Home
/
ZyXEL Communications
/
GS2200 Series
/
User Manual

ZyXEL Communications GS2200 Series, User Manual

Share

Page: 188 / 320

ZyXEL Communications GS2200 Series User Manual Download Page 188

Chapter 25 IP Source Guard

GS2200 Series User’s Guide

188

• Use the ARP Inspection Port Configure screen (

Section 25.9.1 on page 202

) to specify

whether ports are trusted or untrusted ports for ARP inspection.

• Use the ARP Inspection VLAN Configure screen (

Section 25.9.2 on page 204

) to enable ARP

inspection on each VLAN and to specify when the Switch generates log messages for receiving
ARP packets from each VLAN.

25.1.2 What You Need to Know

The Switch builds the binding table by snooping DHCP packets (dynamic bindings) and from
information provided manually by administrators (static bindings).

IP source guard consists of the following features:

• Static bindings. Use this to create static bindings in the binding table.
• DHCP snooping. Use this to filter unauthorized DHCP packets on the network and to build the

binding table dynamically.

• ARP inspection. Use this to filter unauthorized ARP packets on the network.

If you want to use dynamic bindings to filter unauthorized ARP packets (typical implementation),
you have to enable DHCP snooping before you enable ARP inspection.

25.2 IP Source Guard

Use this screen to look at the current bindings for DHCP snooping and ARP inspection. Bindings are
used by DHCP snooping and ARP inspection to distinguish between authorized and unauthorized
packets in the network. The Switch learns the bindings by snooping DHCP packets (dynamic
bindings) and from information provided manually by administrators (static bindings). To open this
screen, click Advanced Application > IP Source Guard.

Figure 120

IP Source Guard

The following table describes the labels in this screen.

Table 67

IP Source Guard

LABEL

DESCRIPTION

Index

This field displays a sequential number for each binding.

MAC Address

This field displays the source MAC address in the binding.

IP Address

This field displays the IP address assigned to the MAC address in the binding.

Lease

This field displays how many days, hours, minutes, and seconds the binding is valid; for
example, 2d3h4m5s means the binding is still valid for 2 days, 3 hours, 4 minutes, and
5 seconds. This field displays infinity if the binding is always valid (for example, a static
binding).

«
...
186
187
188
189
190
...
»

Summary of Contents for GS2200 Series

Page 1: ...el com GS2200 Series Intelligent Layer 2 GbE Switch Version 4 00 Edition 2 08 2012 Copyright 2012 ZyXEL Communications Corporation User s Guide Default Login Details IP Address https 192 168 1 1 User...

Page 2: ...his book may differ slightly from your product due to differences in your product firmware or your computer operating system Every effort has been made to ensure that the information in this manual is...

Page 3: ...VLAN 77 Static MAC Forward Setup 95 Static Multicast Forward Setup 97 Filtering 101 Spanning Tree Protocol 103 Bandwidth Control 123 Broadcast Storm Control 126 Mirroring 128 Link Aggregation 131 Port...

Page 4: ...Contents Overview GS2200 Series User s Guide 4 Diagnostic 279 Syslog 281 Cluster Management 284 MAC Table 290 ARP Table 293 Configure Clone 295 Troubleshooting 297...

Page 5: ...bits for Managing the Switch 20 Chapter 2 Hardware Installation and Connection 21 2 1 Installation Scenarios 21 2 2 Desktop Installation Procedure 21 2 3 Mounting the Switch on a Rack 21 2 3 1 Rack mo...

Page 6: ...Creating a VLAN 41 5 1 2 Setting Port VID 42 5 2 Configuring Switch Management IP Address 43 Chapter 6 Tutorials 45 6 1 Overview 45 6 2 How to Use DHCP Snooping on the Switch 45 6 3 How to Use DHCP R...

Page 7: ...ased VLANs 85 9 5 1 Configuring Subnet Based VLAN 86 9 6 Protocol Based VLANs 88 9 6 1 Configuring Protocol Based VLAN 88 9 7 Port based VLAN Setup 90 9 7 1 Configure a Port based VLAN 91 9 8 Technica...

Page 8: ...gure Multiple Spanning Tree Protocol 114 13 8 1 Multiple Spanning Tree Protocol Port Configuration 117 13 9 Multiple Spanning Tree Protocol Status 117 13 10 Technical Reference 119 13 10 1 MSTP Networ...

Page 9: ...40 18 3 Activate IEEE 802 1x Security 141 18 3 1 Guest VLAN 142 Chapter 19 Port Security 145 19 1 Overview 145 19 1 1 What You Can Do 145 19 2 Port Security Setup 146 Chapter 20 Classifier 148 20 1 Ov...

Page 10: ...24 1 Overview 176 24 1 1 What You Can Do 176 24 1 2 What You Need to Know 176 24 2 AAA Screens 177 24 3 RADIUS Server Setup 177 24 4 TACACS Server Setup 180 24 5 AAA Setup 182 24 6 Technical Reference...

Page 11: ...ol Tunneling 213 27 1 Overview 213 27 1 1 What You Can Do 213 27 1 2 What You Need to Know 213 27 2 Configuring Layer 2 Protocol Tunneling 215 Chapter 28 PPPoE 217 28 1 PPPoE Intermediate Agent Overvi...

Page 12: ...You Can Do 238 32 1 2 What You Need to Know 238 32 2 DHCP Status 239 32 3 Configuring DHCP Global Relay 240 32 3 1 Global DHCP Relay Configuration Example 241 32 4 Configuring DHCP VLAN Settings 241 3...

Page 13: ...g SNMP Trap Group 258 35 3 2 Configuring SNMP User 259 35 4 Setting Up Login Accounts 260 35 5 Service Port Access Control 262 35 6 Remote Management 262 35 7 Technical Reference 264 35 7 1 About SNMP...

Page 14: ...P Table 293 40 1 Overview 293 40 1 1 What You Can Do 293 40 1 2 What You Need to Know 293 40 2 Viewing the ARP Table 293 Chapter 41 Configure Clone 295 41 1 Overview 295 41 2 Configure Clone 295 Chapt...

Page 15: ...15 PART I User s Guide...

Page 16: ...16...

Page 17: ...he IEEE 802 3af PoE standard Ports 1 to 4 on the GS2200 8HP can supply power of up to 30W per Ethernet port Ports 5 to 8 on the GS2200 8HP and ports 1 to 24 on the GS2200 24P can supply power of up to...

Page 18: ...alleviate bandwidth contention and eliminate server and network bottlenecks All users that need high bandwidth can connect to high speed department servers via the Switch You can provide a super fast...

Page 19: ...rmance Switched Workgroup Application 1 1 4 IEEE 802 1Q VLAN Application Examples A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple logical networks Stations...

Page 20: ...6 1 on page 253 SNMP The Switch can be monitored by an SNMP manager See Section 35 7 1 on page 264 Cluster Management Cluster Management allows you to manage multiple switches through one switch call...

Page 21: ...evel surface strong enough to support the weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air ci...

Page 22: ...to the Switch 1 Position a mounting bracket on one side of the Switch lining up the four screw holes on the bracket with the screw holes on the side of the Switch Figure 5 Attaching the Mounting Brack...

Page 23: ...l Mounting for GS2200 8 only Do the following to attach your Switch to a wall Insecure mounting may damage the device or cause injury ZyXEL is not responsible for damages incurred by insecure wall mou...

Page 24: ...igure 7 Wall mounting Example The Switch should be wall mounted horizontally The Switch s side panels with ventilation slots should not be facing up or down as this position is less safe The following...

Page 25: ...the Switch and shows you how to make the hardware connections 3 2 Front Panels The following figure shows the front panel of the Switch Figure 9 Front Panel GS2200 8 Figure 10 Front Panel GS2200 8HP E...

Page 26: ...1000 BASE T PoE Ports GS2200 8HP or GS2200 24P only Connect these ports to a computer a hub a wireless AP an Ethernet switch or router The GS2200 8HP supports the IEEE 802 3at High Power over Ethernet...

Page 27: ...C and 1000Base T Ethernet pair The mini GBIC slots have priority over the Gigabit ports This means that if a mini GBIC slot and the corresponding GbE port are connected at the same time the GbE port w...

Page 28: ...t Interface Converter transceivers A transceiver is a single unit that houses a transmitter and a receiver The Switch does not come with transceivers You must use transceivers that comply with the Sma...

Page 29: ...following steps to remove a mini GBIC transceiver SFP module 1 Remove the fiber optic cables from the transceiver 2 Open the transceiver s latch latch styles vary 3 Pull the transceiver out of the slo...

Page 30: ...ing PPS GS2200 24P only Green On External power supply is turned on Off External power supply is turned off or has failed ALM Red On A hardware failure is detected Off The system is functioning normal...

Page 31: ...31 PART II Technical Reference...

Page 32: ...32...

Page 33: ...eb browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 4 2 System Login...

Page 34: ...me Screen for GS2200 24P Status A Click the menu items to open submenu links and then click on a submenu link to open the screen in the main window B C D E These are quick links which allow you to per...

Page 35: ...ys general system information General Setup This link takes you to a screen where you can configure general identification information about the Switch Switch Setup This link takes you to a screen whe...

Page 36: ...resses to learn on a port Classifier This link takes you to a screen where you can configure the Switch to group packets based on the specified criteria Policy Rule This link takes you to a screen whe...

Page 37: ...an change the system login password and configure SNMP and remote management Diagnostic This link takes you to a screen where you can view system logs and test port s Syslog This link takes you to scr...

Page 38: ...ply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off Click the Save link in the upper right hand corner of the web config...

Page 39: ...le with the factory default configuration file This means that you will lose all previous configurations and the speed of the console port will be reset to the default of 9600 bps with 8 data bits no...

Page 40: ...your password again after you log out This is recommended after you finish a management session for security reasons Figure 21 Web Configurator Logout Screen 4 8 Help The web configurator s online he...

Page 41: ...r the initial setup Create a VLAN Set port VLAN ID Configure the Switch IP management address 5 1 1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port s belongs You can...

Page 42: ...nce the VLAN2 network is connected to port 1 on the Switch select Fixed to configure port 1 to be a permanent member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs c...

Page 43: ...en click the VLAN Port Setting link 2 Enter 2 in the PVID field for port 1 and click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s p...

Page 44: ...information 3 Click Basic Setting IP Setup in the navigation panel 4 Configure the related fields in the IP Setup screen 5 For the VLAN2 network enter 192 168 2 1 as the IP address and 255 255 255 0...

Page 45: ...LAN containing ports 5 6 and 7 Connect a computer M to the Switch for management Figure 25 Tutorial DHCP Snooping Tutorial Overview Note For related information about DHCP snooping see Section 25 1 on...

Page 46: ...the Control field as shown Deselect Tx Tagging because you don t want outgoing traffic to contain this VLAN tag Click Add Figure 26 Tutorial Create a VLAN and Add Ports to It 3 Go to Advanced Applicat...

Page 47: ...ply Figure 28 Tutorial Specify DHCP VLAN 5 Click the Port link at the top right corner 6 The DHCP Snooping Port Configure screen appears Select Trusted in the Server Trusted state field for port 5 bec...

Page 48: ...ort 6 or 7 The computer should be able to get an IP address from the DHCP server If you put the DHCP server on port 6 or 7 the computer will not able to get an IP address 10 To check if DHCP snooping...

Page 49: ...72 16 1 18 to DHCP client A based on the system name VLAN ID and port number in the DHCP request Client A connects to the Switch s port 2 in VLAN 102 Figure 32 Tutorial DHCP Relay Scenario 6 3 2 Creat...

Page 50: ...utorial Set VLAN Type to 802 1Q 3 Click Advanced Application VLAN Static VLAN 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN 102 for example in the Name field and enter 102 in...

Page 51: ...Figure 34 Tutorial Create a Static VLAN 8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen Figure 35 Tutorial Click the VLAN Port Sett...

Page 52: ...uration permanently 6 3 3 Configuring DHCP Relay Follow the steps below to enable DHCP relay on the Switch and allow the Switch to add relay agent information such as the VLAN ID to DHCP requests 1 Cl...

Page 53: ...ion permanently 7 The DHCP server can then assign a specific IP address based on the DHCP request 6 3 4 Troubleshooting Check the client A s IP address If it did not receive the IP address 172 16 1 18...

Page 54: ...page port details and PoE status The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details 7 1 1 What You Can Do Use the Port Sta...

Page 55: ...e Status screen as shown next Figure 38 Status GS2200 24 Figure 39 Status GS2200 24P The following table describes the labels in this screen Table 7 Status LABEL DESCRIPTION Port This identifies the E...

Page 56: ...ower from the Switch on this port LACP This fields displays whether LACP Link Aggregation Control Protocol has been enabled on the port TxPkts This field shows the number of transmitted frames on this...

Page 57: ...an individual port on the Switch Figure 40 Status Port Details The following table describes the labels in this screen Table 8 Status Port Details LABEL DESCRIPTION Port Info Port NO This field displa...

Page 58: ...hows the number of good multicast packets received Broadcast This field shows the number of good broadcast packets received Pause This field shows the number of 802 3x Pause packets received TX Collis...

Page 59: ...1023 This field shows the number of packets including bad packets received that were between 512 and 1023 octets in length 1024 1518 This field shows the number of packets including bad packets receiv...

Page 60: ...65 to choose your VLAN type set the ARP aging time and GARP timers and assign priorities to queues Use the IP Setup screen Section 8 6 1 on page 67 to configure the Switch IP address default gateway d...

Page 61: ...r of the Switch s current firmware including the date created Ethernet Address This field refers to the Ethernet MAC Media Access Control address of the Switch Hardware Monitor Temperature Unit The Sw...

Page 62: ...te RPM 41 is displayed for speeds too small to measure under 2000 RPM Threshold This field displays the minimum speed at which a normal fan should work Status Normal indicates that this fan is functio...

Page 63: ...service protocol that your timeserver uses Not all time servers support all protocols so you may have to use trial and error to find a protocol that works The main differences between them are the tim...

Page 64: ...mples Daylight Saving Time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the U...

Page 65: ...een Refer to Chapter 9 on page 77 for more information on VLAN Figure 43 Basic Setting Switch Setup The following table describes the labels in this screen Table 11 Basic Setting Switch Setup LABEL DE...

Page 66: ...g The Switch has eight physical queues that you can map to the 8 priority levels On the Switch traffic assigned to higher index queues gets through faster while traffic in lower index queues is droppe...

Page 67: ...64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre defined VLAN s Note You must configure a VLAN first Figure 44 Basic Setting IP Setup The following ta...

Page 68: ...esses You can create up to 64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre defined VLAN s You must configure a VLAN first IP Address Enter the IP add...

Page 69: ...ake some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as...

Page 70: ...l is used in full duplex mode to send a pause signal to the sending port causing it to temporarily stop sending signals when the receiving port memory buffers fill Back Pressure flow control is typica...

Page 71: ...High Power over Ethernet PoE standard and the GS2200 24P complies with the IEEE 802 3af PoE standard Ports 1 to 4 on the GS2200 8HP can supply power of up to 30W per Ethernet port Ports 5 to 8 on the...

Page 72: ...y supplying to the connected PoE enabled devices Allocated Power W This field displays the total amount of power the Switch has reserved for PoE after negotiating with the connected PoE device s It sh...

Page 73: ...IEEE 802 3at PD Priority When the total power requested by the PDs exceeds the total PoE power budget on the Switch you can set the PD priority to allow the Switch to provide power to ports with high...

Page 74: ...llocated by the Switch may be less than the Max Power mW of the PD PDs with higher priority also get more power than those with lower priority levels Port This is the port index number PD Select this...

Page 75: ...ory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Can...

Page 76: ...Chapter 8 Basic Setting GS2200 Series User s Guide 76...

Page 77: ...MAC address and its associated port 9 1 2 What You Need to Know Read this section to know more about VLAN and how to configure the screens IEEE 802 1Q Tagged VLANs A tagged VLAN uses an explicit tag...

Page 78: ...in 9 1 2 1 Automatic VLAN Registration GARP and GVRP are the protocols used to automatically register VLAN membership across switches GARP GARP Generic Attribute Registration Protocol allows network s...

Page 79: ...trunking port s Figure 49 Port VLAN Trunking 9 1 2 3 Select the VLAN Type Select a VLAN type in the Basic Setting Switch Setup screen Figure 50 Switch Setup Select VLAN Type VLAN Administrative Contr...

Page 80: ...ication VLAN VLAN Status LABEL DESCRIPTION VLAN Search by VID Enter an existing VLAN ID number s separated by a comma and click Search to display only the specified VLAN s in the list below Leave this...

Page 81: ...annot be seen in one screen Table 17 Advanced Application VLAN VLAN Status continued LABEL DESCRIPTION Table 18 Advanced Application VLAN VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to...

Page 82: ...VLAN Static VLAN The following table describes the related labels in this screen Table 19 Advanced Application VLAN Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN sett...

Page 83: ...ansmitted with this VLAN Group ID Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top n...

Page 84: ...defines a way for switches to register necessary VLAN members on ports across the network Select this check box to permit VLAN groups beyond the local Switch Ingress Check If this check box is selecte...

Page 85: ...PVID Port VLAN ID is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines Enter a number between 1and 4094 as the port...

Page 86: ...ple 9 5 1 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown Note Subnet based VLAN applies to un tagged packets and is...

Page 87: ...bnet VLAN you are creating or editing Name Enter up to 32 alpha numeric characters to identify this subnet based VLAN IP Enter the IP address of the subnet for which you want to configure this subnet...

Page 88: ...r group and have higher priority than ARP traffic when they go through the uplink port to a backbone switch C Figure 57 Protocol Based VLAN Application Example 9 6 1 Configuring Protocol Based VLAN Cl...

Page 89: ...s protocol based VLAN or select Others and type the protocol number in hexadecimal notation For example the IP protocol in hexadecimal notation is 0800 and Novell IPX protocol is 8137 Note Protocols i...

Page 90: ...vate port based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that require a VID you must enter 1 as the VID The port based VLAN setup...

Page 91: ...7 1 Configure a Port based VLAN Select Port Based as the VLAN Type in the Basic Setting Switch Setup screen and then click Advanced Application VLAN from the navigation panel to display the next scree...

Page 92: ...Chapter 9 VLAN GS2200 Series User s Guide 92 Figure 60 Port Based VLAN Setup Port Isolation...

Page 93: ...y top right of screen to display the screens as mentioned above You can still customize these settings by adding deleting incoming or outgoing ports but you must also click Apply at the bottom of the...

Page 94: ...et to 0 and click Add Figure 61 Protocol Based VLAN Configuration Example To add more ports to this protocol based VLAN 1 Click the index number of the protocol based VLAN entry Click 1 2 Change the v...

Page 95: ...MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for...

Page 96: ...loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved...

Page 97: ...s is the MAC address of a member of a multicast group A static multicast address is a multicast MAC address that has been manually entered in the multicast table Static multicast addresses do not age...

Page 98: ...mes being forwarded to ports 2 and 3 within VLAN group 4 Figure 63 No Static Multicast Forwarding Figure 64 Static Multicast Forwarding to A Single Port Figure 65 Static Multicast Forwarding to Multip...

Page 99: ...he VLAN group here If you don t have a specific target VLAN enter 1 Port Enter the port s where frames with destination MAC address that matched the entry above are forwarded You can enter multiple po...

Page 100: ...a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to...

Page 101: ...ination MAC addresses and VLAN group ID 12 1 1 What You Can Do Use the Filtering screen Section 12 2 on page 101 to create rules for traffic going through the Switch 12 2 Configure a Filtering Rule Us...

Page 102: ...irs VID Type the VLAN group identification number Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save l...

Page 103: ...on screen Section 13 3 on page 107 to activate one of the STP modes on the Switch Use the Rapid Spanning Tree Protocol screen Section 13 4 on page 108 to configure RSTP settings Use the Rapid Spanning...

Page 104: ...slower the media the higher the cost On each bridge the root port is the port through which this bridge communicates with the root It is the port on this switch with the lowest path cost to the root...

Page 105: ...and assign port s to each tree Each spanning tree operates independently with its own bridge information In the following example there are two RSTP instances MRSTP 1 and MRSTP2 on switch A To set up...

Page 106: ...ning Tree Instance MSTI MSTI allows multiple VLANs to use the same spanning tree Load balancing is possible as traffic from different VLANs can use distinct paths in a region 13 2 Spanning Tree Protoc...

Page 107: ...lication Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree or Multip...

Page 108: ...110 Active Select this check box to activate RSTP Clear this checkbox to disable RSTP Note You must also activate Rapid Spanning Tree in the Advanced Application Spanning Tree Protocol Configuration s...

Page 109: ...s Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row ar...

Page 110: ...Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwardin...

Page 111: ...trees Active Select this check box to activate an STP tree Clear this checkbox to disable an STP tree Note You must also activate Multiple Rapid Spanning Tree in the Advanced Application Spanning Tre...

Page 112: ...to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as so...

Page 113: ...e for Root and Our Bridge if the Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines...

Page 114: ...de 114 13 8 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Multiple STP on page 106 for more information on MSTP F...

Page 115: ...ormation about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise tempor...

Page 116: ...ecides which port should be disabled when more than one port forms a loop in a switch Ports with a higher priority numeric value are disabled first The allowed range is between 0 and 255 and the defau...

Page 117: ...ttings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make t...

Page 118: ...spanning tree the root bridge Our Bridge is this switch This Switch may also be the root bridge Bridge ID This is the unique identifier for this bridge consisting of bridge priority plus MAC address T...

Page 119: ...econfigured Time Since Last Change This is the time since the spanning tree was last reconfigured Instance These fields display the MSTI to VLAN mapping In other words which VLANs run on each spanning...

Page 120: ...fferent spanning trees in the network Thus traffic from the two VLANs travel on different paths The following figure shows the network example using MSTP Figure 79 MSTP Network Example 13 10 2 MST Reg...

Page 121: ...cific MSTI Each created MSTI is identified by a unique number known as an MST ID known internally to a region Thus an MSTI does not span across MST regions The following figure shows an example where...

Page 122: ...ocol GS2200 Series User s Guide 122 that runs between MST regions and single spanning tree devices A network may contain multiple MST regions and other network segments running RSTP Figure 81 MSTP and...

Page 123: ...an cap the maximum bandwidth using the Bandwidth Control screen Bandwidth control means defining a maximum allowable bandwidth for out going traffic flows on a port 14 1 1 What You Can Do Use the Band...

Page 124: ...o all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in t...

Page 125: ...ime memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configur...

Page 126: ...d on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast...

Page 127: ...me settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you m...

Page 128: ...g allows you to copy a traffic flow to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference 16 1 1 What You Can Do Use t...

Page 129: ...or Port The monitor port is the port you copy the traffic to in order to examine it in more detail without interfering with the traffic flow on the original port s Enter the port number of the monitor...

Page 130: ...ime memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configur...

Page 131: ...ne logical link in the trunk group and so on Use the Link Aggregation Setting screen Section 17 3 on page 134 to configure to enable static link aggregation Use the Link Aggregation Control Protocol s...

Page 132: ...k topology loops Link Aggregation ID LACP aggregation ID consists of the following information1 17 2 Link Aggregation Status Click Advanced Application Link Aggregation in the navigation panel The Lin...

Page 133: ...belonging to this trunk group and LACP is also enabled for this group Criteria This shows the outgoing traffic distribution algorithm used in this trunk group Packets from the same source and or to t...

Page 134: ...dvanced Application Link Aggregation Link Aggregation Setting The following table describes the labels in this screen Table 43 Advanced Application Link Aggregation Link Aggregation Setting LABEL DESC...

Page 135: ...addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distribute...

Page 136: ...mation on dynamic link aggregation Figure 87 Advanced Application Link Aggregation Link Aggregation Setting LACP The following table describes the labels in this screen Table 44 Advanced Application L...

Page 137: ...orts Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row...

Page 138: ...h B Figure 88 Trunking Example Physical Connections 2 Configure static trunking Click Advanced Application Link Aggregation Link Aggregation Setting In this screen activate trunk group T1 select the t...

Page 139: ...the Guest VLAN screen Section 18 3 on page 141 to activate IEEE 802 1x security 18 1 2 What You Need to Know IEEE 802 1x authentication uses the RADIUS Remote Authentication Dial In User Service RFC...

Page 140: ...the port authentication method both on the Switch and the port s then configure the RADIUS server settings in the Auth and Acct Radius Server Setup screen Click Advanced Application Port Authenticatio...

Page 141: ...s the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them A...

Page 142: ...feature on a port when a subnet based VLAN or protocol based VLAN is activated on the Switch Reauth Specify if a subscriber has to periodically re enter his or her username and password to stay conne...

Page 143: ...est Vlan A guest VLAN is a pre configured VLAN on the Switch that allows non authenticated users to access limited network resources through the Switch You must also enable IEEE 802 1x authentication...

Page 144: ...ply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your cha...

Page 145: ...r than the sum cannot exceed 16K For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port securi...

Page 146: ...eviously learned MAC addresses on the specified port s will become static MAC addresses and display in the Static MAC Forwarding screen MAC freeze Click MAC freeze to have the Switch automatically sel...

Page 147: ...number of dynamic MAC addresses that may be learned on a port For example if you set this field to 5 on port 2 then only the devices with these five learned MAC addresses may access port 2 at any one...

Page 148: ...twork performance and make the network inadequate for time critical application such as video on demand A classifier groups traffic into data flows according to specific criteria such as the source ad...

Page 149: ...riptive name for this rule for identifying purposes Layer 2 Specify the fields below to configure a layer 2 classifier Ethernet Type Select an Ethernet type or select Other and enter the Ethernet type...

Page 150: ...00000000 and counting up the number of ones in this case results in 24 Socket Number Note You must select either UDP or TCP in the IP Protocol field before you configure the socket numbers Select Any...

Page 151: ...DESCRIPTION Index This field displays the index number of the rule Click an index number to edit the rule Active This field displays Yes when the rule is activated and No when it is deactivated Name...

Page 152: ...lassifier Example The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 EGP 8 L2TP 115 Table 52 Common TCP and...

Page 153: ...0 Classifier GS2200 Series User s Guide 153 After you have configured a classifier you can configure a policy in the Policy screen to define action s on the classified traffic flow Figure 98 Classifie...

Page 154: ...on page 148 for more information A policy rule ensures that a traffic flow gets the requested treatment in the network 21 1 1 What You Can Do Use the Policy screen Section 21 2 on page 154 to enable t...

Page 155: ...ter a descriptive name for identification purposes Classifier s This field displays the active classifier s you configure in the Classifier screen Select the classifier s to which this policy rule app...

Page 156: ...will forward the packets If Policy 1 applies to Class 1 and the action is to drop the packets Policy 2 applies to Class 2 and the action is to enable bandwidth limitation the Switch will discard the p...

Page 157: ...table at the bottom of the Policy screen To change the settings of a rule click a number in the Index field Figure 100 Advanced Application Policy Rule Summary Table Delete Click Cancel to clear the D...

Page 158: ...Guide 158 21 3 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier refer to Section...

Page 159: ...highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent S...

Page 160: ...field rather than a fixed amount of bandwidth WRR is activated only when a port has more traffic than it can handle Queues with larger weights get more service than queues with smaller weights This qu...

Page 161: ...n the Weight field Queues with larger weights get more guaranteed bandwidth than queues with smaller weights Weighted Round Robin Scheduling services queues on a rotating basis based on their queue we...

Page 162: ...ast group membership information and add VLANs upon which the Switch is to perform IGMP snooping Use the IGMP Filtering Profile screen Section 23 5 on page 169 to specify a range of multicast groups t...

Page 163: ...ing VLAN MVR Overview Multicast VLAN Registration MVR is designed for applications such as Media on Demand MoD that use multicast traffic across an Ethernet ring based service provider network MVR all...

Page 164: ...channel computer A sends an IGMP report to the Switch to join the appropriate multicast group If the IGMP report matches one of the configured MVR multicast group addresses on the Switch an entry is c...

Page 165: ...See Section 23 1 on page 162 for more information on multicasting Figure 106 Advanced Application Multicast Multicast Setting Table 55 Advanced Application Multicast Status LABEL DESCRIPTION Index Thi...

Page 166: ...orward a packet with the destination IP address within this range to other networks See the IANA web site for more information The layer 2 multicast MAC addresses used by Cisco layer 2 protocols 01 00...

Page 167: ...ast Setting IGMP Filtering Profile screen IGMP Querier Mode The Switch treats an IGMP query port as being connected to an IGMP multicast router or server The Switch forwards IGMP join or leave packets...

Page 168: ...he MVR screen you can only specify up to 15 VLANs in this screen The Switch drops any IGMP control messages which do not belong to these 16 VLANs Note You must also enable IGMP snooping in the Multica...

Page 169: ...Cancel to reset the fields to your previous configuration Clear Click this to clear the fields Index This is the number of the IGMP snooping VLAN entry in the table Name This field displays the descri...

Page 170: ...if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to clear the fields...

Page 171: ...ation purposes Multicast VLAN ID Enter the VLAN ID 1 to 4094 of the multicast VLAN 802 1p Priority Select a priority level 0 7 with which the Switch replaces the priority in outgoing IGMP control pack...

Page 172: ...is sent or received on this port Tagging Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted Add Click Add to save your changes to the Switch s run time me...

Page 173: ...page 162 for more information on IP multicast addresses End Address Enter the ending IP multicast address of the multicast group in dotted decimal notation Enter the same IP address as the Start Addre...

Page 174: ...23 Multicast GS2200 Series User s Guide 174 To configure the MVR settings on the Switch create a multicast group in the MVR screen and set the receiver and source ports Figure 112 MVR Configuration E...

Page 175: ...raffic to the subscribers configure multicast group settings in the Group Configuration screen The following figure shows an example where two multicast groups News and Movie are configured for the mu...

Page 176: ...4 on page 180 to configure your TACACS authentication settings Use the AAA Setup screen Section 24 5 on page 182 to specify the methods used to authenticate users accessing the Switch and specify whi...

Page 177: ...cribes some key differences between RADIUS and TACACS 24 2 AAA Screens The AAA screens allow you to enable authentication and authorization or both of them on the Switch First configure your authentic...

Page 178: ...econd RADIUS server Select round robin to alternate between the RADIUS servers that it sends authentication requests to Timeout Specify the amount of time in seconds that the Switch waits for an authe...

Page 179: ...rver Index This is a read only number representing a RADIUS accounting server entry IP Address Enter the IP address of an external RADIUS accounting server in dotted decimal notation UDP Port The defa...

Page 180: ...icate with the first configured TACACS server if the TACACS server does not respond then the Switch tries to authenticate with the second TACACS server Select round robin to alternate between the TACA...

Page 181: ...nds that the Switch waits for an accounting request response from the TACACS server Index This is a read only number representing a TACACS accounting server entry IP Address Enter the IP address of an...

Page 182: ...r Switch management Configure the access privilege of accounts via commands See the CLI Reference Guide for local authentication The TACACS and RADIUS are external servers Before you specify the prior...

Page 183: ...erver Active Select this to activate authorization for a specified event types Method Select whether you want to use RADIUS or TACACS for authorization of specific types of events RADIUS is the only m...

Page 184: ...at comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server Mode The Switch supports two modes of recording login events Select start stop to have the Swit...

Page 185: ...for authentication This section lists the attributes used by authentication functions on the Switch In cases where the attribute has a specific format associated with it the format is specified Table...

Page 186: ...User Name The format of the User Name attribute is enab where is the privilege level 1 14 User Password NAS Identifier NAS IP Address 24 6 3 2 Attributes Used to Login Users User Name User Password NA...

Page 187: ...snooping on the Switch not on specific VLAN specify the VLAN where the default DHCP server is located and configure the DHCP snooping database Use the DHCP Snooping Port Configure screen Section 25 5...

Page 188: ...RP packets typical implementation you have to enable DHCP snooping before you enable ARP inspection 25 2 IP Source Guard Use this screen to look at the current bindings for DHCP snooping and ARP inspe...

Page 189: ...ding the new static binding replaces the original one To open this screen click Advanced Application IP Source Guard Static Binding Figure 121 IP Source Guard Static Binding Type This field displays h...

Page 190: ...static bindings from previously learned ARP entries which match the specified criteria and display them in the lower part of the screen Static Binding MAC Address Enter the source MAC address in the...

Page 191: ...igure screen See Section 25 5 on page 193 Agent URL This field displays the location of the DHCP snooping database Write delay timer This field displays how long in seconds the Switch tries to complet...

Page 192: ...s the Switch could not create or read the DHCP snooping database when the Switch started up or a new URL is configured for the DHCP snooping database Successful transfers This field displays the numbe...

Page 193: ...the DHCP binding database Total ignored bindings counters This section displays the reasons the Switch has ignored bindings any time it read bindings from the DHCP binding database You can clear these...

Page 194: ...rs on a specific VLAN Note You have to enable DHCP snooping on the DHCP VLAN too You can enable Option82 in the DHCP Snooping VLAN Configure screen Section 25 5 2 on page 197 to help the DHCP servers...

Page 195: ...Snooping URL Enter the location of a DHCP snooping database and click Renew if you want the Switch to load it You can use this to load dynamic bindings from a different DHCP snooping database than the...

Page 196: ...nected to DHCP servers or other switches and the Switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high Untrusted ports are connected to subscribers...

Page 197: ...y the VLANs you want to manage in the section below Start VID Enter the lowest VLAN ID you want to manage in the section below End VID Enter the highest VLAN ID you want to manage in the section below...

Page 198: ...ower so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last s...

Page 199: ...ncel Click this to clear the Delete check boxes above Change Pages Click Previous or Next to show the previous next screen if all status information cannot be seen in one screen Table 73 ARP Inspectio...

Page 200: ...RP Inspection Log Status LABEL DESCRIPTION Clearing log status table Click Apply to remove all the log messages that were generated by ARP packets and that have not been sent to the syslog server yet...

Page 201: ...ng with the same MAC address and VLAN ID static deny An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID deny An ARP packet was discarded because the...

Page 202: ...re dropped due to unavailable buffer Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter See Section 25 8 on page 200 Syslog rate Enter the...

Page 203: ...in the ARP packet does not match any of the current bindings The rate at which ARP packets arrive is too high You can specify the maximum rate at which ARP packets can arrive on untrusted ports Limit...

Page 204: ...our changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last saved values Table 77 ARP Inspection Port Configure continued LA...

Page 205: ...witch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet...

Page 206: ...g consists of 72 bytes a space and another checksum that is used to validate the binding when it is read If the calculated checksum is not equal to the checksum in the file that binding and all others...

Page 207: ...ts the ARP request for computer A Then computer X does the following things It pretends to be computer A and responds to computer B It pretends to be computer B and sends a message to computer A As a...

Page 208: ...he rate at which ARP packets arrive is too high 25 10 2 3 Syslog The Switch can send syslog messages to the specified syslog server Chapter 37 on page 281 when it forwards or discards ARP packets The...

Page 209: ...tion 26 1 1 What You Can Do Use the Loop Guard screen Section 26 2 on page 211 to enable loop guard on the Switch and in specific ports 26 1 2 What You Need to Know Loop guard is designed to handle lo...

Page 210: ...packet and seeing if the packet returns on the same port If this is the case the Switch will shut down the port connected to the switch in loop state The following figure shows a loop guard enabled po...

Page 211: ...p problem on your network you can re activate the disabled port via the web configurator see Section 8 7 on page 69 or via commands See the CLI Reference Guide 26 2 Loop Guard Setup Click Advanced App...

Page 212: ...hanges in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to chec...

Page 213: ...2 in the following figure to tunnel layer 2 STP Spanning Tree Protocol CDP Cisco Discovery Protocol and VTP VLAN Trunking Protocol packets between customer switches A B and C in the following figure c...

Page 214: ...er 2 protocol tunneling modes Access and Tunnel The Access port is an ingress port on the service provider s edge device 1 or 2 in Figure 140 on page 214 and connected to a customer switch A or B Inco...

Page 215: ...ddress with which the Switch uses to encapsulate the layer 2 protocol packets by replacing the destination MAC address in the packets Note The MAC address can be either a unicast MAC address or multic...

Page 216: ...er to automatically negotiate and build a logical port aggregation LACP Select this option to have the Switch send LACP packets to a peer to dynamically creates and manages trunk groups UDLD Select th...

Page 217: ...on the Switch Use the PPPoE Per Port screen Section 28 3 1 on page 221 to set the port state and configure PPPoE intermediate agent sub options on a per port basis Use the PPPoE Per Port Per VLAN scr...

Page 218: ...the Switch adds the user defined identifier string and variables into the Agent Circuit ID Sub option The variables can be the slot ID of the PPPoE client the port number of the PPPoE client and or t...

Page 219: ...nt but received on a trusted port the Switch forwards it to other trusted port s Note The Switch will drop all PPPoE discovery packets if you enable the PPPoE intermediate agent and there are no trust...

Page 220: ...PADI and PADR packets The Circuit ID you configure for a specific port or for a specific VLAN on a port has priority over this The Circuit ID you configure for a specific port in the Advanced Applicat...

Page 221: ...Circuit ID sub option The variable options include sp sv pv and spv which indicate combinations of slot port slot VLAN port VLAN and slot port VLAN respectively The Switch enters a zero into the PADI...

Page 222: ...E client and received on an untrusted port the Switch adds a vendor specific tag to the packet and then forwards it to the trusted port s The Switch discards PADO and PADS packets which are sent from...

Page 223: ...ings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Note Changes in this row are copied to all th...

Page 224: ...k Apply to display the specified range of VLANs in the section below VID This field displays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to...

Page 225: ...configure the screen in this chapter 29 1 2 1 CPU Protection Switches exchange protocol control packets in a network to get the latest networking information If a switch receives large numbers of cont...

Page 226: ...iguration Use this screen to limit the maximum number of control packets ARP BPDU and or IGMP that the Switch can receive or transmit on a port Click the Click Here link next to CPU protection in the...

Page 227: ...as you make them Rate Limit pkt s Enter a number from 0 to 256 to specify how many control packets this port can receive or transmit per second 0 means no rate limit You can configure the action that...

Page 228: ...t rate limitation The Switch drops the additional control packets the port has to handle in every one second Apply Click Apply to save your changes to the Switch s run time memory The Switch loses the...

Page 229: ...nter the number of seconds from 30 to 2592000 for the time interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses p...

Page 230: ...Chapter 29 Error Disable GS2200 Series User s Guide 230...

Page 231: ...data to a server or device that is not reachable through the default gateway for example when sending SNMP traps or using ping to test IP connectivity This figure shows a Telnet session coming in from...

Page 232: ...your Switch that will forward the packet to the destination The gateway must be a router on the same segment as your Switch Metric The metric represents the cost of transmission for routing purposes I...

Page 233: ...ddress This field displays the IP address of the gateway The gateway is an immediate neighbor of your Switch that will forward the packet to the destination Metric This field displays the cost of tran...

Page 234: ...very flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 31 1 1 What You Can Do Use the DiffServ screen Section 31 2 on page...

Page 235: ...value the incoming packets into different traffic flows Platinum Gold Silver Bronze based on the configured marking rules A network administrator can then apply various traffic policies to the traffi...

Page 236: ...k the DSCP Setting link in the DiffServ screen to display the screen as shown next Figure 156 IP Application DiffServ DSCP Setting Table 94 IP Application DiffServ LABEL DESCRIPTION Active Select this...

Page 237: ...cation number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses thes...

Page 238: ...e 241 to configure your DHCP settings based on the VLAN domain of the DHCP clients 32 1 2 What You Need to Know Read on for concepts on DHCP that can help you configure the screens in this chapter DHC...

Page 239: ...s helps provide authentication about the source of the requests The DHCP server can then provide an IP address based on this information Please refer to RFC 3046 for more details The DHCP Relay Agent...

Page 240: ...on DHCP Global LABEL DESCRIPTION Active Select this check box to enable DHCP relay Remote DHCP Server 1 3 Enter the IP address of a DHCP server in dotted decimal notation Relay Agent Information Selec...

Page 241: ...itch to send additional information such as the VLAN ID together with the DHCP requests to the DHCP server This allows the DHCP server to assign the appropriate IP address according to the VLAN ID Fig...

Page 242: ...t number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This read only field displays the system name you configure in the General Setup screen Select the...

Page 243: ...sent to the other DHCP server with an IP address of 172 23 10 100 Figure 162 DHCP Relay for Two VLANs For the example network configure the VLAN Setting screen as shown Figure 163 DHCP Relay for Two...

Page 244: ...ts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In a...

Page 245: ...ich both the source and destination IP address fields are set to the IP address of the device that sends this request and the destination MAC address field is set to the broadcast address There will b...

Page 246: ...he Switch then forwards host B s ICMP reply to host A right after getting host B s MAC address and ICMP reply 33 2 Configuring ARP Learning Click IP Application ARP Learning in the navigation panel to...

Page 247: ...RP learning mode the Switch uses on the port Select ARP Reply to have the Switch update the ARP table only with the ARP replies to the ARP requests sent by the Switch Select Gratuitous ARP to have the...

Page 248: ...Chapter 33 ARP Learning GS2200 Series User s Guide 248...

Page 249: ...ction 34 4 on page 252 to upload a stored device configuration file Use the Backup Configuration screen Section 34 5 on page 252 to save your configurations for later use 34 2 The Maintenance Screen U...

Page 250: ...on settings to Configuration 2 on the Switch Alternatively click Save on the top right hand corner in any screen to save the configuration changes to the current configuration Note Clicking the Apply...

Page 251: ...h 34 3 Firmware Upgrade Use the following screen to upgrade your Switch to the latest firmware Make sure you have downloaded and unzipped the correct model firmware and version to your computer before...

Page 252: ...is screen 34 5 Backup a Configuration File Use this screen to save and store your current device settings Backing up your Switch configurations allows you to create various snap shots of your device f...

Page 253: ...he computer file firmware bin to the Switch ftp get config config cfg This is a sample FTP session saving the current configuration to a file called config cfg on your computer If your T FTP client do...

Page 254: ...of the commands that you may see in GUI based FTP clients 34 6 5 FTP Restrictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote M...

Page 255: ...p screen Section 35 3 1 on page 258 to specify the types of SNMP traps that should be sent to each SNMP manager Use the User Information screen Section 35 3 2 on page 259 to create SNMP users for auth...

Page 256: ...reen as shown Figure 172 Management Access Control SNMP The following table describes the labels in this screen Table 105 Management Access Control SNMP LABEL DESCRIPTION General Setting Use this sect...

Page 257: ...Destination Use this section to configure where to send SNMP traps from the Switch Version Specify the version of the SNMP trap messages IP Enter the IP addresses of up to four managers to send your...

Page 258: ...ories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See SNMP Traps on page 265 for individual tra...

Page 259: ...implement authentication and or encryption for SNMP communication from this user Choose noauth to use the username as the password string to send to the SNMP manager This is equivalent to the Get Set...

Page 260: ...nts readwrite Members of this group have read and write rights meaning that the user can create and edit the MIBs on the Switch except the user account and AAA configuration readonly Members of this g...

Page 261: ...default password when shipped New Password Enter your new system password Retype to confirm Retype your new system password for confirmation Edit Logins You may configure passwords for up to four user...

Page 262: ...Control Service Access Control LABEL DESCRIPTION Services Services you may use to access the Switch are listed here Active Select this option for the corresponding services that you want to allow to a...

Page 263: ...ient set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this...

Page 264: ...switch into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed...

Page 265: ...B for TCP RFC 2013 SNMPv2 MIB for UDP SNMP Traps The Switch sends traps to an SNMP manager when an event occurs The following tables outline the SNMP traps by category An OID Object ID that begins wit...

Page 266: ...normal operating range reset UncontrolledResetEventOn 1 3 6 1 4 1 890 1 5 8 55 27 2 1 1 3 6 1 4 1 890 1 5 8 56 27 2 1 1 3 6 1 4 1 890 1 5 8 59 27 2 1 1 3 6 1 4 1 890 1 5 8 60 27 2 1 This trap is sent...

Page 267: ...ecified recovery interval fanspeed FanSpeedEventOn 1 3 6 1 4 1 890 1 5 8 56 27 2 1 1 3 6 1 4 1 890 1 5 8 60 27 2 1 This trap is sent when the fan speed goes above or below the normal operating range F...

Page 268: ...8802 1 1 2 0 0 1 This trap is sent when the LLDP Link Layer Discovery Protocol remote topology changes transceiver ddm DDMIRxPowerEventOn DDMITemperatureEventOn DDMITxBiasEventOn DDMITxPowerEventOn D...

Page 269: ...nting RADIUSAccNotNotReachableE ventOn 1 3 6 1 4 1 890 1 5 8 55 27 2 1 1 3 6 1 4 1 890 1 5 8 56 27 2 1 1 3 6 1 4 1 890 1 5 8 59 27 2 1 1 3 6 1 4 1 890 1 5 8 60 27 2 1 This trap is sent when there is n...

Page 270: ...60 36 2 2 This trap is sent when the MRSTP topology changes MSTPTopologyChange 1 3 6 1 4 1 890 1 5 8 55 107 70 2 1 3 6 1 4 1 890 1 5 8 56 107 70 2 1 3 6 1 4 1 890 1 5 8 59 107 70 2 1 3 6 1 4 1 890 1...

Page 271: ...7 2 1 How SSH works The following table summarizes how a secure connection is established between two remote hosts Figure 180 How SSH Works 1 Host Identification The SSH client sends a connection requ...

Page 272: ...Transfer Protocol over Secure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transact...

Page 273: ...our browser enter https Switch IP Address as the web site address where Switch IP Address is the IP address or domain name of the Switch you wish to access Internet Explorer Warning Messages Internet...

Page 274: ...If that is the case click Continue to this website not recommended to proceed to the web configurator login screen Figure 183 Security Certificate Warning Internet Explorer 7 or 8 After you log in you...

Page 275: ...r 35 Access Control GS2200 Series User s Guide 275 Click Install Certificate and follow the on screen instructions to install the certificate in your browser Figure 185 Certificate Internet Explorer 7...

Page 276: ...ozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server a This Connection is Unstructed screen may display If that is the case click I Understand the Risks and then the Add...

Page 277: ...ion to proceed to the web configurator login screen Figure 187 Security Alert Mozilla Firefox 35 7 3 2 The Main Screen After you accept the certificate and enter the login username and password the Sw...

Page 278: ...35 Access Control GS2200 Series User s Guide 278 Mozilla Firefox or next to the address bar in Internet Explorer 7 or 8 denotes a secure connection Figure 188 Example Lock Denoting a Secure Connection...

Page 279: ...ostic Click Management Diagnostic in the navigation panel to open this screen Use this screen to check system logs ping IP addresses or perform port tests Figure 189 Management Diagnostic The followin...

Page 280: ...vice that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address in the field to the left Ethernet Port Test Enter a port number and click Port Test to perfor...

Page 281: ...s The following table describes the syslog severity levels 37 1 1 What You Can Do Use the Syslog Setup screen Section 37 2 on page 281 to configure the device s system logging settings Use the Syslog...

Page 282: ...he names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category Facility The log facility allows you to send...

Page 283: ...mber the more critical the logs are Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top...

Page 284: ...ther In the following example switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members Figure 192 Clustering Application Example T...

Page 285: ...wing table describes the labels in this screen Table 122 Management Cluster Management Status LABEL DESCRIPTION Status This field displays the role of this Switch within the cluster Manager Member you...

Page 286: ...guration Model This field displays the model name Status This field displays Online the cluster member switch is accessible Error for example the cluster member switch password was changed or the swit...

Page 287: ...ndidates found by auto discovery is shown here The switches must be directly connected Directly connected switches that are set to be cluster managers will not be visible in the Clustering Candidate l...

Page 288: ...gement Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch s web configurator ho...

Page 289: ...a0 c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 400BPN0 bin fw 00...

Page 290: ...MAC Table screen Section 39 2 on page 291 to check whether the MAC address is dynamic or static 39 1 2 What You Need to Know The Switch uses the MAC table to determine how to forward frames See the f...

Page 291: ...destination port is the same as the port it came in on then it filters the frame Figure 197 MAC Table Flowchart 39 2 Viewing the MAC Table Use this screen to check whether the MAC address is dynamic o...

Page 292: ...ct VID to display and arrange the data according to VLAN group Select PORT to display and arrange the data according to port number Transfer Type Select Dynamic to MAC forwarding and click the Transfe...

Page 293: ...RP program looks in the ARP Table and if it finds the address sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills i...

Page 294: ...dynamic entries learned on the specified port Flush Click Flush to remove the ARP entries according to the condition you specified Cancel Click Cancel to return the fields to the factory defaults Inde...

Page 295: ...ou how you can copy the settings of one port onto other ports 41 2 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Ma...

Page 296: ...2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings you configured in the Basic Setti...

Page 297: ...e the power adaptor or cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or cord to th...

Page 298: ...page 39 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address use the ne...

Page 299: ...in later Check that you have enabled logins for HTTP or Telnet If you have configured a secured client IP address your computer s IP address must match it Refer to the chapter on access control for de...

Page 300: ...telnet HTTP and SSH see Section 35 6 on page 262 Computers not belonging to the secured client set cannot get permission to access the Switch 42 3 Switch Configuration I lost my configuration settings...

Page 301: ...fuse housing 3 A burnt out fuse is blackened darkened or cloudy inside its glass casing A working fuse has a completely clear glass casing Pull gently but firmly to remove the burnt out fuse from the...

Page 302: ...Appendix A Changing a Fuse GS2200 Series User s Guide 302...

Page 303: ...ns in which this service is used Table 128 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this servi...

Page 304: ...t sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary co...

Page 305: ...UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments...

Page 306: ...Appendix B Common Services GS2200 Series User s Guide 306...

Page 307: ...ted and found to comply with the limits for a Class A digital switch pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a c...

Page 308: ...ion Make sure to connect the cables to the correct ports Place connecting cables carefully so that no one will step on them or stumble over them Always disconnect all cables from this device before se...

Page 309: ...Appendix C Legal Information GS2200 Series User s Guide 309 ROHS...

Page 310: ...Appendix C Legal Information GS2200 Series User s Guide 310...

Page 311: ...208 syslog messages 208 trusted ports 208 authentication 176 setup 182 Authentication and Authorization see AAA 176 authorization 176 privilege levels 182 184 setup 182 auto crossover 28 automatic VLA...

Page 312: ...ing time 64 default Ethernet settings 28 DHCP 238 configuration options 238 modes 238 Option 82 239 overview 238 relay agent 238 relay agent information 239 relay example 242 setup 241 VLAN setting 24...

Page 313: ...e Registration Protocol 78 GARP terminology 78 GARP timer 65 78 general setup 63 getting help 40 Gigabit ports 27 GMT Greenwich Mean Time 64 Guide CLI Reference 2 GVRP 78 84 85 and port assignment 85...

Page 314: ...distribution algorithm 133 traffic distribution type 135 trunk group 131 Link Aggregation Control Protocol LACP 131 Link Aggregation Control Protocol see LACP 131 lockout 38 log 279 login 33 password...

Page 315: ...h cost 116 port priority 116 revision level 115 status 117 MTU Multi Tenant Unit 64 Multicast 162 multicast 162 802 1 priority 166 and IGMP 162 IGMP throttling 167 IP addresses 162 overview 162 setup...

Page 316: ...iority queue assignment 66 product registration 308 protocol based VLAN 88 and IEEE 802 1Q tagging 88 application example 88 configuration example 93 isolate traffic 88 priority 89 un tagged packets 8...

Page 317: ...188 static link aggregation example 137 static MAC address 95 static MAC forwarding 86 88 95 static multicast address 97 static multicast forwarding 97 static routes 233 static trunking example 137 St...

Page 318: ...l Link Detection see UDLD untrusted ports ARP inspection 208 DHCP snooping 205 PPPoE IA 219 user profiles 177 V Vendor Specific Attribute See VSA 184 ventilation 21 VID 80 81 number of possible VIDs 7...

Page 319: ...200 Series User s Guide 319 login 33 logout 40 navigation panel 35 weight queuing 160 Weighted Round Robin Scheduling WRR 160 WRR Weighted Round Robin Scheduling 159 Z ZyNOS ZyXEL Network Operating Sy...

Page 320: ...Index GS2200 Series User s Guide 320...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands