manualshive.com logo in svg

ZyXEL Communications GS2200-48, User Manual

The ZyXEL Communications GS2200-48 is a high-performance network switch perfect for businesses. With advanced features and unmatched reliability, it ensures seamless connectivity. Enhance your understanding of this product by downloading its comprehensive User Manual free of charge, exclusively from our website. Grab your manual now at manualshive.com.

Share
Download
background image

www.zyxel.com

www.zyxel.com

GS2200-48

Intelligent Layer 2 Switch

Copyright © 2009 
ZyXEL Communications Corporation

Firmware Version 3.80

Edition 1, 7/2009

Default Login Details

IP Address

http://192.168.0.1 

(Out-of-band 

MGMT port)

http://192.168.1.1 

(In-band ports)

User Name

admin

Password

1234

Summary of Contents for GS2200-48

Page 1: ...elligent Layer 2 Switch Copyright 2009 ZyXEL Communications Corporation Firmware Version 3 80 Edition 1 7 2009 Default Login Details IP Address http 192 168 0 1 Out of band MGMT port http 192 168 1 1 In band ports User Name admin Password 1234 ...

Page 2: ......

Page 3: ...b configurator to configure the Switch Supporting Disc Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications Documentation Feedback Send your comments questions or suggestions to techwriters zyxel com tw Thank you The Technical Writing Team ZyXEL Communications Corp 6 Innovation Road II Science Ba...

Page 4: ...wers to previously asked questions about ZyXEL products Forum This contains discussions on ZyXEL products Learn from others who use ZyXEL products and share your experiences as well Customer Support Should problems arise that cannot be solved by the methods listed above you should contact your vendor If you cannot contact your vendor then contact a ZyXEL office for the region in which you bought t...

Page 5: ... field choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance ...

Page 6: ...Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Switch icon is not an exact representation of your device The Switch Computer Notebook computer Server DSLAM Firewall Telephone Switch Router ...

Page 7: ... device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damage...

Page 8: ...Safety Warnings GS2200 48 User s Guide 8 ...

Page 9: ... Basic Setting 63 Advanced Setup 77 VLAN 79 Static MAC Forward Setup 99 Filtering 103 Spanning Tree Protocol 105 Bandwidth Control 123 Broadcast Storm Control 127 Mirroring 129 Link Aggregation 131 Port Authentication 139 Port Security 145 Classifier 149 Policy Rule 157 Queuing Method 165 VLAN Stacking 169 Multicast 175 Authentication Accounting 191 IP Source Guard 205 Loop Guard 231 IP Applicatio...

Page 10: ...ement 269 Maintenance 271 Access Control 279 Diagnostic 299 Syslog 301 Cluster Management 305 MAC Table 313 IP Table 317 ARP Table 321 Routing Table 323 Configure Clone 325 Product Specifications 327 Product Specifications 329 Appendices and Index 337 ...

Page 11: ... IEEE 802 1Q VLAN Application Example 25 1 2 Ways to Manage the Switch 26 1 3 Good Habits for Managing the Switch 26 Chapter 2 Hardware Installation and Connection 29 2 1 Freestanding Installation 29 2 2 Mounting the Switch on a Rack 30 2 2 1 Rack mounted Installation Requirements 30 2 2 2 Attaching the Mounting Brackets to the Switch 30 2 2 3 Mounting the Switch on a Rack 31 Chapter 3 Hardware Ov...

Page 12: ...h 48 4 6 1 Reload the Configuration File 49 4 7 Logging Out of the Web Configurator 50 4 8 Help 50 Chapter 5 Initial Setup Example 51 5 1 Overview 51 5 1 1 Configuring an IP Interface 51 5 1 2 Configuring DHCP Server Settings 53 5 1 3 Creating a VLAN 53 5 1 4 Setting Port VID 55 5 1 5 Enabling RIP 56 Chapter 6 System Status and Port Statistics 57 6 1 Overview 57 6 2 Port Status Summary 58 6 2 1 St...

Page 13: ... Status 83 8 5 2 Static VLAN Details 84 8 5 3 Configure a Static VLAN 84 8 5 4 Configure VLAN Port Settings 87 8 6 Subnet Based VLANs 88 8 7 Configuring Subnet Based VLAN 89 8 8 Protocol Based VLANs 91 8 9 Configuring Protocol Based VLAN 92 8 10 Create an IP based VLAN Example 94 8 11 Port based VLAN Setup 95 8 11 1 Configure a Port based VLAN 95 Chapter 9 Static MAC Forward Setup 99 9 1 Overview ...

Page 14: ...dwidth Control Setup 124 Chapter 13 Broadcast Storm Control 127 13 1 Broadcast Storm Control Setup 127 Chapter 14 Mirroring 129 14 1 Port Mirroring Setup 129 Chapter 15 Link Aggregation 131 15 1 Link Aggregation Overview 131 15 2 Dynamic Link Aggregation 131 15 2 1 Link Aggregation ID 132 15 3 Link Aggregation Status 132 15 4 Link Aggregation Setting 134 15 5 Link Aggregation Control Protocol 135 ...

Page 15: ... 2 Configuring Policy Rules 158 19 3 Viewing and Editing Policy Configuration 161 19 4 Policy Example 163 Chapter 20 Queuing Method 165 20 1 Queuing Method Overview 165 20 1 1 Strictly Priority 165 20 1 2 Weighted Fair Queuing 165 20 1 3 Weighted Round Robin Scheduling WRR 166 20 2 Configuring Queuing 167 Chapter 21 VLAN Stacking 169 21 1 VLAN Stacking Overview 169 21 1 1 VLAN Stacking Example 169...

Page 16: ...ntication and Accounting Screens 192 23 2 1 RADIUS Server Setup 193 23 2 2 TACACS Server Setup 195 23 2 3 Authentication and Accounting Setup 197 23 2 4 Vendor Specific Attribute 199 23 2 5 Tunnel Protocol Attribute 201 23 3 Supported RADIUS Attributes 201 23 3 1 Attributes Used for Authentication 201 23 3 2 Attributes Used for Accounting 202 Chapter 24 IP Source Guard 205 24 1 IP Source Guard Ove...

Page 17: ...apter 28 Differentiated Services 241 28 1 DiffServ Overview 241 28 1 1 DSCP and Per Hop Behavior 241 28 1 2 DiffServ Network Example 242 28 2 Two Rate Three Color Marker Traffic Policing 242 28 2 1 TRTCM Color blind Mode 243 28 2 2 TRTCM Color aware Mode 243 28 3 Activating DiffServ 244 28 3 1 Configuring 2 Rate 3 Color Marker Settings 245 28 4 DSCP to IEEE 802 1p Priority Settings 247 28 4 1 Conf...

Page 18: ...VRRP Parameters 265 30 4 VRRP Configuration Examples 265 30 4 1 One Subnet Network Example 266 30 4 2 Two Subnets Example 267 Part V Management 269 Chapter 31 Maintenance 271 31 1 The Maintenance Screen 271 31 2 Load Factory Default 272 31 3 Save Configuration 273 31 4 Reboot System 273 31 5 Firmware Upgrade 273 31 6 Restore a Configuration File 274 31 7 Backup a Configuration File 275 31 8 FTP Co...

Page 19: ...ng Messages 293 32 8 2 Netscape Navigator Warning Messages 294 32 8 3 The Main Screen 296 32 9 Service Port Access Control 296 32 10 Remote Management 297 Chapter 33 Diagnostic 299 33 1 Diagnostic 299 Chapter 34 Syslog 301 34 1 Syslog Overview 301 34 2 Syslog Setup 302 34 3 Syslog Server Setup 303 Chapter 35 Cluster Management 305 35 1 Clustering Management Status Overview 305 35 2 Cluster Managem...

Page 20: ...ewing the ARP Table 322 Chapter 39 Routing Table 323 39 1 Overview 323 39 2 Viewing the Routing Table Status 323 Chapter 40 Configure Clone 325 40 1 Configure Clone 325 Part VI Product Specifications 327 Chapter 41 Product Specifications 329 Part VII Appendices and Index 337 Appendix A IP Addresses and Subnetting 339 Appendix B Legal Information 349 Index 353 ...

Page 21: ...21 PART I Introduction Getting to Know Your Switch 23 Hardware Installation and Connection 29 Hardware Overview 33 ...

Page 22: ...22 ...

Page 23: ...gabit port and one slot for a mini GBIC transceiver SFP module with one port active at a time and two mini GBIC transceivers for fiber optic uplink connections This section shows a few examples of using the Switch in various network environments See Chapter 41 on page 329 for a full list of software features available on the Switch 1 1 1 Bridging Example In this example the Switch connects differe...

Page 24: ... connecting two geographically dispersed networks that need high bandwidth In the following example a company uses the Gigabit uplink ports to connect the headquarters to a branch office network Within the headquarters network a company can use trunking to group several physical ports into one logical higher capacity link Trunking can be used with copper cabling over relatively shorter distances t...

Page 25: ...xpand the network simply add more networking devices such as switches routers computers print servers and so on Figure 3 Gigabit to the Desktop 1 1 4 IEEE 802 1Q VLAN Application Example A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple logical networks Stations on a logical network belong to one or more groups With VLAN a station cannot directly talk to o...

Page 26: ...See Chapter 4 on page 41 Command Line Interface Line commands offer an alternative to the Web Configurator and may be necessary to configure advanced features See the CLI Reference Guide FTP Use File Transfer Protocol for firmware upgrades and configuration backup restore See Section 31 8 on page 275 SNMP The device can be monitored and or managed by an SNMP manager See Section 32 3 on page 280 1 ...

Page 27: ...ng an earlier working configuration may be useful if the device becomes unstable or even crashes If you forget your password you will have to reset the Switch to its factory default settings If you backed up an earlier configuration file you would not have to totally re configure the Switch You could simply restore your last configuration ...

Page 28: ...Chapter 1 Getting to Know Your Switch GS2200 48 User s Guide 28 ...

Page 29: ...bles Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and the power cord 4 Remove the adhesive backing from the rubber feet 5 Attach the rubber feet to each corner on the bottom of the Switch These rubber feet help protect the Switch from shock or vibration and ensure space between devices when st...

Page 30: ...lat head screws and a 2 Philips screwdriver Failure to use the proper screws may damage the unit 2 2 1 1 Precautions Make sure the rack will safely support the combined weight of all the equipment it contains Make sure the position of the Switch does not make the rack unstable or top heavy Take all necessary precautions to anchor the rack securely before installing the unit 2 2 2 Attaching the Mou...

Page 31: ...ng the Switch on a Rack 1 Position a mounting bracket that is already attached to the Switch on one side of the rack lining up the two screw holes on the bracket with the screw holes on the side of the rack Figure 7 Mounting the Switch on a Rack 2 Using a 2 Philips screwdriver install the M5 flat head screws through the mounting bracket holes into the rack 3 Repeat steps 1 and 2 to attach the seco...

Page 32: ...Chapter 2 Hardware Installation and Connection GS2200 48 User s Guide 32 ...

Page 33: ...ctions CONNECTO R DESCRIPTION 44 100 1000 Mbps RJ 45 Ethernet Ports Connect these ports to a computer a hub an Ethernet switch or router Four Dual Personality Interfaces Each interface has one 1000 Base T RJ 45 port and one Small Form Factor Pluggable SFP slot also called a mini GBIC slot with one port or transceiver active at a time 4 100 1000 Mbps RJ 45 Ports Connect these ports to high bandwidt...

Page 34: ...onality interfaces comprising 4 1000Base T mini GBIC combo ports For each interface you can connect either to the 1000Base T port or the mini GBIC port The mini GBIC ports have priority over the 1000Base T ports This means that if a mini GBIC port and the corresponding 1000Base T port are connected at the same time the 1000Base T port will be disabled 3 1 3 Mini GBIC Slots These are 6 slots for Sm...

Page 35: ...tall a mini GBIC transceiver SFP or XFP module 1 Insert the transceiver into the slot with the exposed section of PCB board facing down Figure 9 Transceiver Installation Example 2 Press the transceiver firmly until it clicks into place 3 The Switch automatically detects the installed transceiver Check the LEDs to verify that it is functioning properly Figure 10 Installed Transceiver 3 1 3 2 Transc...

Page 36: ...ceiver out of the slot Figure 12 Transceiver Removal Example 3 2 Rear Panel The following figures show the rear panel of the switch The rear panel contains Two Mini GBIC uplink slots A An RS 232 management console port B An RJ 45 out of band management port C A connector for the backup power supply D A connector for the power receptacle E Figure 13 Rear Panel B D E A C ...

Page 37: ...tomatically provides power to the Switch in the event of a power failure Once the Switch receives power from the backup power supply it will not automatically switch back to using the internal power supply even when the power is resumed 3 2 3 Console Port For local management you can use a computer with terminal emulation software configured to the following parameters VT100 terminal emulation 960...

Page 38: ...stem is rebooting and performing self diagnostic tests On The system is on and functioning properly Off The power is off or the system is not ready malfunctioning ALM Red On There is a hardware failure Off The system is functioning normally 100 1000 Mbps RJ 45 Ethernet Ports Link and Active Green Blinking The system is transmitting receiving to from a 1000 Mbps Ethernet network On The link to a 10...

Page 39: ...39 PART II Basic Configuration The Web Configurator 41 Initial Setup Example 51 System Status and Port Statistics 57 Basic Setting 63 ...

Page 40: ...40 ...

Page 41: ...s The recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 4 2 System Login 1 Start your web browser 2 Type http and the IP address of the Switch for example the ...

Page 42: ...d a time server nor manually entered a time and date in the General Setup screen Figure 14 Web Configurator Login 4 Click OK to view the first web configurator screen 4 3 The Status Screen The Status screen is the first screen that displays when you access the web configurator The following figure shows the navigating components of a web configurator screen Figure 15 Web Configurator Home Screen S...

Page 43: ...guration file from which the Switch booted from and it stays the same even if the Switch s power is turned off See Section 31 3 on page 273 for information on saving your settings to a specific configuration file C Click this link to go to the status page of the Switch D Click this link to log out of the web configurator E Click this link to display web help pages The help pages provide descriptio...

Page 44: ...tting Link Aggregation Control Protocol Port Authentication 802 1x MAC Authentication Port Security Classifier Policy Rule Queuing Method VLAN Stacking Multicast Status Multicast Setting IGMP Snooping VLAN IGMP Filtering Profile MVR Group Configuration Authentication and Accounting RADIUS Server Setup TACACS Server Setup Auth and Acct Setup Static Routing RIP DiffServ 2 Rate 3 Color Marker DSCP Se...

Page 45: ...tup This link takes you to a screen where you can set up global Switch parameters such as VLAN type MAC address learning IGMP snooping GARP and priority queues IP Setup This link takes you to a screen where you can configure the IP address subnet mask necessary for Switch management and DNS domain name server and set up to 64 IP routing domains Port Setup This link takes you to screens where you c...

Page 46: ...d queue weights for each port VLAN Stacking This link takes you to a screen where you can activate and configure VLAN stacking Multicast This link takes you to screen where you can configure various multicast features and create multicast VLANs Auth and Acct This link takes you to screens where you can configure authentication and accounting services via external servers The external servers can b...

Page 47: ...nk takes you to screens where you can setup system logs and a system log server Cluster Management This link takes you to a screen where you can configure clustering management and view its status MAC Table This link takes you to a screen where you can view the MAC address and VLAN ID of a device attach to a port You can also view what kind of device it is IP Table This link takes you to a screen ...

Page 48: ...nagement managing through the data ports if you do one of the following 1 Delete the management VLAN default is VLAN 1 2 Delete all port based VLANs with the CPU port as a member The CPU port is the management port of the Switch 3 Filter all traffic to the CPU port 4 Disable all ports 5 Misconfigure the text configuration file 6 Forget the password and or IP address 7 Prevent all services from acc...

Page 49: ...ls 2 Disconnect and reconnect the Switch s power to begin a session When you reconnect the Switch s power you will see the initial screen 3 When you see the message Press any key to enter Debug Mode within 3 seconds press any key to enter debug mode 4 Type atlc after the Enter Debug Mode message 5 Wait for the Starting XMODEM upload message before activating XMODEM upload on your terminal 6 After ...

Page 50: ...to exit the web configurator You have to log in with your password again after you log out This is recommended after you finish a management session for security reasons Figure 18 Web Configurator Logout Screen 4 8 Help The web configurator s online help has descriptions of individual screens and some supplementary information Click the Help link from a web configurator screen to view an online he...

Page 51: ...t port VLAN ID Enable RIP 5 1 1 Configuring an IP Interface On a switch an IP interface also known as an IP routing domain is not bound to a physical port The default IP address of the Switch is 192 168 1 1 with a subnet mask of 255 255 255 0 In the example network since the RD network is already in the same IP interface as the Switch you don t need to create an IP interface for it However if you ...

Page 52: ...management Make sure your computer is in the same subnet as the MGMT port 2 Open your web browser and enter 192 168 0 1 the default MGMT port IP address in the address bar to access the web configurator See Section 4 2 on page 41 for more information 3 Click Basic Setting and IP Setup in the navigation panel 4 Configure the related fields in the IP Setup screen For the Sales network enter 192 168 ...

Page 53: ...the example network configure two DHCP client pools on the Switch for the DHCP clients in the RD and Sales networks 1 In the web configurator click IP Application and DHCP in the navigation panel and click the VLAN link 2 In the VLAN Setting screen specify the ID of the VLAN to which the DHCP clients belong the starting IP address pool subnet mask default gateway address and the DNS server address...

Page 54: ...ple VLAN 1 Click Advanced Application VLAN in the navigation panel and click the Static VLAN link 2 In the Static VLAN screen select ACTIVE enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network Note The VLAN Group ID field in this screen and the VID field in the IP Setup screen refer to the same VLAN ID example ...

Page 55: ...en the Switch s power is turned off 5 1 4 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines In the example network configure 2 as the port VID on port 1 so that any untagged frames received on that port get sent to VLAN 2 Figure 21 Initial Setup Network Example Port VID 1 Click Advanced A...

Page 56: ... the RIP screen 1 Click IP Application and RIP in the navigation panel 2 Select Both in the Direction field to set the Switch to broadcast and receive routing information 3 In the Version field select RIP 1 for the RIP packet format that is universally supported 4 Click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned...

Page 57: ...nd Port Statistics This chapter describes the system status web configurator home page and port details screens 6 1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details ...

Page 58: ...d displays the speed either 10M for 10 Mbps 100M for 100 Mbps and 1000M for 1000 Mbps and the duplex F for full duplex or H for half It also shows the cable type Copper or Fiber for the combo ports State If STP Spanning Tree Protocol is enabled this field displays the STP state of the port see Section 11 1 3 on page 107 for more information If STP is disabled this field displays FORWARDING if the ...

Page 59: ...x KB s This field shows the transmission speed of data sent on this port in kilobytes per second Rx KB s This field shows the transmission speed of data received on this port in kilobytes per second Up Time This field shows the total amount of time in hours minutes and seconds the port has been up Clear Counter Type a port number select Port and then click Clear Counter to erase the recorded stati...

Page 60: ...f data sent on this port in kilobytes per second Rx KB s This field shows the transmission speed of data received on this port in kilobytes per second Up Time This field shows the total amount of time the connection has been up Tx Packet The following fields display detailed information about packets transmitted TX Packets This field shows the number of good packets unicast multicast and broadcast...

Page 61: ...received with a length that was out of range Runt This field shows the number of packets received that were too short shorter than 64 octets including the ones with CRC errors Distribution 64 This field shows the number of packets including bad packets received that were 64 octets in length 65 to 127 This field shows the number of packets including bad packets received that were between 65 and 127...

Page 62: ...Chapter 6 System Status and Port Statistics GS2200 48 User s Guide 62 ...

Page 63: ...neral Setup screen allows you to configure general Switch identification information The General Setup screen also allows you to set the system time manually or get the current time and date from an external server when you turn on your Switch The real time is then displayed in the Switch logs The Switch Setup screen allows you to set up and configure global Switch features The IP Setup screen all...

Page 64: ...lays the descriptive name of the Switch for identification purposes You can configure this name in the Basic Setting General Setup screen Product Model This field displays the model name of the Switch ZyNOS F W Version This field displays the version number of the Switch s current firmware including the date created Ethernet Address This field refers to the Ethernet MAC Media Access Control addres...

Page 65: ... this fan s maximum speed measured in RPM MIN This field displays this fan s minimum speed measured in RPM 41 is displayed for speeds too small to measure under 2000 RPM Threshold This field displays the minimum speed at which a normal fan should work Status Normal indicates that this fan is functioning above the minimum speed Error indicates that this fan is functioning below the minimum speed Vo...

Page 66: ...table describes the labels in this screen Table 11 Basic Setting General Setup LABEL DESCRIPTION System Name Type a descriptive name for identification purposes This name consists of up to 64 printable characters spaces are allowed Location Type the geographic location of your Switch You can use up to 32 printable ASCII characters spaces are allowed Contact Person s Name Type the name of the perso...

Page 67: ...lays the date you open this menu New Date yyyy mm dd Enter the new date in year month and day format The new date then appears in the Current Date field after you click Apply Time Zone Select the time difference between UTC Universal Time Coordinated formerly known as GMT Greenwich Mean Time and your time zone from the drop down list box Daylight Saving Time Daylight saving is a period from late s...

Page 68: ... Chapter 8 on page 79 for information on port based and 802 1Q tagged VLANs End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Saving Time The time field uses the 24 hour format Here are a couple of examples Daylight Saving Time ends in the United States on the first Sunday of November Each time zone in the United States stops using Daylight Saving Time at ...

Page 69: ...r more information Bridge Control Protocol Transparency Select Active to allow the Switch to handle bridging control protocols STP for example You also need to define how to treat a BPDU in the Port Setup screen MAC Address Learning MAC address learning reduces outgoing traffic broadcasts For MAC address learning to occur on a port the port must be active Aging Time Enter a time from 10 to 3000 se...

Page 70: ...ets through faster while traffic in lower index queues is dropped if the network is congested Priority Level The following descriptions are based on the traffic types defined in the IEEE 802 1d standard which incorporates the 802 1p Level 7 Typically used for network control traffic such as router configuration messages Level 6 Typically used for voice traffic that is especially sensitive to jitte...

Page 71: ...sk is 255 255 255 0 On the Switch an IP address is not bound to any physical ports Since each IP address on the Switch must be in a separate subnet the configured IP address is also known as IP interface or routing domain In addition this allows routing between subnets based on the IP address without additional routers You can configure multiple routing domains on the same VLAN as long as the IP a...

Page 72: ...nter the IP subnet mask of your Switch in dotted decimal notation for example 255 255 255 0 Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation for example 192 168 0 254 Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel ...

Page 73: ...tting Port Setup IP Subnet Mask This field displays the subnet mask of the Switch in the IP domain VID This field displays the VLAN identification number of the IP domain on the Switch Delete Click Delete to remove the selected entry from the summary table Note Deleting all IP subnets locks you out of the Switch Cancel Click Cancel to clear the Delete check boxes Table 13 Basic Setting IP Setup co...

Page 74: ...iation allows one port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support When auto negotiation is turned on a port on the Switch negotiates with the peer automatically to determine the connection speed and duplex mode If the peer port does not support auto negotiation or turns off this feature the Switch determines the connection spee...

Page 75: ...ridge Protocol Data Units received on this port Select Tunnel to forward BPDUs received on this port Select Discard to drop any BPDU received on this port Select Network to process a BPDU with no VLAN tag and forward a tagged BPDU Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top ...

Page 76: ...Chapter 7 Basic Setting GS2200 48 User s Guide 76 ...

Page 77: ...ee Protocol 105 Bandwidth Control 123 Broadcast Storm Control 127 Mirroring 129 Link Aggregation 131 Port Authentication 139 Port Security 145 Classifier 149 Policy Rule 157 Queuing Method 165 VLAN Stacking 169 Multicast 175 Authentication Accounting 191 IP Source Guard 205 Loop Guard 231 ...

Page 78: ...78 ...

Page 79: ...ormation starting after the source address field of the Ethernet frame The CFI Canonical Format Indicator is a single bit flag always set to zero for Ethernet switches If a frame received at an Ethernet port has a CFI set to 1 then that frame should not be forwarded as it is to an untagged port The remaining twelve bits define the VLAN ID giving a possible maximum number of 4 096 VLANs Note that u...

Page 80: ...k switches to register and de register attribute values with other GARP participants within a bridged LAN GARP is a protocol that provides a generic mechanism for protocols that serve a more specific application for example GVRP 8 2 1 1 GARP Timers Switches join VLANs by making a declaration A declaration is made by issuing a Join message using GARP Declarations are withdrawn by issuing a Leave me...

Page 81: ...s A and B C D and E automatically VLAN Administrative Control Registration Fixed Fixed registration ports are permanent VLAN members Registration Forbidden Ports with registration forbidden are forbidden to join the specified VLAN Normal Registration Ports dynamically join a VLAN using GVRP VLAN Tag Control Tagged Ports belonging to the specified VLAN tag all outgoing frames transmitted Untagged P...

Page 82: ...AN type in the Basic Setting Switch Setup screen Figure 30 Switch Setup Select VLAN Type 8 5 Static VLAN Use a static VLAN to decide whether an incoming frame on a port should be sent to a VLAN group as normal depending on its VLAN tag sent to a group whether it has a VLAN tag or not blocked from a VLAN group regardless of its VLAN tag You can also tag all outgoing frames that were previously unta...

Page 83: ...ber of VLANs configured on the Switch Index This is the VLAN index number Click on an index number to view more VLAN details VID This is the VLAN identification number that was configured in the Static VLAN screen Elapsed Time This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up Status This field shows how this VLAN was added to the Switch dynamic us...

Page 84: ...tion on static VLAN To configure a Table 17 Advanced Application VLAN VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that was configured in the Static VLAN screen Port Number This column displays the ports that are participating in a VLAN A tagged port is marked as T an untagged port is marked as U and ports not parti...

Page 85: ...r a descriptive name for the VLAN group for identification purposes This name consists of up to 64 printable characters spaces are allowed VLAN Group ID Enter the VLAN ID for this static entry the valid range is between 1 and 4094 Port The port number identifies the port you are configuring Settings in this row apply to all ports Use this row only if you want to make some settings the same for all...

Page 86: ...s turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to start configuring the screen again VID This field displays the ID number of the VLAN group Click the number to edit the VLAN settings Active This field indicates wh...

Page 87: ...gistration protocol that defines a way for switches to register necessary VLAN members on ports across the network Select this check box to permit VLAN groups beyond the local Switch Port Isolation Port Isolation allows each port to communicate only with the CPU management port and the uplink ports but not communicate with each other This option is the most limiting but also the most secure Port T...

Page 88: ... VID of 300 for traffic received from IP subnet 10 1 1 0 24 data Ingress Check If this check box is selected for a port the Switch discards incoming frames for VLANs that do not include this port in its member set Clear this check box to disable ingress filtering PVID Enter a number between 1and 4094 as the port VLAN ID GVRP Select this check box to allow GVRP on this port Acceptable Frame Type Sp...

Page 89: ... That is video services receive the highest priority and data the lowest Figure 35 Subnet Based VLAN Application Example 8 7 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown 10 1 1 0 24 192 168 1 0 24 172 16 1 0 24 Internet VID 100 VID 200 VID 300 Untagged Frames Tagged Frames ...

Page 90: ... subnet to obtain their IP addresses through the DHCP VLAN Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Active Check this box to activate the IP subnet VLAN you are creating or edit...

Page 91: ...s must be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch assigns to frames belonging to this VLAN Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatil...

Page 92: ... traffic when they go through the uplink port to a backbone switch C Figure 37 Protocol Based VLAN Application Example 8 9 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown Figure 38 Advanced Application VLAN VLAN Port Setting Protocol Based VLAN ...

Page 93: ...e an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch will assign to frames belonging to this VLAN Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile me...

Page 94: ...ive this protocol based VLAN a descriptive name Type IP VLAN 4 Select the protocol Leave the default value IP 5 Type the VLAN ID of an existing VLAN In our example we already created a static VLAN with an ID of 5 Type 5 6 Leave the priority set to 0 and click Add Figure 39 Protocol Based VLAN Configuration Example To add more ports to this protocol based VLAN 1 Click the index number of the protoc...

Page 95: ...Note When you activate port based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that require a VID you must enter 1 as the VID The port based VLAN setup screen is shown next The CPU management port forms a VLAN with all Ethernet ports 8 11 1 Configure a Port based VLAN Select Port Based as the VLAN Type in the Switch Setup screen an...

Page 96: ...Chapter 8 VLAN GS2200 48 User s Guide 96 The following screen shows users on a port based all connected VLAN configuration Figure 40 Advanced Application VLAN Port Based VLAN Setup All Connected ...

Page 97: ...Chapter 8 VLAN GS2200 48 User s Guide 97 The following screen shows users on a port based port isolated VLAN configuration Figure 41 Advanced Application VLAN Port Based VLAN Setup Port Isolation ...

Page 98: ... is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the incoming port for the corresponding port listed on the left its outgoing port CPU refers to the Switch management port By default it forms a VLAN with all Ethernet ports If it does not form a VLAN with a ...

Page 99: ... Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address forwarding together with port security allows only computers in the MAC address table on a port to access the S...

Page 100: ...where the MAC address entered in the previous field will be automatically forwarded Add Click Add to save your rule to the Switch s run time memory The Switch loses this rule if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Cle...

Page 101: ...plays the port where the MAC address shown in the next field will be forwarded Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete check boxes Table 23 Advanced Application Static MAC Forwarding continued LABEL DESCRIPTION ...

Page 102: ...Chapter 9 Static MAC Forward Setup GS2200 48 User s Guide 102 ...

Page 103: ...in the navigation panel to display the screen as shown next Figure 43 Advanced Application Filtering The following table describes the related labels in this screen Table 24 Advanced Application FIltering LABEL DESCRIPTION Active Make sure to select this check box to activate your rule You may temporarily deactivate a rule without deleting it by deselecting this check box Name Type a descriptive n...

Page 104: ... begin configuring this screen afresh Clear Click Clear to clear the fields to the factory defaults Index This field displays the index number of the rule Click an index number to change the settings Active This field displays Yes when the rule is activated and No when is it deactivated Name This field displays the descriptive name for this rule This is for identification purposes only MAC Address...

Page 105: ...etween any two stations on the network The Switch uses IEEE 802 1w RSTP Rapid Spanning Tree Protocol that allows faster convergence of the spanning tree than STP while also being backwards compatible with STP only aware bridges In RSTP topology change information is directly propagated throughout the network from the device that generates the topology change In STP a longer delay is required as th...

Page 106: ...nnected LANs and disables all other ports that participate in STP Network packets are therefore only forwarded between enabled ports eliminating any possible network loops STP aware switches exchange Bridge Protocol Data Units BPDUs periodically When the bridged LAN topology changes a new spanning tree is constructed Once a stable network topology has been established all bridges listen for Hello ...

Page 107: ...ork A VLAN can be mapped to a specific Multiple Spanning Tree Instance MSTI MSTI allows multiple VLANs to use the same spanning tree Load balancing is possible as traffic from different VLANs can use distinct paths in a region 11 1 4 1 MSTP Network Example The following figure shows a network example where two VLANs are configured on the two switches If the switches are using STP or RSTP the link ...

Page 108: ...he following figure shows the network example using MSTP Figure 45 MSTP Network Example 11 1 4 2 MST Region An MST region is a logical grouping of multiple network devices that appears as a single device to the rest of the network Each MSTP enabled device can only belong to one MST region When BPDUs enter an MST region external path cost of paths outside this region is increased by one Internal pa...

Page 109: ...created MSTI is identified by a unique number known as an MST ID known internally to a region Thus an MSTI does not span across MST regions The following figure shows an example where there are two MST regions Regions 1 and 2 have 2 spanning tree instances Figure 46 MSTIs in Different Regions 11 1 4 4 Common and Internal Spanning Tree CIST A CIST represents the connectivity of the entire network a...

Page 110: ...col status screen changes depending on what standard you choose to implement on your network Click Advanced Application Spanning Tree Protocol to see the screen as shown Figure 48 Advanced Application Spanning Tree Protocol This screen differs depending on which STP mode RSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration sectio...

Page 111: ...7 Advanced Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree or Multiple Spanning Tree See Section 11 1 on page 105 for background information on STP Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses powe...

Page 112: ...Configure Rapid Spanning Tree Protocol Use this screen to configure RSTP settings see Section 11 1 on page 105 for more information on RSTP Click RSTP in the Advanced Application Spanning Tree Protocol screen Figure 50 Advanced Application Spanning Tree Protocol RSTP ...

Page 113: ...e generations by the root switch The allowed range is 1 to 10 seconds Max Age This is the maximum time in seconds a switch can wait without receiving a BPDU before attempting to reconfigure All switch ports except for designated ports should receive BPDUs at regular intervals Any port that ages out STP information provided in the last BPDU becomes the designated port for the attached LAN If it is ...

Page 114: ... loop in a switch Ports with a higher priority numeric value are disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port It is recommended to assign this value according to the speed of the bridge The slower the media the higher the cost see Table 25 on page 106 for more information App...

Page 115: ...oot switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds a switch can wait without receiving a configuration message before attempting to reconfigure Forwarding Delay second This is the time in seconds the root switch will wait before changing states that is listening to learning to forwarding...

Page 116: ... 116 11 6 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Section 11 1 4 on page 107 for more information on MSTP Figure 52 Advanced Application Spanning Tree Protocol MSTP ...

Page 117: ...rwarding Delay This is the maximum time in seconds a switch will wait before changing states This delay is required because every switch must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result The allowed range i...

Page 118: ...ommon settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to add this port to the MST instance Priority Configure the priority for each port here Priority decides which port should be disabled when more than one port forms a loop in the Switch Ports with a higher priority numeric value...

Page 119: ... 11 1 4 on page 107 for more information on MSTP Note This screen is only available after you activate MSTP on the Switch Figure 53 Advanced Application Spanning Tree Protocol Status MSTP Delete Check the rule s that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to begin configuring this screen afresh Table 30 Advanced Application Spanning Tree Protoc...

Page 120: ...t from the root port on this Switch to the root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree Configuration Name This field displays the configuration name for this MST region Revision Number This field displays the revision number for this MST region Configuration Digest A configuration digest...

Page 121: ...st from the root port in this MST instance to the regional root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance Table 31 Advanced Application Spanning Tree Protocol Status MSTP LABEL DESCRIPTION ...

Page 122: ...Chapter 11 Spanning Tree Protocol GS2200 48 User s Guide 122 ...

Page 123: ...aranteed bandwidth for the incoming traffic flow on a port The Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion The CIR and PIR should be set for all ports that use the same uplink bandwidth If the CIR is reached packets are sent at the rate up to the PIR When network congestion occurs packets through the ingress...

Page 124: ...gs in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Ingress Rate Active Select this check box to activate commit rate limits on this port Commit Rate Specify the guarant...

Page 125: ...width allowed in kilobits per second Kbps for the out going traffic flow on a port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen ...

Page 126: ...Chapter 12 Bandwidth Control GS2200 48 User s Guide 126 ...

Page 127: ...ckets the Switch receives per second on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port Click Advanced Application Broadcast Storm Control in the navigation pane...

Page 128: ...ort by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second Multicast pkt s Select this option and specify how many multicast packets the port receives per second DLF pkt s Select this option and specify how many destination lookup failure DLF packets the port ...

Page 129: ...w to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference Click Advanced Application Mirroring in the navigation panel to display the Mirroring screen Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port Figure 56 Advanced Application Mirroring ...

Page 130: ... row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify the direction of the traffic to mirror by selecting from the drop down list box C...

Page 131: ...inning port of each trunk group must be physically connected to form a trunk group The Switch supports both static and dynamic link aggregation Note In a properly planned network it is recommended to implement static link aggregation only This ensures increased network stability and control over the trunk groups on your Switch See Section 15 6 on page 136 for a static port trunking example 15 2 Dy...

Page 132: ... causing network topology loops 15 2 1 Link Aggregation ID LACP aggregation ID consists of the following information1 15 3 Link Aggregation Status Click Advanced Application Link Aggregation in the navigation panel The Link Aggregation Status screen displays by default See Section 15 1 on page 131 for more information Figure 57 Advanced Application Link Aggregation Status Table 35 Link Aggregation...

Page 133: ...gregation screen to be in the trunk group Synchronized Ports These are the ports that are currently transmitting data as one logical link in this trunk group Aggregator ID Link Aggregator ID consists of the following system priority MAC address key port priority and port number Refer to Section 15 2 1 on page 132 for more information on this field Status This field displays how these ports were ad...

Page 134: ...ation Setting The following table describes the labels in this screen Table 38 Advanced Application Link Aggregation Link Aggregation Setting LABEL DESCRIPTION Link Aggregation Setting This is the only screen you need to configure to enable static link aggregation Group ID The field identifies the link aggregation group that is one logical link containing multiple ports Active Select this option t...

Page 135: ...gure 59 Advanced Application Link Aggregation Link Aggregation Setting LACP Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh ...

Page 136: ...ink containing multiple ports LACP Active Select this option to enable LACP for a trunk Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon...

Page 137: ...ure shows ports 2 5 on switch A connected to switch B Figure 60 Trunking Example Physical Connections 2 Configure static trunking Click Advanced Application Link Aggregation Link Aggregation Setting In this screen activate trunking group T1 and select the ports that should belong to this group as shown in the figure below Click Apply when you are done Figure 61 Trunking Example Configuration Scree...

Page 138: ...Chapter 15 Link Aggregation GS2200 48 User s Guide 138 Your trunk group 1 T1 configuration is now complete you do not need to go to any additional screens ...

Page 139: ...lidate users See Section 23 1 2 on page 192 for more information on configuring your RADIUS server settings Note If you enable IEEE 802 1x authentication and MAC authentication on the same port the Switch performs IEEE 802 1x authentication first If a user fails to authenticate via the IEEE 802 1x method then access to the port is denied 16 1 1 IEEE 802 1x Authentication The following figure illus...

Page 140: ...tion Process 16 1 2 MAC Authentication MAC authentication works in a very similar way to IEEE 802 1x authentication The main difference is that the Switch does not prompt the client for login credentials The login credentials are based on the source MAC address of the New Connection Authentication Request Authentication Reply 1 4 5 Login Credentials Login Info Request 3 2 Session Granted Denied ...

Page 141: ... activate the port authentication method s you want to use both on the Switch and the port s then configure the RADIUS server settings in the Auth and Acct Radius Server Setup screen To activate a port authentication method click Advanced Application Port Authentication in the navigation panel Select a port authentication method in the screen that appears Figure 64 Advanced Application Port Authen...

Page 142: ...check box to permit 802 1x authentication on the Switch Note You must first enable 802 1x authentication on the Switch before configuring it on each port Port This field displays a port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port ba...

Page 143: ...password to stay connected to the port Reauthenticati on Timer Specify the length of time required to pass before a client has to re enter his or her username and password to stay connected to the port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your...

Page 144: ...ent fails MAC authentication its MAC address is learned by the MAC address table with a status of denied The timeout period you specify here is the time the MAC address entry stays in the MAC address table until it is cleared If you specify 0 for the timeout value then this entry will not be deleted from the MAC address table Note If the Aging Time in the Switch Setup screen is set to a lower valu...

Page 145: ...Switch The Switch can learn up to 16K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 16K For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address l...

Page 146: ...ort number Settings in this row apply to all ports Use this row only if you want to make some of the settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the port security feature on this port The Switch forw...

Page 147: ... MAC addresses may access port 2 at any one time A sixth device must wait until one of the five learned MAC addresses ages out MAC address aging out time can be set in the Switch Setup screen The valid range is from 0 to 8192 0 means this feature is disabled Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so u...

Page 148: ...Chapter 17 Port Security GS2200 48 User s Guide 148 ...

Page 149: ...as the source address destination address source port number destination port number or incoming port number For example you can configure a classifier to select traffic from the same protocol port such as Telnet to form a flow Configure QoS on the Switch to group and prioritize application traffic and fine tune network performance Setting up QoS involves two separate steps 1 Configure classifiers...

Page 150: ...Classifier LABEL DESCRIPTION Active Select this option to enable this rule Name Enter a descriptive name for this rule for identifying purposes Packet Format Specify the format of the packet Choices are All 802 3 tagged 802 3 untagged Ethernet II tagged and Ethernet II untagged A value of 802 3 indicates that the packets are formatted according to the IEEE 802 3 standards A value of Ethernet II in...

Page 151: ...airs Layer 3 Specify the fields below to configure a layer 3 classifier DSCP Select Any to classify traffic from any DSCP or select the second option and specify a DSCP DiffServ Code Point number between 0 and 63 in the field provided IP Protocol Select an IP protocol type or select Other and enter the protocol number in decimal value Refer to Table 46 on page 153 for more information You may sele...

Page 152: ...k 255 255 255 0 can be represented as 11111111 11111111 11111111 00000000 and counting up the number of ones in this case results in 24 Socket Number Note You must select either UDP or TCP in the IP Protocol field before you configure the socket numbers Select Any to apply the rule to all TCP UDP protocol port numbers or select the second option and enter a TCP UDP protocol port number Add Click A...

Page 153: ...r to edit the rule Active This field displays Yes when the rule is activated and No when it is deactivated Name This field displays the descriptive name for this rule This is for identification purposes only Rule This field displays a summary of the classifier rule s settings Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete check boxes...

Page 154: ...Chapter 18 Classifier GS2200 48 User s Guide 154 Some of the most common IP ports are Table 47 Common TCP and UDP Port Numbers PORT NUMBER PORT NAME 21 FTP 23 Telnet 25 SMTP 53 DNS 80 HTTP 110 POP3 ...

Page 155: ...figuring a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 Figure 70 Classifier Example After you have configured a classifier you can configure a policy to define action s on the classified traffic flow See Chapter 19 on page 157 for information on configuring a policy rule example ...

Page 156: ...Chapter 18 Classifier GS2200 48 User s Guide 156 ...

Page 157: ... the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 19 1 2 DSCP and Per Hop Behavior DiffSe...

Page 158: ...he DiffServ network Based on the marking rule different kinds of traffic can be marked for different kinds of forwarding Resources can then be allocated according to the DSCP values and the configured policies 19 2 Configuring Policy Rules You must first configure a classifier in the Classifier screen Refer to Section 18 2 on page 149 for more information ...

Page 159: ...Chapter 19 Policy Rule GS2200 48 User s Guide 159 Click Advanced Applications Policy Rule in the navigation panel to display the screen as shown Figure 71 Advanced Application Policy Rule ...

Page 160: ...le to a traffic flow Traffic that exceeds the maximum bandwidth allocated in cases where the network is congested is called out of profile traffic Bandwidth Specify the bandwidth in kilobit per second Kbps Enter a number between 1 and 1000000 Out of Profile DSCP Specify a new DSCP number between 0 and 63 if you want to replace or remark the DSCP number for out of profile traffic Action Specify the...

Page 161: ...ss port Metering Select Enable to activate bandwidth limitation on the traffic flow s then set the actions to be taken on out of profile packets Out of profile action Select the action s to be performed for out of profile traffic Select Drop the packet to discard the out of profile traffic Select Change the DSCP value to replace the DSCP field with the value specified in the Out of profile DSCP fi...

Page 162: ...lick an index number to edit the policy Active This field displays Yes when policy is activated and No when is it deactivated Name This field displays the name you have assigned to this policy Classifier s This field displays the name s of the classifier to which this policy applies Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete chec...

Page 163: ...Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out of profile traffic on a traffic flow classified using the Example classifier refer to Section 18 4 on page 155 Figure 73 Policy Example example ...

Page 164: ...Chapter 19 Policy Rule GS2200 48 User s Guide 164 ...

Page 165: ...es into the Switch traffic on the highest priority queue Q7 is transmitted first When that queue empties traffic on the next highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent SP does not automatically adapt to changing network requirements 20 1 2 Weigh...

Page 166: ... equal amount of bandwidth and then moves to the end of the list and so on depending on the number of queues being used This works in a looping fashion until a queue is empty Weighted Round Robin Scheduling WRR uses the same algorithm as round robin scheduling but services queues based on their priority and queue weight the number you configure in the queue Weight field rather than a fixed amount ...

Page 167: ... labels in this screen Table 50 Advanced Application Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports...

Page 168: ...eights get more service than queues with smaller weights Weight When you select WFQ or WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their weights Hybrid SPQ Lowest Queue This field is applicable only when you select WFQ or WRR Select a queue Q0 to Q7 to have the Switch use Strictly Priority to service the subsequent queue s after and includi...

Page 169: ...4 customer VLANs This allows a service provider to provide different service based on specific VLANs for many different customers A service provider s customers may require a range of VLANs to handle multiple applications A service provider s customers can assign their own inner VLAN tags on ports for these applications The service provider can assign an outer VLAN tag for each customer Therefore ...

Page 170: ...orts on the service provider s edge devices 1 and 2 in the VLAN stacking example figure The incoming frame is treated as untagged so a second VLAN tag outer VLAN tag can be added Note Static VLAN Tx Tagging MUST be disabled on a port where you choose Access Port Select Tunnel Port for egress ports at the edge of the service provider s network All VLANs belonging to a customer can be aggregated int...

Page 171: ... Port then the Switch only adds the SP TPID tag to all incoming frames on the service provider s edge devices 1 and 2 in the VLAN stacking example figure that have an SP TPID different to the one configured on the Switch If an incoming frame s SP TPID is the same as the one configured on the Switch then the Switch will not add the tag Priority refers to the IEEE 802 1p standard that allows the ser...

Page 172: ...ernet frame DA SA TPI D Priorit y VI D Len Etype Dat a FCS IEEE 802 1Q customer tagged frame D A SA SPTPI D Priori ty VI D TPI D Priorit y VI D Len Etype Dat a FCS Double tagged frame Table 53 802 1Q Frame DA Destination Address Priority 802 1p Priority SA Source Address Len Etype Length and type of Ethernet frame SP TPI D Service Provider Tag Protocol IDentifier Data Frame data VID VLAN ID FCS Fr...

Page 173: ...e frame and indicates whether the frame carries IEEE 802 1Q tag information Choose 0x8100 or 0x9100 from the drop down list box or select Others and then enter a four digit hexadecimal number from 0x0000 to 0xFFFF 0x denotes a hexadecimal number It does not have to be typed in the Others text field Port The port number identifies the port you are configuring Settings in this row apply to all ports...

Page 174: ...vice provider s VLAN ID the outer VLAN tag Enter the service provider ID from 1 to 4094 for frames received on this port See Chapter 8 on page 79 for more background information on VLAN ID Priority On the Switch configure priority level of inner IEEE 802 1Q tag in the Port Setup screen 0 is the lowest priority level and 7 is the highest Apply Click Apply to save your changes to the Switch s run ti...

Page 175: ...ast address allows a device to send packets to a specific group of hosts multicast group in a different subnetwork A multicast IP address represents a traffic receiving group not individual receiving devices IP addresses in the Class D range 224 0 0 0 to 239 255 255 255 are used for IP multicasting Certain IP multicast numbers are reserved by IANA for special purposes see the IANA website for more...

Page 176: ...2 1 4 IGMP Snooping and VLANs The Switch can perform IGMP snooping on up to 16 VLANs You can configure the Switch to automatically learn multicast group membership of any VLANs The Switch then performs IGMP snooping on the first 16 VLANs that send IGMP packets This is referred to as auto mode Alternatively you can specify the VLANs that IGMP snooping should be performed on This is referred to as f...

Page 177: ...y the screen as shown See Section 22 1 on page 175 for more information on multicasting Figure 78 Advanced Application Multicast Multicast Setting Port This field displays the port number that belongs to the multicast group Multicast Group This field displays IP multicast group addresses Table 55 Multicast Status continued LABEL DESCRIPTION ...

Page 178: ...o allow to join multicast groups Unknown Multicast Frame Specify the action to perform when the Switch receives an unknown multicast frame Select Drop to discard the frame s Select Flooding to send the frame s to all ports Reserved Multicast Group Multicast addresses 224 0 0 0 to 224 0 0 255 are reserved for the local scope For examples 224 0 0 1 is for all hosts in this subnet 224 0 0 2 is for al...

Page 179: ...IGMP multicast router or server The Switch forwards IGMP join or leave packets to an IGMP query port Select Auto to have the Switch use the port as an IGMP query port if the port receives IGMP query packets Select Fixed to have the Switch always use the port as an IGMP query port Select this when you connect an IGMP multicast server to the port Select Edge to stop the Switch from using the port as...

Page 180: ...to 16 VLANs including up to three VLANs you configured in the MVR screen For example if you have configured one multicast VLAN in the MVR screen you can only specify up to 15 VLANs in this screen The Switch drops any IGMP control messages which do not belong to these 16 VLANs Note You must also enable IGMP snooping in the Multicast Setting screen first Apply Click Apply to save your changes to the...

Page 181: ... screen Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click t...

Page 182: ... IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile End Address Type the ending multicast IP address for a range of IP addresses that you want to belong to the IGMP filter profile If you want to add a single multicast IP address enter it in both the Start Address and End Address fields Add Click Add to save the profile to the Switch s run time memor...

Page 183: ...figure shows a network example The subscriber VLAN 1 2 and 3 information is hidden from the streaming media server S In addition the multicast VLAN information is only visible to the Switch and S Figure 81 MVR Network Example 22 6 1 Types of MVR Ports In MVR a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive ...

Page 184: ...le subscriber devices can connect through a port configured as the receiver on the Switch When the subscriber selects a television channel computer A sends an IGMP report to the Switch to join the appropriate multicast group If the IGMP report matches one of the configured MVR multicast group addresses on the Switch an entry is created in the forwarding table on the Switch This maps the subscriber...

Page 185: ...es on the Switch Note Your Switch automatically creates a static VLAN with the same VID when you create a multicast VLAN in this screen Figure 83 Advanced Application Multicast Multicast Setting MVR The following table describes the related labels in this screen Table 59 Advanced Application Multicast Multicast Setting MVR LABEL DESCRIPTION Active Select this check box to enable MVR to allow one s...

Page 186: ...a receiver port that only receives multicast traffic None Select this option to set the port not to participate in MVR No MVR multicast traffic is sent or received on this port Tagging Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off o...

Page 187: ...bels in this screen Table 60 Advanced Application Multicast Multicast Setting MVR Group Configuration LABEL DESCRIPTION Multicast VLAN ID Select a multicast VLAN ID that you configured in the MVR screen from the drop down list box Name Enter a descriptive name for identification purposes Start Address Enter the starting IP multicast address of the multicast group in dotted decimal notation Refer t...

Page 188: ... turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh MVLAN This field displays the multicast VLAN ID Name This field displays the descriptive name for this setting Start Address This field displays the starting IP address of the multicast ...

Page 189: ...he Switch create a multicast group in the MVR screen and set the receiver and source ports Figure 86 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers configure multicast group settings in the Group Configuration screen The example ...

Page 190: ...ser s Guide 190 following figure shows an example where two multicast groups News and Movie are configured for the multicast VLAN 200 Figure 87 MVR Group Configuration Example Figure 88 MVR Group Configuration Example example example ...

Page 191: ...ge levels associated with them For example user A may have the right to create new login accounts on the Switch but user B cannot The Switch can authorize users based on user accounts configured on the Switch itself or it can use an external server to authorize a large number of users Accounting is the process of recording what a user is doing The Switch can use an external server to track when us...

Page 192: ...an internal device user database that is limited to the memory capacity of the device In essence RADIUS and TACACS authentication both allow you to validate an unlimited number of users from a central location The following table describes some key differences between RADIUS and TACACS 23 2 Authentication and Accounting Screens To enable authentication accounting or both on the Switch First config...

Page 193: ... 90 Advanced Application Auth and Acct 23 2 1 RADIUS Server Setup Use this screen to configure your RADIUS server settings See Section 23 1 2 on page 192 for more information on RADIUS servers Click on the RADIUS Server Setup link in the Authentication and Accounting screen to view the screen as shown Figure 91 Advanced Application Auth and Acct RADIUS Server Setup ...

Page 194: ... dotted decimal notation UDP Port The default port of a RADIUS server for authentication is 1812 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as the key to be shared between the external RADIUS server and the Switch This key is not sent over the network This key must be the same on the exte...

Page 195: ...IUS accounting server and the Switch This key is not sent over the network This key must be the same on the external RADIUS accounting server and the Switch Delete Check this box if you want to remove an existing RADIUS accounting server entry from the Switch This entry is deleted when you click Apply Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these cha...

Page 196: ...al TACACS server in dotted decimal notation TCP Port The default port of a TACACS server for authentication is 49 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as the key to be shared between the external TACACS server and the Switch This key is not sent over the network This key must be the...

Page 197: ... server and the Switch This key is not sent over the network This key must be the same on the external TACACS accounting server and the Switch Delete Check this box if you want to remove an existing TACACS accounting server entry from the Switch This entry is deleted when you click Apply Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is ...

Page 198: ...authentication Select radius or tacacs to have the Switch check the access privilege via the external servers Login These fields specify which database the Switch should use first second and third to authenticate administrator accounts users for Switch management Configure the local user accounts in the Access Control Logins screen The TACACS and RADIUS are external servers Before you specify the ...

Page 199: ...n t select this and you have two accounting servers set up then the Switch sends information to the first accounting server and if it doesn t get a response from the accounting server then it tries the second accounting server Mode The Switch supports two modes of recording login events Select start stop to have the Switch send information to the accounting server when a user begins a session duri...

Page 200: ...he setting Note Refer to the documentation that comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server The following table describes the VSAs supported on the Switch Table 65 Supported VSAs FUNCTION ATTRIBUTE Ingress Bandwidth Assignment Vendor Id 890 Vendor Type 1 Vendor data ingress rate Kbps in decimal format Egress Bandwidth Assignment Vendor Id 8...

Page 201: ... stored on the RADIUS server This section lists the RADIUS attributes supported by the Switch Refer to RFC 2865 for more information about RADIUS attributes used for authentication Refer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting This section lists the attributes used by authentication and accounting functions on the Switch In cases where the attribute has a specific format...

Page 202: ...NAS Port NAS Port Type This value is set to Ethernet 15 on the Switch Calling Station Id Frame MTU EAP Message State Message Authenticator 23 3 2 Attributes Used for Accounting The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication 23 3 2 1 Attributes Used for Accounting System Events NAS IP Address NAS Identifier Acct Status Type Acct S...

Page 203: ...Exec Events via Console ATTRIBUTE START INTERIM UPDATE STOP User Name D D D NAS Identifier D D D NAS IP Address D D D Service Type D D D Acct Status Type D D D Acct Delay Time D D D Acct Session Id D D D Acct Authentic D D D Acct Session Time D D Acct Terminate Cause D Table 68 RADIUS Attributes Exec Events via Telnet SSH ATTRIBUTE START INTERIM UPDATE STOP User Name D D D NAS Identifier D D D NAS...

Page 204: ...ype D D D Acct Status Type D D D Acct Delay Time D D D Acct Session Id D D D Acct Authentic D D D Acct Input Octets D D Acct Output Octets D D Acct Session Time D D Acct Input Packets D D Acct Output Packets D D Acct Terminate Cause D Acct Input Gigawords D D Acct Output Gigawords D D Table 69 RADIUS Attributes Exec Events via Console ATTRIBUTE START INTERIM UPDATE STOP ...

Page 205: ...is a binding the Switch forwards the packet If there is not a binding the Switch discards the packet The Switch builds the binding table by snooping DHCP packets dynamic bindings and from information provided manually by administrators static bindings IP source guard consists of the following features Static bindings Use this to create static bindings in the binding table DHCP snooping Use this to...

Page 206: ...are no trusted ports Untrusted ports are connected to subscribers The Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address and source port do...

Page 207: ...e requests The Switch can add the following information Slot ID 1 byte port ID 1 byte and source VLAN ID 2 bytes System name up to 32 bytes This information is stored in an Agent Information field in the option 82 field of the DHCP headers of client DHCP request frames See Chapter 29 on page 249 for more information about DHCP relay option 82 When the DHCP server responds the Switch removes the in...

Page 208: ...X does the following things It pretends to be computer A and responds to computer B It pretends to be computer B and sends a message to computer A As a result all the communication between computer A and computer B passes through computer X Computer X can read and alter the information passed between them 24 1 2 1 ARP Inspection and MAC Address Filters When the Switch identifies an unauthorized AR...

Page 209: ...itch can send syslog messages to the specified syslog server Chapter 34 on page 301 when it forwards or discards ARP packets The Switch can consolidate log messages and send log messages in batches to make this mechanism more efficient 24 1 2 4 Configuring ARP Inspection Follow these steps to configure ARP inspection on the Switch 1 Configure DHCP snooping See Section 24 1 1 4 on page 207 Note It ...

Page 210: ...rce Guard LABEL DESCRIPTION Index This field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding IP Address This field displays the IP address assigned to the MAC address in the binding Lease This field displays how many days hours minutes and seconds the binding is valid for example 2d3h4m5s means the binding is still valid for 2 day...

Page 211: ...t number in the field to the right If this binding applies to all ports select Any Add Click this to create the specified static binding or to update an existing one Cancel Click this to reset the values above based on the last selected static binding or if not applicable to clear the fields above Clear Click this to clear the fields above Index This field displays a sequential number for each bin...

Page 212: ...s the port number in the binding If this field is blank the binding applies to all ports Delete Select this and click Delete to remove the specified entry Cancel Click this to clear the Delete check boxes above Table 71 IP Source Guard Static Binding continued LABEL DESCRIPTION ...

Page 213: ... Source Guard GS2200 48 User s Guide 213 24 4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database To open this screen click Advanced Application IP Source Guard DHCP Snooping ...

Page 214: ...Chapter 24 IP Source Guard GS2200 48 User s Guide 214 Figure 98 DHCP Snooping ...

Page 215: ... field displays how much longer in seconds the Switch tries to complete the current update before it gives up It displays Not Running if the Switch is not updating the DHCP snooping database right now Abort timer expiry This field displays when in seconds the Switch is going to update the DHCP snooping database again It displays Not Running if the current bindings have not changed since the last u...

Page 216: ...page 333 Binding collisions This field displays the number of bindings the Switch ignored because the Switch already had a binding with the same MAC address and VLAN ID Invalid interfaces This field displays the number of bindings the Switch ignored because the port number was a trusted interface or does not exist anymore Parse failures This field displays the number of bindings the Switch ignored...

Page 217: ...art To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Figure 99 DHCP Snooping Configure Parse failures This field displays the number of bindings the Switch has ignored because the Switch was unable to understand the binding in the DHCP binding database Expired leases This field displays the number of bindings the Switch has ignored because the lease time had a...

Page 218: ...h waits to start the next update until it completes the current one Agent URL Enter the location of the DHCP snooping database The location should be expressed like this tftp domain name or IP address directory if applicable file name for example tftp 192 168 10 1 database txt Timeout interval Enter how long 10 65535 seconds the Switch tries to complete a specific update in the DHCP snooping datab...

Page 219: ...ntrusted can receive each second To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Port Figure 100 DHCP Snooping Port Configure Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory w...

Page 220: ...ed ports are connected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address and source port do not match any of the cu...

Page 221: ... above If you configure the VLAN the settings are applied to all VLANs Enabled Select Yes to enable DHCP snooping on the VLAN You still have to enable DHCP snooping on the Switch and specify trusted ports Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports Option82 Select this to have the Switch add the slot number port number and VLAN ID to DHCP ...

Page 222: ...wer so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last saved values Table 75 DHCP Snooping VLAN Configure continued LABEL DESCRIPTION Table 76 ARP Inspection Status LABEL DESCRIPTION Total number of filters This field displays the current number of MAC addr...

Page 223: ...dress were in the binding table but the port number was not valid Delete Select this and click Delete to remove the specified entry Delete Click this to remove the selected entries Cancel Click this to clear the Delete check boxes above Table 76 ARP Inspection Status continued LABEL DESCRIPTION Table 77 ARP Inspection VLAN Status LABEL DESCRIPTION Show VLAN range Use this section to specify the VL...

Page 224: ...st restarted Forwarded This field displays the total number of ARP packets the Switch forwarded for the VLAN since the Switch last restarted Dropped This field displays the total number of ARP packets the Switch discarded for the VLAN since the Switch last restarted Table 77 ARP Inspection VLAN Status LABEL DESCRIPTION Table 78 ARP Inspection Log Status LABEL DESCRIPTION Clearing log status table ...

Page 225: ... on page 225 Reason This field displays the reason the log message was generated dhcp deny An ARP packet was discarded because it violated a dynamic binding with the same MAC address and VLAN ID static deny An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID deny An ARP packet was discarded because there were no bindings with the same MAC address ...

Page 226: ...RIPTION Active Select this to enable ARP inspection on the Switch You still have to enable ARP inspection on specific VLAN and specify trusted ports Filter Aging Time Filter aging time This setting has no effect on existing MAC address filters Enter how long 1 2147483647 seconds the MAC address filter remains in the Switch after the Switch identifies an unauthorized ARP packet The Switch automatic...

Page 227: ...ure the syslog server Chapter 34 on page 301 to use this setting Enter 0 if you do not want the Switch to send log messages generated by ARP packets to the syslog server The Syslog rate and Log interval settings interact If the Syslog rate number X is greater than Log interval seconds Y X divided by Y system messages are sent every second Otherwise one message is sent every Y divided by X seconds ...

Page 228: ...s a trusted port Trusted or an untrusted port Untrusted The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on untrusted ports in the following situations The sender s information in the ARP packet does not match any of the current bindings The rate at which ARP packets arrive is too high You can specify the maximum rate at which ARP packets can ...

Page 229: ...a maximum of 15 ARP packets in every one second interval If the burst interval is 5 seconds then the Switch accepts a maximum of 75 ARP packets in every five second interval Enter the length 1 15 seconds of the burst interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navig...

Page 230: ...witch does not generate any log messages when it receives an ARP packet from the VLAN Deny The Switch generates log messages when it discards an ARP packet from the VLAN Permit The Switch generates log messages when it forwards an ARP packet from the VLAN All The Switch generates log messages every time it receives an ARP packet from the VLAN Apply Click Apply to save your changes to the Switch s ...

Page 231: ...e 108 Loop Guard vs STP Loop guard is designed to handle loop problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a switch are connected with the same cable When a switch in loop state sends out broadcast messages the messages loop back to the switch and are re bro...

Page 232: ...port If this is the case the Switch will shut down the port connected to the switch in loop state The following figure shows a loop guard enabled port N on switch A sending a probe packet P to switch B Since switch B is in loop state the probe packet P returns to port N on A The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state Figure ...

Page 233: ...our network you can re activate the disabled port via the web configurator see Section 7 7 on page 73 or via commands see Section 44 12 4 on page 377 25 2 Loop Guard Setup Click Advanced Application Loop Guard in the navigation panel to display the screen as shown Note The loop guard feature can not be enabled on the ports that have Spanning Tree Protocol RSTP or MSTP enabled Figure 112 Advanced A...

Page 234: ...nges in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to check if the Switch it is connected to is in loop state If the Switch that this port is connected is in loop state the Switch will shut down this port Clear this check box to disable the loop guard feature ...

Page 235: ...235 PART IV IP Application Static Routing 237 RIP 239 Differentiated Services 241 DHCP 249 VRRP 259 ...

Page 236: ...236 ...

Page 237: ...able describes the related labels you use to create a static route Table 83 IP Application Static Routing LABEL DESCRIPTION Active This field allows you to activate deactivate this static route Name Enter a descriptive name up to 32 printable ASCII characters for identification purposes Destination IP Address This parameter specifies the IP network address of the final destination Routing is alway...

Page 238: ...nges to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to set the above fields back to the factory defaults Index This field displays the index number of the route Click a number to edit the static route entry Active This field displays Yes when the static route is activated and NO when it is deactivated Name This...

Page 239: ...IP packets but will not accept any RIP packets received None the Switch will not send any RIP packets and will ignore any RIP packets received The Version field controls the format and the broadcasting method of the RIP packets that the Switch sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networ...

Page 240: ...interface configured on the Switch Refer to the section on IP Setup for more information on configuring IP domains Directio n Select the RIP direction from the drop down list box Choices are Outgoing Incoming Both and None Version Select the RIP version from the drop down list box Choices are RIP 1 RIP 2B and RIP 2M Apply Click Apply to save your changes to the Switch s run time memory The Switch ...

Page 241: ... differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 28 1 1 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service ToS field in the IP header The DS ...

Page 242: ... to give higher drop precedence to one traffic flow over others In our example packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Platinum traffic flow as they move across the DiffServ network Figure 116 DiffServ Network 28 2 Two Rate Three Color Marker Traffic Policing Traffic policing is the limiting of the input or output transmission...

Page 243: ...ork Green low loss priority level packets are forwarded TRTCM operates in one of two modes color blind or color aware In color blind mode packets are marked based on evaluating against the PIR and CIR regardless of if they have previously been marked or not In the color aware mode packets are marked based on both existing color and evaluation against the PIR and CIR If the packets do not match any...

Page 244: ...ed against the PIR Only the packets marked green are first evaluated against the PIR and then if they don t exceed the PIR level are they evaluated against the CIR Figure 118 TRTCM Color aware Mode 28 3 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802 1p priority mapping on the selected port s Click IP Application DiffServ in the navigation panel to display the screen as sh...

Page 245: ...the Switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select Active to enable DiffServ on the port Apply Click Apply to save your changes to the Sw...

Page 246: ...gh loss priority colored packets Mode Select color blind to have the Switch treat all incoming packets as uncolored All incoming packets are evaluated against the CIR and PIR Select color aware to treat the packets as marked by some preceding entity Incoming packets are evaluated based on their existing color Incoming packets that are not marked proceed through the Switch Port This field displays ...

Page 247: ... are marked via TRTCM green Specify the DSCP value to use for packets with low packet loss priority yellow Specify the DSCP value to use for packets with medium packet loss priority red Specify the DSCP value to use for packets with high packet loss priority Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so u...

Page 248: ...8 IP Application DiffServ DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to s...

Page 249: ... 29 1 1 DHCP Modes The Switch can be configured as a DHCP server or DHCP relay agent If you configure the Switch as a DHCP server it will maintain the pool of IP addresses along with subnet masks DNS server and default gateway information and distribute them to your LAN computers If there is already a DHCP server on your network then you can configure the Switch as a DHCP relay agent When the Swit...

Page 250: ...guration to view the screen as shown Use Table 89 IP Application DHCP Status LABEL DESCRIPTION Server Status This section displays configuration settings related to the Switch s DHCP server mode Index This is the index number VID This field displays the VLAN ID for which the Switch is a DHCP server Server Status This field displays the starting DHCP client IP address IP Pool Size This field displa...

Page 251: ...ay value sent to clients from this DHCP server instance Primary DNS Server This field displays the primary DNS server value sent to clients from this DHCP server instance Secondary DNS Server This field displays the secondary DNS server value sent to clients from this DHCP server instance Address Leases This section displays information about the IP addresses this DHCP server issued to clients Ind...

Page 252: ...sts that it relays to a DHCP server by adding Relay Agent Information This helps provide authentication about the source of the requests The DHCP server can then provide an IP address based on this information Please refer to RFC 3046 for more details The DHCP Relay Agent Information feature adds an Agent Information field to the Option 82 field The Option 82 field is in the DHCP headers of client...

Page 253: ... Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This read only field displays the system name you configure in the Basic Setting General Setup screen Select the check box for the Switch to add the system name to the client DHCP requests that it relays to a DH...

Page 254: ... DHCP clients in both domains Figure 125 Global DHCP Relay Network Example Configure the DHCP Relay screen as shown Make sure you select the Option 82 check box to set the Switch to send additional information such as the VLAN ID together with the DHCP requests to the DHCP server This allows the DHCP server to assign the appropriate IP address according to the VLAN ID Figure 126 DHCP Relay Configu...

Page 255: ... VLAN that you want to configure DHCP settings for on the Switch See Section 7 6 on page 71 for information on how to do this Figure 127 IP Application DHCP VLAN The following table describes the labels in this screen Table 93 IP Application DHCP VLAN LABEL DESCRIPTION VID Enter the ID number of the VLAN to which these DHCP settings apply DHCP Status Select whether the Switch should function as a ...

Page 256: ...CP requests that it relays to a DHCP server Informati on This read only field displays the system name you configure in the Basic Setting General Setup screen Select the check box for the Switch to add the system name to the client DHCP requests that it relays to a DHCP server Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or l...

Page 257: ...vers are installed to serve each VLAN The system is set up to forward DHCP requests from the dormitory rooms VLAN 1 to the DHCP server with an IP address of 192 168 1 100 Requests from the academic buildings VLAN 2 are sent to the other DHCP server with an IP address of 172 23 10 100 Figure 128 DHCP Relay for Two VLANs VLAN 1 VLAN 2 DHCP 192 168 1 100 DHCP 172 23 10 100 ...

Page 258: ...Chapter 29 DHCP GS2200 48 User s Guide 258 For the example network configure the VLAN Setting screen as shown Figure 129 DHCP Relay for Two VLANs Configuration Example example ...

Page 259: ...vailable In VRRP a virtual router VR represents a number of physical layer 3 devices An IP address is associated with the virtual router A layer 3 device having the same IP address is the preferred master router while the other Layer 3 devices are the backup routers The master router forwards traffic for the virtual router When the master router becomes unavailable a backup router assumes the role...

Page 260: ... Click IP Application VRRP in the navigation panel to display the VRRP Status screen as shown next Figure 131 IP Application VRRP Status The following table describes the labels in this screen 172 16 1 172 16 1 172 16 1 Table 94 IP Application VRRP Status LABEL DESCRIPTION Index This field displays the index number of a rule Network This field displays the IP address and the subnet mask bits of an...

Page 261: ...unctions as the master router This field is Backup indicating that this Switch functions as a backup router This field displays Init when this Switch is initiating the VRRP protocol or when the Uplink Status field displays Dead Uplink Status This field displays the status of the link between this Switch and the uplink gateway This field is Alive indicating that the link between this Switch and the...

Page 262: ...an IP domain Authenticati on Select None to disable authentication This is the default setting Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface Key When you select Simple in the Authentication field enter a password key up to eight printable ASCII character long in this field Apply Click Apply to save your changes to the Switch s run time memory The Sw...

Page 263: ... routers participating in the virtual router must use the same advertisement interval 30 3 2 2 Priority Configure the priority level 1 to 254 to set which backup router to take over in case the master router goes down The backup router with the highest priority will take over The priority of the VRRP router that owns the IP address es associated with the virtual router is 255 30 3 2 3 Preempt Mode...

Page 264: ... number 1 to 7 for which this VRRP entry is created You can configure up to seven virtual routers for one network Advertisement Interval Specify the number of seconds between Hello message transmissions The default is 1 Preempt Mode Select this option to activate preempt mode Priority Enter a number between 1 and 254 to set the priority level The bigger the number the higher the priority This fiel...

Page 265: ...lick Clear to set the above fields back to the factory defaults Table 96 IP Application VRRP Configuration VRRP Parameters continued LABEL DESCRIPTION Table 97 VRRP Configuring VRRP Parameters LABEL DESCRIPTION Index This field displays the index number of an entry Active This field shows whether a VRRP entry is enabled Yes or disabled No Name This field displays a descriptive name of an entry Net...

Page 266: ...0 The host computer X is set to use VR1 as the default gateway Figure 135 VRRP Configuration Example One Virtual Router Network You want to set switch A as the master router Configure the VRRP parameters in the VRRP Configuration screens on the switches as shown in the figures below Figure 136 VRRP Example 1 VRRP Parameter Settings on Switch A Figure 137 VRRP Example 1 VRRP Parameter Settings on S...

Page 267: ... in the two network groups use different default gateways Each switch is configured to backup a virtual router using VRRP You wish to configure switch A as the master router for virtual router VR1 and as a backup for virtual router VR2 On the other hand switch B is the master for VR2 and a backup for VR1 Figure 140 VRRP Configuration Example Two Virtual Router Network You need to configure the VRR...

Page 268: ... VRRP Example 2 VRRP Parameter Settings for VR2 on Switch A Figure 142 VRRP Example 2 VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration the VRRP Status screens for both switches are shown next Figure 143 VRRP Example 2 VRRP Status on Switch A Figure 144 VRRP Example 2 VRRP Status on Switch B example example example example ...

Page 269: ...269 PART V Management Maintenance 271 Access Control 279 Diagnostic 299 Syslog 301 Cluster Management 305 MAC Table 313 IP Table 317 ARP Table 321 Routing Table 323 Configure Clone 325 ...

Page 270: ...270 ...

Page 271: ...o open the following screen Figure 145 Management Maintenance The following table describes the labels in this screen Table 98 Management Maintenance LABEL DESCRIPTION Current This field displays which configuration Configuration 1 or Configuration 2 is currently operating on the Switch Firmware Upgrade Click Click Here to go to the Firmware Upgrade screen Restore Configurati on Click Click Here t...

Page 272: ...you may need to change the IP address of your computer to be in the same subnet as that of the default Switch IP address 192 168 1 1 Load Factory Default Click Click Here to reset the configuration to the factory default settings Save Configurati on Click Config 1 to save the current configuration settings to Configuration 1 on the Switch Click Config 2 to save the current configuration settings t...

Page 273: ...ows you to restart the Switch without physically turning the power off It also allows you to load configuration one Config 1 or configuration two Config 2 when you reboot Follow the steps below to reboot the Switch 1 In the Maintenance screen click the Config 1 button next to Reboot System to reboot and load configuration one The following screen displays Figure 147 Reboot System Confirmation 2 Cl...

Page 274: ... upgrades are only applied after a reboot Click Upgrade to load the new firmware After the firmware upgrade process is complete see the System Info screen to verify your current firmware version number 31 6 Restore a Configuration File Restore a previously saved configuration from your computer to the Switch using the Restore Configuration screen Figure 149 Management Maintenance Restore Configura...

Page 275: ... the Save As screen 3 Choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the configuration file to your computer 31 8 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands First understand the filename conventions 3...

Page 276: ... copies of both files for later use Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 31 8 2 FTP Command Line Procedure 1 Launch the FTP client on your computer 2 Enter open followed by a space and the IP address of your Switch 3 Press ENTER when prompted for a username 4 Enter your password as requested the default is 1234 5 Enter bin to set...

Page 277: ...Restrictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote Management screen does not match the client IP address If it does not match the Switch will disallow the FTP session Table 100 General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server Login Type Anonymous This is wh...

Page 278: ...Chapter 31 Maintenance GS2200 48 User s Guide 278 ...

Page 279: ...sessions are allowed A console port access control session and Telnet access control session cannot coexist when multi login is disabled See the Command Reference guide for more information on disabling multi login 32 2 The Access Control Main Screen Click Management Access Control in the navigation panel to display the main screen as shown Figure 151 Management Access Control Table 101 Access Con...

Page 280: ...etwork consists of two main components agents and a manager An agent is a management software module that resides in a managed Switch the Switch An agent translates the local management information from the managed Switch into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and mo...

Page 281: ...s let administrators collect statistics and monitor status and performance The Switch supports the following MIBs SNMP MIB II RFC 1213 RFC 1157 SNMP v1 RFC 1493 Bridge MIBs RFC 1643 Ethernet MIBs RFC 1155 SMI RFC 2674 SNMPv2 SNMPv2c RFC 1757 RMON SNMPv2 SNMPv2c or later version compliant with RFC 2011 SNMPv2 MIB for IP RFC 2012 SNMPv2 MIB for TCP RFC 2013 SNMPv2 MIB for UDP Table 102 SNMP Commands...

Page 282: ...e goes above or below the normal operating range TemperatureEventClear 1 3 6 1 4 1 890 1 5 8 53 3 7 2 2 This trap is sent when the temperature returns to the normal operating range voltage VoltageEventOn 1 3 6 1 4 1 890 1 5 8 53 3 7 2 1 This trap is sent when the voltage goes above or below the normal operating range VoltageEventClear 1 3 6 1 4 1 890 1 5 8 53 3 7 2 2 This trap is sent when the vol...

Page 283: ... the Ethernet link is down autonegotiati on AutonegotiationFailedEven tOn 1 3 6 1 4 1 890 1 5 8 53 37 2 1 This trap is sent when an Ethernet interface fails to auto negotiate with the peer Ethernet interface AutonegotiationFailedEven tClear 1 3 6 1 4 1 890 1 5 8 53 37 2 2 This trap is sent when an Ethernet interface auto negotiates with the peer Ethernet interface Table 105 AAA Traps OPTION OBJECT...

Page 284: ...This trap is sent when a ping test is completed traceroute traceRouteTestFailed 1 3 6 1 2 1 81 0 2 This trap is sent when a traceroute test fails traceRouteTestCompleted 1 3 6 1 2 1 81 0 3 This trap is sent when a traceroute test is completed Table 107 SNMP Switch Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION stp STPNewRoot 1 3 6 1 2 1 17 0 1 This trap is sent when the STP root switch changes MS...

Page 285: ...ss Control screen Figure 153 Management Access Control SNMP rmon RmonRisingAlarm 1 3 6 1 4 1 890 1 5 1 1 16 0 1 This trap is sent when a variable goes over the RMON rising threshold RmonFallingAlarm 1 3 6 1 4 1 890 1 5 1 1 16 0 2 This trap is sent when the variable falls below the RMON falling threshold Table 107 SNMP Switch Traps continued OPTION OBJECT LABEL OBJECT ID DESCRIPTION ...

Page 286: ...sing SNMP version 2c or lower Trap Community Enter the Trap Community string which is the password sent with each trap to the SNMP manager The Trap Community string is only used by SNMP managers using SNMP version 2c or lower Trap Destination Use this section to configure where to send SNMP traps from the Switch Version Specify the version of the SNMP trap messages IP Enter the IP addresses of up ...

Page 287: ...Digest 5 and SHA Secure Hash Algorithm are hash algorithms used to authenticate SNMP data SHA authentication is generally considered stronger than MD5 but is slower Privacy Specify the encryption method for SNMP communication from this user You can choose one of the following DES Data Encryption Standard is a widely used but breakable method of data encryption It applies a 56 bit key to each 64 bi...

Page 288: ...Use the rest of the screen to select which traps the Switch sends to that SNMP manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See Section 32 3 3 on page 282 for individual trap descriptions The traps are grouped by category Selecting a category automatically sele...

Page 289: ... settings Click Management Access Control Logins to view the screen as shown Figure 155 Management Access Control Logins The following table describes the labels in this screen Table 110 Management Access Control Logins LABEL DESCRIPTION Administrator This is the default administrator account with the admin user name You cannot change the default administrator user name Only the administrator has ...

Page 290: ...rs higher privileges via the CLI For more information on assigning privileges see Chapter 44 on page 333 User Name Set a user name up to 32 ASCII characters long Password Enter your new system password Retype to confirm Retype your new system password for confirmation Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses ...

Page 291: ...er The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client automatically saves any new server public keys In subsequent connections the server public key is checked against the saved version on the client computer 2 Encryption Method Once the identification is verified both...

Page 292: ...ure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring confidentiality an unauthorized party cannot read the transferred data authentication one party can identify the other party and data integrity you know if data has been changed It relies upon certific...

Page 293: ...l screen then the Switch blocks all HTTP connection attempts 32 8 HTTPS Example If you haven t changed the default HTTPS port on the Switch then in your browser enter https Switch IP Address as the web site address where Switch IP Address is the IP address or domain name of the Switch you wish to access 32 8 1 Internet Explorer Warning Messages When you attempt to access the Switch HTTPS server a ...

Page 294: ...re 159 Security Alert Dialog Box Internet Explorer 32 8 2 Netscape Navigator Warning Messages When you attempt to access the Switch HTTPS server a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate Click Examine Certificate if you want to verify that the certificate is from the Switch If Accept this certificate temporarily for this session is select...

Page 295: ... GS2200 48 User s Guide 295 Select Accept this certificate permanently to import the Switch s certificate into the SSL client Figure 160 Security Certificate 1 Netscape Figure 161 Security Certificate 2 Netscape example example ...

Page 296: ...tch main screen appears The lock displayed in the bottom right of the browser status bar denotes a secure connection Figure 162 Example Lock Denoting a Secure Connection 32 9 Service Port Access Control Service Access Control allows you to decide what services you may use to access the Switch You may also change the default service port and configure trusted ...

Page 297: ... Switch Service Port For Telnet SSH FTP HTTP or HTTPS services you may change the default service port by typing the new port number in the Server Port field If you change the default port number then you will have to let people who wish to use the service know the new port number for that service Timeout Type how many minutes a management session via the web configurator can be left idle before t...

Page 298: ...ent set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here The Switch immediately disconnects the session if it does not match Telnet F...

Page 299: ...stic This chapter explains the Diagnostic screen 33 1 Diagnostic Click Management Diagnostic in the navigation panel to open this screen Use this screen to check system logs ping IP addresses or perform port tests Figure 165 Management Diagnostic ...

Page 300: ...y to display a log of events in the multi line text box Click Clear to empty the text box and reset the syslog entry IP Ping Type the IP address of a device that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address in the field to the left Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test ...

Page 301: ...message has a facility and severity level The syslog facility identifies a file in the syslog server Refer to the documentation of your syslog program for details The following table describes the syslog severity levels Table 114 Syslog Severity Levels CODE SEVERITY 0 Emergency The system is unusable 1 Alert Action must be taken immediately 2 Critical The system condition is critical 3 Error There...

Page 302: ...tting Logging Type This column displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category Facility The log facility allows you to send logs to different files in the syslog server Refer to the documentation of your syslog program for more details Apply Click Apply to save your changes to the ...

Page 303: ...ore critical the logs are Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to return the fields to the factory ...

Page 304: ...Chapter 34 Syslog GS2200 48 User s Guide 304 ...

Page 305: ...ted and be in the same VLAN group so as to be able to communicate with one another Table 117 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models Cluster member models must be compatible with ZyXEL cluster management implementation Cluster Manager The cluster manager is the Switch through which you manage the cluster member switches Cluster Members ...

Page 306: ...er and the other switches on the upper floors of the building are cluster members Figure 168 Clustering Application Example 35 2 Cluster Management Status Click Management Cluster Management in the navigation panel to display the following screen Note A cluster can only have one manager Figure 169 Management Cluster Management ...

Page 307: ...s the cluster manager switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage cluster member switches via the cluster manager switch Each number in the Index column is a hyperlink leading to the cluster member switch s web configurator see Figure 170 on pag...

Page 308: ...Cluster Management GS2200 48 User s Guide 308 configurator home page and the home page that you d see if you accessed it directly are different Figure 170 Cluster Management Cluster Member Web Configurator Screen ...

Page 309: ...a0 c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 370lt0 bin fw 00 a0 c5 01 23 46 200 Port command okay 150 Opening data connection for STOR fw 00 a0 c5 01 23 46 226 File received OK ftp 262144 bytes sent in 0 63Seconds 415 44Kbytes sec ftp Table 119 FTP Upload to Cl...

Page 310: ...L DESCRIPTION Clustering Manager Active Select Active to have this Switch become the cluster manager switch A cluster can only have one manager Other directly connected switches that are set to be cluster managers will not be visible in the Clustering Candidates list If a switch that was previously a cluster member is later set to become a cluster manager then its Status is displayed as Error in t...

Page 311: ...the Clustering Candidate list and then enter its web configurator password If that switch administrator changes the web configurator password afterwards then it cannot be managed from the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below If multiple devices have the same password then hold SHIFT and ...

Page 312: ...Chapter 35 Cluster Management GS2200 48 User s Guide 312 ...

Page 313: ...ynamic learned by the Switch or static manually entered in the Static MAC Forwarding screen The Switch uses the MAC Table to determine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port from which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the M...

Page 314: ... MAC Table The following table describes the labels in this screen Table 121 Management MAC Table LABEL DESCRIPTION Sort by Click one of the following buttons to display and arrange the data according to that button type The information is then displayed in the summary table below MAC Click this button to display and arrange the data according to MAC address VID Click this button to display and ar...

Page 315: ...rame came VID This is the VLAN group to which this frame belongs Port This is the port from which the above MAC address was learned Type This shows whether the MAC address is dynamic learned by the Switch or static manually entered in the Static MAC Forwarding screen Table 121 Management MAC Table continued LABEL DESCRIPTION ...

Page 316: ...Chapter 36 MAC Table GS2200 48 User s Guide 316 ...

Page 317: ...ned by the Switch or static belonging to the Switch The Switch uses the IP Table to determine how to forward packets See the following figure 1 The Switch examines a received packet and learns the port from which this source IP address came 2 The Switch checks to see if the packet s destination IP address matches a source IP address already learned in the IP Table If the Switch has already learned...

Page 318: ...he labels in this screen Table 122 Management IP Table LABEL DESCRIPTION Sort by Click one of the following buttons to display and arrange the data according to that button type The information is then displayed in the summary table below IP Click this button to display and arrange the data according to IP address VID Click this button to display and arrange the data according to VLAN group Port C...

Page 319: ... Port This is the port from which the above IP address was learned This field displays CPU to indicate the IP address belongs to the Switch Type This shows whether the IP address is dynamic learned by the Switch or static belonging to the Switch Table 122 Management IP Table continued LABEL DESCRIPTION ...

Page 320: ...Chapter 37 IP Table GS2200 48 User s Guide 320 ...

Page 321: ...h s ARP program looks in the ARP Table and if it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC fiel...

Page 322: ...ibes the labels in this screen Table 123 Management ARP Table LABEL DESCRIPTION Index This is the ARP Table entry number IP Address This is the learned IP address of a device connected to a Switch port with the corresponding MAC address below MAC Address This is the MAC address of the device with the corresponding IP address above Type This shows whether the MAC address is dynamic learned by the S...

Page 323: ...ng Table in the navigation panel to display the screen as shown Figure 178 Management Routing Table The following table describes the labels in this screen Table 124 Management Routing Table LABEL DESCRIPTION Index This field displays the index number Destination This field displays the destination IP routing domain Gateway This field displays the IP address of the gateway device Interface This fi...

Page 324: ...Chapter 39 Routing Table GS2200 48 User s Guide 324 ...

Page 325: ...ou can copy the settings of one port onto other ports 40 1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management Configure Clone to open the following screen Figure 179 Management Configure Clone ...

Page 326: ...le 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings configured in the Basic Setting menus should be copied to the destination port s Advanced Application Select which port settings configured in the Advanced Application menus should be copied to the destination ports Apply Click Ap...

Page 327: ...327 PART VI Product Specifications Product Specifications 329 ...

Page 328: ...328 ...

Page 329: ...mpatible with Cat5 5e 6 copper cable a mini GBIC slot compatible with Small Form Factor Pluggable SFP Multi Source Agreement MSA transceivers to be used with 1000Base X fiber cables For each Dual Personality interface one port or slot is active at a time 2 mini GBIC slots compatible with Small Form Factor Pluggable SFP Multi Source Agreement MSA transceivers to be used with 1000Base X fiber cables...

Page 330: ... the Switch Authentication via RADIUS and TACACS also available IP Routing Domain An IP interface also known as an IP routing domain is not bound to a physical port Configure an IP routing domain to allow the Switch to route traffic between different networks VLAN A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple logical networks Devices on a logical netwo...

Page 331: ...parate queues for packets from each individual source or flow and prevent a source from monopolizing the bandwidth Port Mirroring Port mirroring allows you to copy traffic going from one or all ports to another or all ports in order that you can examine the traffic from the mirror port the port you copy the traffic to without interference Static Route Static routes tell the Switch how to forward I...

Page 332: ...learned MAC addresses and or configured static MAC addresses to pass through a port on the Switch Authentication and Accounting The Switch supports authentication and accounting services via RADIUS and TACACS AAA servers Device Management Use the web configurator or commands to easily configure the rich range of features on the Switch Port Cloning Use the port cloning feature to copy the settings ...

Page 333: ...arding of corrupted packets STP IEEE 802 1w Rapid Spanning Tree Protocol RSTP IEEE 802 1s Multiple Spanning Tree Protocol QoS IEEE 802 1p Eight priority queues per port Port based egress traffic shaping Rule based traffic mirroring Supports IGMP snooping VLAN Port based VLAN setting Tag based IEEE 802 1Q VLAN Number of VLAN 4K 1024 static maximum Supports GVRP Double tagging for VLAN stacking Prot...

Page 334: ...N RFC 826 Address Resolution Protocol ARP RFC 867 Daytime Protocol RFC 868 Time Protocol RFC 894 Ethernet II Encapsulation RFC 1058 RIP 1 Routing Information Protocol RFC 1112 IGMP v1 RFC 1155 SMI RFC 1157 SNMPv1 Simple Network Management Protocol version 1 RFC 1213 SNMP MIB II RFC 1305 Network Time Protocol NTP version 3 RFC 1441 SNMPv2 Simple Network Management Protocol version 2 RFC 1493 Bridge...

Page 335: ...Protocol SNMP v3 RFC 3580 RADIUS Tunnel Protocol Attribute IEEE 802 1x Port Based Network Access Control IEEE 802 1D MAC Bridges IEEE 802 1p Traffic Types Packet Priority IEEE 802 1Q Tagged VLAN IEEE 802 1w Rapid Spanning Tree Protocol RSTP IEEE 802 1s Multiple Spanning Tree Protocol MSTP IEEE 802 3 Packet Format IEEE 802 3ad Link Aggregation IEEE 802 3ah Ethernet OAM Operations Administration and...

Page 336: ...Chapter 41 Product Specifications GS2200 48 User s Guide 336 ...

Page 337: ...337 PART VII Appendices and Index IP Addresses and Subnetting 339 Legal Information 349 Index 353 ...

Page 338: ...338 ...

Page 339: ...r and the other part is the host ID In the same way that houses on a street share a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the ...

Page 340: ...gical AND operation The term subnet is short for sub network A subnet mask has 32 bits If a bit in the subnet mask is a 1 then the corresponding bit in the IP address is part of the network number If a bit in the subnet mask is 0 then the corresponding bit in the IP address is part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of a...

Page 341: ...mber bits the smaller the number of remaining host ID bits An IP address with host IDs of all zeros is the IP address of the network 192 168 1 0 with a 24 bit subnet mask for example An IP address with host IDs of all ones is the broadcast address for that network 192 168 1 255 with a 24 bit subnet mask for example As these two IP addresses cannot be used for individual hosts calculate the maximum...

Page 342: ...u can use subnetting to divide one network into multiple sub networks In the following example a network administrator creates two sub networks to isolate a group of servers from the rest of the company network for security reasons In this example the company network address is 192 168 1 0 The first three octets of the address 192 168 1 are the network number and the remaining octet is the host ID...

Page 343: ...tting Figure 181 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 ...

Page 344: ...255 128 is subnet A itself and 192 168 1 127 with mask 255 255 255 128 is its broadcast address Therefore the lowest IP address that can be assigned to an actual host for subnet A is 192 168 1 1 and the highest is 192 168 1 126 Similarly the host ID range for subnet B is 192 168 1 129 to 192 168 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 b...

Page 345: ...inary 11000000 10101000 00000001 01000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 64 Lowest Host ID 192 168 1 65 Broadcast Address 192 168 1 127 Highest Host ID 192 168 1 126 Table 136 Subnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111...

Page 346: ...t Subnets SUBNET SUBNET ADDRESS FIRST ADDRESS LAST ADDRESS BROADCAST ADDRESS 1 0 1 30 31 2 32 33 62 63 3 64 65 94 95 4 96 97 126 127 5 128 129 158 159 6 160 161 190 191 7 192 193 222 223 8 224 225 254 255 Table 139 24 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 2...

Page 347: ...le Network Address Translation NAT on the Switch Once you have decided on the network number pick an IP address for your Switch that is easy to remember for instance 192 168 1 1 but make sure that no other device on your network is using that IP address The subnet mask specifies the network number portion of an IP address Your Switch will compute the subnet mask automatically based on the IP addre...

Page 348: ...68 0 0 192 168 255 255 You can obtain your IP address from the IANA from an ISP or it can be assigned from a private network If you belong to a small organization and your Internet access is through an ISP the ISP can provide you with the Internet addresses for your local networks On the other hand if you are part of a much larger organization you should consult your network administrator for the ...

Page 349: ...sing out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of Zy...

Page 350: ...ce in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense CE Mark Warning This is a class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Taiwanese BSMI Bureau of Standards Metrology and Inspection A Warning Not...

Page 351: ...ith damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequenti...

Page 352: ...Appendix B Legal Information GS2200 48 User s Guide 352 ...

Page 353: ...hentication and RADIUS 192 setup 197 authorization privilege levels 199 automatic VLAN registration 80 B back up configuration file 275 bandwidth control 333 basic settings 63 binding 205 binding table 205 building 205 BPDUs Bridge Protocol Data Units 106 Bridge Protocol Data Units BPDUs 106 bridging 333 C certifications 349 notices 350 viewing 351 CFI Canonical Format Indicator 79 changing the pa...

Page 354: ...ol 249 DHCP relay option 82 207 DHCP snooping 205 206 configuring 207 DHCP relay option 82 207 trusted ports 206 untrusted ports 206 DHCP snooping database 206 diagnostics 299 Ethernet port test 300 ping 300 system log 300 Differentiated Service DiffServ 241 DiffServ 241 activate 244 and TRTCM 246 DS field 241 DSCP 241 DSCP to IEEE802 1p mapping 247 network example 242 PHB 241 dimensions 329 discl...

Page 355: ...9 mounting 30 hardware monitor 64 hardware overview 33 hello time 117 hops 117 HTTPS 292 certificates 292 implementation 292 public keys private keys 292 HTTPS example 293 humidity 330 I IANA 348 IEEE 802 1p priority 70 IEEE 802 1x activate 142 143 195 197 reauthentication 143 IEEE 802 1x port authentication 139 IGMP version 175 IGMP Internet Group Management Protocol 175 IGMP filtering 175 profil...

Page 356: ...s 313 viewing 314 maintenance 271 configuration backup 275 current configuration 271 firmware 273 main screen 271 restoring configuration 274 Management Information Base MIB 280 management port 98 managing the device good habits 26 using FTP See FTP using SNMP See SNMP using Telnet See command interface using the command interface See command interface using the web configurator See web configurat...

Page 357: ...onnection 300 policy 160 162 and classifier 160 and DiffServ 157 configuration 160 example 163 overview 157 rules 157 158 viewing 161 policy configuration 162 port authentication 139 and RADIUS 193 IEEE802 1x 142 143 195 197 MAC authentication 140 port based VLAN type 69 port cloning 325 326 advanced settings 325 326 basic settings 325 326 port details 59 port isolation 87 98 port mirroring 129 13...

Page 358: ...settings 272 restoring configuration 48 274 RFC 3164 301 RIP configuration 239 direction 239 overview 239 version 239 RIP Routing Information Protocol 239 Round Robin Scheduling 166 routing domain 71 261 routing protocols 334 routing table 323 RSTP 105 rubber feet 29 S safety warnings 7 save configuration 48 273 screen summary 44 Secure Shell See SSH security 334 service access control 296 service...

Page 359: ...ort 106 status 114 119 terminology 105 vs loop guard 231 subnet 339 subnet based VLANs 88 and DHCP VLAN 90 and priority 88 configuration 89 subnet mask 340 subnetting 342 switch lockout 48 switch reset 48 switch setup 69 switching 333 syntax conventions 5 syslog 209 301 protocol 301 server setup 303 settings 302 setup 302 severity levels 301 system information 64 system log 300 system reboot 273 T...

Page 360: ... settings 87 port based VLAN 95 port based all connected 98 port based isolation 98 port based wizard 98 static VLAN 84 status 83 84 tagged 79 trunking 81 88 type 69 82 VLAN Virtual Local Area Network 68 VLAN number 72 VLAN stacking 169 171 configuration 173 example 169 frame format 171 port roles 170 174 priority 171 VLAN protocol based See protocol based VLAN VLAN subnet based See subnet based V...

Page 361: ...ndex GS2200 48 User s Guide 361 weight queuing 166 Weighted Round Robin Scheduling WRR 166 WFQ Weighted Fair Queuing 166 WRR Weighted Round Robin Scheduling 166 Z ZyNOS ZyXEL Network Operating System 276 ...

Page 362: ...Index GS2200 48 User s Guide 362 ...

Reviews:

No comments

Related manuals for GS2200-48

ABB EDS500 Series Operating Instruction preview
EDS500 Series
Brand: ABB Pages: 7
ABB Sense7 Series Original Instructions Manual preview
Sense7 Series
Brand: ABB Pages: 15
ABB NAL Series Mounting And Operation Manual preview
NAL Series
Brand: ABB Pages: 32
ABB VUBB User Manual preview
VUBB
Brand: ABB Pages: 44
N-Tron 100 Series User Manual & Installation Manual preview
100 Series
Brand: N-Tron Pages: 20
Barksdale 9000 Series Operating Instructions preview
9000 Series
Brand: Barksdale Pages: 5
Barksdale 8000 Series Operating Instructions Manual preview
8000 Series
Brand: Barksdale Pages: 6
S&C 2000 series Instructions For Field Assembly And Installation preview
2000 series
Brand: S&C Pages: 26
S&C 2000 series Installation Manual preview
2000 series
Brand: S&C Pages: 28
S&C 2000 series Installation And Operation Manual preview
2000 series
Brand: S&C Pages: 37
D-Link DKVM-IP1 Manual preview
DKVM-IP1
Brand: D-Link Pages: 73
La Toulousaine 1400 Installation Manual preview
1400
Brand: La Toulousaine Pages: 6
JDS Uniphase SB Series User Manual preview
SB Series
Brand: JDS Uniphase Pages: 40
Magnetrol T20 Series Instruction Manual And Replacement Parts List preview
T20 Series
Brand: Magnetrol Pages: 12
Magnetrol T20 Series Installation And Operating Manual preview
T20 Series
Brand: Magnetrol Pages: 24
ABLE 6 Series Installation & Maintenance Instructions preview
6 Series
Brand: ABLE Pages: 5
TAMS 1800 Series Installation & Operation Manual preview
1800 Series
Brand: TAMS Pages: 28
D-Link DFE-550TX Datasheet preview
DFE-550TX
Brand: D-Link Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

ABB AEG Acer Asus Beko Black & Decker Bosch Brother Candy Canon Cisco Craftsman D-Link DeWalt Dell Electrolux Emerson Epson Frigidaire Fujitsu GE HP Haier Hitachi Honeywell Huawei Husqvarna JVC Kenmore Kenwood KitchenAid LG Lenovo Makita Miele Mitsubishi Electric Motorola NEC Nikon Nokia Panasonic Philips Pioneer Samsung Sanyo Sharp Siemens Sony TP-Link Toshiba Whirlpool Xiaomi Yamaha Zanussi Load more brands