to Know Queuing algorithms allow switches to maintain separate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth 22 3 1 Strictly Priority Queuing Strictly Priority Queuing SPQ services queues based on priority only As traffic comes into the Switch traffic on the highest priori...

Page 182: ...ating basis and is activated only when a port has more traffic than it can handle A queue is a given an amount of bandwidth irrespective of the incoming traffic on that port This queue then moves to the back of the list The next queue is given an equal amount of bandwidth and then moves to the end of the list and so on depending on the number of queues being used This works in a looping fashion un...

Page 183: ... labels in this screen Table 50 Advanced Application Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports...

Page 184: ... larger weights get more service than queues with smaller weights Weight When you select WFQ or WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their weights Hybrid SPQ Lowest Queue This field is applicable only when you select WFQ or WRR Select a queue Q0 to Q7 to have the Switch use SPQ to service the subsequent queue s after and including th...

Page 185: ...ion 23 5 on page 187 to configure up to 64 service provider s VLANs 23 3 What You Need to Know Use VLAN stacking to add an outer VLAN tag to the inner IEEE 802 1Q tagged frames that enter the network By tagging the tagged frames double tagged frames the service provider can manage up to 4 094 VLAN groups with each group containing up to 4 094 customer VLANs This allows a service provider to provid...

Page 186: ...stacking on the Switch SP TPID TPID Tag Protocol Identifier is a standard Ethernet type code identifying the frame and indicates whether the frame carries IEEE 802 1Q tag information SP TPID Service Provider Tag Protocol Identifier is the service provider VLAN stacking tag type Choose 0x8100 or 0x9100 from the drop down list box or select Others and then enter a four digit hexadecimal number from ...

Page 187: ...ports at the edge of the service provider s network The Switch adds SP TPID and the corresponding ingress port s SPVID to all outgoing frames transmitting on the Tunnel Port In order to support VLAN stacking on a port the port must be able to allow frames of 1526 Bytes 1522 Bytes 4 Bytes for the second tag to pass through it SPVID SPVID is the service provider s VLAN ID the outer VLAN tag Enter th...

Page 188: ...arate these two VLANs within its network by adding tag 37 to Table 52 Advanced Application VLAN Stacking SVLAN LABEL DESCRIPTION SVLAN ID Enter a service provider s VLAN ID from 1 to 4094 that should be carried in the incoming frames received on a Tunnel Port Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these ch...

Page 189: ...VLAN Tx Tagging MUST be disabled on a port where you choose Access Port Select Tunnel Port available for Gigabit ports only for egress ports at the edge of the service provider s network The Switch adds the configured SP TPID and the corresponding ingress port s SP VID to the outgoing frames before transmitting them on a Tunnel Port All VLANs belonging to a customer can be aggregated into a single...

Page 190: ... frames on the service provider s edge devices 1 and 2 in the VLAN stacking example figure that have an SP TPID different to the one configured on the Switch The Switch adds the SP TPID tag to all outgoing frames sent through the Tunnel Port on the service provider s edge devices 1 and 2 in the VLAN stacking example figure Priority refers to the IEEE 802 1p standard that allows the service provide...

Page 191: ...er tagged frame DA SA TPID Priority VID Len Etype Data FCS Double tagged frame DA SA SP TPID Priority VID TPID Priority VID Len Etype Data FCS Table 55 802 1Q Frame DA Destination Address Priority 802 1p Priority SA Source Address Len Etype Length and type of Ethernet frame SP TPID Service Provider Tag Protocol IDentifier Data Frame data VID VLAN ID FCS Frame Check Sequence ...

Page 192: ...Chapter 23 VLAN Stacking GS2200 24 User s Guide 192 ...

Page 193: ...r data Refer to RFC 1112 RFC 2236 and RFC 3376 for information on IGMP versions 1 2 and 3 respectively 24 2 What You Can Do Use the Multicast Status screen Section 24 4 on page 195 to view multicast group information Use the Multicast Setting screen Section 24 5 on page 196 to enable IGMP snooping to forward group multicast traffic only to ports that are members of that group Use the IGMP Snooping...

Page 194: ...ticasting accordingly IGMP snooping allows the Switch to learn multicast groups without you having to manually configure them The Switch forwards multicast traffic destined for multicast groups that it has learned from IGMP snooping or that you have manually configured to ports that are members of that group IGMP snooping generates no additional network traffic allowing you to significantly reduce...

Page 195: ...ore information on multicasting Figure 94 Advanced Application Multicast The following table describes the labels in this screen Table 56 Advanced Application Multicast Status LABEL DESCRIPTION Index This is the index number of the entry VID This field displays the multicast VLAN ID Port This field displays the port number that belongs to the multicast group Multicast Group This field displays IP ...

Page 196: ...ed Application Multicast Multicast Setting LABEL DESCRIPTION IGMP Snooping Use these settings to configure IGMP Snooping Active Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group Querier Select this option to allow the Switch to send IGMP General Query messages to the VLANs with the multicast hosts attached Host Timeout Specify the...

Page 197: ...ttings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Immed Leave Select this option to set the Switch to remove this port from the multicast tree when an IGMP version...

Page 198: ...an IGMP multicast router or server The Switch forwards IGMP join or leave packets to an IGMP query port Select Auto to have the Switch use the port as an IGMP query port if the port receives IGMP query packets Select Fixed to have the Switch always use the port as an IGMP query port Select this when you connect an IGMP multicast server to the port Select Edge to stop the Switch from using the port...

Page 199: ...ow In either auto or fixed mode the Switch can learn up to 16 VLANs The Switch drops any IGMP control messages which do not belong to these 16 VLANs Note You must also enable IGMP snooping in the Multicast Setting screen first Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navi...

Page 200: ...g Cancel Click Cancel to reset the fields to your previous configuration Clear Click this to clear the fields Index This is the number of the IGMP snooping VLAN entry in the table Name This field displays the descriptive name for this VLAN group VID This field displays the ID number of the VLAN group Delete Check the rule s that you want to remove in the Delete column then click the Delete button ...

Page 201: ...25 3 2 on page 202 as external authentication and authorization servers Figure 97 AAA Server 25 2 What You Can Do Use the AAA screen Section 25 4 on page 203 to enable authentication and authorization or both of them on the Switch use the Radio Server Setup screen Section 25 5 on page 203 to configure your RADIUS server settings Use the TACACS Server Setup screen Section 25 6 on page 206 to config...

Page 202: ... 25 3 1 Local User Accounts By storing user profiles locally on the Switch your Switch is able to authenticate and authorize users without interacting with a network AAA server However there is a limit on the number of users you may authenticate in this way See Chapter 32 on page 271 25 3 2 RADIUS and TACACS RADIUS and TACACS are security protocols used to authenticate users by means of an externa...

Page 203: ...en set up the authentication priority activate authorization Click Advanced Application AAA in the navigation panel to display the screen as shown Figure 98 Advanced Application AAA 25 5 RADIUS Server Setup Use this screen to configure your RADIUS server settings See Section 25 3 2 on page 202 for more information on RADIUS servers and Section 25 8 2 on page 212 for RADIUS attributes utilized by t...

Page 204: ...d RADIUS server if the RADIUS server does not respond then the Switch tries to authenticate with the second RADIUS server Select round robin to alternate between the RADIUS servers that it sends authentication requests to Timeout Specify the amount of time in seconds that the Switch waits for an authentication request response from the RADIUS server If you are using index priority for your authent...

Page 205: ... server entry from the Switch This entry is deleted when you click Apply Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh App...

Page 206: ...s the labels in this screen Table 61 Advanced Application AAA TACACS Server Setup LABEL DESCRIPTION Authentication Server Use this section to configure your TACACS authentication settings Mode This field is only valid if you configure multiple TACACS servers Select index priority and the Switch tries to authenticate with the first configured TACACS server if the TACACS server does not respond then...

Page 207: ...anumeric characters as the key to be shared between the external TACACS server and the Switch This key is not sent over the network This key must be the same on the external TACACS server and the Switch Delete Check this box if you want to remove an existing TACACS server entry from the Switch This entry is deleted when you click Apply Apply Click Apply to save your changes to the Switch s run tim...

Page 208: ...s Guide 208 25 7 AAA Setup Use this screen to configure authentication and authorization settings on the Switch Click on the AAA Setup link in the AAA screen to view the screen as shown Figure 101 Advanced Application AAA AAA Setup ...

Page 209: ...ternal servers Login These fields specify which database the Switch should use first second and third to authenticate administrator accounts users for Switch management Configure the local user accounts in the Access Control Logins screen The TACACS and RADIUS are external servers Before you specify the priority make sure you have set up the corresponding database correctly first You can specify u...

Page 210: ...identification number assigned to the company by the IANA Internet Assigned Numbers Authority ZyXEL s vendor ID is 890 Vendor Type A vendor specified attribute identifying the setting you want to modify Vendor data A value you want to assign to the setting Note Refer to the documentation that comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server Acti...

Page 211: ...ndor Id 890 Vendor Type 1 Vendor data ingress rate Kbps in decimal format Egress Bandwidth Assignment Vendor Id 890 Vendor Type 2 Vendor data egress rate Kbps in decimal format Privilege Assignment Vendor ID 890 Vendor Type 3 Vendor Data shell priv lvl N or Vendor ID 9 CISCO Vendor Type 1 CISCO AVPAIR Vendor Data shell priv lvl N where N is a privilege level from 0 to 14 Note If you set the privil...

Page 212: ... the Switch In cases where the attribute has a specific format associated with it the format is specified 25 8 3 Attributes Used for Authentication The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication 25 8 3 1 Attributes Used for Authenticating Privilege Access User Name The format of the User Name attribute is enab where is the privil...

Page 213: ...Chapter 25 AAA GS2200 24 User s Guide 213 This value is set to Ethernet 15 on the Switch Calling Station Id Frame MTU EAP Message State Message Authenticator ...

Page 214: ...Chapter 25 AAA GS2200 24 User s Guide 214 ...

Page 215: ...ch discards the packet 26 2 What You Can Do Use the IP Source Guard screen Section 26 4 on page 216 to look at the current bindings for DHCP snooping and ARP inspection Use the IP Source Guard Static Binding screen Section 26 5 on page 217 to manage static bindings for DHCP snooping and ARP inspection Use the DHCP Snooping screen Section 26 6 on page 219 to look at various statistics about the DHC...

Page 216: ...ettings for the ARP inspection log Use the ARP Inspection Port Configure screen Section 26 11 1 on page 232 to specify whether ports are trusted or untrusted ports for ARP inspection Use the ARP Inspection VLAN Configure screen Section 26 11 2 on page 234 to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN 26 3 What Y...

Page 217: ...ting static binding the Table 65 IP Source Guard LABEL DESCRIPTION Index This field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding IP Address This field displays the IP address assigned to the MAC address in the binding Lease This field displays how many days hours minutes and seconds the binding is valid for example 2d3h4m5s mea...

Page 218: ...t number in the field to the right If this binding applies to all ports select Any Add Click this to create the specified static binding or to update an existing one Cancel Click this to reset the values above based on the last selected static binding or if not applicable to clear the fields above Clear Click this to clear the fields above Index This field displays a sequential number for each bin...

Page 219: ... Advanced Application IP Source Guard DHCP Snooping Figure 104 DHCP Snooping Port This field displays the port number in the binding If this field is blank the binding applies to all ports Delete Select this and click Delete to remove the specified entry Cancel Click this to clear the Delete check boxes above Table 66 IP Source Guard Static Binding continued LABEL DESCRIPTION ...

Page 220: ... field displays how much longer in seconds the Switch tries to complete the current update before it gives up It displays Not Running if the Switch is not updating the DHCP snooping database right now Abort timer expiry This field displays when in seconds the Switch is going to update the DHCP snooping database again It displays Not Running if the current bindings have not changed since the last u...

Page 221: ...ce Guide Binding collisions This field displays the number of bindings the Switch ignored because the Switch already had a binding with the same MAC address and VLAN ID Invalid interfaces This field displays the number of bindings the Switch ignored because the port number was a trusted interface or does not exist anymore Parse failures This field displays the number of bindings the Switch ignored...

Page 222: ...rt To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Figure 105 DHCP Snooping Configure Parse failures This field displays the number of bindings the Switch has ignored because the Switch was unable to understand the binding in the DHCP binding database Expired leases This field displays the number of bindings the Switch has ignored because the lease time had a...

Page 223: ...o start the next update until it completes the current one Agent URL Enter the location of the DHCP snooping database The location should be expressed like this tftp domain name or IP address directory if applicable file name for example tftp 192 168 10 1 database txt Timeout interval Enter how long 10 65535 seconds the Switch tries to complete a specific update in the DHCP snooping database befor...

Page 224: ... untrusted can receive each second To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Port Figure 106 DHCP Snooping Port Configure Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory...

Page 225: ...ed ports are connected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address and source port do not match any of the cu...

Page 226: ... on the Switch and specify trusted ports Note If DHCP is enabled and there are no trusted ports DHCP requests will not succeed Option82 Select this to have the Switch add the slot number port number and VLAN ID to DHCP requests that it broadcasts to the DHCP VLAN if specified or VLAN You can specify the DHCP VLAN in the DHCP Snooping Configure screen See Section 26 7 on page 222 Information Select...

Page 227: ...s filters that were created because the Switch identified unauthorized ARP packets Index This field displays a sequential number for each MAC address filter MAC Address This field displays the source MAC address in the MAC address filter VID This field displays the source VLAN ID in the MAC address filter Port This field displays the source port of the discarded ARP packet Expiry sec This field di...

Page 228: ... VLAN Status LABEL DESCRIPTION Show VLAN range Use this section to specify the VLANs you want to look at in the section below Enabled VLAN Select this to look at all the VLANs on which ARP inspection is enabled in the section below Selected VLAN Select this to look at all the VLANs in a specific range in the section below Then enter the lowest VLAN ID Start VID and the highest VLAN ID End VID you ...

Page 229: ...VLAN since the Switch last restarted Table 72 ARP Inspection VLAN Status LABEL DESCRIPTION Table 73 ARP Inspection Log Status LABEL DESCRIPTION Clearing log status table Click Apply to remove all the log messages that were generated by ARP packets and that have not been sent to the syslog server yet Total number of logs This field displays the number of log messages that were generated by ARP pack...

Page 230: ...generated dhcp deny An ARP packet was discarded because it violated a dynamic binding with the same MAC address and VLAN ID static deny An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID deny An ARP packet was discarded because there were no bindings with the same MAC address and VLAN ID dhcp permit An ARP packet was forwarded because it matched ...

Page 231: ...C address filter remains in the Switch after the Switch identifies an unauthorized ARP packet The Switch automatically deletes the MAC address filter afterwards Enter 0 if you want the MAC address filter to be permanent Log Profile Log buffer size Enter the maximum number 1 1024 of log messages that were generated by ARP packets and have not been sent to the syslog server yet Make sure this number...

Page 232: ...ing examples 4 invalid ARP packets per second Syslog rate is 5 Log interval is 1 the Switch sends 4 syslog messages every second 6 invalid ARP packets per second Syslog rate is 5 Log interval is 2 the Switch sends 5 syslog messages every 2 seconds Log interval Enter how often 1 86400 seconds the Switch sends a batch of syslog messages to the syslog server Enter 0 if you want the Switch to send sys...

Page 233: ...is port is a trusted port Trusted or an untrusted port Untrusted The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on untrusted ports in the following situations The sender s information in the ARP packet does not match any of the current bindings The rate at which ARP packets arrive is too high You can specify the maximum rate at which ARP pac...

Page 234: ...al is 5 seconds then the Switch accepts a maximum of 75 ARP packets in every five second interval Enter the length 1 15 seconds of the burst interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are don...

Page 235: ...he VLAN the settings are applied to all VLANs Enabled Select Yes to enable ARP inspection on the VLAN Select No to disable ARP inspection on the VLAN Log Specify when the Switch generates log messages for receiving ARP packets from the VLAN None The Switch does not generate any log messages when it receives an ARP packet from the VLAN Deny The Switch generates log messages when it discards an ARP ...

Page 236: ...stores the binding table in volatile memory If the Switch restarts it loads static bindings from permanent memory but loses the dynamic bindings in which case the devices in the network have to send DHCP requests again As a result it is recommended you configure the DHCP snooping database The DHCP snooping database maintains the dynamic bindings for DHCP snooping and ARP inspection in a file on an...

Page 237: ...n 82 field of the DHCP headers of client DHCP request frames See Chapter 31 on page 261 for more information about DHCP relay option 82 When the DHCP server responds the Switch removes the information in the Agent Information field before forwarding the response to the original source You can configure this setting for each source VLAN This setting is independent of the DHCP relay settings Chapter...

Page 238: ...e to computer A As a result all the communication between computer A and computer B passes through computer X Computer X can read and alter the information passed between them 26 12 2 1 ARP Inspection and MAC Address Filters When the Switch identifies an unauthorized ARP packet it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unau...

Page 239: ...e rate at which ARP packets arrive is too high 26 12 2 3 Syslog The Switch can send syslog messages to the specified syslog server Chapter 35 on page 303 when it forwards or discards ARP packets The Switch can consolidate log messages and send log messages in batches to make this mechanism more efficient 26 12 2 4 Configuring ARP Inspection Follow these steps to configure ARP inspection on the Swi...

Page 240: ...Chapter 26 IP Source Guard GS2200 24 User s Guide 240 ...

Page 241: ...ts that packets sent out on that port loop back to the Switch While you can use Spanning Tree Protocol STP to prevent loops in the core of your network STP cannot prevent loops that occur on the edge of your network Figure 116 Loop Guard vs STP Refer to Section 27 3 on page 242 for more information 27 2 What You Can Do Use the Loop Guard screen Section 27 4 on page 243 to enable loop guard on the ...

Page 242: ... from the switch in loop state It will receive its own broadcast messages that it sends out as they loop back It will then re broadcast those messages again The following figure shows port N on switch A connected to switch B Switch B is in loop state When broadcast or multicast packets leave port N and reach switch B they are sent back to port N on A as they are rebroadcast from B Figure 117 Switc...

Page 243: ... a loop A sample path of the loop guard probe packet is also shown In this example the probe packet is sent from port N and returns on another port As long as loop guard is enabled on port N The Switch will shut down port N if it detects that the probe packet has returned to the Switch Figure 119 Loop Guard Network Loop Note After resolving the loop problem on your network you can re activate the ...

Page 244: ...ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to check if the switch it is connected to is in loop state If the switch that this port is connected is in loop state the Swit...

Page 245: ...itch and specify a MAC address with which the Switch uses to encapsulate the layer 2 protocol packets by replacing the destination MAC address in the packets 28 3 What You Need to Know Layer 2 protocol tunneling L2PT is used on the service provider s edge devices L2PT allows edge switches 1 and 2 in the following figure to tunnel layer 2 STP Spanning Tree Protocol CDP Cisco Discovery Protocol and ...

Page 246: ...int to point topology between two customer switches at different sites such as A and B you can enable protocol tunneling on edge switches 1 and 2 for PAgP Port Aggregation Protocol LACP or UDLD UniDirectional Link Detection Figure 122 L2PT Network Example 28 3 1 Layer 2 Protocol Tunneling Mode Each port can have two layer 2 protocol tunneling modes Access and Tunnel The Access port is an ingress p...

Page 247: ... another service provider s switch Incoming encapsulated layer 2 protocol packets received on a tunnel port are decapsulated and sent to an access port 28 4 Configuring Layer 2 Protocol Tunneling Click Advanced Application Layer 2 Protocol Tunneling in the navigation panel to display the screen as shown Figure 123 Advanced Application Layer 2 Protocol Tunneling ...

Page 248: ...r Cisco devices can be discovered through the service provider s network STP Select this option to have the Switch tunnel STP Spanning Tree Protocol packets so that STP can run properly across the service provider s network and spanning trees can be set up based on bridge information from all local and remote networks VTP Select this option to have the Switch tunnel VTP VLAN Trunking Protocol pack...

Page 249: ...tes the encapsulated layer 2 protocol packets received on a tunnel port by changing the destination MAC address to the original one and then forward them to an access port If the service s is not enabled on an access port the protocol packets are dropped Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use t...

Page 250: ...Chapter 28 Layer 2 Protocol Tunneling GS2200 24 User s Guide 250 ...

Page 251: ...251 PART IV IP Application Static Route 253 Differentiated Services 257 DHCP 261 ...

Page 252: ...252 ...

Page 253: ...ault gateway The Switch can also use static routes to send data to a server or device that is not reachable through the default gateway for example when sending SNMP traps or using ping to test IP connectivity This figure shows a Telnet session coming in from network N1 The Switch sends reply traffic to default gateway R1 which routes it back to the manager s computer The Switch needs a static rou...

Page 254: ...ate deactivate this static route Name Enter a descriptive name up to 10 printable ASCII characters for identification purposes Destination IP Address This parameter specifies the IP network address of the final destination IP Subnet Mask Enter the subnet mask for this destination Routing is always based on network number If you need to specify a route to a single host use a subnet mask of 255 255 ...

Page 255: ...ick Clear to set the above fields back to the factory defaults Index This field displays the index number of the route Click a number to edit the static route entry Active This field displays Yes when the static route is activated and NO when it is deactivated Name This field displays the descriptive name for this route This is for identification purposes only Destination Address This field displa...

Page 256: ...Chapter 29 Static Route GS2200 24 User s Guide 256 ...

Page 257: ...ackets are marked with DiffServ Code Points DSCPs indicating the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where ...

Page 258: ...ior that each packet gets as it is forwarded across the DiffServ network Based on the marking rule different kinds of traffic can be marked for different priorities of forwarding Resources can then be allocated according to the DSCP values and the configured policies 30 3 2 DiffServ Network Example The following figure depicts a DiffServ network consisting of a group of directly connected DiffServ...

Page 259: ...play the screen as shown Figure 128 IP Application DiffServ The following table describes the labels in this screen G S B P S B B G P P S P Platinum G Gold S Silver B Bronze G P P S A Table 80 IP Application DiffServ LABEL DESCRIPTION Active Select this option to enable DiffServ on the Switch Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if i...

Page 260: ...ffServ DSCP Setting The following table describes the labels in this screen Table 81 Default DSCP IEEE 802 1p Mapping DSCP VALUE 0 7 8 15 16 23 24 31 32 39 40 47 48 55 56 63 IEEE 802 1p 0 1 2 3 4 5 6 7 Table 82 IP Application DiffServ DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the ...

Page 261: ...ch as a DHCP server or relay agent then you must have a DHCP server in the broadcast domain of the client computers or else the client computers must be configured manually 31 2 What You Can Do Use the DHCP Status screen Section 31 4 on page 263 to display the relay mode Use the DHCP Relay screen Section 31 5 on page 264 to enable and configure global DHCP relay Use the VLAN Setting screen Section...

Page 262: ...CP client and a DHCP server Once the DHCP client obtains an IP address and can connect to the network network information renewal is done between the DHCP client and the DHCP server without the help of the Switch The Switch can be configured as a global DHCP relay This means that the Switch forwards all DHCP requests from all domains to the same DHCP server You can also configure the Switch to rel...

Page 263: ...ID 1 byte This value is always 0 for stand alone switches Port ID 1 byte This is the port that the DHCP client is connected to VLAN ID 2 bytes This is the VLAN that the port belongs to Information up to 64 bytes This optional read only field is set according to system name set in Basic Settings General Setup Table 84 IP Application DHCP LABEL DESCRIPTION Relay Mode This field displays None if the ...

Page 264: ... Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This read only field displays the system name you configure in the General Setup screen Select the check box for the Switch to add the system name to the client DHCP requests that it relays to a DHCP serve...

Page 265: ...Make sure you select the Option 82 check box to set the Switch to send additional information such as the VLAN ID together with the DHCP requests to the DHCP server This allows the DHCP server to assign the appropriate IP address according to the VLAN ID Figure 133 DHCP Relay Configuration Example 31 6 Configuring DHCP VLAN Settings Use this screen to configure your DHCP settings based on the VLAN...

Page 266: ...eck box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This read only field displays the system name you configure in the General Setup screen Select the check box for the Switch to add the system name to the client DHCP requests that it relays to a DHCP server Add Click Add to save your changes to the Swit...

Page 267: ...sts from the academic buildings VLAN 2 are sent to the other DHCP server with an IP address of 172 23 10 100 Figure 135 DHCP Relay for Two VLANs Type This field displays the DHCP mode Relay DHCP Status For DHCP relay configuration this field displays the first remote DHCP server IP address Delete Select the configuration entries you want to remove and click Delete to remove them Cancel Click Cance...

Page 268: ...Chapter 31 DHCP GS2200 24 User s Guide 268 For the example network configure the VLAN Setting screen as shown Figure 136 DHCP Relay for Two VLANs Configuration Example ...

Page 269: ...269 PART V Management Maintenance 271 Access Control 279 Diagnostic 301 Syslog 303 Cluster Management 307 MAC Table 315 ARP Table 319 Configure Clone 321 ...

Page 270: ...270 ...

Page 271: ...are Upgrade screen Section 32 4 on page 274 to upload the latest firmware Use the Restore Configuration screen Section 32 5 on page 274 to upload a stored device configuration file Use the Backup Configuration screen Section 32 6 on page 275 to save your configurations for later use 32 3 The Maintenance Screen Use this screen to manage firmware and your configuration files Click Management Mainten...

Page 272: ...y operating on the Switch Firmware Upgrade Click Click Here to go to the Firmware Upgrade screen Restore Configurati on Click Click Here to go to the Restore Configuration screen Backup Configurati on Click Click Here to go to the Backup Configuration screen Load Factory Default Click Click Here to reset the configuration to the factory default settings Save Configurati on Click Config 1 to save t...

Page 273: ... configuration changes to the current configuration Note Clicking the Apply or Add button does NOT save the changes permanently All unsaved changes are erased after you reboot the Switch 32 3 3 Reboot System Reboot System allows you to restart the Switch without physically turning the power off It also allows you to load configuration one Config 1 or configuration two Config 2 when you reboot Foll...

Page 274: ...ce Firmware Upgrade Type the path and file name of the firmware file you wish to upload to the Switch in the File Path text box or click Browse to locate it Select the Rebooting checkbox if you want to reboot the Switch and apply the new firmware immediately Firmware upgrades are only applied after a reboot Click Upgrade to load the new firmware After the firmware upgrade process is complete see t...

Page 275: ...ice settings Backing up your Switch configurations allows you to create various snap shots of your device from which you may restore at a later date Back up your current Switch configuration to a computer using the Backup Configuration screen Figure 142 Management Maintenance Backup Configuration Follow the steps below to back up the current Switch configuration to your computer in this screen 1 C...

Page 276: ...ame extension 32 7 2 1 Example FTP Commands ftp put firmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the Switch ftp get config config cfg This is a sample FTP session saving the current configuration to a file called config cfg on your computer If your T FTP client does not allow you to have a destination filename different than the source you...

Page 277: ...witch and renames it to config Likewise get config config cfg transfers the configuration file on the Switch to your computer and renames it to config cfg See Table 88 on page 276 for more information on filename conventions 7 Enter quit to exit the ftp prompt 32 7 4 GUI based FTP Clients The following table describes some of the commands that you may see in GUI based FTP clients General Commands ...

Page 278: ...IP address es in the Remote Management screen does not match the client IP address If it does not match the Switch will disconnect the FTP session immediately Initial Remote Directory Specify the default remote directory path Initial Local Directory Specify the default local directory path General Commands for GUI based FTP Clients continued COMMAND DESCRIPTION ...

Page 279: ...o display the main screen Use the SNMP screen Section 33 4 on page 280 to configure your SNMP settings Use the Trap Group screen Section 33 5 on page 283 to specify the types of SNMP traps that should be sent to each SNMP manager Use the Logins screens Section 33 6 on page 284 to assign which users can access the Switch via web configurator at any one time Use the Service Access Control screen Sec...

Page 280: ...e main screen Click Management Access Control in the navigation panel to display the main screen as shown Figure 143 Management Access Control 33 4 Configuring SNMP Use this screen to configure your SNMP settings Click Management Access Control SNMP to view the screen as shown Figure 144 Management Access Control SNMP ...

Page 281: ...sing SNMP version 2c or lower Trap Community Enter the Trap Community string which is the password sent with each trap to the SNMP manager The Trap Community string is only used by SNMP managers using SNMP version 2c or lower Trap Destination Use this section to configure where to send SNMP traps from the Switch Version Specify the version of the SNMP trap messages IP Enter the IP addresses of up ...

Page 282: ... Digest 5 and SHA Secure Hash Algorithm are hash algorithms used to authenticate SNMP data SHA authentication is generally considered stronger than MD5 but is slower Privacy Specify the encryption method for SNMP communication from this user You can choose one of the following DES Data Encryption Standard is a widely used but breakable method of data encryption It applies a 56 bit key to each 64 b...

Page 283: ...at SNMP manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See Section on page 289 for individual trap descriptions The traps are grouped by category Selecting a category automatically selects all of the category s traps Clear the check boxes for individual traps tha...

Page 284: ...one time An administrator is someone who can both view and configure Switch changes The username for the Administrator is always admin The default administrator password is 1234 Note It is highly recommended that you change the default administrator password 1234 A non administrator username is something other than admin is someone who can view but not configure Switch settings Click Management Ac...

Page 285: ...rd Type the existing system password 1234 is the default password when shipped New Password Enter your new system password Retype to confirm Retype your new system password for confirmation Edit Logins You may configure passwords for up to four users These users have read only access You can give users higher privileges via the CLI For more information on assigning privileges see the CLI Reference...

Page 286: ...ices that you want to allow to access the Switch Service Port For Telnet SSH FTP HTTP or HTTPS services you may change the default service port by typing the new port number in the Server Port field If you change the default port number then you will have to let people who wish to use the service know the new port number for that service Timeout Type how many minutes a management session via the w...

Page 287: ...h Active Select this check box to activate this secured client set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here The Switch immedi...

Page 288: ...network consists of two main components agents and a manager An agent is a management software module that resides in a managed switch the Switch An agent translates the local management information from the managed switch into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and m...

Page 289: ...ce The Switch supports the following MIBs SNMP MIB II RFC 1213 RFC 1157 SNMP v1 RFC 1493 Bridge MIBs RFC 1643 Ethernet MIBs RFC 1155 SMI RFC 2674 SNMPv2 SNMPv2c RFC 1757 RMON SNMPv2 SNMPv2c or later version compliant with RFC 2011 SNMPv2 MIB for IP RFC 2012 SNMPv2 MIB for TCP RFC 2013 SNMPv2 MIB for UDP SNMP Traps The Switch sends traps to an SNMP manager when an event occurs The following tables ...

Page 290: ...oltageEventClear 1 3 6 1 4 1 890 1 5 8 55 2 5 2 2 This trap is sent when the voltage returns to the normal operating range reset UncontrolledResetEventOn 1 3 6 1 4 1 890 1 5 8 55 2 5 2 1 This trap is sent when the Switch automatically resets ControlledResetEventOn 1 3 6 1 4 1 890 1 5 8 55 2 5 2 1 This trap is sent when the Switch resets by an administrator through a management interface RebootEven...

Page 291: ...ails to auto negotiate with the peer Ethernet interface AutonegotiationFailedEv entClear 1 3 6 1 4 1 890 1 5 8 55 25 2 2 This trap is sent when an Ethernet interface auto negotiates with the peer Ethernet interface lldp LLDPRemoteTopologyCh ange 1 0 8802 1 1 2 0 0 1 This trap is sent when the LLDP Link Layer Discovery Protocol remote topology changes transceiver ddmi transceiverddmiEventOn 1 3 6 1...

Page 292: ...ntClear 1 3 6 1 4 1 890 1 5 8 55 2 5 2 2 This trap is sent when the RADIUS server can be reached Table 99 SNMP IP Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION ping pingProbeFailed 1 3 6 1 2 1 80 0 1 This trap is sent when a single ping probe fails pingTestFailed 1 3 6 1 2 1 80 0 2 This trap is sent when a ping test consisting of a series of ping probes fails pingTestCompleted 1 3 6 1 2 1 80 0 3...

Page 293: ...s trap is sent when the STP topology changes MRSTPTopologyChange 1 3 6 1 4 1 890 1 5 8 55 3 2 2 2 This trap is sent when the MRSTP topology changes MSTPTopologyChange 1 3 6 1 4 1 890 1 5 8 55 1 07 70 2 This trap is sent when the MSTP root switch changes mactable MacTableFullEventOn 1 3 6 1 4 1 890 1 5 8 55 2 5 2 1 This trap is sent when more than 99 of the MAC table is used MacTableFullEventClear ...

Page 294: ... between two remote hosts Figure 151 How SSH Works 1 Host Identification The SSH client sends a connection request to the SSH server The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client automatically saves any new server public keys In subsequent connections the server p...

Page 295: ...h over SSH 33 9 3 Introduction to HTTPS HTTPS HyperText Transfer Protocol over Secure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring confidentiality an unauthorized party cannot read the transferred data authentication one party can identify the other ...

Page 296: ...rol screen then the Switch blocks all HTTP connection attempts 33 9 3 1 HTTPS Example If you haven t changed the default HTTPS port on the Switch then in your browser enter https Switch IP Address as the web site address where Switch IP Address is the IP address or domain name of the Switch you wish to access Internet Explorer Warning Messages When you attempt to access the Switch HTTPS server a W...

Page 297: ...e 153 Security Alert Dialog Box Internet Explorer Netscape Navigator Warning Messages When you attempt to access the Switch HTTPS server a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate Click Examine Certificate if you want to verify that the certificate is from the Switch If Accept this certificate temporarily for this session is selected then ...

Page 298: ... GS2200 24 User s Guide 298 Select Accept this certificate permanently to import the Switch s certificate into the SSL client Figure 154 Security Certificate 1 Netscape Figure 155 Security Certificate 2 Netscape example example ...

Page 299: ...in Screen After you accept the certificate and enter the login username and password the Switch main screen appears The lock displayed in the bottom right of the browser status bar denotes a secure connection Figure 156 Example Lock Denoting a Secure Connection example ...

Page 300: ...Chapter 33 Access Control GS2200 24 User s Guide 300 ...

Page 301: ...Use the Diagnostic screen Section 34 2 on page 301 to check system logs ping IP addresses or perform port tests 34 2 Diagnostic Click Management Diagnostic in the navigation panel to open this screen Use this screen to check system logs ping IP addresses or perform port tests Figure 157 Management Diagnostic ...

Page 302: ...y to display a log of events in the multi line text box Click Clear to empty the text box and reset the syslog entry IP Ping Type the IP address of a device that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address in the field to the left Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test ...

Page 303: ...entation of your syslog program for details The following table describes the syslog severity levels 35 2 What You Can Do Use the Syslog Setup screen Section 35 3 on page 304 to configure the device s system logging settings Use the Syslog Server Setup screen Section 35 4 on page 305 to configure a list of external syslog servers Table 102 Syslog Severity Levels CODE SEVERITY 0 Emergency The syste...

Page 304: ...tting Logging Type This column displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category Facility The log facility allows you to send logs to different files in the syslog server Refer to the documentation of your syslog program for more details Apply Click Apply to save your changes to the ...

Page 305: ...ber the more critical the logs are Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to return the fields to the...

Page 306: ...Chapter 35 Syslog GS2200 24 User s Guide 306 ...

Page 307: ...be directly connected and be in the same VLAN group so as to be able to communicate with one another Table 105 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models Must be compatible with ZyXEL cluster management implementation Cluster Manager The switch through which you manage the cluster member switches Cluster Members The switches being managed ...

Page 308: ...nt screen Section 36 3 on page 308 to view the role of the Switch within the cluster and to access a cluster member switch s web configurator Use the Clustering Management Configuration screen Section 36 1 on page 307 to configure clustering management 36 3 Cluster Management Status Use this screen to view the role of the Switch within the cluster and to access a cluster member switch s web config...

Page 309: ...isplays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage cluster member switches via the cluster manager switch Each number in the Index column is a hyperlink leading to the cluster member switch s web configurator see Figure 163 on page 312 MacAddr This is the cluster member switch s hardware MAC address Name This is t...

Page 310: ...RIPTION Clustering Manager Active Select Active to have this Switch become the cluster manager switch A cluster can only have one manager Other directly connected switches that are set to be cluster managers will not be visible in the Clustering Candidates list If a switch that was previously a cluster member is later set to become a cluster manager then its Status is displayed as Error in the Clu...

Page 311: ... the Clustering Candidate list and then enter its web configurator password If that switch administrator changes the web configurator password afterwards then it cannot be managed from the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below If multiple devices have the same password then hold SHIFT and...

Page 312: ...ement Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch s web configurator home page This cluster member web configurator home page and the home page that you d see if you accessed it directly are different Figure 163 Cluster Management Cluster Member Web Configurator Screen ex...

Page 313: ...0 c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 390BBA0 bin fw 00 a0 c5 01 23 46 200 Port command okay 150 Opening data connection for STOR fw 00 a0 c5 01 23 46 226 File received OK ftp 262144 bytes sent in 0 63Seconds 415 44Kbytes sec ftp Table 108 FTP Upload to Cl...

Page 314: ...Chapter 36 Cluster Management GS2200 24 User s Guide 314 ...

Page 315: ...MAC Table screen Section 37 4 on page 316 to check whether the MAC address is dynamic or static 37 3 What You Need to Know The Switch uses the MAC table to determine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC add...

Page 316: ...estination port is the same as the port it came in on then it filters the frame Figure 165 MAC Table Flowchart 37 4 Viewing the MAC Table Use this screen to check whether the MAC address is dynamic or static Click Management MAC Table in the navigation panel to display the following screen Figure 166 Management MAC Table ...

Page 317: ...t VID to display and arrange the data according to VLAN group Select PORT to display and arrange the data according to port number Transfer Type Select Dynamic to MAC forwarding and click the Transfer button to change all dynamically learned MAC address entries in the summary table below into static entries They also display in the Static MAC Forwarding screen Select Dynamic to MAC filtering and c...

Page 318: ...Chapter 37 MAC Table GS2200 24 User s Guide 318 ...

Page 319: ...local area network arrives at the Switch the Switch s ARP program looks in the ARP Table and if it finds the address sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition ...

Page 320: ...able The following table describes the labels in this screen Table 110 Management ARP Table LABEL DESCRIPTION Index This is the ARP Table entry number IP Address This is the learned IP address of a device connected to a Switch port with corresponding MAC address below MAC Address This is the MAC address of the device with corresponding IP address above Type This shows whether the MAC address is dy...

Page 321: ...igure Clone screen Section 39 2 on page 321 to copy the basic and advanced settings from a source port to a destination port or ports 39 2 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management Configure Clone to open the following screen Figure 168 Management Configure Clone ...

Page 322: ... 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings you configured in the Basic Setting menus should be copied to the destination port s Advanced Application Select which port settings you configured in the Advanced Application menus should be copied to the destination ports Apply Clic...

Page 323: ...323 PART VI Troubleshooting Product Specifications Troubleshooting 325 Product Specifications 329 ...

Page 324: ...324 ...

Page 325: ...n None of the LEDs turn on 1 Make sure you are using the power adaptor or cord included with the Switch 2 Make sure the power adaptor or cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or cord to the Switch 4 If the problem continues contact the vendor The ALM LED is on 1 Disconnect ...

Page 326: ...ot the IP address for the Switch 1 The default IP address is 192 168 1 1 2 Use the console port to log in to the Switch 3 If this does not work you have to reset the device to its factory defaults See Section 4 6 on page 49 I forgot the username and or password 1 The default username is admin and the default password is 1234 2 If this does not work you have to reset the device to its factory defau...

Page 327: ...ions Try to access the Switch using another service such as Telnet If you can access the Switch check the remote management settings to find out why the Switch does not respond to HTTP I can see the Login screen but I cannot log in to the Switch 1 Make sure you have entered the user name and password correctly The default user name is admin and the default password is 1234 These fields are case se...

Page 328: ...k the Display button in the System Log field in the Management Diagnostic screen to check for unauthorized access to your Switch To avoid unauthorized access configure the secured client setting in the Management Access Control Remote Management screen for telnet HTTP and SSH see Section 33 8 on page 286 Computers not belonging to the secured client set cannot get permission to access the Switch 4...

Page 329: ...T RJ 45 port and one Small Form Factor Pluggable SFP slot with one port active at a time Auto negotiation Auto MDIX One console port Compliant with IEEE 802 3 3u 3ab Back pressure flow control for half duplex Flow control for full duplex IEEE 802 3x LEDs Per switch PWR SYS ALM Per GE Ethernet RJ 45 10 100 1000 port LNK ACT FDX Per mini GBIC slot LNK ACT Per 1000BASE T RJ 45 port in dual personalit...

Page 330: ...le tagged frames the service provider can manage up to 4 094 VLAN groups with each group containing up to 4 094 customer VLANs This allows a service provider to provide different service based on specific VLANs for many different customers MAC Address Filter Filter traffic based on the source and or destination MAC address and VLAN group ID DHCP Dynamic Host Configuration Protocol Relay Use this f...

Page 331: ...s between switches bridges or routers It allows a Switch to interact with other M R STP compliant switches in your network to ensure that only one path exists between any two stations on the network Loop Guard Use the loop guard feature to protect against network loops on the edge of your network IP Source Guard Use IP source guard to filter unauthorized DHCP and ARP packets in your network Link A...

Page 332: ...able 114 Feature Specifications Layer 2 Features L2 Bridging 16K MAC addresses 4 waynassociative hashed Static MAC address filtering by source destination Broadcast storm control in 1 second interval 1 pps entering Static MAC address forwarding port lock Switching Switching fabric 56 Gbps non blocking Max Frame size 9 K bytes Forwarding frame IEEE 802 3 IEEE 802 1q Ethernet II PPPoE Prevent the fo...

Page 333: ...ort mirrorring Port based mirroring Support port mirroring per IP TCP UDP Bandwidth control Supports rate limiting at 64 Kb increments Broadcast Storm Control Broadcast Multicast Unknown Uicast Storm Control 1 pps stepping Rate Limiting Support rate limiting per IP TCP UDP port Layer 3 Features IP Capability IPV4 support 64 Management IPs Routing protocols Static Routing IP services DHCP client DH...

Page 334: ...ature Specifications continued Table 115 Standards Supported STANDARD DESCRIPTION RFC 826 Address Resolution Protocol ARP RFC 867 Daytime Protocol RFC 868 Time Protocol RFC 894 Ethernet II Encapsulation RFC 1112 IGMP v1 RFC 1155 SMI RFC 1157 SNMPv1 Simple Network Management Protocol version 1 RFC 1213 SNMP MIB II RFC 1305 Network Time Protocol NTP version 3 RFC 1441 SNMPv2 Simple Network Managemen...

Page 335: ...ery Protocol LLDP IEEE 802 1ag Connectivity Fault Management CFM IEEE 802 1x Port Based Network Access Control IEEE 802 1D MAC Bridges IEEE 802 1p Traffic Types Packet Priority IEEE 802 1Q Tagged VLAN IEEE 802 1w Rapid Spanning Tree Protocol RSTP IEEE 802 1s Multiple Spanning Tree Protocol MSTP IEEE 802 3 Packet Format IEEE 802 3ad Link Aggregation IEEE 802 3x Flow Control Safety UL 60950 1 CSA 60...

Page 336: ...Chapter 41 Product Specifications GS2200 24 User s Guide 336 ...

Page 337: ...337 PART VII Appendices and Index Changing a Fuse 339 Common Services 341 Legal Information 345 Index 349 ...

Page 338: ...338 ...

Page 339: ...fuse housing 3 A burnt out fuse is blackened darkened or cloudy inside its glass casing A working fuse has a completely clear glass casing Pull gently but firmly to remove the burnt out fuse from the fuse housing Dispose of the burnt out fuse properly Installing a Fuse 1 The Switch is shipped from the factory with one spare fuse included in a box like section of the fuse housing Push the middle pa...

Page 340: ...Appendix A Changing a Fuse GS2200 24 User s Guide 340 ...

Page 341: ...r information about port numbers If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation of the applications that use this service or the situations in which this service is used Table 116 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authen...

Page 342: ...This is a popular Internet chat program IGMP MULTICAST User Defined 2 Internet Group Multicast Protocol is used when sending packets to a specific group of hosts IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management IRC TCP UDP 6667 This is another popular Internet chat program MSN Messenger TCP 1863 Microsoft Networks messenger service uses this protocol NEW ...

Page 343: ...ime Streaming media control Protocol RTSP is a remote control for multimedia on the Internet SFTP TCP 115 Simple File Transfer Protocol SMTP TCP 25 Simple Mail Transfer Protocol is the message exchange standard for the Internet SMTP enables you to move messages from one e mail server to another SNMP TCP UDP 161 Simple Network Management Program SNMP TRAPS TCP UDP 162 Traps for use with the SNMP RF...

Page 344: ...P networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User Datagram Protocol rather than TCP Transmission Control Protocol VDOLIVE TCP 7000 Another videoconferencing solution Table 116 Commonly Used Services continued NAME PROTOCOL PORT S DESCRIPTION ...

Page 345: ...sing out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of Zy...

Page 346: ...ce in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense CE Mark Warning This is a class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Taiwanese BSMI Bureau of Standards Metrology and Inspection A Warning Not...

Page 347: ...sist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product has been modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warra...

Page 348: ...Appendix C Legal Information GS2200 24 User s Guide 348 ...

Page 349: ...es 239 trusted ports 239 authentication 202 setup 208 Authentication and Authorization see AAA 202 authorization 202 privilege levels 209 setup 208 auto crossover 37 automatic VLAN registration 88 B back up configuration file 275 bandwidth control 139 332 egress rate 140 ingress rate 140 setup 140 basic settings 71 basic setup tutorial 55 binding 215 binding table 215 building 216 BPDUs Bridge Pro...

Page 350: ...s 262 modes 261 Option 82 262 overview 261 relay agent 261 relay agent information 262 relay example 267 setup 265 VLAN setting 265 DHCP relay 262 configuration 264 example 265 DHCP relay option 82 237 DHCP snooping 55 216 235 configuring 237 DHCP relay option 82 237 trusted ports 236 untrusted ports 236 DHCP snooping database 236 diagnostics 301 Ethernet port test 302 ping 302 system log 302 Diff...

Page 351: ...RP 89 95 96 and port assignment 96 GVRP GARP VLAN Registration Protocol 89 H hardware installation 31 hardware monitor 72 hardware overview 35 hello time 131 hops 131 HTTPS 295 certificates 295 implementation 295 public keys private keys 295 HTTPS example 296 humidity 329 I IEEE 802 1p priority 78 IEEE 802 1x activate 163 206 port authentication 161 reauthentication 164 IGMP version 193 IGMP Inter...

Page 352: ...ocol see LACP 152 lockout 49 log 302 login 43 password 48 login account Administrator 284 non administrator 284 login accounts 284 configuring via web configurator 284 multiple 284 number of 284 login password 285 loop guard 241 examples 242 port shut down 243 setup 243 vs STP 241 M MAC Media Access Control 72 MAC address 72 319 maximum number per port 167 MAC address learning 97 100 107 167 speci...

Page 353: ...g Tree Protocol 119 Multiple RSTP 119 Multiple Spanning Tree Protocol See MSTP 117 120 Multiple STP 120 N network applications 25 network management system NMS 288 NTP RFC 1305 75 P PAGP 248 password 48 administrator 285 PHB Per Hop Behavior 258 ping test connection 302 policy 176 178 and classifier 176 and DiffServ 175 configuration 176 example 179 overview 175 rules 175 viewing 178 policy config...

Page 354: ...thod 181 184 R rack mounting 31 RADIUS 201 202 advantages 202 and port authentication 202 and tunnel protocol attribute 211 Network example 201 server 202 settings 203 setup 203 Rapid Spanning Tree Protocol See RSTP 117 rear panel connections 39 reboot load configuration 273 reboot system 273 registration product 347 related documentation 3 remote management 286 service 287 trusted computers 287 r...

Page 355: ...atus 44 66 link aggregation 153 MSTP 133 port 66 port details 67 power 73 STP 124 128 VLAN 91 STP 117 248 332 bridge ID 125 128 bridge priority 123 127 configuration 122 126 designated bridge 119 forwarding delay 123 127 Hello BPDU 119 Hello Time 123 125 127 129 how it works 119 Max Age 123 125 127 129 path cost 118 124 127 port priority 124 127 port state 119 root port 118 status 124 128 terminol...

Page 356: ...91 92 190 number of possible VIDs 88 priority frame 88 VID VLAN Identifier 88 VLAN 76 332 acceptable frame type 96 automatic registration 88 ID 87 IGMP snooping 194 ingress filtering 95 introduction 76 87 number of VLANs 91 port number 92 port settings 95 port based VLAN 102 port based all connected 105 port based isolation 105 port based wizard 105 PVID 96 static VLAN 93 status 91 92 subnet based...

Page 357: ...nty 347 note 347 web configurator 43 getting help 50 home 44 login 43 logout 50 navigation panel 45 weight queuing 182 Weighted Round Robin Scheduling WRR 182 WRR Weighted Round Robin Scheduling 182 Z ZyNOS ZyXEL Network Operating System 276 ...

Page 358: ...Index GS2200 24 User s Guide 358 ...

Reviews:

No comments

Related manuals for GS2200-24 Series

CALIENT S320 Hardware User'S Manual preview
S320
Brand: CALIENT Pages: 46
CALIENT S320 Getting Started Manual preview
S320
Brand: CALIENT Pages: 42
GE SecoGear User Manual preview
SecoGear
Brand: GE Pages: 36
GE Power Break Installation Instructions Manual preview
Power Break
Brand: GE Pages: 8
Balluff BNI IOL-314-S52-P012 Assembly Instructions Manual preview
BNI IOL-314-S52-P012
Brand: Balluff Pages: 22
Camozzi CSD Series Use And Maintenance Instructions preview
CSD Series
Brand: Camozzi Pages: 2
Kathrein EXR 221 Quick Start Manual preview
EXR 221
Brand: Kathrein Pages: 8
Nayar Systems Switch Manual preview
Switch
Brand: Nayar Systems Pages: 21
Kathrein EXD 1532 User Manual preview
EXD 1532
Brand: Kathrein Pages: 24
Kasia Switch Installation Manual preview
Switch
Brand: Kasia Pages: 5
United Electric Controls 54 Series Assembly, Installation And Operation Instructions preview
54 Series
Brand: United Electric Controls Pages: 6
Panio HW2250K User Manual preview
HW2250K
Brand: Panio Pages: 5
LEGRAND HKRL20 Installation Manual preview
HKRL20
Brand: LEGRAND Pages: 30
Radio Systems HUB16-DC Technical Manual preview
HUB16-DC
Brand: Radio Systems Pages: 19
3onedata IES2008 Quick Installation Manual preview
IES2008
Brand: 3onedata Pages: 2
Guralp Systems NAM MkII Quick Start Manual preview
NAM MkII
Brand: Guralp Systems Pages: 22
I-Tech NPXW117 User Manual preview
NPXW117
Brand: I-Tech Pages: 19
Linkskey LDV-DM702AUSK Quick Installation Manual preview
LDV-DM702AUSK
Brand: Linkskey Pages: 2

Brands by name

Popular brands

Load more brands