ZyXEL Communications GS2200-24P Series, User Manual, Page: 244 / 360

Share

Page: 244 / 360

ZyXEL Communications GS2200-24P Series User Manual Download Page 244

Chapter 25 IP Source Guard

GS2200-24/24P User’s Guide

244

25.10.2 ARP Inspection Overview

Use ARP inspection to filter unauthorized ARP packets on the network. This can
prevent many kinds of man-in-the-middle attacks, such as the one in the following
example.

Figure 128

Example: Man-in-the-middle Attack

In this example, computer B tries to establish a connection with computer A.
Computer X is in the same broadcast domain as computer A and intercepts the
ARP request for computer A. Then, computer X does the following things:

• It pretends to be computer A and responds to computer B.
• It pretends to be computer B and sends a message to computer A.

As a result, all the communication between computer A and computer B passes
through computer X. Computer X can read and alter the information passed
between them.

25.10.2.1 ARP Inspection and MAC Address Filters

When the Switch identifies an unauthorized ARP packet, it automatically creates a
MAC address filter to block traffic from the source MAC address and source VLAN
ID of the unauthorized ARP packet. You can configure how long the MAC address
filter remains in the Switch.

These MAC address filters are different than regular MAC address filters (

• They are stored only in volatile memory.
• They do not use the same space in memory that regular MAC address filters

use.

• They appear only in the ARP Inspection screens and commands, not in the

MAC Address Filter screens and commands.

A

X

B

«
...
242
243
244
245
246
...
»

Summary of Contents for GS2200-24P Series

Page 1: ...ntelligent Layer 2 GbE Switch Intelligent Layer 2 GbE Switch with PoE Copyright 2010 ZyXEL Communications Corporation Firmware Version 3 90 Edition 1 2 2010 Default Login Details IP Address http 192 1...

Page 2: ......

Page 3: ...e the Switch Web Configurator Online Help The embedded Web Help contains descriptions of individual screens and supplementary information Note It is recommended you use the web configurator to configu...

Page 4: ...tions about ZyXEL products Forum This contains discussions on ZyXEL products Learn from others who use ZyXEL products and share your experiences as well Customer Support Should problems arise that can...

Page 5: ...eld choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more...

Page 6: ...s Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Switch icon is not an exact representation of your device The Switch Computer Notebook computer Ser...

Page 7: ...your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Use ONLY power wires of the appropriate wire gauge see Chapter 40 on page 333 for details f...

Page 8: ...Safety Warnings GS2200 24 User s Guide 8...

Page 9: ...Statistics 67 Basic Setting 73 Advanced 91 VLAN 93 Static MAC Forward Setup 113 Static Multicast Forward Setup 117 Filtering 121 Spanning Tree Protocol 123 Bandwidth Control 145 Broadcast Storm Contro...

Page 10: ...gement 273 Maintenance 275 Access Control 283 Diagnostic 305 Syslog 307 Cluster Management 311 MAC Table 319 ARP Table 323 Configure Clone 325 Troubleshooting Product Specifications 327 Troubleshootin...

Page 11: ...5 1 1 4 IEEE 802 1Q VLAN Application Examples 25 1 2 Ways to Manage the Switch 26 1 3 Good Habits for Managing the Switch 26 Chapter 2 Hardware Installation and Connection 29 2 1 Installation Scenario...

Page 12: ...e Web Configurator 51 4 8 Help 51 Chapter 5 Initial Setup Example 53 5 1 Overview 53 5 1 1 Creating a VLAN 53 5 1 2 Setting Port VID 55 5 2 Configuring Switch Management IP Address 56 Chapter 6 Tutori...

Page 13: ...2 What You Need to Know 93 9 2 VLAN Status 97 9 2 1 VLAN Details 98 9 3 Configure a Static VLAN 99 9 4 Configure VLAN Port Settings 101 9 5 Subnet Based VLANs 102 9 5 1 Configuring Subnet Based VLAN 1...

Page 14: ...nning Tree Protocol 128 13 5 Rapid Spanning Tree Protocol Status 130 13 6 Configure Multiple Rapid Spanning Tree Protocol 132 13 7 Multiple Rapid Spanning Tree Protocol Status 134 13 8 Configure Multi...

Page 15: ...hentication 167 18 1 Overview 167 18 1 1 What You Can Do 167 18 1 2 What You Need to Know 167 18 2 Port Authentication Configuration 168 18 3 Activate IEEE 802 1x Security 169 Chapter 19 Port Security...

Page 16: ...95 23 4 IGMP Snooping VLAN 198 23 5 IGMP Filtering Profile 199 23 6 The MVR Screen 201 23 6 1 MVR Group Configuration 203 23 6 2 MVR Configuration Example 205 Chapter 24 AAA 209 24 1 Overview 209 24 1...

Page 17: ...2 ARP Inspection VLAN Configure 240 25 10 Technical Reference 241 25 10 1 DHCP Snooping Overview 241 25 10 2 ARP Inspection Overview 244 Chapter 26 Loop Guard 247 26 1 Overview 247 26 1 1 What You Can...

Page 18: ...g DHCP VLAN Settings 269 30 4 1 Example DHCP Relay for Two VLANs 271 Part V Management 273 Chapter 31 Maintenance 275 31 1 Overview 275 31 1 1 What You Can Do 275 31 2 The Maintenance Screen 275 31 2...

Page 19: ...verview 305 33 2 Diagnostic 305 Chapter 34 Syslog 307 34 1 Overview 307 34 1 1 What You Can Do 307 34 2 Syslog Setup 308 34 3 Syslog Server Setup 309 Chapter 35 Cluster Management 311 35 1 Overview 31...

Page 20: ...one 325 Part VI Troubleshooting Product Specifications 327 Chapter 39 Troubleshooting 329 39 1 Power Hardware Connections and LEDs 329 39 2 Switch Access and Login 330 39 3 Switch Configuration 332 Ch...

Page 21: ...21 PART I Introduction and Hardware Getting to Know Your Switch 23 Hardware Installation and Connection 29 Hardware Panels 33...

Page 22: ...22...

Page 23: ...hernet PoE feature Both switches are referred to as the Switch in this guide With its built in web configurator managing and configuring the Switch is easy In addition the Switch can also be managed v...

Page 24: ...witch connects different company departments RD and Sales to the corporate backbone It can alleviate bandwidth contention and eliminate server and network bottlenecks All users that need high bandwidt...

Page 25: ...ure can be retained as all ports can freely communicate with each other Figure 3 High Performance Switched Workgroup Application 1 1 4 IEEE 802 1Q VLAN Application Examples A VLAN Virtual Local Area N...

Page 26: ...e Line commands offer an alternative to the web configurator and in some cases are necessary to configure advanced features See the CLI Reference Guide FTP Use FTP for firmware upgrades and configurat...

Page 27: ...how to restore it Restoring an earlier working configuration may be useful if the device becomes unstable or even crashes If you forget your password you will have to reset the Switch to its factory...

Page 28: ...Chapter 1 Getting to Know Your Switch GS2200 24 24P User s Guide 28...

Page 29: ...itch This is especially important for enclosed rack installations 2 2 Desktop Installation Procedure 1 Make sure the Switch is clean and dry 2 Set the Switch on a smooth level surface strong enough to...

Page 30: ...does not make the rack unstable or top heavy Take all necessary precautions to anchor the rack securely before installing the unit 2 3 2 Attaching the Mounting Brackets to the Switch 1 Position a mou...

Page 31: ...o the Switch on one side of the rack lining up the two screw holes on the bracket with the screw holes on the side of the rack Figure 6 Mounting the Switch on a Rack 2 Using a 2 Philips screwdriver in...

Page 32: ...Chapter 2 Hardware Installation and Connection GS2200 24 24P User s Guide 32...

Page 33: ...his chapter describes the front panel and rear panel and shows you how to make the hardware connections 3 2 Front Panels The following figure shows the front panel of the Switch Figure 7 Front Panel G...

Page 34: ...called a mini GBIC slot with one port or transceiver active at a time Note The ports change to fiber mode directly when inserting the fiber module Four 100 1000 Mbps RJ 45 Ports Connect these ports t...

Page 35: ...st to the optimum Ethernet speed 10 100 1000 Mbps and duplex mode full duplex or half duplex of the connected device An auto crossover auto MDI MDI X port automatically works with a straight through o...

Page 36: ...ings of the peer Ethernet port are the same in order to connect 3 2 2 1 Default Ethernet Negotiation Settings The factory default negotiation settings for the Gigabit ports on the Switch are Speed Aut...

Page 37: ...of PCB board facing down 2 Press the transceiver firmly until it clicks into place 3 The Switch automatically detects the installed transceiver Check the LEDs to verify that it is functioning properly...

Page 38: ...of the power cord to the AC power receptacle on the front panel Connect the other end of the supplied power cord to a power outlet Make sure that no objects obstruct the airflow of the fans located o...

Page 39: ...rnet network On The link to a 10 Mbps or a 1000 Mbps Ethernet network is up Amber Blinking The system is transmitting receiving to from a 100 Mbps Ethernet network On The link to a 100 Mbps Ethernet n...

Page 40: ...Chapter 3 Hardware Panels GS2200 24 24P User s Guide 40...

Page 41: ...41 PART II Basic Configuration The Web Configurator 43 Initial Setup Example 53 System Status and Port Statistics 67 Basic Setting 73...

Page 42: ...42...

Page 43: ...and later Mozilla Firefox 3 0 and later versions The recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your de...

Page 44: ...me server nor manually entered a time and date in the General Setup screen Figure 14 Web Configurator Login 4 Click OK to view the first web configurator screen 4 3 The Status Screen The Status screen...

Page 45: ...rtain tasks no matter which screen you are currently working in B Click this link to save your configuration into the Switch s nonvolatile memory Nonvolatile memory is the configuration of your Switch...

Page 46: ...p This link takes you to a screen where you can configure general identification information about the Switch Switch Setup This link takes you to a screen where you can set up global Switch parameters...

Page 47: ...ort Authentication This link takes you to a screen where you can configure IEEE 802 1x port authentication for clients communicating via the Switch Port Security This link takes you to screens where y...

Page 48: ...Control This link takes you to screens where you can change the system login password and configure SNMP and remote management Diagnostic This link takes you to a screen where you can view system logs...

Page 49: ...Your Configuration When you are done modifying the settings in a screen click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power i...

Page 50: ...out of the Switch 4 6 Resetting the Switch If you lock yourself and others from the Switch or forget the administrator password you will need to reload the factory default configuration file or reset...

Page 51: ...configuration file upload type atgo to restart the Switch The Switch is now reinitialized with a default configuration file including the default password of 1234 4 7 Logging Out of the Web Configura...

Page 52: ...Chapter 4 The Web Configurator GS2200 24 24P User s Guide 52...

Page 53: ...r the initial setup Create a VLAN Set port VLAN ID Configure the Switch IP management address 5 1 1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port s belongs You can...

Page 54: ...this screen and the VID field in the IP Setup screen refer to the same VLAN ID 3 Since the VLAN2 network is connected to port 1 on the Switch select Fixed to configure port 1 to be a permanent member...

Page 55: ...network configure 2 as the port VID on port 1 so that any untagged frames received on that port get sent to VLAN 2 Figure 20 Initial Setup Network Example Port VID 1 Click Advanced Applications VLAN i...

Page 56: ...eb browser and enter 192 168 1 1 the default IP address in the address bar to access the web configurator See Section 4 2 on page 43 for more information 3 Click Basic Setting IP Setup in the navigati...

Page 57: ...ant DHCP server A connected to port 5 to assign IP addresses to all devices in VLAN network V Create a VLAN containing ports 5 6 and 7 Connect a computer M to the Switch for management Figure 22 Tutor...

Page 58: ...VLAN and create a VLAN with ID of 100 Add ports 5 6 and 7 in the VLAN by selecting Fixed in the Control field as shown Deselect Tx Tagging because you don t want outgoing traffic to contain this VLAN...

Page 59: ...ID of the ports 5 6 and 7 to 100 This tags untagged incoming frames on ports 5 6 and 7 with the tag 100 Figure 24 Tutorial Tag Untagged Frames 4 Go to Advanced Application IP Source Guard DHCP snoopin...

Page 60: ...al Set the DHCP Server Port to Trusted 7 Go to Advanced Application IP Source Guard DHCP snooping Configure VLAN show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply Then...

Page 61: ...If DHCP Snooping Works You can also telnet or log into the Switch s console Use the command show dhcp snooping binding to see the DHCP snooping binding table as shown next 6 3 How to Use DHCP Relay on...

Page 62: ...Scenario 6 3 2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 102 1 Access the web configurator through the Switch s management port 2 Go to Basic Setting Switch Setup...

Page 63: ...he Name field and enter 102 in the VLAN Group ID field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags b...

Page 64: ...s screen Figure 32 Tutorial Click the VLAN Port Setting Link 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to...

Page 65: ...creen 2 Select the Active check box 3 Enter the DHCP server s IP address 192 168 2 3 in this example in the Remote DHCP Server 1 field 4 Select the Option 82 and the Information check boxes 5 Click Ap...

Page 66: ...Client A is connected to the Switch s port 2 in VLAN 102 2 You configured the correct VLAN ID port number and system name for DHCP relay on both the DHCP server and the Switch 3 You clicked the Save l...

Page 67: ...page port details and PoE status The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details 7 1 1 What You Can Do Use the Port Sta...

Page 68: ...tatistics GS2200 24 24P User s Guide 68 7 2 Port Status Summary To view the port statistics click Status in all web configurator screens to display the Status screen as shown next Figure 35 Status GS2...

Page 69: ...field displays FORWARDING if the link is up otherwise it displays STOP PD for GS2200 24P only This field displays whether or not a powered device PD is allowed to receive power from the Switch on this...

Page 70: ...vidual port on the Switch Figure 37 Status Port Details The following table describes the labels in this screen Table 8 Status Port Details LABEL DESCRIPTION Port Info Port NO This field displays the...

Page 71: ...ld shows the number of 802 3x Pause packets transmitted Rx Packet The following fields display detailed information about packets received RX Packets This field shows the number of good packets unicas...

Page 72: ...received that were between 128 and 255 octets in length 256 511 This field shows the number of packets including bad packets received that were between 256 and 511 octets in length 512 1023 This field...

Page 73: ...ch routing domain subnet mask s and DNS domain name server for management purposes 8 1 1 What You Can Do Use the System Info screen Section 8 2 on page 74 to check the firmware version number Use the...

Page 74: ...e 74 8 2 System Information In the navigation panel click Basic Setting System Info to display the screen as shown You can check the firmware version number Figure 38 Basic Setting System Info GS2200...

Page 75: ...easured at this sensor Threshold This field displays the upper temperature limit at this sensor Status This field displays Normal for temperatures below the threshold and Error for those above Fan Spe...

Page 76: ...atus Normal indicates that the voltage is within an acceptable operating range at this point otherwise Error is displayed Table 9 Basic Setting System Info continued LABEL DESCRIPTION Table 10 Basic S...

Page 77: ...isplays the date you open this menu New Date yyyy mm dd Enter the new date in year month and day format The new date then appears in the Current Date field after you click Apply Time Zone Select the t...

Page 78: ...e Chapter 9 on page 93 for information on port based and 802 1Q tagged VLANs End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Saving Time The time field uses...

Page 79: ...r 9 on page 93 for more information GARP Timer Switches join VLANs by making a declaration A declaration is made by issuing a Join message using GARP Declarations are withdrawn by issuing a Leave mess...

Page 80: ...llowing descriptions are based on the traffic types defined in the IEEE 802 1d standard which incorporates the 802 1p Level 7 Typically used for network control traffic such as router configuration me...

Page 81: ...y default IP address is 192 168 1 1 The subnet mask specifies the network number portion of an IP address The factory default subnet mask is 255 255 255 0 You can configure up to 64 IP addresses which...

Page 82: ...nagement only The default is 1 All ports by default are fixed members of this management VLAN in order to manage the device from any port If a port is not a member of this VLAN then users on that port...

Page 83: ...the configuration screen Figure 43 Basic Setting Port Setup Default Gateway This field displays the IP address of the default gateway Delete Check the management IP addresses that you want to remove...

Page 84: ...atically to obtain the connection speed and duplex mode that both ends support When auto negotiation is turned on a port on the Switch negotiates with the peer automatically to determine the connectio...

Page 85: ...0 provides additional external PoE power budget on top of the internal power budget of the GS2200 24P Refer to the User s Guide of the PPS250 for more information Note The POE Power over Ethernet devi...

Page 86: ...can provide to the connected PoE enabled devices on the PoE ports Consuming Power W This field displays the amount of power the Switch is currently supplying to the connected PoE enabled devices Alloc...

Page 87: ...49 Class 3 Optional 6 49 to 12 95 Class 4 Reserved PSEs classify as Class 0 PD Priority When the total power requested by the PDs exceeds the total PoE power budget on the Switch you can set the PD pr...

Page 88: ...e Max Power mW to each PD according to the priority level If the total power supply runs out PDs with lower priority do not get power to function Consumption Select this if you want the Switch to mana...

Page 89: ...igh to set the Switch to assign the remaining power to the port after all critical priority ports are served Select Low to set the Switch to assign the remaining power to the port after all critical a...

Page 90: ...Chapter 8 Basic Setting GS2200 24 24P User s Guide 90...

Page 91: ...ing Tree Protocol 123 Bandwidth Control 145 Broadcast Storm Control 149 Mirroring 153 Link Aggregation 157 Port Authentication 167 Port Security 171 Classifier 175 Policy Rule 181 Queuing Method 187 1...

Page 92: ...92...

Page 93: ...Ns that allow you to group traffic into logical VLANs based on the source IP subnet you specify Use the Port Based VLAN screen Section 9 7 on page 108 to set up VLANs where the packet forwarding decis...

Page 94: ...of passing tagged or untagged frames To forward a frame from an 802 1Q VLAN aware switch to an 802 1Q VLAN unaware switch the Switch first decides where to forward the frame and then strips off the VL...

Page 95: ...roups on intermediary devices Table 16 IEEE 802 1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually Dynamic VLAN This is a VLAN configur...

Page 96: ...nd E automatically allow frames with VLAN group tags 1 and 2 VLAN groups that are unknown to those switches to pass through their VLAN trunking port s Figure 47 Port VLAN Trunking 9 1 2 3 Select the V...

Page 97: ...N This is the number of VLANs configured on the Switch The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only...

Page 98: ...ESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that was configured in the Static VLAN screen Port Number This column displays the ports th...

Page 99: ...VLAN Static VLAN The following table describes the related labels in this screen Table 19 Advanced Application VLAN Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN sett...

Page 100: ...ansmitted with this VLAN Group ID Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top n...

Page 101: ...Table 20 Advanced Application VLAN VLAN Port Setting LABEL DESCRIPTION GVRP GVRP GARP VLAN Registration Protocol is a registration protocol that defines a way for switches to register necessary VLAN m...

Page 102: ...ck box to allow GVRP on this port Acceptable Frame Type Specify the type of frames allowed on a port Choices are All Tag Only and Untag Only Select All from the drop down list box to accept all untagg...

Page 103: ...e services You also have a subnet based VLAN with priority 5 and VID of 200 for traffic received from IP subnet 192 168 1 0 24 video services Lastly you configure VLAN with priority 3 and VID of 300 f...

Page 104: ...s IP subnet to obtain their IP addresses through the DHCP VLAN Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power...

Page 105: ...st be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch assigns to frames belonging to this VLAN Add Click Add to save you...

Page 106: ...switch C Figure 55 Protocol Based VLAN Application Example 9 6 1 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown...

Page 107: ...an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch will assign to frames belonging to this VLAN Add Click Add to save your...

Page 108: ...or example between conference rooms in a hotel you must define the egress an egress port is an outgoing port that is a port through which a data packet leaves for both ports Port based VLANs are speci...

Page 109: ...7 1 Configure a Port based VLAN Select Port Based as the VLAN Type in the Basic Setting Switch Setup screen and then click Advanced Application VLAN from the navigation panel to display the next scree...

Page 110: ...Chapter 9 VLAN GS2200 24 24P User s Guide 110 Figure 58 Port Based VLAN Setup Port Isolation...

Page 111: ...lick Apply at the bottom of the screen Incoming These are the ingress ports an ingress port is an incoming port that is a port through which a data packet enters If you wish to allow two subscriber po...

Page 112: ...protocol Leave the default value IP 5 Type the VLAN ID of an existing VLAN In our example we already created a static VLAN with an ID of 5 Type 5 6 Leave the priority set to 0 and click Add Figure 59...

Page 113: ...assign static MAC addresses for a port 10 2 Configuring Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not ag...

Page 114: ...where the MAC address entered in the previous field will be automatically forwarded Add Click Add to save your rule to the Switch s run time memory The Switch loses this rule if it is turned off or lo...

Page 115: ...isplays the port where the MAC address shown in the next field will be forwarded Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete check b...

Page 116: ...Chapter 10 Static MAC Forward Setup GS2200 24 24P User s Guide 116...

Page 117: ...f a multicast group A static multicast address is a multicast MAC address that has been manually entered in the multicast table Static multicast addresses do not age out Static multicast forwarding al...

Page 118: ...3 within VLAN group 4 Figure 61 No Static Multicast Forwarding Figure 62 Static Multicast Forwarding to A Single Port Figure 63 Static Multicast Forwarding to Multiple Ports 11 2 Configuring Static M...

Page 119: ...t pair 00000001 is 01 and 00000011 is 03 in hexadecimal so 01 00 5e 00 00 0A and 03 00 5e 00 00 27 are valid multicast MAC addresses VID You can forward frames with matching destination MAC address to...

Page 120: ...This field displays the multicast MAC address that identifies a multicast group VID This field displays the ID number of a VLAN group to which frames containing the specified multicast MAC address wi...

Page 121: ...ination MAC addresses and VLAN group ID 12 1 1 What You Can Do Use the Filtering screen Section 12 2 on page 121 to create rules for traffic going through the Switch 12 2 Configure a Filtering Rule Us...

Page 122: ...is six hexadecimal character pairs VID Type the VLAN group identification number Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off...

Page 123: ...fferent STP modes RSTP MRSTP or MSTP you can configure on the Switch Use the Spanning Tree Configuration screen Section 13 3 on page 127 to activate one of the STP modes on the Switch Use the Rapid Sp...

Page 124: ...ed addresses from the filtering database In RSTP the port states are Discarding Learning and Forwarding Note In this user s guide STP refers to both STP and RSTP STP Terminology The root bridge is the...

Page 125: ...umes that the link to the root bridge is down This bridge then initiates negotiations with other bridges to reconfigure the network to re establish a valid network topology STP Port States STP assigns...

Page 126: ...s backward compatible with STP RSTP and addresses the limitations of existing spanning tree protocols STP and RSTP in networks to include the following features One Common and Internal Spanning Tree C...

Page 127: ...Protocol This screen differs depending on which STP mode RSTP MRSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration section for ea...

Page 128: ...ed Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree or...

Page 129: ...generations by the root switch The allowed range is 1 to 10 seconds Max Age This is the maximum time in seconds the Switch can wait without receiving a BPDU before attempting to reconfigure All Switc...

Page 130: ...a loop in a switch Ports with a higher priority numeric value are disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a f...

Page 131: ...l in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds the Switch...

Page 132: ...The following table describes the labels in this screen Table 32 Advanced Application Spanning Tree Protocol MRSTP LABEL DESCRIPTION Status Click Status to display the MRSTP Status screen see Figure...

Page 133: ...e maximum time in seconds the Switch will wait before changing states This delay is required because every switch must receive information about topology changes before it starts to forward frames In...

Page 134: ...off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen a...

Page 135: ...nds the root switch will wait before changing states that is listening to learning to forwarding Note The listening state does not exist in RSTP Cost to Bridge This is the path cost from the root port...

Page 136: ...Guide 136 13 8 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Section on page 126 for more information on MSTP Fig...

Page 137: ...Delay This is the maximum time in seconds the Switch will wait before changing states This delay is required because every switch must receive information about topology changes before it starts to fo...

Page 138: ...common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to add this port to the MS...

Page 139: ...tion on page 126 for more information on MSTP Note This screen is only available after you activate MSTP on the Switch Figure 74 Advanced Application Spanning Tree Protocol Status MSTP Delete Check th...

Page 140: ...ost from the root port on this Switch to the root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree...

Page 141: ...es are using STP or RSTP the link for VLAN 2 will be blocked as STP and RSTP allow only one link in the network and block the redundant link Figure 75 STP RSTP Network Example Internal Cost This is th...

Page 142: ...gion external path cost of paths outside this region is increased by one Internal path cost of paths within this region is increased by one when BPDUs traverse the region Devices that belong to the sa...

Page 143: ...ST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of an MST instan...

Page 144: ...Chapter 13 Spanning Tree Protocol GS2200 24 24P User s Guide 144...

Page 145: ...he maximum bandwidth using the Bandwidth Control screen Bandwidth control means defining a maximum allowable bandwidth for incoming and or out going traffic flows on a port 14 1 1 What You Can Do Use...

Page 146: ...rol on the Switch Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set...

Page 147: ...ime memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configur...

Page 148: ...Chapter 14 Bandwidth Control GS2200 24 24P User s Guide 148...

Page 149: ...d on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast...

Page 150: ...ck box to disable this feature Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row...

Page 151: ...ime memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configur...

Page 152: ...Chapter 15 Broadcast Storm Control GS2200 24 24P User s Guide 152...

Page 153: ...g allows you to copy a traffic flow to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference 16 1 1 What You Can Do Use t...

Page 154: ...this check box to activate port mirroring on the Switch Clear this check box to disable the feature Monitor Port The monitor port is the port you copy the traffic to in order to examine it in more de...

Page 155: ...are Egress outgoing Ingress incoming and Both Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save l...

Page 156: ...Chapter 16 Mirroring GS2200 24 24P User s Guide 156...

Page 157: ...ed to form a trunk group 17 1 1 What You Can Do Use the Link Aggregation Status screen Section 17 2 on page 159 to view ports you have configured to be in the trunk group ports that are currently tran...

Page 158: ...must connect all ports point to point to the same Ethernet switch and configure the ports for LACP trunking LACP only works on full duplex links All ports in the same trunk group must have the same m...

Page 159: ...a trunk group that is one logical link containing multiple ports Enabled Ports These are the ports you have configured in the Link Aggregation screen to be in the trunk group The port number s display...

Page 160: ...ic based on a combination of the packet s source and destination MAC addresses src ip means the Switch distributes traffic based on the packet s source IP address dst ip means the Switch distributes t...

Page 161: ...dvanced Application Link Aggregation Link Aggregation Setting The following table describes the labels in this screen Table 42 Advanced Application Link Aggregation Link Aggregation Setting LABEL DESC...

Page 162: ...n MAC addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distri...

Page 163: ...n dynamic link aggregation Figure 84 Advanced Application Link Aggregation Link Aggregation Setting LACP The following table describes the labels in this screen Table 43 Advanced Application Link Aggr...

Page 164: ...orts Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row...

Page 165: ...h B Figure 85 Trunking Example Physical Connections 2 Configure static trunking Click Advanced Application Link Aggregation Link Aggregation Setting In this screen activate trunk group T1 select the t...

Page 166: ...Chapter 17 Link Aggregation GS2200 24 24P User s Guide 166...

Page 167: ...69 to activate IEEE 802 1x security 18 1 2 What You Need to Know IEEE 802 1x authentication uses the RADIUS Remote Authentication Dial In User Service RFC 2138 2139 protocol to validate users See Sect...

Page 168: ...authentication first activate the port authentication method both on the Switch and the port s then configure the RADIUS server settings in the Auth and Acct Radius Server Setup screen Click Advanced...

Page 169: ...nced Application Port Authentication 802 1x LABEL DESCRIPTION Active Select this check box to permit 802 1x authentication on the Switch Note You must first enable 802 1x authentication on the Switch...

Page 170: ...e port Reauthenticati on Timer Specify how often a client has to re enter his or her username and password to stay connected to the port Apply Click Apply to save your changes to the Switch s run time...

Page 171: ...r than the sum cannot exceed 16K For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port securi...

Page 172: ...r of the port s separated by a comma on which you want to enable port security and disable MAC address learning After you click MAC freeze all previously learned MAC addresses on the specified port s...

Page 173: ...to occur on a port the port itself must be active with address learning enabled Limited Number of Learned MAC Address Use this field to limit the number of dynamic MAC addresses that may be learned on...

Page 174: ...Chapter 19 Port Security GS2200 24 24P User s Guide 174...

Page 175: ...dth Without QoS all traffic data is equally likely to be dropped when the network is congested This can cause a reduction in network performance and make the network inadequate for time critical appli...

Page 176: ...efer to Chapter 21 on page 181 Click Advanced Application Classifier in the navigation panel to display the configuration screen as shown Figure 91 Advanced Application Classifier The following table...

Page 177: ...to establish TCP connections Source IP Address Address Prefix Enter a source IP address in dotted decimal notation Specify the address prefix by entering the number of ones in the subnet mask A subne...

Page 178: ...so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields back to your previous configurati...

Page 179: ...rs are See Appendix B on page 345 for information on commonly used port numbers NBS Internet 0802 ECMA Internet 0803 Chaosnet 0804 X 25 Level 3 0805 XNS Compat 0807 Banyan Systems 0BAD BBN Simnet 5208...

Page 180: ...reen shows an example where you configure a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 After you have configured a classifier you can configure a policy in the...

Page 181: ...on page 175 for more information A policy rule ensures that a traffic flow gets the requested treatment in the network 21 1 1 What You Can Do Use the Policy screen Section 21 2 on page 181 to enable t...

Page 182: ...this option to enable the policy Name Enter a descriptive name for identification purposes Classifier s This field displays the active classifier s you configure in the Classifier screen Select the c...

Page 183: ...higher priority than the capitals such as A and B in the classifier name For example the classifier with the name of class 2 class a or class B takes priority over the classifier with the name of clas...

Page 184: ...nel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields back to your previous configuration Clear Click Clear to set the above fields...

Page 185: ...Guide 185 21 3 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier refer to Sectio...

Page 186: ...Chapter 21 Policy Rule GS2200 24 24P User s Guide 186...

Page 187: ...ndividual source or flow and prevent a source from monopolizing the bandwidth Strictly Priority Queuing Strictly Priority Queuing SPQ services queues based on priority only As traffic comes into the S...

Page 188: ...equal amount of bandwidth and then moves to the end of the list and so on depending on the number of queues being used This works in a looping fashion until a queue is empty Weighted Round Robin Sche...

Page 189: ...his screen Table 52 Advanced Application Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring Settings in this row apply to all ports Use this row only if you want to ma...

Page 190: ...r weights get more service than queues with smaller weights Weight When you select WFQ or WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their we...

Page 191: ...reen Section 23 2 on page 194 to view multicast group information Use the Multicast Setting screen Section 23 3 on page 195 to enable IGMP snooping to forward group multicast traffic only to ports tha...

Page 192: ...e members of that group IGMP snooping generates no additional network traffic allowing you to significantly reduce multicast traffic passing through your Switch IGMP Snooping and VLANs The Switch can...

Page 193: ...Modes You can set your Switch to operate in either dynamic or compatible mode In dynamic mode the Switch sends IGMP leave and join reports to the other multicast devices such as multicast routers or s...

Page 194: ...the receiving port will still be on the list of forwarding destination for the multicast traffic Otherwise the Switch removes the receiver port from the forwarding table Figure 99 MVR Multicast Televi...

Page 195: ...nced Application Multicast Multicast Setting LABEL DESCRIPTION IGMP Snooping Use these settings to configure IGMP Snooping Active Select Active to enable IGMP Snooping to forward group multicast traff...

Page 196: ...n The layer 2 multicast MAC addresses used by Cisco layer 2 protocols 01 00 0C CC CC CC and 01 00 0C CC CC CD are also included in this group Specify the action to perform when the Switch receives a f...

Page 197: ...rt IGMP Filtering Profile Select the name of the IGMP filtering profile to use for this port Otherwise select Default to prohibit the port from joining any multicast group You can create IGMP filterin...

Page 198: ...of any VLANs automatically Select fixed to have the Switch only learn multicast group membership information of the VLAN s that you specify below In either auto or fixed mode the Switch can learn up t...

Page 199: ...e ID of a static VLAN the valid range is between 1 and 4094 Note You cannot configure the same VLAN ID as in the MVR screen Add Click Add to insert the entry in the summary table below and save your c...

Page 200: ...st IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile End Address Type the ending multicast IP address for a range of IP addresses that you want to bel...

Page 201: ...st VLANs and up to 256 multicast rules on the Switch Delete To delete the profile s and all the accompanying rules select the profile s that you want to remove in the Delete Profile column then click...

Page 202: ...AN to be shared among different subscriber VLANs on the network Name Enter a descriptive name up to 32 English keyboard characters for identification purposes Multicast VLAN ID Enter the VLAN ID 1 to...

Page 203: ...ate in MVR No MVR multicast traffic is sent or received on this port Tagging Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted Add Click Add to save your...

Page 204: ...or more information on IP multicast addresses End Address Enter the ending IP multicast address of the multicast group in dotted decimal notation Enter the same IP address as the Start Address field i...

Page 205: ...o receive multicast traffic the News and Movie channels from the remote streaming media server S Computers A B and C in VLAN 1 are able to receive the traffic Figure 106 MVR Configuration Example Dele...

Page 206: ...on the Switch create a multicast group in the MVR screen and set the receiver and source ports Figure 107 MVR Configuration Example To set the Switch to forward the multicast group traffic to the sub...

Page 207: ...24 24P User s Guide 207 following figure shows an example where two multicast groups News and Movie are configured for the multicast VLAN 200 Figure 108 MVR Group Configuration Example Figure 109 MVR...

Page 208: ...Chapter 23 Multicast GS2200 24 24P User s Guide 208...

Page 209: ...hat You Can Do Use the AAA screen Section 24 2 on page 210 to enable authentication and authorization or both of them on the Switch use the Radio Server Setup screen Section 24 3 on page 211 to config...

Page 210: ...ers you may authenticate in this way See Chapter 31 on page 275 RADIUS and TACACS RADIUS and TACACS are security protocols used to authenticate users by means of an external server instead of or in ad...

Page 211: ...Server Setup Use this screen to configure your RADIUS server settings See Section on page 210 for more information on RADIUS servers and Section 24 6 2 on page 219 for RADIUS attributes utilized by th...

Page 212: ...ly number representing a RADIUS server entry IP Address Enter the IP address of an external RADIUS server in dotted decimal notation UDP Port The default port of a RADIUS server for authentication is...

Page 213: ...the labels in this screen Table 61 Advanced Application AAA TACACS Server Setup LABEL DESCRIPTION Authentication Server Use this section to configure your TACACS authentication settings Mode This fiel...

Page 214: ...hanumeric characters as the key to be shared between the external TACACS server and the Switch This key is not sent over the network This key must be the same on the external TACACS server and the Swi...

Page 215: ...s Guide 215 24 5 AAA Setup Use this screen to configure authentication and authorization settings on the Switch Click on the AAA Setup link in the AAA screen to view the screen as shown Figure 114 Ad...

Page 216: ...xternal servers Login These fields specify which database the Switch should use first second and third to authenticate administrator accounts users for Switch management Configure the local user accou...

Page 217: ...identification number assigned to the company by the IANA Internet Assigned Numbers Authority ZyXEL s vendor ID is 890 Vendor Type A vendor specified attribute identifying the setting you want to mod...

Page 218: ...endor Id 890 Vendor Type 1 Vendor data ingress rate Kbps in decimal format Egress Bandwidth Assignment Vendor Id 890 Vendor Type 2 Vendor data egress rate Kbps in decimal format Privilege Assignment V...

Page 219: ...n the Switch In cases where the attribute has a specific format associated with it the format is specified 24 6 3 Attributes Used for Authentication The following sections list the attributes sent fro...

Page 220: ...Chapter 24 AAA GS2200 24 24P User s Guide 220 This value is set to Ethernet 15 on the Switch Calling Station Id Frame MTU EAP Message State Message Authenticator...

Page 221: ...dings for DHCP snooping and ARP inspection Use the IP Source Guard Static Binding screen Section 25 3 on page 223 to manage static bindings for DHCP snooping and ARP inspection Use the DHCP Snooping s...

Page 222: ...VLAN Configure screen Section 25 9 2 on page 240 to enable ARP inspection on each VLAN and to specify when the Switch generates log messages for receiving ARP packets from each VLAN 25 1 2 What You N...

Page 223: ...s field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding IP Address This field displays the IP address assigned to the MAC address in...

Page 224: ...rt number in the field to the right If this binding applies to all ports select Any Add Click this to create the specified static binding or to update an existing one Cancel Click this to reset the va...

Page 225: ...k Advanced Application IP Source Guard DHCP Snooping Figure 117 DHCP Snooping Port This field displays the port number in the binding If this field is blank the binding applies to all ports Delete Sel...

Page 226: ...s field displays how much longer in seconds the Switch tries to complete the current update before it gives up It displays Not Running if the Switch is not updating the DHCP snooping database right no...

Page 227: ...nce Guide Binding collisions This field displays the number of bindings the Switch ignored because the Switch already had a binding with the same MAC address and VLAN ID Invalid interfaces This field...

Page 228: ...art To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Figure 118 DHCP Snooping Configure Parse failures This field displays the number of bindings the Switch has i...

Page 229: ...to start the next update until it completes the current one Agent URL Enter the location of the DHCP snooping database The location should be expressed like this tftp domain name or IP address directo...

Page 230: ...r untrusted can receive each second To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Port Figure 119 DHCP Snooping Port Configure Apply Click Apply to save your c...

Page 231: ...ted ports are connected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source...

Page 232: ...g on the Switch and specify trusted ports Note If DHCP is enabled and there are no trusted ports DHCP requests will not succeed Option82 Select this to have the Switch add the slot number port number...

Page 233: ...ss filters that were created because the Switch identified unauthorized ARP packets Index This field displays a sequential number for each MAC address filter MAC Address This field displays the source...

Page 234: ...n VLAN Status LABEL DESCRIPTION Show VLAN range Use this section to specify the VLANs you want to look at in the section below Enabled VLAN Select this to look at all the VLANs on which ARP inspection...

Page 235: ...VLAN since the Switch last restarted Table 72 ARP Inspection VLAN Status LABEL DESCRIPTION Table 73 ARP Inspection Log Status LABEL DESCRIPTION Clearing log status table Click Apply to remove all the...

Page 236: ...generated dhcp deny An ARP packet was discarded because it violated a dynamic binding with the same MAC address and VLAN ID static deny An ARP packet was discarded because it violated a static bindin...

Page 237: ...MAC address filter remains in the Switch after the Switch identifies an unauthorized ARP packet The Switch automatically deletes the MAC address filter afterwards Enter 0 if you want the MAC address f...

Page 238: ...ing examples 4 invalid ARP packets per second Syslog rate is 5 Log interval is 1 the Switch sends 4 syslog messages every second 6 invalid ARP packets per second Syslog rate is 5 Log interval is 2 the...

Page 239: ...his port is a trusted port Trusted or an untrusted port Untrusted The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on untrusted ports in the foll...

Page 240: ...val is 5 seconds then the Switch accepts a maximum of 75 ARP packets in every five second interval Enter the length 1 15 seconds of the burst interval Apply Click Apply to save your changes to the Swi...

Page 241: ...the VLAN the settings are applied to all VLANs Enabled Select Yes to enable ARP inspection on the VLAN Select No to disable ARP inspection on the VLAN Log Specify when the Switch generates log message...

Page 242: ...stores the binding table in volatile memory If the Switch restarts it loads static bindings from permanent memory but loses the dynamic bindings in which case the devices in the network have to send...

Page 243: ...on 82 field of the DHCP headers of client DHCP request frames See Chapter 30 on page 265 for more information about DHCP relay option 82 When the DHCP server responds the Switch removes the informatio...

Page 244: ...ge to computer A As a result all the communication between computer A and computer B passes through computer X Computer X can read and alter the information passed between them 25 10 2 1 ARP Inspectio...

Page 245: ...he rate at which ARP packets arrive is too high 25 10 2 3 Syslog The Switch can send syslog messages to the specified syslog server Chapter 34 on page 307 when it forwards or discards ARP packets The...

Page 246: ...Chapter 25 IP Source Guard GS2200 24 24P User s Guide 246...

Page 247: ...e of your network STP cannot prevent loops that occur on the edge of your network Figure 129 Loop Guard vs STP Refer to Section 26 1 2 on page 247 for more information 26 1 1 What You Can Do Use the L...

Page 248: ...t N on A as they are rebroadcast from B Figure 130 Switch in Loop State The loop guard feature checks to see if a loop guard enabled port is connected to a switch in loop state This is accomplished by...

Page 249: ...tch Figure 132 Loop Guard Network Loop Note After resolving the loop problem on your network you can re activate the disabled port via the web configurator see Section 8 7 on page 83 or via commands S...

Page 250: ...hanges in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to chec...

Page 251: ...nation MAC address in the packets 27 1 2 What You Need to Know Layer 2 protocol tunneling L2PT is used on the service provider s edge devices L2PT allows edge switches 1 and 2 in the following figure...

Page 252: ...UDLD UniDirectional Link Detection Figure 135 L2PT Network Example 27 1 2 1 Layer 2 Protocol Tunneling Mode Each port can have two layer 2 protocol tunneling modes Access and Tunnel The Access port i...

Page 253: ...DESCRIPTION Active Select this to enable layer 2 protocol tunneling on the Switch Destination MAC Address Specify a MAC address with which the Switch uses to encapsulate the layer 2 protocol packets...

Page 254: ...nk s physical status and detect a unidirectional link PAGP Select this option to have the Switch send PAgP packets to a peer to automatically negotiate and build a logical port aggregation LACP Select...

Page 255: ...255 PART IV IP Application Static Route 257 Differentiated Services 261 DHCP 265...

Page 256: ...256...

Page 257: ...data to a server or device that is not reachable through the default gateway for example when sending SNMP traps or using ping to test IP connectivity This figure shows a Telnet session coming in from...

Page 258: ...le host use a subnet mask of 255 255 255 255 in the subnet mask field to force the network number to be identical to the host ID Gateway IP Address Enter the IP address of the gateway The gateway is a...

Page 259: ...e for this route This is for identification purposes only Destination Address This field displays the IP network address of the final destination Subnet Mask This field displays the subnet mask for th...

Page 260: ...Chapter 28 Static Route GS2200 24 24P User s Guide 260...

Page 261: ...allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every fl...

Page 262: ...ing to the DSCP values and the configured policies DiffServ Network Example The following figure depicts a DiffServ network consisting of a group of directly connected DiffServ compliant network devic...

Page 263: ...he incoming DSCP value according to the DiffServ to IEEE 802 1p mapping table The following table shows the default DSCP to IEEE802 1p mapping Table 80 IP Application DiffServ LABEL DESCRIPTION Active...

Page 264: ...82 IP Application DiffServ DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop dow...

Page 265: ...he broadcast domain of the client computers or else the client computers must be configured manually 30 1 1 What You Can Do Use the DHCP Status screen Section 30 2 on page 267 to display the relay mod...

Page 266: ...n connect to the network network information renewal is done between the DHCP client and the DHCP server without the help of the Switch The Switch can be configured as a global DHCP relay This means t...

Page 267: ...ID 1 byte This value is always 0 for stand alone switches Port ID 1 byte This is the port that the DHCP client is connected to VLAN ID 2 bytes This is the VLAN that the port belongs to Information up...

Page 268: ...n Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This...

Page 269: ...Make sure you select the Option 82 check box to set the Switch to send additional information such as the VLAN ID together with the DHCP requests to the DHCP server This allows the DHCP server to ass...

Page 270: ...heck box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This read only field displays the system name you co...

Page 271: ...ests from the academic buildings VLAN 2 are sent to the other DHCP server with an IP address of 172 23 10 100 Figure 148 DHCP Relay for Two VLANs Type This field displays the DHCP mode Relay DHCP Stat...

Page 272: ...Chapter 30 DHCP GS2200 24 24P User s Guide 272 For the example network configure the VLAN Setting screen as shown Figure 149 DHCP Relay for Two VLANs Configuration Example...

Page 273: ...273 PART V Management Maintenance 275 Access Control 283 Diagnostic 305 Syslog 307 Cluster Management 311 MAC Table 319 ARP Table 323 Configure Clone 325...

Page 274: ...274...

Page 275: ...mware Upgrade screen Section 31 3 on page 278 to upload the latest firmware Use the Restore Configuration screen Section 31 4 on page 278 to upload a stored device configuration file Use the Backup Co...

Page 276: ...ly operating on the Switch Firmware Upgrade Click Click Here to go to the Firmware Upgrade screen Restore Configurati on Click Click Here to go to the Restore Configuration screen Backup Configurati o...

Page 277: ...e configuration changes to the current configuration Note Clicking the Apply or Add button does NOT save the changes permanently All unsaved changes are erased after you reboot the Switch 31 2 3 Reboo...

Page 278: ...nce Firmware Upgrade Type the path and file name of the firmware file you wish to upload to the Switch in the File Path text box or click Browse to locate it Select the Rebooting checkbox if you want...

Page 279: ...vice settings Backing up your Switch configurations allows you to create various snap shots of your device from which you may restore at a later date Back up your current Switch configuration to a com...

Page 280: ...name extension 31 6 2 1 Example FTP Commands ftp put firmware bin ras This is a sample FTP session showing the transfer of the computer file firmware bin to the Switch ftp get config config cfg This i...

Page 281: ...Switch and renames it to config Likewise get config config cfg transfers the configuration file on the Switch to your computer and renames it to config cfg See Table 88 on page 280 for more informatio...

Page 282: ...IP address es in the Remote Management screen does not match the client IP address If it does not match the Switch will disconnect the FTP session immediately Initial Remote Directory Specify the def...

Page 283: ...to display the main screen Use the SNMP screen Section 32 3 on page 284 to configure your SNMP settings Use the Trap Group screen Section 32 4 on page 287 to specify the types of SNMP traps that shou...

Page 284: ...he main screen Click Management Access Control in the navigation panel to display the main screen as shown Figure 156 Management Access Control 32 3 Configuring SNMP Use this screen to configure your...

Page 285: ...using SNMP version 2c or lower Trap Community Enter the Trap Community string which is the password sent with each trap to the SNMP manager The Trap Community string is only used by SNMP managers usin...

Page 286: ...e Digest 5 and SHA Secure Hash Algorithm are hash algorithms used to authenticate SNMP data SHA authentication is generally considered stronger than MD5 but is slower Privacy Specify the encryption me...

Page 287: ...the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See Section on page 293 for individ...

Page 288: ...one time An administrator is someone who can both view and configure Switch changes The username for the Administrator is always admin The default administrator password is 1234 Note It is highly rec...

Page 289: ...ord Type the existing system password 1234 is the default password when shipped New Password Enter your new system password Retype to confirm Retype your new system password for confirmation Edit Logi...

Page 290: ...vices that you want to allow to access the Switch Service Port For Telnet SSH FTP HTTP or HTTPS services you may change the default service port by typing the new port number in the Server Port field...

Page 291: ...ch Active Select this check box to activate this secured client set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP addres...

Page 292: ...network consists of two main components agents and a manager An agent is a management software module that resides in a managed switch the Switch An agent translates the local management information...

Page 293: ...nce The Switch supports the following MIBs SNMP MIB II RFC 1213 RFC 1157 SNMP v1 RFC 1493 Bridge MIBs RFC 1643 Ethernet MIBs RFC 1155 SMI RFC 2674 SNMPv2 SNMPv2c RFC 1757 RMON SNMPv2 SNMPv2c or later...

Page 294: ...ntrolledResetEventOn 1 3 6 1 4 1 890 1 5 8 55 2 7 2 1 This trap is sent when the Switch automatically resets ControlledResetEventOn 1 3 6 1 4 1 890 1 5 8 55 2 7 2 1 This trap is sent when the Switch r...

Page 295: ...s exceed normal temperature PsePwrFailedEventClear 1 3 6 1 4 1 890 1 5 8 56 2 7 2 2 This trap is sent when the power supply of PoE returns to the normal state Table 96 SNMP System Traps continued OPTI...

Page 296: ...PTION authenticatio n authenticationFailure 1 3 6 1 6 3 1 1 5 5 This trap is sent when authentication fails due to incorrect user name and or password AuthenticationFailureEven tOn 1 3 6 1 4 1 890 1 5...

Page 297: ...te test is completed Table 100 SNMP Switch Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION stp STPNewRoot 1 3 6 1 2 1 17 0 1 This trap is sent when the STP root switch changes MRSTPNewRoot 1 3 6 1 4 1...

Page 298: ...two hosts over an unsecured network Figure 163 SSH Communication Example rmon RmonRisingAlarm 1 3 6 1 2 1 16 0 1 This trap is sent when a variable goes over the RMON rising threshold RmonFallingAlarm...

Page 299: ...nds the result back to the server The client automatically saves any new server public keys In subsequent connections the server public key is checked against the saved version on the client computer...

Page 300: ...ata by ensuring confidentiality an unauthorized party cannot read the transferred data authentication one party can identify the other party and data integrity you know if data has been changed It rel...

Page 301: ...Switch IP Address as the web site address where Switch IP Address is the IP address or domain name of the Switch you wish to access Internet Explorer Warning Messages When you attempt to access the S...

Page 302: ...st the server certificate Click Examine Certificate if you want to verify that the certificate is from the Switch If Accept this certificate temporarily for this session is selected then click OK to c...

Page 303: ...ain Screen After you accept the certificate and enter the login username and password the Switch main screen appears The lock displayed in the bottom right of the browser status bar denotes a secure c...

Page 304: ...Chapter 32 Access Control GS2200 24 24P User s Guide 304...

Page 305: ...Use the Diagnostic screen Section 33 2 on page 305 to check system logs ping IP addresses or perform port tests 33 2 Diagnostic Click Management Diagnostic in the navigation panel to open this screen...

Page 306: ...ay to display a log of events in the multi line text box Click Clear to empty the text box and reset the syslog entry IP Ping Type the IP address of a device that you want to ping in order to test a c...

Page 307: ...entation of your syslog program for details The following table describes the syslog severity levels 34 1 1 What You Can Do Use the Syslog Setup screen Section 34 2 on page 308 to configure the device...

Page 308: ...etting Logging Type This column displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category Fa...

Page 309: ...mber the more critical the logs are Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top...

Page 310: ...Chapter 34 Syslog GS2200 24 24P User s Guide 310...

Page 311: ...be directly connected and be in the same VLAN group so as to be able to communicate with one another Table 105 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster...

Page 312: ...ment screen Section 35 2 on page 312 to view the role of the Switch within the cluster and to access a cluster member switch s web configurator Use the Clustering Management Configuration screen Secti...

Page 313: ...displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage cluster member switches via the cluster manager switch Each num...

Page 314: ...CRIPTION Clustering Manager Active Select Active to have this Switch become the cluster manager switch A cluster can only have one manager Other directly connected switches that are set to be cluster...

Page 315: ...n the Clustering Candidate list and then enter its web configurator password If that switch administrator changes the web configurator password afterwards then it cannot be managed from the Cluster Ma...

Page 316: ...gement Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch s web configurator ho...

Page 317: ...a0 c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 390BBA0 bin fw 00...

Page 318: ...Chapter 35 Cluster Management GS2200 24 24P User s Guide 318...

Page 319: ...MAC Table screen Section 36 2 on page 320 to check whether the MAC address is dynamic or static 36 1 2 What You Need to Know The Switch uses the MAC table to determine how to forward frames See the f...

Page 320: ...destination port is the same as the port it came in on then it filters the frame Figure 178 MAC Table Flowchart 36 2 Viewing the MAC Table Use this screen to check whether the MAC address is dynamic o...

Page 321: ...ct VID to display and arrange the data according to VLAN group Select PORT to display and arrange the data according to port number Transfer Type Select Dynamic to MAC forwarding and click the Transfe...

Page 322: ...Chapter 36 MAC Table GS2200 24 24P User s Guide 322...

Page 323: ...on a local area network arrives at the Switch the Switch s ARP program looks in the ARP Table and if it finds the address sends it to the device If no entry is found for the IP address ARP broadcasts...

Page 324: ...Table The following table describes the labels in this screen Table 110 Management ARP Table LABEL DESCRIPTION Index This is the ARP Table entry number IP Address This is the learned IP address of a d...

Page 325: ...figure Clone screen Section 38 2 on page 325 to copy the basic and advanced settings from a source port to a destination port or ports 38 2 Configure Clone Cloning allows you to copy the basic and adv...

Page 326: ...2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings you configured in the Basic Setti...

Page 327: ...327 PART VI Troubleshooting Product Specifications Troubleshooting 329 Product Specifications 333...

Page 328: ...328...

Page 329: ...on None of the LEDs turn on 1 Make sure you are using the power adaptor or cord included with the Switch 2 Make sure the power adaptor or cord is connected to the Switch and plugged in to an appropria...

Page 330: ...got the IP address for the Switch 1 The default IP address is 192 168 1 1 2 Use the console port to log in to the Switch 3 If this does not work you have to reset the device to its factory defaults Se...

Page 331: ...tions Try to access the Switch using another service such as Telnet If you can access the Switch check the remote management settings to find out why the Switch does not respond to HTTP I can see the...

Page 332: ...ck the Display button in the System Log field in the Management Diagnostic screen to check for unauthorized access to your Switch To avoid unauthorized access configure the secured client setting in t...

Page 333: ...h interface has one 1000Base T RJ 45 port and one Small Form Factor Pluggable SFP slot with one port active at a time Note The ports change to fiber mode directly when inserting the fiber module Auto...

Page 334: ...rectly talk to or hear from devices that are not in the same group s the traffic must first go through a router MAC Address Filter Filter traffic based on the source and or destination MAC address and...

Page 335: ...ks between switches bridges or routers It allows a Switch to interact with other M R STP compliant switches in your network to ensure that only one path exists between any two stations on the network...

Page 336: ...ging 16K MAC addresses 4 way associative hashed Static MAC address filtering by source destination Broadcast storm control in 1 second interval 1 pps stepping Static MAC address forwarding port lock S...

Page 337: ...Port mirroring Rule based port mirrorring Port based mirroring Support port mirroring per IP TCP UDP Bandwidth control Supports rate limiting at 64 Kb increments Broadcast Storm Control Broadcast Mult...

Page 338: ...s Supported STANDARD DESCRIPTION RFC 826 Address Resolution Protocol ARP RFC 867 Daytime Protocol RFC 868 Time Protocol RFC 894 Ethernet II Encapsulation RFC 1112 IGMP v1 RFC 1155 SMI RFC 1157 SNMPv1...

Page 339: ...02 1ab Link Layer Discovery Protocol LLDP IEEE 802 1ag Connectivity Fault Management CFM IEEE 802 1x Port Based Network Access Control IEEE 802 1D MAC Bridges IEEE 802 1p Traffic Types Packet Priority...

Page 340: ...Chapter 40 Product Specifications GS2200 24 24P User s Guide 340...

Page 341: ...341 PART VII Appendices and Index Changing a Fuse 343 Common Services 345 Legal Information 349 Index 353...

Page 342: ...342...

Page 343: ...fuse housing 3 A burnt out fuse is blackened darkened or cloudy inside its glass casing A working fuse has a completely clear glass casing Pull gently but firmly to remove the burnt out fuse from the...

Page 344: ...Appendix A Changing a Fuse GS2200 24 24P User s Guide 344...

Page 345: ...er information about port numbers If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation of the...

Page 346: ...This is a popular Internet chat program IGMP MULTICAST User Defined 2 Internet Group Multicast Protocol is used when sending packets to a specific group of hosts IKE UDP 500 The Internet Key Exchange...

Page 347: ...Time Streaming media control Protocol RTSP is a remote control for multimedia on the Internet SFTP TCP 115 Simple File Transfer Protocol SMTP TCP 25 Simple Mail Transfer Protocol is the message exchan...

Page 348: ...IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User...

Page 349: ...ising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the r...

Page 350: ...vice in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense CE Mark Warning This is a class A product In a...

Page 351: ...nsist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product has been modified...

Page 352: ...Appendix C Legal Information GS2200 24 24P User s Guide 352...

Page 353: ...trusted ports 245 authentication 209 setup 215 Authentication and Authorization see AAA 209 authorization 210 privilege levels 216 setup 215 auto crossover 36 automatic VLAN registration 94 B back up...

Page 354: ...266 overview 265 relay agent 265 relay agent information 266 relay example 271 setup 269 VLAN setting 269 DHCP relay 266 configuration 268 example 269 DHCP relay option 82 243 DHCP snooping 57 222 24...

Page 355: ...102 and port assignment 102 GVRP GARP VLAN Registration Protocol 95 H hardware installation 29 hardware monitor 75 hardware overview 33 hello time 137 hops 137 HTTPS 300 certificates 300 implementati...

Page 356: ...login 43 password 49 login account Administrator 288 non administrator 288 login accounts 288 configuring via web configurator 288 multiple 288 number of 288 login password 289 loop guard 247 examples...

Page 357: ...Spanning Tree Protocol 125 Multiple RSTP 125 Multiple Spanning Tree Protocol See MSTP 123 126 Multiple STP 126 MVR 192 configuration 201 group configuration 203 network example 192 MVR Multicast VLAN...

Page 358: ...weight 188 queuing 187 SPQ 188 WRR 188 queuing method 187 190 R rack mounting 29 RADIUS 209 210 advantages 210 and port authentication 210 and tunnel protocol attribute 218 Network example 209 server...

Page 359: ...static VLAN control 100 tagging 100 status 44 68 link aggregation 159 MSTP 139 port 68 port details 70 power 75 STP 130 134 VLAN 97 STP 123 254 bridge ID 131 134 bridge priority 129 133 configuration...

Page 360: ...possible VIDs 94 priority frame 94 VID VLAN Identifier 94 VLAN 78 acceptable frame type 102 automatic registration 94 ID 93 IGMP snooping 192 ingress filtering 101 introduction 78 93 number of VLANs 9...

Reviews:

No comments