manualshive.com logo in svg

ZyXEL Communications MG1930-30, User Manual

The ZyXEL Communications MG1930-30 is a high-performance networking device that offers seamless connectivity. To ensure a smooth user experience, we provide a comprehensive and easy-to-follow User Manual. Download this manual for free from our website, empowering you to make the most of your device's features and capabilities.

Share
Download
background image

 Chapter 38 Access Control

XMG1930 Series User’s Guide

315

C

HAPTER

 38

Access Control

38.1  Access Control Overview

This chapter describes how to control access to the Switch.

FTP is allowed one session each, Telnet and SSH share nine sessions, up to five web sessions (five different 
user names and passwords) and/or limitless SNMP access control sessions are allowed.

38.1.1  What You Can Do

• Use the 

Access Control 

screen (

Section 38.2 on page 315

to display the main screen.

• Use the 

SNMP 

screen (

Section 38.3 on page 316

) to configure your SNMP settings.

• Use the 

Trap Group 

screen (

Section 38.3.1 on page 317

) to specify the types of SNMP traps that should 

be sent to each SNMP manager.

• Use the 

User Information 

screen (

Section 38.3.3 on page 319

) to create SNMP users for authentication 

with managers using SNMP v3 and associate them to SNMP groups.

• Use the 

Logins 

screens (

Section 38.4 on page 321

to assign which users can access the Switch 

through Web Configurator at any one time.

• Use the 

Service Access Control 

screen (

Section 38.5 on page 322

) to decide what services you may 

use to access the Switch.

• Use the 

Remote Management 

screen (

Section 38.6 on page 323

) to specify a group of one or more 

“trusted computers” from which an administrator may use a service to manage the Switch.

• Use the 

Account Security 

screen (

Section 38.7 on page 324

) to encrypt all passwords configured in 

the Switch. You can also display the authentication, authorization, external authentication server 

information (RADIUS), system and SNMP user account information in the configuration file saved.

38.2  Access Control Main Settings

Use this screen to display the main screen.

Click 

Management

 > 

Access Control 

in the navigation panel to display the main screen as shown.

Table 160   Access Control Overview

SSH

Telnet

FTP

Web

SNMP

Share up to nine sessions

One session

Up to five accounts  No limit

Summary of Contents for MG1930-30

Page 1: ... Smart Managed Layer 2 Switch 30 port Multi Gigabit Smart Managed Layer 2 PoE Switch Copyright 2022 Zyxel and or its affiliates All Rights Reserved Management IP Address http DHCP assigned IP or http 192 168 1 1 User Name admin Password 1234 Version 4 70 Edition 2 06 2022 ...

Page 2: ...very effort has been made to ensure that the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the Switch Online Help Click the help link for a description of the fields in the Switch menus Nebula Control Center NCC User s Guide Go to nebula zyxel com or support zyxel com to get this User s Guide on how to configure the Switch...

Page 3: ...s field labels and field choices are all in bold font A right angle bracket within a screen name denotes a mouse click For example Basic Setting IP Setup IP Configuration Network Proxy Configuration means you first click Basic Setting in the navigation panel then the IP Setup sub menu then IP Configuration and finally Network Proxy Configuration to get to that screen Icons Used in Figures Figures ...

Page 4: ...MAC Forwarding 138 Static Multicast Forwarding 140 Filtering 145 Spanning Tree Protocol 147 Bandwidth Control 162 Broadcast Storm Control 164 Mirroring 166 Link Aggregation 168 Port Authentication 176 Port Security 185 Time Range 187 Classifier 189 Policy Rule 198 Queuing Method 202 Multicast 205 AAA 213 DHCP Snooping 221 Loop Guard 232 Layer 2 Protocol Tunneling 235 PPPoE 239 Error Disable 247 Gr...

Page 5: ...ccess Control 315 Diagnostic 337 System Log 340 Syslog Setup 341 Cluster Management 344 MAC Table 350 IP Table 353 ARP Table 355 Routing Table 357 Path MTU Table 359 Configure Clone 360 IPv6 Neighbor Table 363 Port Status 365 Troubleshooting and Appendices 373 Troubleshooting 374 ...

Page 6: ...e Application 26 1 2 3 Bridging or Fiber Optic Uplink Example Application 27 1 2 4 High Performance Switching Example 27 1 2 5 IEEE 802 1Q VLAN Application Examples 28 1 3 Ways to Manage the Switch 28 1 4 Good Habits for Managing the Switch 29 Chapter 2 Hardware Installation and Connection 30 2 1 Installation Scenarios 30 2 2 Safety Precautions 30 2 3 Desktop Installation Procedure 30 2 4 Mounting...

Page 7: ...ne Network ZON Utility 51 4 3 1 Requirements 51 4 3 2 Run the ZON Utility 52 4 4 Wizard 55 4 4 1 Basic 56 4 4 2 Protection 60 4 4 3 VLAN 63 4 4 4 QoS 64 4 5 Web Configurator Layout 65 4 5 1 Change Your Password 69 4 6 Save Your Configuration 70 4 7 Switch Lockout 70 4 8 Reset the Switch 71 4 8 1 Restore Button 71 4 8 2 Restore Custom Default 71 4 8 3 Reboot the Switch 71 4 9 Log Out of the Web Con...

Page 8: ...Basic Setting 88 8 1 Overview 88 8 1 1 What You Can Do 88 8 2 System Information 88 8 3 General Setup 90 8 4 Switch Setup 92 8 4 1 Introduction to VLANs 92 8 4 2 Setting up 93 8 5 IP Setup 94 8 5 1 IP Interfaces 94 8 5 2 IP Status 95 8 5 3 IP Status Details 95 8 5 4 IP Configuration 97 8 5 5 Network Proxy Configuration 98 8 6 Port Setup 99 8 7 PoE Status 101 8 7 1 PoE Time Range Setup 103 8 7 2 Po...

Page 9: ... 1Q Tagged VLANs 123 9 3 VLAN Status 126 9 3 1 VLAN Details 127 9 4 VLAN Configuration 128 9 5 Configure a Static VLAN 129 9 6 Configure VLAN Port Settings 130 9 7 Voice VLAN 131 9 8 Vendor ID Based VLAN 133 9 9 Port Based VLAN Setup 135 9 9 1 Configure a Port Based VLAN 135 Chapter 10 Static MAC Forwarding 138 10 1 Overview 138 10 1 1 What You Can Do 138 10 2 Configure Static MAC Forwarding 138 C...

Page 10: ...ltiple Spanning Tree Protocol Port Configuration 156 13 7 Multiple Spanning Tree Protocol Status 157 13 8 Technical Reference 159 13 8 1 MSTP Network Example 159 13 8 2 MST Region 160 13 8 3 MST Instance 160 13 8 4 Common and Internal Spanning Tree CIST 161 Chapter 14 Bandwidth Control 162 14 1 Bandwidth Control Overview 162 14 1 1 What You Can Do 162 14 2 Bandwidth Control Setup 162 Chapter 15 Br...

Page 11: ...3 Activate IEEE 802 1x Security 178 18 4 Activate MAC Authentication 180 18 5 Guest VLAN 181 Chapter 19 Port Security 185 19 1 Port Security Overview 185 19 2 About Port Security 185 19 3 Port Security Setup 185 Chapter 20 Time Range 187 20 1 Time Range Overview 187 20 1 1 What You Can Do 187 20 2 Configuring Time Range 187 Chapter 21 Classifier 189 21 1 Classifier Overview 189 21 1 1 What You Can...

Page 12: ...4 3 IPv4 Multicast Status 206 24 3 1 IGMP Snooping 207 24 3 2 IGMP Snooping VLAN 210 24 3 3 IGMP Filtering Profile 211 Chapter 25 AAA 213 25 1 Authentication Authorization and Accounting AAA 213 25 1 1 What You Can Do 213 25 1 2 What You Need to Know 213 25 2 AAA Screens 214 25 3 RADIUS Server Setup 214 25 4 AAA Setup 216 25 5 Technical Reference 218 25 5 1 Vendor Specific Attribute 218 25 5 2 Sup...

Page 13: ...figuring Layer 2 Protocol Tunneling 236 Chapter 29 PPPoE 239 29 1 PPPoE Intermediate Agent Overview 239 29 1 1 What You Can Do 239 29 1 2 What You Need to Know 239 29 2 PPPoE 241 29 3 PPPoE Intermediate Agent 242 29 3 1 PPPoE IA Per Port 243 29 3 2 PPPoE IA Per Port Per VLAN 244 29 3 3 PPPoE IA for VLAN 245 Chapter 30 Error Disable 247 30 1 Error Disable Overview 247 30 1 1 CPU Protection Overview...

Page 14: ...2 LLDP Configuration Org specific TLV Setting 272 32 7 LLDP MED Configuration 273 32 8 LLDP MED Network Policy 273 32 9 LLDP MED Location 275 Chapter 33 Port Buffer 278 33 1 Overview 278 33 1 1 What You Can Do 278 33 2 Port Buffer Setting 278 Chapter 34 Static Route 280 34 1 Static Routing Overview 280 34 1 1 What You Can Do 280 34 2 Static Routing 281 34 3 IPv4 Static Route 281 34 4 IPv6 Static R...

Page 15: ...2 2 Static ARP 300 Chapter 37 Maintenance 302 37 1 Overview 302 37 1 1 What You Can Do 302 37 2 Maintenance Settings 302 37 2 1 Erase Running Configuration 304 37 2 2 Save Configuration 304 37 2 3 Reboot System 304 37 2 4 Factory Default 305 37 2 5 Custom Default 305 37 3 Firmware Upgrade 306 37 4 Restore Configuration 307 37 5 Backup Configuration 308 37 6 Tech Support 308 37 6 1 Tech Support Dow...

Page 16: ...rence 326 38 8 1 About SNMP 326 38 8 2 SSH Overview 329 38 8 3 Introduction to HTTPS 330 38 8 4 Google Chrome Warning Messages 334 Chapter 39 Diagnostic 337 39 1 Overview 337 39 2 Diagnostic 337 Chapter 40 System Log 340 40 1 Overview 340 40 2 System Log 340 Chapter 41 Syslog Setup 341 41 1 Syslog Overview 341 41 1 1 What You Can Do 341 41 2 Syslog Setup 341 Chapter 42 Cluster Management 344 42 1 ...

Page 17: ...to Know 355 45 2 Viewing the ARP Table 355 Chapter 46 Routing Table 357 46 1 Routing Table Overview 357 46 2 Routing Table Main Screen 357 46 3 IPv4 Routing Table 357 46 4 IPv6 Routing Table 358 Chapter 47 Path MTU Table 359 47 1 Path MTU Overview 359 47 2 Viewing the Path MTU Table 359 Chapter 48 Configure Clone 360 48 1 Overview 360 48 2 Configure Clone 360 Chapter 49 IPv6 Neighbor Table 363 49 ...

Page 18: ... Utilization 371 Part III Troubleshooting and Appendices 373 Chapter 51 Troubleshooting 374 51 1 Power Hardware Connections and LEDs 374 51 2 Switch Access and Login 375 51 3 Switch Configuration 376 Appendix A Customer Support 378 Appendix B Common Services 383 Appendix C IPv6 386 Appendix D Legal Information 395 Index 400 ...

Page 19: ...19 PART I User s Guide ...

Page 20: ...in standalone mode it can be configured and managed by the Web Configurator When the Switch is in Nebula cloud management mode it can be managed and provisioned by the Zyxel Nebula Control Center NCC The following table describes the hardware features of the Switch by model 1 1 1 Multi Gigabit A 10 Gigabit port supports speeds of 10G if the connected device supports 10G and a Cat 6a up to 100 m or...

Page 21: ...ernet connections over Cat 5e and higher Ethernet cables Multi Gigabit ports are also backward compatible with 100 Mbps and 1 Gigabit ports Figure 1 Multi Gigabit Application See the following table for the cables required and distance limitation to attain the corresponding speed Note Make sure to select the correct speed for the port in Basic Setting Port Setup 1 1 2 Management Modes NebulaFlex m...

Page 22: ...covery is enabled in Basic Setting Cloud Management Nebula Control Center Discovery in the Switch Web Configurator Note See the Switch s datasheet for the feature differences between standalone and Nebula cloud management modes You can find the Switch s datasheet at the Zyxel website See the NCC Nebula Control Center User s Guide for how to configure the Switch using Nebula Figure 2 NCC Example Ne...

Page 23: ...abel on the Switch Use the Zyxel Nebula Mobile App to Register the Switch 1 Download and open the Zyxel Nebula Mobile app in your mobile device Click Start on the first page Click Create account to create a myZyxel account or enter your existing account information to log in 2 Create an organization and site or select an existing organization using the Zyxel Nebula Mobile app 3 Select a site and s...

Page 24: ... proprietary software program called Zyxel One Network ZON Utility it is a utility tool that assists you to set up and maintain network devices in a more simple and efficient way You can download the ZON Utility at www zyxel com and install it on a PC Windows operation system For more information on ZON Utility see Section 4 3 on page 51 1 1 5 PoE The Switch is a Power Sourcing Equipment PSE becau...

Page 25: ...IP camera a wireless router an IP telephone and a general outdoor router that are not within reach of a power outlet Table 4 XMG1930 Series Model and PoE Features PoE FEATURES XMG1930 30HP IEEE 802 3af PoE Yes IEEE 802 3at PoE Yes IEEE 802 3bt PoE Yes Power Management Mode Consumption mode default Classification mode PoE Power Budget 700 W Table 5 PoE Standards PoE FEATURES PoE PoE PoE IEEE Standa...

Page 26: ...ed in the near future The Switch can be used standalone for a group of heavy traffic users You can connect computers and servers directly to the Switch s port or connect other switches to the Switch In this example all computers can share high speed applications on the server To expand the network simply add more networking devices such as switches routers computers print servers and so on Figure ...

Page 27: ...er Optic Uplink Example Application 1 2 4 High Performance Switching Example The Switch is ideal for connecting two networks that need high bandwidth In the following example use link aggregation trunking to connect these two networks Switching to higher speed LANs such as ATM Asynchronous Transmission Mode is not feasible for most people due to the expense of replacing all existing Ethernet cable...

Page 28: ...rmance through reduced broadcast traffic VLAN groups can be modified at any time by adding moving or changing ports without any re cabling Shared resources such as a server can be used by all ports in the same VLAN as the server In the following figure only ports that need access to the server need to be part of VLAN 1 Ports can belong to other VLAN groups too Figure 7 Shared Server Using VLAN Exa...

Page 29: ...oy and perform initial setup on a network more efficiently See Section 4 3 on page 51 1 4 Good Habits for Managing the Switch Do the following regularly to make the Switch more secure and to manage the Switch more effectively Change the password Use a password that is not easy to guess and that consists of different types of characters such as numbers and letters Write down the password and put it...

Page 30: ...witch and at least 5 cm of clearance on all four sides of the Switch This allows air circulation for cooling Do NOT block the ventilation holes nor store cables or power cords on the Switch Allow clearance for the ventilation holes to prevent your Switch from overheating This is especially crucial when your Switch does not have fans Overheating could affect the performance of your Switch or even d...

Page 31: ...ace for air circulation 2 4 Mounting the Switch on a Rack The Switch can be mounted on an EIA standard size 19 inch rack or in a wiring closet with other equipment Follow the steps below to mount your Switch on a standard EIA rack using a rack mounting kit Note Make sure there is enough clearance between each equipment on the rack for air circulation 2 4 1 Installation Requirements Two mounting br...

Page 32: ...rews through the mounting bracket holes into the Switch 3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch 4 You may now mount the Switch on a rack Proceed to the next section 2 4 4 Mounting the Switch on a Rack 1 Position a mounting bracket that is already attached to the Switch on one side of the rack lining up the two screw holes on the bracket with th...

Page 33: ...nd Connection XMG1930 Series User s Guide 33 the rack Note Make sure you tighten all the four screws to prevent the Switch from getting slanted 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack ...

Page 34: ... 11ax router a WiFi 6 802 11ax AP Access Point or an Ethernet switch 100M 1G 2 5G 5G and 10G RJ 45 Ethernet Ports Port 25 28 These are 10GBase T auto negotiating and auto crossover Ethernet ports Connect these ports to a gaming computer a NAS network attached storage or a server 100M 1G and 2 5G RJ 45 PoE Ports Port 1 20 These are 2 5GBase T auto negotiating and auto crossover Ethernet port with s...

Page 35: ...he Gigabit ports on the Switch are Speed Auto Duplex Auto Flow control Off Link Aggregation Disabled 100M 1G 2 5G 5G and 10G RJ 45 PoE Ports Port 25 28 These are 10GBase T auto negotiating and auto crossover Ethernet port with support for IEEE802 3bt PoE 60 W ports Connect these ports to a PTZ pan tilt and zoom camera a WiFi 6 802 11ax router a WiFi 6 802 11ax AP or an Ethernet switch 1G 10G SFP S...

Page 36: ...ith transceivers nor DAC cables You must use transceivers or DAC cables that comply with the Small Form factor Pluggable SFP Transceiver MultiSource Agreement MSA See the SFF committee s INF 8074i specification Rev 1 0 for details You can change transceivers or the DAC cables while the Switch is operating You can use different transceivers to connect to Ethernet switches with different types of fi...

Page 37: ...teps to remove an SFP transceiver 1 Attach an ESD preventive wrist strap to your wrist and to a bare metal surface on the chassis 2 Remove the fiber optic cables from the transceiver 3 Pull out the latch and down to unlock the transceiver latch styles vary Note Make sure the transceiver s latch is pushed all the way down so the transceiver can be pulled out successfully 4 Pull the latch or use you...

Page 38: ...ustomer support this USB Type C connector is for troubleshooting only 3 2 Rear Panel The following figures show the rear panels of the Switch The rear panels contain Figure 19 Rear Panel XMG1930 30 Figure 20 Rear Panel XMG1930 30HP 3 2 1 Grounding Grounding is a safety measure to direct excess electric charge to the ground It prevents damage to the Switch and protects you from electrocution Use th...

Page 39: ...ilure to follow these guidelines could result in damage to your Switch which may not be covered by its warranty Note The specification for surge or ESD protection assumes that the Switch is properly grounded 1 Remove the M4 ground screw from the Switch s rear panel 2 Secure a green or yellow ground cable 16 AWG or smaller to the Switch s rear panel using the M4 ground screw Figure 21 Grounding 3 A...

Page 40: ...e airflow of the fans located on the side of the unit Rear Panel Power Connection Connect one end of the supplied power cord or power adapter to the power receptacle on the back of the Switch and the other end to the appropriate power source Connecting the Power Use the following procedures to connect the Switch to a power source after you have installed it in a rack Note Use the included power co...

Page 41: ... from the AC power socket Installing the Retainer Clip Install the retainer clip to prevent accidental removal of the power cord 1 Loosely wrap the clip on the retainer to the power cord 2 Push the pronged end of the retainer clip into the Retainer Holder hole until it locks into place 3 Slide the clip up to the end of the power cord ...

Page 42: ...Chapter 3 Hardware Panels XMG1930 Series User s Guide 42 4 Close the clip tightly around the power cord until secure ...

Page 43: ...nect to the NCC because it is not registered Please register the Switch with NCC Yellow On The Switch is registered with NCC but cannot connect to the NCC Please check the Internet connection of the Switch Blinking The Switch is not registered with NCC and cannot connect to the NCC Please check the Internet connection of the Switch and register the Switch with NCC Off The Switch is operating in st...

Page 44: ...up Blinking The Switch is transmitting receiving to from a 5G Ethernet network Sky Blue On The link to a 2 5G Ethernet network is up Blinking The Switch is transmitting receiving to from a 2 5G Ethernet network Green On The link to a 1000M Ethernet network is up Blinking The Switch is transmitting receiving to from a 1000M Ethernet network Yellow On The link to a 100M Ethernet network is up Blinki...

Page 45: ...P Slots Link ACT 29 30 XMG1930 30 XMG1930 30HP Green On The port has a successful 1000M connection Blinking The port is transmitting or receiving data at 1000M Blue On The port has a successful 10G connection Blinking The port is transmitting or receiving data at 10G Off This link is disconnected ...

Page 46: ...46 PART II Technical Reference ...

Page 47: ...efox or Google Chrome The recommended minimum screen resolution is 1024 by 768 pixels In order to use the Web Configurator you need to allow Web browser pop up windows on your computer JavaScript enabled by default Java permissions enabled by default 4 2 System Login 1 Start your web browser 2 The Switch is a DHCP client by default Type http DHCP assigned IP in the Location or Address field Press ...

Page 48: ...tab or window The NCC is a cloud based network management system that allows you to remotely manage and monitor the Switch See the Section on page 23 for information on changing your Switch to Nebula Cloud management Figure 25 Visit Nebula 5 Alternatively click Login to log into the Web Configurator to manage the Switch directly The default user name is admin and associated default password is 123...

Page 49: ...ise click the Exit button You can select the Ignore this wizard next time check box and click Apply Save if you do not want the Setup Wizard screen to appear the next time you log in If you want to open the Setup Wizard screen later click the Wizard icon in the upper right hand corner of the Web Configurator Figure 26 Web Configurator Wizard 7 If you did not change the default administrator passwo...

Page 50: ...ith the admin user name You cannot change the default administrator user name Old Password Enter the existing system password 1234 is the default password when shipped New Password Enter your new system password Up to 32 characters are allowed for the new password except space or Retype to confirm Re enter your new system password for confirmation General Setting Use this section to specify the SN...

Page 51: ...64 bit versions Windows 8 1 both 32 bit 64 bit versions Windows 10 both 32 bit 64 bit versions Note To check for your Windows operating system version right click on My Computer Properties on your computer You should see this information in the General tab Get Community Enter the Get Community string which is the password for the incoming Get and GetNext requests from the management station The Ge...

Page 52: ...tility you will see if your device and firmware version support the ZON Utility Click the OK button to close this screen Figure 29 Supported Devices and Versions If you want to check the supported models and firmware versions later you can click the Show information about ZON icon in the upper right of the screen Then select the Supported model and firmware version link If your device is not liste...

Page 53: ...lity Screen 3 Select a network adapter to which your supported devices are connected Figure 31 Network Adapter 4 Click the Go button for the ZON Utility to discover all supported devices in your network Figure 32 Discovery 5 The ZON Utility screen shows the devices discovered ...

Page 54: ... restart the selected devices This may be useful when troubleshooting or upgrading new firmware 4 Reset Configuration to Default Use this icon to reload the factory default configuration file This means that you will lose all previous configurations 5 Locator LED Use this icon to locate the selected device by causing its Locator LED to blink 6 Web GUI Use this to access the selected device Web Con...

Page 55: ...ield displays an icon of the kind of device discovered Model This field displays the model name of the discovered device Firmware Version This field displays the firmware version of the discovered device MAC Address This field displays the MAC address of the discovered device IP Address This field displays the IP address of an internal interface on the discovered device that first received a ZDP d...

Page 56: ...ring to set a new host name The host name should not contain or IP Interface Select DHCP Client if the Switch is connected to a router with the DHCP server enabled You then need to check the router for the IP address assigned to the Switch in order to access the Switch s Web Configurator again Select Static IP Address when the Switch is NOT connected to a router or you want to assign it a fixed IP...

Page 57: ... an IP address Next Click Next to show the next screen Cancel Click Cancel to exit this screen without saving Table 12 Wizard Basic Step 2 Password LABEL DESCRIPTION Administrator s Password Current password Type the existing system password 1234 is the default password when shipped New password Enter your new system password Up to 32 characters are allowed for the new password except space or Con...

Page 58: ...management station The Get Community string is only used by SNMP managers using SNMP version 2c or lower Set Community Enter the Set Community string which is the password for the incoming Set requests from the management station The Set Community string is only used by SNMP managers using SNMP version 2c or lower Trap Community Enter the Trap Community string which is the password sent with each ...

Page 59: ...embers of a trunk group Select LACP if the ports are configured to join a trunk group through LACP Previous Click Previous to show the previous screen Next Click Next to show the next screen Cancel Click Cancel to exit this screen without saving Table 14 Wizard Basic Step 4 Summary LABEL DESCRIPTION Setup IP Host Name This field displays a host name IP Interface This field displays whether the WAN...

Page 60: ... s password and activate SNMP New Password This field displays asterisks when a new password has been created SNMP This field displays whether the Switch acts as an SNMP agent Version This field displays the SNMP version for the Switch Get Community This field displays the Get Community string Set Community This field displays the Set Community string Trap Community This field displays the Trap Co...

Page 61: ...e After clicking Next the Broadcast Storm Control screen appears Table 15 Wizard Protection Step 1 Loop Guard LABEL DESCRIPTION Loop Guard Select all ports Select all ports to enable the loop guard feature on all ports You can select a port by clicking it Next Click Next to show the next screen Cancel Click Cancel to exit this screen without saving ...

Page 62: ... Wizard Protection Step 2 Broadcast Storm Control LABEL DESCRIPTION Broadcast Storm Control Select all ports Select all ports to apply settings on all ports You can select a port by clicking it Broadcast pkt s Specify how many broadcast packets the port receives per second Previous Click Previous to show the previous screen Next Click Next to show the next screen Cancel Click Cancel to exit this s...

Page 63: ...Step 3 Summary LABEL DESCRIPTION Summary Loop Guard If the loop guard feature is enabled on a port the Switch will prevent loops on this port Broadcast Storm Control If the broadcast storm control feature is enabled on a port the number of broadcast packets the Switch receives per second will be limited on this port Previous Click Previous to show the previous screen Finish Review the information ...

Page 64: ...ESCRIPTION VLAN Setting Default VLAN 1 Access Untagged port After you create a VLAN and select the VLAN ID from the drop down list box select ports and use the right arrow to add them as the untagged ports to a VLAN group VLAN member port VLAN Type a number between 2 and 4094 to create a VLAN Trunk Tagged port Select ports and use the downward arrow to add them as the tagged ports to the VLAN grou...

Page 65: ...ton so they will have high priority The port s IEEE 802 1p priority level will be set to 5 Use the Basic Setting Port Setup screen to adjust the value Medium Select ports and click the Medium button and so they will have medium priority The port s IEEE 802 1p priority level will be set to 3 Use the Basic Setting Port Setup screen to adjust the value Low Select ports and click the Low button so the...

Page 66: ...Click this link to update the information in the screen you are viewing currently C Click this link to save your configuration into the Switch s non volatile memory Non volatile memory is the configuration of your Switch that stays the same even if the Switch s power is turned off D Click this link to go to the status page of the Switch E Click this icon to open the wizard screen where you can con...

Page 67: ...k takes you to a screen that displays general system information General Setup This link takes you to a screen where you can configure general identification information about the Switch Switch Setup This link takes you to a screen where you can set up global Switch parameters such as VLAN type and priority queues IP Setup This link takes you to a screen where you can configure the IP address and ...

Page 68: ...o screens where you can copy traffic from one port or ports to another port in order that you can examine the traffic from the first port without interference Link Aggregation This link takes you to screens where you can logically aggregate physical links to form one logical higher bandwidth link Port Authentication This link takes you to a screen where you can configure IEEE 802 1x port authentic...

Page 69: ... and configuration file maintenance as well as reboot the system Access Control This link takes you to screens where you can change the system login password and configure SNMP and remote management Diagnostic This link takes you to a screen where you can ping IP addresses run traceroute test ports and show the Switch s location System Log This link takes you to a screen where you can view system ...

Page 70: ...refers to the Switch s storage that remains even if the Switch s power is turned off Note Use the Save link when you are done with a configuration session 4 7 Switch Lockout You could block yourself and all others from managing the Switch if you do one of the following 1 Delete the management VLAN default is VLAN 1 2 Delete all port based VLANs with the CPU port as a member The CPU port is the man...

Page 71: ...STORE button for 3 to 6 seconds to have the Switch automatically reboot and restore the last saved custom default file See Section 3 3 on page 43 for more information about the LED behavior 4 8 3 Reboot the Switch Press the RESET button to reboot the Switch without turning the power off See Section 3 3 on page 43 for more information about the LED behavior 4 9 Log Out of the Web Configurator Click...

Page 72: ...Set Port VID Configure Switch Management IP Address 5 1 1 Create a VLAN VLANs confine broadcast frames to the VLAN group in which the ports belongs You can do this with port based VLAN or tagged static VLAN with fixed port members In this example you want to configure port 1 as a member of VLAN 2 Figure 47 Initial Setup Network Example VLAN 1 Click Advanced Application VLAN VLAN Configuration in t...

Page 73: ... the VID field in the IP Setup screen refer to the same VLAN ID 3 Since the VLAN2 network is connected to port 1 on the Switch select Fixed to configure port 1 to be a permanent member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs can receive frames properly clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 5 Click Add to save t...

Page 74: ... Port VID 1 Click Advanced Applications VLAN VLAN Configuration in the navigation panel Then click the VLAN Port Setup link 2 Enter 2 in the PVID field for port 1 and click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 3 Configure Switch Management IP Address If the Switch fails to obtain an IP address from...

Page 75: ...bar to access the Web Configurator See Section 4 2 on page 47 for more information 3 Click Basic Setting IP Setup IP Configuration in the navigation panel 4 Configure the related fields in the IP Configuration screen 5 For the VLAN2 network enter 192 168 2 1 as the IP address and 255 255 255 0 as the subnet mask 6 In the VID field enter the ID of the VLAN group to which you want this management IP...

Page 76: ...Chapter 5 Initial Setup Example XMG1930 Series User s Guide 76 7 Click Add to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off ...

Page 77: ... DHCP server can then assign a specific IP address based on the information in the DHCP requests 6 2 1 DHCP Relay Tutorial Introduction In this example you have configured your DHCP server 192 168 2 3 and want to have it assign a specific IP address say 172 16 1 18 to DHCP client A based on the system name VLAN ID and port number in the DHCP request Client A connects to the Switch s port 2 in VLAN...

Page 78: ...ration Static VLAN Setup 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN 102 for example in the Name field and enter 102 in the VLAN Group ID field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 7 Click Add to save the settings to the run time memory Settings in t...

Page 79: ... and then the VLAN Port Setup link in the VLAN Configuration screen Figure 53 Tutorial Click the VLAN Port Setting Link 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to save your changes back to the run time memory ...

Page 80: ...al link to open the DHCP Relay screen 2 Select the Active check box 3 Enter the DHCP server s IP address 192 168 2 3 in this example in the Remote DHCP Server 1 field 4 Select default1 or default2 in the Option 82 Profile field 5 Click Apply to save your changes back to the run time memory Figure 55 Tutorial Set DHCP Server and Relay Information 6 Click the Save link in the upper right of the Web ...

Page 81: ...1 Client A is connected to the Switch s port 2 in VLAN 102 2 You configured the correct VLAN ID port number and system name for DHCP relay on both the DHCP server and the Switch 3 You clicked the Save link on the Switch to have your settings take effect ...

Page 82: ...so display other status screens for more information Use the Neighbor screen Section 7 2 1 on page 84 to view a summary and manage Switch s neighbor devices Use the Neighbor Detail screen Section 7 2 2 on page 86 to view more detailed information on the Switch s neighbor devices 7 2 Status The Status screen displays when you log into the Switch or click Status at the top right of the Web Configura...

Page 83: ...mm ss Hardware Version This field displays the hardware version number of the Switch The integer is the generation number of the Switch series and the decimal is the version of the hardware change For example V1 0 is a hardware version for the Switch where 1 identifies the first generation of the Switch series and 0 is the first hardware change System Up Time This field displays how long the Switc...

Page 84: ... with the NCC PoE Usage This field displays the amount of power the Switch is currently supplying to the connected PoE enabled devices and the total power the Switch can provide to the connected PDs It also shows the percentage of PoE power usage When PoE usage reaches 100 the Switch will shut down PDs one by one according to the PD priority which you configured in Basic Setting PoE Setup Detail C...

Page 85: ...ator IPv6 This shows the IPv6 address of the neighbor device The IPv6 address is a hyper link that you can click to log into and manage the neighbor device through its Web Configurator PWR Cycle Click the Cycle button to turn OFF the power of the neighbor device and turn it back ON again A count down button from 5 to 0 starts Note The Switch must support power sourcing PSE or the network device is...

Page 86: ...ollowing table describes the fields in the above screen Table 24 Status Neighbor Neighbor Detail LABEL DESCRIPTION Local Port This shows the port of the Switch on which the neighboring device is discovered Desc This shows the port description of the Switch Link This shows the speed either 100M for 100 Mbps 1G for 1 Gbps 2 5G for 2 5 Gbps 5G for 5 Gbps or 10G for 10 Gbps and the duplex F for full d...

Page 87: ... device through its Web Configurator Port This show the number of the neighbor device s port which is connected to the Switch Desc This shows the description of the neighbor device s port which is connected to the Switch Location This shows the geographic location of the neighbor device This field will show for devices that do not support the ZON utility Reset to Default Click the Reset button to ...

Page 88: ...way device management VLAN ID and proxy server Use the Port Setup screen Section 8 6 on page 99 to configure Switch port settings Use the PoE Setup screens Section 8 7 on page 101 to view the current amount of power that PDs are receiving from the Switch and set the priority levels for the Switch in distributing power to PDs This screen is available for PoE models only Use the Interface Setup scre...

Page 89: ...edia Access Control address of the Switch CPU Utilization CPU utilization quantifies how busy the system is Current displays the current percentage of CPU utilization Memory Utilization Memory utilization shows how much DRAM memory is available and in use It also displays the current percentage of memory utilization Name This field displays the name of the memory pool Total byte This field display...

Page 90: ... speed falls below the threshold shown Current This field displays this fan s current speed in Revolutions Per Minute RPM MAX This field displays this fan s maximum speed measured in Revolutions Per Minute RPM MIN This field displays this fan s minimum speed measured in Revolutions Per Minute RPM 41 is displayed for speeds too small to measure under 2000 RPM Threshold This field displays the minim...

Page 91: ...m are the time format When you select the Daytime RFC 867 format the Switch displays the day month year and time with no time zone adjustment When you use this format it is recommended that you use a Daytime timeserver within your geographical time zone Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868 N...

Page 92: ...ach time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select Second Sunday March and 2 00 Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Last Sun...

Page 93: ...LAN Type Choose 802 1Q or Port Based The Advanced Application VLAN Setup screen changes depending on whether you choose 802 1Q VLAN type or Port Based VLAN type in this screen MAC Address Learning MAC address learning reduces outgoing traffic broadcasts For MAC address learning to occur on a port the port must be active Aging Time Enter a time from 10 to 1000000 seconds This is how long all dynami...

Page 94: ...ch has eight physical queues that you can map to the eight priority levels On the Switch traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested Priority Level The following descriptions are based on the traffic types defined in the IEEE 802 1d standard which incorporates the 802 1p To map a priority level to a physical...

Page 95: ...Status LABEL DESCRIPTION IP Status Domain Name Server This field displays the IP address of the DNS server Source This field displays whether the DNS server address is configured manually Static or obtained automatically using DHCPv4 Note If DNS server is not configured or configuration is deleted the system automatically uses the default Backup server IP Interface Index This field displays the in...

Page 96: ...entification number to which an IP routing domain belongs IP Address This is the IP address of your Switch in dotted decimal notation for example 192 168 1 1 IP Subnet Mask This is the IP subnet mask of your Switch in dotted decimal notation for example 255 255 255 0 Lease Time This displays the length of time in seconds that this interface can use the current dynamic IP address from the DHCP serv...

Page 97: ...g IP Setup IP Status Details DHCP continued LABEL DESCRIPTION Table 31 Basic Setting IP Setup IP Configuration LABEL DESCRIPTION Default Gateway Type the IP address of the default outgoing gateway in dotted decimal notation for example 192 168 1 254 Domain Name Server 1 2 Enter a domain name server IPv4 address in order to be able to use a domain name instead of an IP address Apply Click Apply to ...

Page 98: ...k of an IP routing domain in dotted decimal notation for example 255 255 255 0 VID Enter the VLAN identification number to which an IP routing domain belongs Add Click this to create a new entry This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non vo...

Page 99: ... name up to 128 alphanumeric characters are allowed for the Server except or Port Enter the port number of the proxy server 1 65535 Authentication Select this option to enable proxy server authentication using a Username and Password Username Enter a login user name from the proxy server administrator Up to 32 alphanumeric characters are allowed for the Username except or Password Enter a login pa...

Page 100: ... and the duplex mode of the Ethernet connection on this port The choices are Auto Auto 1G 100 an 100M auto negotiation 2 5G Full Duplex 5G Full Duplex and 100M Full Duplex for a 100Base T connection 1G Full Duplex is supported by both 1000Base T and 1000Base X connections 10G Full Duplex is supported by the 10 Gigabit Ethernet connections on the Switch that has a 10 Gigabit interface Selecting Aut...

Page 101: ...idth of the receiving port The Switch uses IEEE 802 3x flow control in full duplex mode and backpressure flow control in half duplex mode IEEE 802 3x flow control is used in full duplex mode to send a pause signal to the sending port causing it to temporarily stop sending signals when the receiving port memory buffers fill Back Pressure flow control is typically used in half duplex mode to send a ...

Page 102: ...ccording to the PD priority which you configured in Basic Setting PoE Setup PoE Setup PoE Usage Threshold This field displays the percentage of PoE usage The Switch will generate a trap and or a log when the usage exceeds the specified threshold Consuming Power W This field displays the amount of power the Switch is currently supplying to the connected PoE enabled devices Allocated Power W This fi...

Page 103: ...r requested by the PDs exceeds the total PoE power budget on the Switch you can set the priority to allow the Switch to provide power to ports with higher priority first Critical has the highest priority High has the Switch assign power to the port after all critical priority ports are served Low has the Switch assign power to the port after all critical and high priority ports are served Power Up...

Page 104: ...to provide power on the port To select more than one schedule press SHIFT and select the choices at the same time Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to c...

Page 105: ... power the PD can request and use In this mode the default maximum power that can be delivered to the PD is 30 W IEEE 802 3at Class 4 or 22 W IEEE 802 3af Classes 0 to 3 Continuous PoE Select Active to guarantee continuous power supply to the connected PDs while the Switch is restarting after a warm reboot The Switch will NOT perform a power cycle on the connected PDs If you do a cold reboot the S...

Page 106: ... An IEEE 802 3at compatible device is referred to as Type 2 Power Class 4 High Power can only be used by Type 2 devices If the connected PD requires a Class 4 current when it is turned on it will be powered up in this mode Force 802 3at the Switch offers power of up to 33 W on the port without performing PoE hardware classification Select this option if the connected PD does not comply with any Po...

Page 107: ...Click Cancel to begin configuring this screen afresh Table 36 Basic Setting PoE Setup PoE Setup continued LABEL DESCRIPTION Table 37 Basic Setting Interface Setup LABEL DESCRIPTION Interface Type Select the type of IPv6 interface for which you want to configure The Switch supports the VLAN interface type for IPv6 at the time of writing Interface ID Specify a unique identification number from 1 to ...

Page 108: ...from a combination of the interface type and ID number Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the check boxes Table 37 Basic Setting Interface Setup continued LABEL DESCRIPTION Table 38 Basic Setting IPv6 ...

Page 109: ...it in a given time interval If the bucket is full subsequent error messages are suppressed ICMPv6 Rate Limit Error Interval This field displays the time period in milliseconds during which ICMPv6 error messages of up to the bucket size can be transmitted 0 means no limit Link Local Address This field displays the Switch s link local IP address and prefix generated by the interface It also shows wh...

Page 110: ...s the DHCPv6 T1 timer After T1 the Switch sends the DHCPv6 server a Renew message An IA_NA option contains the T1 and T2 fields but an IA_TA option does not The DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA_NA before the lifetimes expire T2 This field displays the DHCPv6 T2 timer If the time T2 is re...

Page 111: ...tch IPv6 Addressing IPv6 Link Local Address Setup Click the link to go to a screen where you can configure the IPv6 link local address for an interface IPv6 Global Address Setup Click the link to go to a screen where you can configure the IPv6 global address for an interface IPv6 Neighbor Discovery IPv6 Neighbor Discovery Setup Click the link to go to a screen where you can configure the IPv6 neig...

Page 112: ... which ICMPv6 error messages of up to the bucket size can be transmitted 0 means no limit Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this ...

Page 113: ...asic Setting IPv6 IPv6 Configuration IPv6 Link Local Address Setup LABEL DESCRIPTION Interface Select the IPv6 interface you want to configure Link Local Address Manually configure a static IPv6 link local address for the interface Default Gateway Set the default gateway IPv6 address for the interface When an interface cannot find a routing information for a frame s destination it forwards the pac...

Page 114: ...an IPv6 prefix length that specifies how many most significant bits start from the left in the address compose the network address EUI 64 Select this option to have the interface ID be generated automatically using the EUI 64 format Add Click this to create a new entry This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use t...

Page 115: ...rtisement messages to check whether an IPv6 address is already in use before assigning it to an interface Specify the number of consecutive neighbor solicitations from 0 to 600 the Switch sends for this interface Enter 0 to turn off DAD NS Interval Specify the time interval from 1000 to 3600000 milliseconds at which neighbor solicitations are re sent for this interface Reachable Time Specify how l...

Page 116: ... have the Switch set the managed address configuration flag the M flag to 1 in IPv6 router advertisements which means IPv6 hosts use DHCPv6 to obtain IPv6 stateful addresses De select the option to set the flag to 0 and the host will not use DHCPv6 to obtain IPv6 stateful addresses Select the Other Config Flag option to have the Switch set the Other stateful configuration flag the O flag to 1 in I...

Page 117: ...en afresh Clear Click Clear to reset the fields to the factory defaults Index This is the interface index number Click an index number to change the settings Interface This is the name of the IPv6 interface you created Flags This field displays whether IPv6 hosts use DHCPv6 to obtain IPv6 stateful addresses M and or additional configuration settings O Minimum Interval This field displays the minim...

Page 118: ...ation Select No Advertise Flag to set the Switch to not include the specified IPv6 prefix prefix length in router advertisements for this interface Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your ch...

Page 119: ...evice which can be reached through the interface Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configu...

Page 120: ...ain a list of domain names from the DHCP server Information Refresh Minimum Specify the time interval from 600 to 4294967295 seconds at which the Switch exchanges other configuration information with a DHCPv6 server again Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigatio...

Page 121: ...Basic Setting Cloud Management 8 10 1 Nebula Center Control Discovery Click Basic Setting Cloud Management Nebula Control Center Discovery to display this screen Figure 87 Basic Setting Cloud Management Nebula Control Center Discovery Select the check box to turn on NCC discovery on the Switch If the Switch has Internet access and has been registered in the NCC it will go into cloud management mod...

Page 122: ...this screen Figure 88 Basic Setting Cloud Management Nebula Switch Registration This screen has a QR code containing the Switch s serial number and MAC address for handy NCC registration of the Switch using the Nebula Mobile app First download the app from the Google Play store for Android devices or the App Store for iOS devices and create an organization and site ...

Page 123: ...You can specify a mask for the MAC address to create a MAC address filter and enter a weight to set the VLAN rule s priority Use the Port Based VLAN Setup screen Section 9 9 on page 135 to set up VLANs where the packet forwarding decision is based on the destination MAC address and its associated port 9 1 2 What You Need to Know Read this section to know more about VLAN and how to configure the sc...

Page 124: ...he default PVID is VLAN 1 for all ports but this can be changed A broadcast frame or a multicast frame for a multicast group that is known by the system is duplicated only on ports that are members of the VID except the ingress port itself thus confining the broadcast to a specific domain 9 2 0 1 Automatic VLAN Registration GARP and GVRP are the protocols used to automatically register VLAN member...

Page 125: ... Voice VLANs and Vendor ID based VLANs on the Switch when the VLAN type is set to 802 1Q When a packet is received the Switch processes the VLAN rules in sequence The sequence priority of the VLANs is 1 Vendor ID Based VLAN Table 50 IEEE 802 1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually Dynamic VLAN This is a VLAN configured by ...

Page 126: ...h Setup Select VLAN Type Static VLAN Make sure 802 1Q is selected in the Basic Setting Switch Setup screen Use a static VLAN to decide whether an incoming frame on a port should be sent to a VLAN group as normal depending on its VLAN tag sent to a group whether it has a VLAN tag or not blocked from a VLAN group regardless of its VLAN tag You can also tag all outgoing frames that were previously un...

Page 127: ...h The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only when you use the Search button to look for certain VLANs Index This is the VLAN index number Click an index number to view more VLAN details VID This is the VLAN identification number that was configured in the corresponding VLAN configuration screen N...

Page 128: ...LAN configuration screen Port Number This column displays the ports that are participating in a VLAN A tagged port is marked as T an untagged port is marked as U and ports not participating in a VLAN are marked as Elapsed Time This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up Status This field shows how this VLAN was added to the Switch Dynamic us...

Page 129: ...rs The string should not contain or VLAN Group ID Enter the VLAN ID for this static entry the valid range is between 1 and 4094 Port The port number identifies the port you are configuring Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis ...

Page 130: ...e done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to start configuring the screen again VID This field displays the ID number of the VLAN group Click the number to edit the VLAN settings Active This field indicates whether the VLAN settings are enabled Yes or disabled No Name This field displays the descriptive name for this VLAN group Select an entry...

Page 131: ...h discards incoming frames on a port for VLANs that do not include this port in its member set Clear this check box to disable ingress filtering PVID A PVID Port VLAN ID is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines Enter a number between 1and 4094 as the port VLAN ID GVRP Select this check box to allow GVR...

Page 132: ... ID number in the box next to the radio button that is associated with the Voice VLAN You also need to create a static VLAN with the same VID in the Static VLAN Setup screen and then connect the IP phone with the specified OUI MAC address to a port that joins the static VLAN Click Disable radio button if you do not want to enable the Voice VLAN feature Priority Select the priority level of the voi...

Page 133: ...ed IP phone manufacturer s OUI MAC address to determine which bits a packet s MAC address should match Enter f for each bit of the specified MAC address that the traffic s MAC address should match Enter 0 for the bits of the matched traffic s MAC address which can be of any hexadecimal characters For example if you set the MAC address to 00 13 49 00 00 00 and the mask to ff ff ff 00 00 00 a packet...

Page 134: ...at is associated with the vendor ID based VLAN entry Priority Select the priority level that the Switch assigns to frames belonging to this VLAN The higher the numeric value you assign the higher the priority for this vendor ID based VLAN entry Weight Enter a number between 0 and 255 to specify the rule s weight This is to decide the priority in which the rule is applied The higher the number the ...

Page 135: ... to the Switch on which they were created Note When you activate port based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that require a VID you must enter 1 as the VID The port based VLAN setup screen is shown next The CPU management port forms a VLAN with all Ethernet ports 9 9 1 Configure a Port Based VLAN Select Port Based as th...

Page 136: ...Chapter 9 VLAN XMG1930 Series User s Guide 136 Figure 98 Advanced Application VLAN Port Based VLAN Setup Port Isolation Figure 99 Advanced Application VLAN Port Based VLAN Setup All Connected ...

Page 137: ... that is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the incoming port for the corresponding port listed on the left its outgoing port CPU refers to the Switch management port By default it forms a VLAN with all Ethernet ports If it does not form a VLAN wi...

Page 138: ...e Static MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to a...

Page 139: ... the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Clear Click Clear to begin configuring this screen afresh Index Click an index number to modify a static MAC address rule for a port Active This field displays whether this static MAC address forwarding rule is a...

Page 140: ... MAC address or multicast IPv4 address that has been manually entered in the multicast table This identifies the destination of the multicast content Multicast IPv4 addresses uses the Class D IP addresses range 224 0 0 0 to 239 255 255 255 Multicast MAC addresses have a 1 as the last binary bit of the first octet pair for example 01 00 5e 00 00 0A Static multicast addresses do not age out See IP M...

Page 141: ...s found it will forward the multicast stream to specific ports If no match is found it will either flood the multicast frames to all ports or drop them depending on your setting in the Advanced Application Multicast IPv4 Multicast IGMP Snooping Unknown Multicast Frame See Section 24 3 1 on page 207 for more information on IGMP snooping Click Advanced Application Static Multicast Forwarding to see ...

Page 142: ...ticast MAC addresses VID You can forward frames with matching destination multicast MAC address to ports within a VLAN group Enter the ID that identifies the VLAN group here If you do NOT have a specific target VLAN enter 1 Port Enter the ports where frames with destination multicast MAC address that matched the entry above are forwarded You can enter multiple ports separated by no space comma or ...

Page 143: ...ation Static Multicast Forwarding Static Multicast Forwarding By MAC LABEL DESCRIPTION Table 62 Advanced Application Static Multicast Forwarding Static Multicast Forwarding By IP LABEL DESCRIPTION Name Enter a descriptive name up to 32 single byte printable characters except or for this static multicast IPv4 address forwarding rule This is for identification only IP Address Enter a multicast IPv4 ...

Page 144: ...dentifies a multicast group VID This field displays the ID number of a VLAN group to which frames containing the specified multicast IPv4 address will be forwarded Port This field displays the ports within an identified VLAN group to which frames containing the specified multicast IPv4 address will be forwarded Select an entry s check box to select a specific entry Otherwise select the check box i...

Page 145: ...urce and or destination MAC addresses and VLAN group ID 12 1 1 What You Can Do Use the Filtering screen Section 12 2 on page 145 to create rules for traffic going through the Switch 12 2 Configure a Filtering Rule Use this screen to create rules for traffic going through the Switch Click Advanced Application Filtering in the navigation panel to display the screen as shown next Figure 105 Advanced ...

Page 146: ...r to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to clear the fields to the factory...

Page 147: ...ee Protocol screen Section 13 5 on page 152 to configure RSTP settings Use the Multiple Spanning Tree Protocol screen Section 13 6 on page 153 to configure MSTP Use the Multiple Spanning Tree Protocol Status screen Section 13 7 on page 157 to view the MSTP status 13 1 2 What You Need to Know Read on for concepts on STP that can help you configure the screens in this chapter Rapid Spanning Tree Pro...

Page 148: ...port and the ports that are the designated ports for connected LANs and disables all other ports that participate in STP Network packets are therefore only forwarded between enabled ports eliminating any possible network loops STP aware switches exchange Bridge Protocol Data Units BPDUs periodically When the bridged LAN topology changes a new spanning tree is constructed Once a stable network topo...

Page 149: ...s in a region 13 2 Spanning Tree Protocol Status The Spanning Tree Protocol status screen changes depending on what standard you choose to implement on your network Click Advanced Application Spanning Tree Protocol to see the screen as shown Figure 106 Advanced Application Spanning Tree Protocol This screen differs depending on which STP mode RSTP or MSTP you configure on the Switch This screen is...

Page 150: ...this screen 13 4 Rapid Spanning Tree Protocol Status Figure 108 Advanced Application Spanning Tree Protocol Table 66 Advanced Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree or Multiple Spanning Tree Apply Click Apply to save your changes to the Switch s run time memory The Switch l...

Page 151: ...s Learning The port learns MAC addresses and processes BPDUs but does NOT forward frames yet Forwarding The port is operating normally It learns MAC addresses processes BPDUs and forwards received frames Port Role This field displays the role of the port in STP Root A forwarding port on a non root bridge which has the lowest path cost and is the best port from the non root bridge to the root bridg...

Page 152: ...e Switch with the highest priority lowest numeric value becomes the STP root switch If all Switches have the same priority the Switch with the lowest MAC address will then become the root switch Select a value from the drop down list box The lower the numeric value you assign the higher the priority for this bridge Bridge Priority determines the root bridge which in turn determines Hello Time Max ...

Page 153: ...o configure a port as an edge port when it is directly attached to a computer An edge port changes its initial STP port state from blocking state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge port or when its link status changes Note An edge port becomes a non edge port as soon as it receives a Bridge Protocol Data...

Page 154: ...tatus screen Port Click Port to display the MSTP Port screen Active Select this check box to activate MSTP on the Switch Clear this check box to disable MSTP on the Switch Note You must also activate Multiple Spanning Tree in the Advanced Application Spanning Tree Protocol Configuration screen to enable MSTP on the Switch Hello Time This is the time interval in seconds between BPDU Bridge Protocol...

Page 155: ...e Use this section to configure MSTI Multiple Spanning Tree Instance settings Instance Enter the number you want to use to identify this MST instance on the Switch The Switch supports instance numbers 0 16 Bridge Priority Set the priority of the Switch for the specific spanning tree instance The lower the number the more likely the Switch will be chosen as the root bridge within the spanning tree ...

Page 156: ...Cancel to begin configuring this screen afresh Instance This field displays the ID of an MST instance VLAN This field displays the VID or VID ranges to which the MST instance is mapped Active Port This field display the ports configured to participate in the MST instance Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all ent...

Page 157: ... port state from blocking state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge port or when its link status changes Note An edge port becomes a non edge port as soon as it receives a Bridge Protocol Data Unit BPDU Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes i...

Page 158: ...field displays the revision number for this MST region Configuration Digest A configuration digest is generated from the VLAN MSTI mapping information This field displays the 16 octet signature that is included in an MSTP BPDU This field displays the digest when MSTP is activated on the system Topology Changed Times This is the number of times the spanning tree has been reconfigured Time Since Las...

Page 159: ...ent All the ports on a root bridge root switch are designated ports Alternate A blocked port which has a best alternate path to the root bridge This path is different from using the root port The port moves to the forwarding state when the designated port for the LAN segment fails Backup A blocked port which has a backup or redundant path to a LAN segment where a designated port is already connect...

Page 160: ...ion Devices that belong to the same MST region are configured to have the same MSTP configuration identification settings These include the following parameters Name of the MST region Revision level as the unique number for the MST region VLAN to MST Instance mapping 13 8 3 MST Instance An MST Instance MSTI is a spanning tree instance VLANs can be configured to run on a specific MSTI Each created ...

Page 161: ... a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of an MST instance are members of the CIST In an MSTP enabled network there is only one CIST that runs between MST regions and single spanning tree devices A network may contain multiple MST regions and other network segments running RSTP Figure 116 MSTP and Legacy RSTP Network Example ...

Page 162: ...fining a maximum allowable bandwidth for incoming and or out going traffic flows on a port 14 1 1 What You Can Do Use the Bandwidth Control screen Section 14 2 on page 162 to limit the bandwidth for traffic going through the Switch 14 2 Bandwidth Control Setup Click Advanced Application Bandwidth Control in the navigation panel to bring up the screen as shown next Figure 117 Advanced Application B...

Page 163: ...n as you make them Active Select this check box to activate ingress rate limits on this port Ingress Rate Specify the maximum bandwidth allowed in kilobits per second Kbps for the incoming traffic flow on a port Note Ingress rate bandwidth control applies to layer 2 traffic only Active Select this check box to activate egress rate limits on this port Egress Rate Specify the maximum bandwidth allow...

Page 164: ...allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port 15 1 1 What You Can Do Use the Broadcast Storm Control screen Section 15 2 on page 164 to limit the number of broadcast multicast and destination look...

Page 165: ... settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second Multicast pkt s Select this option and specify how many multicast packets the port receives per second DLF pkt s Select this option and specify how many destin...

Page 166: ... to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference 16 2 Port Mirroring Setup Click Advanced Application Mirroring in the navigation panel to display the Mirroring screen Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port Figure 119 Advanced Application Mirroring...

Page 167: ...orts Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify the direction of the traffic to mirror by selecting from the drop do...

Page 168: ... transmitting data as one logical link in the trunk group and so on Use the Link Aggregation Setting screen Section 17 3 on page 170 to configure static link aggregation Use the Link Aggregation Control Protocol screen Section 17 3 1 on page 172 to enable Link Aggregation Control Protocol LACP 17 1 2 What You Need to Know The Switch supports both static and dynamic link aggregation Note In a prope...

Page 169: ...opology loops Link Aggregation ID LACP aggregation ID consists of the following information1 17 2 Link Aggregation Status Click Advanced Application Link Aggregation in the navigation panel The Link Aggregation Status screen displays by default See Section 17 1 on page 168 for more information Figure 120 Advanced Application Link Aggregation Status Table 75 Link Aggregation ID Local Switch SYSTEM ...

Page 170: ...rity and port number The ID displays only when there is a port belonging to this trunk group and LACP is also enabled for this group Criteria This shows the outgoing traffic distribution algorithm used in this trunk group Packets from the same source and or to the same destination are sent over the same link within the trunk src mac means the Switch distributes traffic based on the packet s source...

Page 171: ...els in this screen Table 78 Advanced Application Link Aggregation Link Aggregation Setting LABEL DESCRIPTION Link Aggregation Setting This is the only screen you need to configure to enable static link aggregation Group ID The field identifies the link aggregation group that is one logical link containing multiple ports Active Select this option to activate a trunk group ...

Page 172: ...n MAC address Select src dst mac to distribute traffic based on a combination of the packet s source and destination MAC addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distribute traffic based on a combination of the packet s source and destination IP address...

Page 173: ...able Link Aggregation Control Protocol LACP System Priority LACP system priority is a number between 1 and 65535 The switch with the lowest system priority and lowest port number if system priority is the same becomes the LACP server The LACP server controls the operation of LACP setup Enter a number to set the priority of an active port using Link Aggregation Control Protocol LACP The smaller the...

Page 174: ...row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them LACP Timeout Timeout is the time interval between the individual port exchanges of LACP packets in order to check that the peer port in the trunk group is still...

Page 175: ...Chapter 17 Link Aggregation XMG1930 Series User s Guide 175 Figure 124 Trunking Example Configuration Screen Your trunk group 1 T1 configuration is now complete EXAMPLE ...

Page 176: ...st configure a RADIUS server before enabling port authentication Note If you enable IEEE 802 1x authentication and MAC authentication on the same port the Switch performs IEEE 802 1x authentication and MAC authentication If a user fails to authenticate either through the IEEE 802 1x or MAC authentication method then access to the port is denied Note IEEE 802 1x is not supported by all user operati...

Page 177: ...e client provides the login credentials the Switch sends an authentication request to a RADIUS server The RADIUS server validates whether this client is allowed access to the port Figure 125 IEEE 802 1x Authentication Process 18 1 3 MAC Authentication MAC authentication works in a very similar way to IEEE 802 1x authentication The main difference is that the Switch does not prompt the client for l...

Page 178: ... the RADIUS server settings in the AAA RADIUS Server Setup screen Click Advanced Application Port Authentication in the navigation panel to display the screen as shown Select a port authentication method s link in the screen that appears Figure 127 Advanced Application Port Authentication 18 3 Activate IEEE 802 1x Security Use this screen to activate IEEE 802 1x security In the Port Authentication...

Page 179: ...en 802 1x authentication is enabled Port This field displays the port number means all ports Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this...

Page 180: ...of seconds the port remains in the HELD state and rejects further authentication requests from the connected client after a failed authentication exchange Tx period secs Specify the number of seconds the Switch waits for client s response before re sending an identity request to the client Supp Timeout secs Specify the number of seconds the Switch waits for client s response to a challenge request...

Page 181: ... MAC addresses used as the account user name and password Password Type Select Static to have the Switch send the password you specify below or MAC Address to use the client MAC address as the password Password Type the password the Switch sends along with the MAC address of a client for authentication with the RADIUS server You can enter up to 32 single byte printable characters except or Timeout...

Page 182: ...o the Guest VLAN depends on how the network administrator configures switches or routers with the guest network feature Figure 130 Guest VLAN Example Use this screen to enable and assign a guest VLAN to a port In the Port Authentication screen click Guest Vlan to display the configuration screen as shown ...

Page 183: ...et the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the guest VLAN feature on this port Clients that fail authentication are placed in the guest VLAN and can receive limited services Guest Vlan A guest VLAN is a pre configured VLAN on the Switch that allows non authe...

Page 184: ... the port the rest of the users are blocked until a user does the authentication process again Select Multi Secure to authenticate each user that connects to this port Multi Secure Num If you set Host mode to Multi Secure specify the maximum number of users between 1 and 24 that the Switch will authenticate on this port Apply Click Apply to save your changes to the Switch s run time memory The Swi...

Page 185: ... no limit on individual ports other than the sum cannot exceed For maximum port security enable this feature disable MAC address learning and configure static MAC addresses for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address learning is still enabled even though the port security is not activate...

Page 186: ...urity feature The Switch forwards all packets on this port Address Learning MAC address learning reduces outgoing broadcast traffic For MAC address learning to occur on a port the port itself must be active with address learning enabled Limited Number of Learned MAC Address Use this field to limit the number of dynamic MAC addresses that may be learned on a port For example if you set this field t...

Page 187: ...ypes of schedules are based on the current date and time in the Switch The time range can be configured in two ways Absolute and Periodic Absolute is a fixed time range with a start and end time Periodic is recurrence of a time range and does not have an end time 20 1 1 What You Can Do Use the Time Range screen Section 20 2 on page 187 to view or define a schedule on the Switch 20 2 Configuring Ti...

Page 188: ...select the day of the week hour and minute when the schedule begins and ends respectively Select the second option if you want to define a recurring schedule for multiple non consecutive time periods You need to select each day of the week the recurring schedule is effective You also need to specify the hour and minute when the schedule begins and ends each day The schedule begins and ends in the ...

Page 189: ... ability to deliver data with minimum delay and the networking methods used to control the use of bandwidth Without QoS all traffic data is equally likely to be dropped when the network is congested This can cause a reduction in network performance and make the network inadequate for time critical application such as video on demand A classifier groups traffic into data flows according to specific...

Page 190: ... This field displays Yes when the rule is activated and No when it is deactivated Weight This field displays the rule s weight This is to indicate a rule s priority when the match order is set to manual in the Classifier Classifier Configuration Classifier Global Setting screen The higher the number the higher the rule s priority Name This field displays the descriptive name for this rule This is ...

Page 191: ...Chapter 21 Classifier XMG1930 Series User s Guide 191 Figure 135 Advanced Application Classifier Classifier Configuration ...

Page 192: ...ule to all trunk groups Alternatively to specify multiple trunks enter the trunk group ID to apply the rule to multiple trunks You can enter multiple trunks with t or T then the trunk group ID separated by no space comma or hyphen For example enter t3 t5 for trunks 3 4 and 5 Enter T3 T5 T7 for trunks 3 5 and 7 Layer 2 Specify the fields below to configure a layer 2 classifier VLAN VLAN Select Any ...

Page 193: ... 255 in the field provided IP Protocol Select an IPv4 protocol type or select Other and enter the protocol number in decimal value You may select Establish Only for TCP protocol type This means that the Switch will pick out the packets that are sent to establish TCP connections IPv6 Next Header Select an IPv6 protocol type or select Other and enter an 8 bit next header in the IPv6 packet The Next ...

Page 194: ... the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields back to your previous configuration Clear Click Clear to set the above fields back to the factory defaults Table 86 Advanced Application Classifier Classifier Configuration continued LABEL DESCRIPTION Table 87 Advanced Application Classifi...

Page 195: ...on Use this screen to configure the match order and enable logging on the Switch In the Classifier Configuration screen click Classifier Global Setting to display the configuration screen as shown Table 88 Common Ethernet Types and Protocol Numbers ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X 75 Internet 0801 NBS Internet 0802 ECMA Internet 0803 Chaosnet 0804 X 25 Level 3 0805 XNS Compat 0807 Ban...

Page 196: ...onfigured in the rule Layer 4 items have the highest priority and layer 2 items has the lowest priority For example you configure a layer 2 item VLAN ID in classifier A and configure a layer 3 item source IP address in classifier B When an incoming packet matches both classifier rules classifier B has priority over classifier A Logging Active Select this to allow the Switch to create a log when pa...

Page 197: ...assifier XMG1930 Series User s Guide 197 Figure 138 Classifier Example After you have configured a classifier you can configure a policy in the Policy screen to define actions on the classified traffic flow EXAMPLE ...

Page 198: ...189 for more information A policy rule ensures that a traffic flow gets the requested treatment in the network 22 1 1 What You Can Do Use the Policy Rule screen Section 22 2 on page 198 to enable the policy and display the active classifiers you configure in the Classifier screen 22 2 Configuring Policy Rules You must first configure a classifier in the Classifier screen Click Advanced Application...

Page 199: ...rule applies To select more than one classifier press SHIFT and select the choices at the same time Parameters Set the fields below for this policy You only have to set the fields that is related to the actions you configure in the Action field General VLAN ID Specify a VLAN ID Egress Port Type the number of an outgoing port Priority Specify a priority level Rate Limit You can configure the desire...

Page 200: ...to forward the packets to the egress port Policy 2 applies to Class 2 and the action is to enable bandwidth limitation the Switch will forward the packets Forwarding Select No change to forward the packets Select Discard the packet to drop the packets Priority Select No change to keep the priority setting of the frames Select Set the packet s 802 1p priority to replace the packet s 802 1p priority...

Page 201: ...olicy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out of profile traffic on a traffic flow classified using the Example classifier refer to Section 21 5 on page 196 Figure 140 Policy Example ...

Page 202: ... Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent SPQ does not automatically adapt to changing network requirements Weighted Fair Queuing Weighted Fair Queuing is used to guarantee each queue s minimum bandwidth based on its bandwidth weight portion the number you configure in the Weight field whe...

Page 203: ...e traffic than it can handle Queues with larger weights get more service than queues with smaller weights This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied 23 2 Configuring Queuing Use this screen to set priorities for the queues of the Switch This distributes bandwidth across th...

Page 204: ... in the Weight field Queues with larger weights get more guaranteed bandwidth than queues with smaller weights Weighted Round Robin Scheduling services queues on a rotating basis based on their queue weight the number you configure in the queue Weight field Queues with larger weights get more service than queues with smaller weights Weight When you select WFQ or WRR enter the queue weight here Ban...

Page 205: ...rmation Use the IGMP Snooping screen Section 24 3 1 on page 207 to enable IGMP snooping to forward group multicast traffic only to ports that are members of that group Use the IGMP Snooping VLAN screen Section 24 3 2 on page 210 to perform IGMP snooping on up to 16 VLANs Use the IGMP Filtering Profile Section 24 3 3 on page 211 to specify a range of multicast groups that clients connected to the S...

Page 206: ...hen performs IGMP snooping on the first 16 VLANs that send IGMP packets This is referred to as auto mode Alternatively you can specify the VLANs that IGMP snooping should be performed on This is referred to as fixed mode In fixed mode the Switch does not learn multicast group membership of any VLANs other than those explicitly added as an IGMP snooping VLAN 24 2 Multicast Setup Use this screen to ...

Page 207: ...scribes the labels in this screen Table 95 Advanced Application Multicast IPv4 Multicast LABEL DESCRIPTION Index This is the index number of the entry VID This field displays the multicast VLAN ID Port This field displays the port number that belongs to the multicast group Multicast Group This field displays IP multicast group addresses Table 96 Advanced Application Multicast IPv4 Multicast IGMP S...

Page 208: ...eate and assign IGMP filtering profiles for the ports that you want to allow to join multicast groups Unknown Multicast Frame Specify the action to perform when the Switch receives an unknown multicast frame Select Drop to discard the frames Select Flooding to send the frames to all ports Select Drop on VLAN and enter the VLAN ID numbers to discard the frames on the specified VLANs Use a dash to s...

Page 209: ...waits for an IGMP report before removing an IGMP snooping membership entry when an IGMP leave message is received on this port from a host Group Limited Select this option to limit the number of multicast groups this port is allowed to join Max Group Num Enter the number of multicast groups this port is allowed to join Once a port is registered in the specified number of multicast groups any new I...

Page 210: ...ticast IPv4 Multicast IGMP Snooping IGMP Snooping VLAN LABEL DESCRIPTION Mode Select auto to have the Switch learn multicast group membership information of any VLANs automatically Select fixed to have the Switch only learn multicast group membership information of the VLANs that you specify below In either auto or fixed mode the Switch can learn up to 16 VLANs The Switch drops any IGMP control me...

Page 211: ...w entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to reset the fields to th...

Page 212: ...witch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to reset the fields to the factory defaults Profile Name This field displays the descriptive name of the profile Start Address This field displays the start of the m...

Page 213: ...ds used to authenticate users accessing the Switch and which database the Switch should use first 25 1 2 What You Need to Know Authentication is the process of determining who a user is and validating access to the Switch The Switch can authenticate users who try to log in based on user accounts configured on the Switch itself The Switch can also use an external authentication server to authentica...

Page 214: ...ed to the memory capacity of the device In essence RADIUS authentication allows you to validate an unlimited number of users from a central location 25 2 AAA Screens The AAA screens allow you to enable authentication and authorization or both of them on the Switch First configure your authentication server settings and then set up the authentication priority activate authorization Click Advanced A...

Page 215: ...robin to alternate between the RADIUS servers that it sends authentication requests to Timeout Specify the amount of time in seconds that the Switch waits for an authentication request response from the RADIUS server If you are using two RADIUS servers then the timeout value is divided between the two RADIUS servers For example if you set the timeout value to 30 seconds then the Switch waits for a...

Page 216: ...nting server in dotted decimal notation UDP Port The default port of a RADIUS accounting server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters except or as the key to be shared between the external RADIUS accounting server and the Switch This key is not sent over the ne...

Page 217: ...another source for administrator accounts specify them in the Method 2 field Select local to have the Switch check the administrator accounts configured in the Access Control Logins screen Select radius to have the Switch check the administrator accounts configured through your RADIUS server Authorization Use this section to configure authorization settings on the Switch Type Set whether the Switc...

Page 218: ...tem accounting is enabled system accounting is disabled Dot1x Configure the Switch to send information when an IEEE 802 1x client begins a session authenticates through the Switch ends a session as well as interim updates of a session Active Select this to activate accounting for a specified event type Broadcast Select this to have the Switch send accounting information to all configured accountin...

Page 219: ...BUTE Ingress Bandwidth Assignment Vendor Id 890 Vendor Type 1 Vendor data ingress rate Kbps in decimal format Egress Bandwidth Assignment Vendor Id 890 Vendor Type 2 Vendor data egress rate Kbps in decimal format Privilege Assignment Vendor ID 890 Vendor Type 3 Vendor Data shell priv lvl N or Vendor ID 9 CISCO Vendor Type 1 CISCO AVPAIR Vendor Data shell priv lvl N where N is a privilege level fro...

Page 220: ...format associated with it the format is specified 25 5 3 Attributes Used for Authentication The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication 25 5 3 1 Attributes Used for Authenticating Privilege Access User Name The format of the User Name attribute is enab where is the privilege level 1 14 User Password NAS Identifier NAS IP Addre...

Page 221: ...and configure the DHCP snooping database Use the DHCP Snooping Port Configure screen Section 26 3 1 on page 226 to specify whether ports are trusted or untrusted ports for DHCP snooping Use the DHCP Snooping VLAN Configure screen Section 26 3 2 on page 227 to enable DHCP snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82 information to DHCP requests that...

Page 222: ...ping LABEL DESCRIPTION Database Status This section displays the current settings for the DHCP snooping database You can configure them in the DHCP Snooping Configure screen Agent URL This field displays the location of the DHCP snooping database Write delay timer This field displays how long in seconds the Switch tries to complete a specific update in the DHCP snooping database before it gives up...

Page 223: ...mes the Switch successfully or unsuccessfully read or updated the DHCP snooping database Total attempts This field displays the number of times the Switch has tried to access the DHCP snooping database for any reason Startup failures This field displays the number of times the Switch could not create or read the DHCP snooping database when the Switch started up or a new URL is configured for the D...

Page 224: ...displays the number of bindings the Switch ignored because the VLAN ID does not exist anymore Last ignored time This field displays the last time the Switch ignored any bindings for any reason from the DHCP binding database Total ignored bindings counters This section displays the reasons the Switch has ignored bindings any time it read bindings from the DHCP binding database You can clear these c...

Page 225: ...sts from different VLAN Select Disable if you do not want the Switch to forward DHCP packets to a specific VLAN Database If Timeout interval is greater than Write delay interval it is possible that the next update is scheduled to occur before the current update has finished successfully or timed out In this case the Switch waits to start the next update until it completes the current one Agent URL...

Page 226: ... to load it You can use this to load dynamic bindings from a different DHCP snooping database than the one specified in Agent URL When the Switch loads dynamic bindings from a DHCP snooping database it does not discard the current dynamic bindings first If there is a conflict the Switch keeps the dynamic binding in volatile memory and updates the Binding collisions counter in the DHCP Snooping scr...

Page 227: ...d port Untrusted Trusted ports are connected to DHCP servers or other switches and the Switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high Untrusted ports are connected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source ...

Page 228: ... Enabled Select Yes to enable DHCP snooping on the VLAN You still have to enable DHCP snooping on the Switch and specify trusted ports Note If DHCP is enabled and there are no trusted ports DHCP requests will not succeed Option 82 Profile Select a pre defined DHCP option 82 profile that the Switch applies to all ports in the specified VLANs The Switch adds the information such as slot number port ...

Page 229: ...s 3 5 and 7 Option 82 Profile Select a pre defined DHCP option 82 profile that the Switch applies to the specified ports in this VLAN The Switch adds the information such as slot number port number VLAN ID and or system name specified in the profile to DHCP requests that it broadcasts to the DHCP VLAN if specified or VLAN You can specify the DHCP VLAN in the DHCP Snooping Configure screen The prof...

Page 230: ... external TFTP server If you set up the DHCP snooping database the Switch can reload the dynamic bindings from the DHCP snooping database after the Switch restarts You can configure the name and location of the file on the external TFTP server The file has the following format Figure 156 DHCP Snooping Database File Format The initial checksum helps distinguish between the bindings in the latest up...

Page 231: ...ing for each source VLAN This setting is independent of the DHCP relay settings 26 4 1 4 Configuring DHCP Snooping Follow these steps to configure DHCP snooping on the Switch 1 Enable DHCP snooping on the Switch 2 Enable DHCP snooping on each VLAN and configure DHCP relay option 82 3 Configure trusted and untrusted ports and specify the maximum number of DHCP packets that each port can receive per...

Page 232: ... on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a switch are connected with the same cable When a switch in loop state sends out broadcast messages the messages loop back to the switch and are re broadcast again and again causing a broadcast storm If a switch not in lo...

Page 233: ...returns to port N on A The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state Figure 159 Loop Guard Probe Packet The Switch also shuts down port N if the probe packet returns to switch A on any other port In other words loop guard also protects against standard network loops The following figure illustrates three switches forming a loop...

Page 234: ...is row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends broadcast and multicast probe packets from this port to check if ...

Page 235: ...e packets 28 1 2 What You Need to Know Layer 2 protocol tunneling L2PT is used on the service provider s edge devices L2PT allows edge switches 1 and 2 in the following figure to tunnel layer 2 STP Spanning Tree Protocol CDP Cisco Discovery Protocol and VTP VLAN Trunking Protocol packets between customer switches A B and C in the following figure connected through the service provider s network Th...

Page 236: ...eling Mode Each port can have two layer 2 protocol tunneling modes Access and Tunnel The Access port is an ingress port on the service provider s edge device 1 or 2 in Figure 163 on page 236 and connected to a customer switch A or B Incoming layer 2 protocol packets received on an access port are encapsulated and forwarded to the tunnel ports The Tunnel port is an egress port at the edge of the se...

Page 237: ...ield displays the port number means all ports Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them CDP Select this option to have the Switch tunnel CDP Cisco Discovery Protocol packets so that other Cisco devices can be discovered through the service...

Page 238: ...s of a link Mode Select Access to have the Switch encapsulate the incoming layer 2 protocol packets and forward them to the tunnel ports Select Access for ingress ports at the edge of the service provider s network Note You can enable L2PT services for STP LACP VTP CDP UDLD PAgP and LLDP on the access ports only Select Tunnel for egress ports at the edge of the service provider s network The Switc...

Page 239: ...ain PPPoE screen Use the Intermediate Agent screen Section 29 3 on page 242 to enable the PPPoE Intermediate Agent on the Switch Use the PPPoE IA Per Port screen Section 29 3 1 on page 243 to set the port state and configure PPPoE intermediate agent sub options on a per port basis Use the PPPoE IA Per Port Per VLAN screen Section 29 3 2 on page 244 to configure PPPoE IA settings that apply to a sp...

Page 240: ...ircuit ID Syntax with Identifier String and Variables If you do not configure a Circuit ID string for a VLAN on a specific port or for a specific port the Switch adds the user defined identifier string and variables into the Agent Circuit ID Sub option The variables can be the slot ID of the PPPoE client the port number of the PPPoE client and or the VLAN ID on the PPPoE packet The identifier stri...

Page 241: ...Terminate packet is sent from a PPPoE server and received on a trusted port the Switch forwards it to all other ports If a PADI or PADR packet is sent from a PPPoE client but received on a trusted port the Switch forwards it to other trusted ports Note The Switch will drop all PPPoE discovery packets if you enable the PPPoE intermediate agent and there are no trusted ports Untrusted ports are conn...

Page 242: ...ecific VLAN on a port in the Advanced Application PPPoE Intermediate Agent Port VLAN screen has priority over this That means if you also want to configure PPPoE IA Per Port or Per Port Per VLAN setting leave the fields here empty and configure circuit id and remote id in the Per Port or Per Port Per VLAN screen Active Select this option to have the Switch add the user defined identifier string an...

Page 243: ...bes the labels in this screen Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 115 Advanced Application PPPoE Intermedi...

Page 244: ... packets which are sent from a PPPoE server but received on an untrusted port Circuit id Enter a string of up to 63 single byte printable characters that the Switch adds into the Agent Circuit ID sub option for PPPoE discovery packets received on this port Spaces are allowed The Circuit ID you configure for a specific VLAN on a port in the Advanced Application PPPoE Intermediate Agent Port VLAN sc...

Page 245: ...ys the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Changes in this row are copied to all the VLANs as soon as you make them Circuit id Enter a string of up to 63 single byte printable characters that the S...

Page 246: ...settings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Changes in this row are copied to all the VLANs as soon as you make them Enabled Select this option to turn on the PPPoE Intermediate Agent on a VLAN Circuit id Select this option to make the Circuit ID settings for a specific VLAN take effe...

Page 247: ...op guard or CPU protection allow the Switch to shut down a port or discard specific packets on a port when an error is detected on the port For example if the Switch detects that packets sent out the ports loop back to the Switch the Switch can shut down the ports automatically After that you need to enable the ports or allow the packets on a port manually through the Web Configurator or the comma...

Page 248: ...to Errdisable Status in the Advanced Application Errdisable screen to display the screen as shown Table 119 Advanced Application Errdisable LABEL DESCRIPTION Errdisable Status Click this link to view whether the Switch detected that control packets exceeded the rate limit configured for a port or a port is disabled according to the feature requirements and what action you configure and related inf...

Page 249: ... inactive reason mode you want to reset here Reset Press to reset the specified ports to handle ARP BPDU or IGMP packets instead of ignoring them if the ports is in inactive reason mode Errdisable Status Port This is the number of the port on which you want to configure Errdisable Status Cause This displays the type of the control packet received on the port or the feature enabled on the port and ...

Page 250: ...rol packets such as BPDU on the port rate limitation The Switch drops the additional control packets the ports has to handle in every one second Rate This field displays how many control packets this port can receive or transmit per second It can be adjusted in CPU Protection 0 means no rate limit Status This field displays the errdisable status Forwarding The Switch is forwarding packets Rate lim...

Page 251: ...ed to all the ports as soon as you make them Rate Limit pkt s Enter a number from 0 to 256 to specify how many control packets this port can receive or transmit per second 0 means no rate limit You can configure the action that the Switch takes when the limit is exceeded Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or los...

Page 252: ...o the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 122 Advanced Application Errdisable Errdisable Detect continued LABEL DESCRIPTION Table 123 Advanced Applicati...

Page 253: ... to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 123 Advanced Application Errdisable Errdisable Recovery continued LABEL DESCRIPTION ...

Page 254: ...be sent a WAKE signal is sent to the link partner to return the link to active mode Auto Power Down Auto Power Down turns off almost all functions of the port s physical layer functions when the link is down so the port only uses power to check for a link up pulse from the link partner After the link up pulse is detected the port wakes up from Auto Power Down and operates normally Short Reach Trad...

Page 255: ...he same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them EEE Select this to activate Energy Efficient Ethernet on this port Auto Power Down Select this to activate Auto Power Down on this port Short Reach Select this to activate Short Reach on this port Apply Click Apply to save your change...

Page 256: ...DUs LLDP data units in the form of TLV Type Length Value Device information carried in the received LLDPDUs is stored in the standard MIB The Switch supports these basic management TLVs End of LLDPDU mandatory Chassis ID mandatory Port ID mandatory Time to Live mandatory Port Description optional System Name optional System Description optional System Capabilities optional Management Address optio...

Page 257: ...and easy trouble shooting for mis configured IP addresses There are three classes of endpoint devices that the LLDP MED supports Class I IP Communications Controllers or other communication related servers Class II Voice Gateways Conference Bridges or Media Servers Class III IP Phones PC based Softphones End user Communication Appliances supporting IP Media The following figure shows that with the...

Page 258: ...n next Figure 178 Advanced Application LLDP The following table describes the labels in this screen Table 125 Advanced Application LLDP LABEL DESCRIPTION LLDP LLDP Local Status Click here to show a screen with the Switch s LLDP information LLDP Remote Status Click here to show a screen with LLDP information from the neighboring devices LLDP Configuration Click here to show a screen to configure LL...

Page 259: ...MED LLDP MED Configuration Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices parameters LLDP MED Network Policy Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices network policy parameters LLDP MED Location Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol ...

Page 260: ...witch System Capabilities Supported Bridge System Capabilities Enabled Bridge Management Address TLV The Management Address TLV identifies an address associated with the local LLDP agent that may be used to reach higher layer entities to assist discovery by network management The TLV may also include the system interface number and an object identifier OID that are associated with this management ...

Page 261: ...XMG1930 Series User s Guide 261 Figure 180 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail ...

Page 262: ...iation AN Enabled The current auto negotiation status of the port AN Advertised Capability The auto negotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capable of being aggregated whether the link is currently in an aggregation and if in an aggregation the port identif...

Page 263: ...ocation Identifier Number Table 127 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail continued LABEL DESCRIPTION Table 128 Advanced Application LLDP LLDP Remote Status LABEL DESCRIPTION Index The index number shows the number of remote devices that are connected to the Switch Click on an index number to view the detailed LLDP status for this remote device in the LLDP Remot...

Page 264: ...L DESCRIPTION Local Port This displays the number of the Switch s port to which the remote device is connected Basic TLV Chassis ID TLV Chassis ID Subtype this displays how the chassis of the remote device is identified Chassis ID this displays the chassis ID of the remote device The chassis ID is identified by the chassis ID subtype Port ID TLV Port ID Subtype this displays how the port of the re...

Page 265: ...s whether the system capabilities are enabled and supported on the remote device System Capabilities Supported System Capabilities Enabled Management Address TLV This displays the management address IPv4 and IPv6 of the remote device Management Address Subtype Management Address Interface Number Subtype Interface Number Object Identifier Table 129 Advanced Application LLDP LLDP Remote Status LLDP ...

Page 266: ...ed Application LLDP LLDP Remote Status LLDP Remote Port Status Detail Dot1 and Dot3 TLV LABEL DESCRIPTION Dot1 TLV Port VLAN ID TLV This displays the VLAN ID of this port on the remote device Port Protocol VLAN ID TLV This displays the IEEE 802 1 Port Protocol VLAN ID TLV which indicates whether the VLAN ID and whether it is enabled and supported on the port of remote Switch which sent the LLDPDU ...

Page 267: ...o negotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capable of being aggregated whether the link is currently in an aggregation and if in an aggregation the port identification of the aggregation Aggregation Capability The current aggregation capability of the port A...

Page 268: ...Chapter 32 Link Layer Discovery Protocol LLDP XMG1930 Series User s Guide 268 Figure 184 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail MED TLV ...

Page 269: ...ase LCI latitude and longitude coordinates of the Location Configuration Information LCI Civic LCI IETF Geopriv Civic Address based Location Configuration Information ELIN Emergency Location Identifier Number Inventory TLV The majority of IP Phones lack support of management protocols such as SNMP so LLDP MED inventory TLVs are used to provide their inventory information to the Network Connectivit...

Page 270: ...ded when its corresponding TTL expires The TTL value is to multiply the TTL multiplier by the LLDP packets transmitting interval Transmit Delay Enter the delay in seconds between successive LLDPDU transmissions initiated by value or status changes in the Switch MIB Reinitialize Delay Enter the number of seconds for LLDP to wait before initializing on a port Apply Click Apply to save your changes t...

Page 271: ...avigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 132 Advanced Application LLDP LLDP Configuration continued LABEL DESCRIPTION Table 133 Advanced Application LLDP LLDP Configuration Basic TLV Setting LABEL DESCRIPTION Port This displays the Switch s port number Use this row to make the set...

Page 272: ...nfiguration Org specific TLV Setting LABEL DESCRIPTION Port This displays the Switch s port number Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them Dot1 TLV Port VLAN ID Select the check boxes to enable or disable the sending of IEEE 802 1 Port VLAN...

Page 273: ...all ports simultaneously Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them Notification Topology Change Select to enable LLDP MED topology change traps on this port MED TLV Setting Location Select to enable transmitting LLDP MED location TLV Network ...

Page 274: ... defined from 0 through 63 with the 0 representing use of the default DSCP value Priority Enter the priority value for the network policy Add Click Add after finish entering the network policy information A summary table will list all the Switch you have added Cancel Click Cancel to begin entering the information afresh Index This field displays the of index number of the network policy Click an i...

Page 275: ...P MED Network Policy continued LABEL DESCRIPTION Table 137 Advanced Application LLDP LLDP MED Location LABEL DESCRIPTION Port Enter the port number you want to set up the location within the LLDP MED network Location Coordinates The LLDP MED uses geographical coordinates and Civic Address to set the location information of the remote device Geographical based coordinates includes latitude longitud...

Page 276: ...reet Direction Street Suffix Trailing Street Suffix House Number House Number Suffix Landmark Additional Location Name Zip Code Building Unit Floor Room Number Place Type Postal Community Name Post Office Box Additional Code ELIN Number Enter a numerical digit string corresponding to the ELIN identifier which is used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP The va...

Page 277: ...n Identification Number ELIN which is used to identify endpoint devices when they issue emergency call services The valid length is form 10 to 25 characters Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Check the locations that you want to remove then click the Delete button Cancel Click Cancel to clear t...

Page 278: ... connected to 1 Gbps clients when the download speed falls below 800 Mbps 33 1 1 What You Can Do When the download speed falls below 800 Mbp for ports that connect to 1 Gbps clients use the Port Buffer screen to enable the Switch to improve the speed 33 2 Port Buffer Setting To open this screen click Advanced Application Port Buffer Figure 191 Advanced Application Port Buffer ...

Page 279: ... download speed from the client falls below 800 Mbps After enabling test if the download speed has improved If not disable port buffer on the port Note Port buffer cannot be enabled on fiber ports Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your chan...

Page 280: ...ic from A to the Internet through the Switch s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R3 connected to the Switch Figure 192 Example of Static Routing Topology 34 1 1 What You Can Do Use the Static Routing screen Section 34 2 on page 281 to displ...

Page 281: ... you use to create a static route Table 139 IP Application Static Routing IPv4 Static Route LABEL DESCRIPTION Active This field allows you to activate or deactivate this static route Name Enter a descriptive name up to 10 single byte printable characters for identification purposes Destination IP Address This parameter specifies the IP network address of the final destination IP Subnet Mask Enter ...

Page 282: ...evious configuration Clear Click Clear to set the above fields back to the factory defaults Index This field displays the index number of the route Click a number to edit the static route entry Active This field displays Yes when the static route is activated and NO when it is deactivated Name This field displays the descriptive name for this route This is for identification purposes only Destinat...

Page 283: ...y The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Index This field displays the index number of the route Click a number to edit the static route entry Interface This field displays the descripti...

Page 284: ...on 82 profile to certain ports on the Switch Use the VLAN Setting screen Section 35 4 6 on page 291 to configure your DHCPv4 settings based on the VLAN domain of the DHCPv4 clients Use the DHCPv4 VLAN Port screen Section 35 4 7 on page 293 to apply a different DHCP option 82 profile to certain ports in a VLAN Use the DHCPv6 Relay screen Section 35 5 on page 295 to enable and configure DHCPv6 relay...

Page 285: ...lication DHCP DHCPv4 in the navigation panel The DHCP Status screen displays Figure 197 IP Application DHCP DHCPv4 The following table describes the labels in this screen Table 141 IP Application DHCP DHCPv4 LABEL DESCRIPTION Relay Status This section displays configuration settings related to the Switch s DHCP relay mode Relay Mode This field displays None if the Switch is not configured as a DHC...

Page 286: ...ess based on this information Please refer to RFC 3046 for more details The DHCP Relay Agent Information feature adds an Agent Information field also known as the Option 82 field to DHCP requests The Option 82 field is in the DHCP headers of client DHCP request frames that the Switch relays to a DHCP server Relay Agent Information can include the System Name of the Switch if you select this option...

Page 287: ...shown Figure 198 IP Application DHCP DHCPv4 Option 82 Profile Note The string of any field in this screen should not contain or The following table describes the labels in this screen Table 144 DHCP Relay Agent Circuit ID Sub option Format SubOpt Code Length Value 1 1 byte N 1 byte Slot ID Port ID VLAN ID System Name or String Table 145 DHCP Relay Agent Remote ID Sub option Format SubOpt Code Leng...

Page 288: ... printable characters for the remote ID information in this field Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel...

Page 289: ...box to enable DHCPv4 relay Remote DHCP Server 1 3 Enter the IP address of a DHCPv4 server in dotted decimal notation Option 82 Profile Select a pre defined DHCPv4 option 82 profile that the Switch applies to all ports The Switch adds the Circuit ID sub option and or Remote ID sub option specified in the profile to DHCP requests that it relays to a DHCP server Apply Click Apply to save your changes...

Page 290: ...ty over the one you select in the DHCP DHCPv4 Global screen Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to rese...

Page 291: ... DHCP server This allows the DHCP server to assign the appropriate IP address according to the VLAN ID Figure 202 DHCP Relay Configuration Example 35 4 6 DHCPv4 VLAN Setting Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients Click IP Application DHCP DHCPv4 in the navigation panel then click the VLAN link In the DHCP Status screen that displays Note You mu...

Page 292: ...ports in this VLAN The Switch adds the Circuit ID sub option and or Remote ID sub option specified in the profile to DHCP requests that it relays to a DHCP server Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel ...

Page 293: ... profile that the Switch applies to the specified ports in this VLAN The Switch adds the Circuit ID sub option and or Remote ID sub option specified in the profile to DHCP requests that it relays to a DHCP server The profile you select here has priority over the one you select in the DHCP DHCPv4 VLAN screen Add Click this to create a new entry or to update an existing one This saves your changes t...

Page 294: ... DHCP server with an IP address of 172 16 10 100 Figure 205 DHCP Relay for Two VLANs For the example network configure the VLAN Setting screen as shown Figure 206 DHCP Relay for Two VLANs Configuration Example Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Select the entries that you want to remove then cl...

Page 295: ...tings for a specific VLAN on the Switch Click IP Application DHCP DHCPv6 DHCPv6 Relay in the navigation panel to display the screen as shown Figure 207 IP Application DHCP DHCPv6 Relay The following table describes the labels in this screen Table 151 IP Application DHCP DHCPv6 Relay LABEL DESCRIPTION VID Enter the ID number of the VLAN you want to configure here Helper Address Enter the remote DHC...

Page 296: ...Pv6 requests from clients in this VLAN Remote ID This field displays whether the remote ID option is added to DHCPv6 requests from clients in this VLAN Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Check the entries that you want to remove and then click the Delete button Cancel Click Cancel to clear the ...

Page 297: ... this chapter 36 1 2 1 How ARP Works When an incoming packet destined for a host device on a local area network arrives at the Switch the Switch looks in the ARP Table and if it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and p...

Page 298: ...orwards host A s ICMP request to host B After the Switch gets the ICMP reply from host B it sends out an ARP request to get host A s MAC address and updates the ARP table with host A s ARP reply The Switch then can forward host B s ICMP reply to host A Gratuitous ARP A gratuitous ARP is an ARP request in which both the source and destination IP address fields are set to the IP address of the devic...

Page 299: ...getting host B s MAC address and ICMP reply 36 2 ARP Setup Click IP Application ARP Setup in the navigation panel to display the screen as shown Click the link next to ARP Learning to open a screen where you can set the ARP learning mode for each port Click the link next to Static ARP to open a screen where you can create static ARP entries on the Switch Figure 208 IP Application ARP Setup 36 2 1 ...

Page 300: ...en make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them ARP Learning Mode Select the ARP learning mode the Switch uses on the port Select ARP Reply to have the Switch update the ARP table only with the ARP replies to the ARP requests sent by the Switch Select Gratuitous ARP to have the Switch update its ARP table with either an ARP reply...

Page 301: ...ned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to set the above fields back to the factory defaults Index This field displays the index number of an entry Click an index number to change the settings Active This field d...

Page 302: ...en Section 37 2 1 on page 304 to reset the configuration to the Zyxel default configuration settings Use the Save Configuration screen Section 37 2 2 on page 304 to save the current configuration settings to a specific configuration file on the Switch Use the Reboot System screen Section 37 2 3 on page 304 to restart the Switch without physically turning the power off and load a specific configura...

Page 303: ...iguration file Reboot System Click Config 1 to reboot the Switch and load Configuration 1 on the Switch Click Config 2 to reboot the Switch and load Configuration 2 on the Switch Click Factory Default to reboot the Switch and load the Zyxel factory default configuration settings on the Switch Click Custom Default to reboot the system and load a saved Custom Default configuration file on the Switch...

Page 304: ...twork environment Click Config 2 to save the current configuration settings permanently to Configuration 2 on the Switch These configurations are set up according to your network environment Click Custom Default to save the current configuration settings permanently to a customized default file on the Switch If configuration changes cause the Switch to behave abnormally click Custom Default next t...

Page 305: ...k OK to continue or Cancel to abort Figure 213 Load Factory Default Confirmation If you want to access the Switch Web Configurator again you may need to change the IP address of your computer to be in the same subnet as that of the default Switch IP address 192 168 1 1 or DHCP assigned IP 37 2 5 Custom Default Follow the steps below to reset the Switch back to the Custom Default configuration file...

Page 306: ...he correct model firmware as uploading the wrong model firmware may damage your device Click Management Maintenance Firmware Upgrade to view the screen as shown next Figure 215 Management Maintenance Firmware Upgrade The top of firmware upgrade screen shows which firmware version is currently running on the Switch Enter the path and file name of the firmware file you wish to upload to the Switch i...

Page 307: ...etting Firmware 1 shows its version number and model code and MM DD YYYY creation date Firmware 2 shows its version number and model code and MM DD YYYY creation date Current Boot Image This displays which firmware is currently in use on the Switch Firmware 1 or Firmware 2 Config Boot Image Select which firmware Firmware 1 or Firmware 2 should load click Apply and reboot the Switch to see changes ...

Page 308: ...Save As to save the file to a specific place If a dialog box pops up asking whether you want to open or save the file click Save or Save File to download it to the default downloads folder on your computer If a Save As screen displays after you click Save or Save File choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the F...

Page 309: ... Mbuf 50 means a log will be created when the Mbuf utilization is over 50 The higher the Mbuf threshold number the fewer logs will be created and the less data technical support will have to analyze and vice versa Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel ...

Page 310: ...igurator See Section 38 8 3 on page 330 for more information about HTTPS Certificates are based on public private key pairs A certificate contains the certificate owner s identity and public key Certificates provide a way to exchange public keys for use in authentication Click Management Maintenance Certificates to open the following screen Use this screen to import the Switch s CA signed certific...

Page 311: ...hority from your computer to the Switch Service This field displays the service type that this certificate is for Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certificate have unique subject information Issuer This field displays ident...

Page 312: ...from the Switch using FTP commands First understand the filename conventions 37 8 2 Filename Conventions The configuration file also known as the romfile or ROM contains the Zyxel factory default configuration settings in the screens such as password Switch setup IP Setup and so on Once you have customized the Switch s settings they can be saved back to your computer under a filename of your choos...

Page 313: ...a user name 4 Enter your password as requested the default is 1234 5 Enter bin to set transfer mode to binary 6 Use put to transfer files from the computer to the Switch for example put firmware bin ras transfers the firmware on your computer firmware bin to the Switch and renames it to ras Similarly put config cfg config transfers the configuration file on your computer config cfg to the Switch a...

Page 314: ... 159 General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server Login Type Anonymous This is when a user I D and password is automatically supplied to the server for anonymous access Anonymous logins will work only if your ISP or service administrator has enabled this option Normal The server requires a unique User ID and Password to login Tran...

Page 315: ...o SNMP groups Use the Logins screens Section 38 4 on page 321 to assign which users can access the Switch through Web Configurator at any one time Use the Service Access Control screen Section 38 5 on page 322 to decide what services you may use to access the Switch Use the Remote Management screen Section 38 6 on page 323 to specify a group of one or more trusted computers from which an administr...

Page 316: ...this link to configure your SNMP settings Logins Click this link to assign which users can access the Switch through Web Configurator at any one time Service Access Control Click this link to decide what services you may use to access the Switch Remote Management Click this link to specify a group of one or more trusted computers from which an administrator may use a service to manage the Switch A...

Page 317: ...e Set Community string which is the password for incoming Set requests from the management station The Set Community string is only used by SNMP managers using SNMP version 2c or lower Trap Community Enter the Trap Community string which is the password sent with each trap to the SNMP manager The Trap Community string is only used by SNMP managers using SNMP version 2c or lower Trap Destination Us...

Page 318: ...ype Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station The traps are grouped by category Selecting a category automatically selects all of the category s traps Clear the check boxes for individual traps that you do not want the Switch to send to the SNMP station Clearing a catego...

Page 319: ...k box to enable the trap type of SNMP traps on this port The Switch sends the related traps received on this port to the SNMP manager Clear this check box to disable the sending of SNMP traps on this port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save y...

Page 320: ...Model VACM group SNMP managers in one group are assigned common access rights to MIBs Specify in which SNMP group this user is admin Members of this group can perform all types of system configuration including the management of administrator accounts readwrite Members of this group have read and write rights meaning that the user can create and edit the MIBs on the Switch except the user account ...

Page 321: ...s privilege level Click Management Access Control Logins to view the screen as shown Figure 227 Management Access Control Logins Note The input string in any field of this screen should not contain or In the Password fields space is also not allowed The following table describes the labels in this screen Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to...

Page 322: ...stem information 3 Display configuration or status 13 Configure features except for login accounts SNMP user accounts the authentication method sequence and authorization settings multiple logins administrator and enable passwords and configuration information display 14 Configure login accounts SNMP user accounts the authentication method sequence and authorization settings multiple logins and ad...

Page 323: ...w the new port number for that service Timeout Enter how many minutes from 1 to 255 a management session can be left idle before the session times out After it times out you have to log in with your password again Very long idle timeouts may have security risks Login Timeout The Telnet or SSH server do not allow multiple user logins at the same time Enter how many seconds from 30 to 300 seconds a ...

Page 324: ...use a service to manage the Switch Active Select this check box to activate this secured client set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address of a computer requesting a service or protocol matches the...

Page 325: ... SNMP user authentication in the Authentication field and the password for the encryption method for SNMP communication in the Privacy field Note The passwords will appear as encrypted text when Password Encryption is Active Click Management Access Control Account Security to view the screen as shown next Click Access Control to return to the Access Control screen Figure 230 Management Access Cont...

Page 326: ...ement software module that resides in a managed Switch the Switch An agent translates the local management information from the managed Switch into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed devices Display Select which specific information to display in p...

Page 327: ... objects define the attributes of the managed device which includes the names status access rights and data types Each object can be addressed through an object identifier OID MIBs let administrators collect statistics and monitor status and performance The Switch uses standard public RFC defined MIBs for standard functionality To view a list of standard MIBs supported by your Switch see the produ...

Page 328: ... defined as IEEE 802 1ab enables LAN devices that support LLDP to exchange their configured settings This helps eliminate configuration mismatch issues Table 174 SNMP IP Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION ping pingProbeFailed 1 3 6 1 2 1 80 0 1 This trap is sent when a single ping probe fails pingTestFailed 1 3 6 1 2 1 80 0 2 This trap is sent when a ping test consisting of a series o...

Page 329: ...8 8 2 1 How SSH Works The following table summarizes how a secure connection is established between two remote hosts Figure 233 How SSH Works 1 Host Identification The SSH client sends a connection request to the SSH server The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The c...

Page 330: ...is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring confidentiality an unauthorized party cannot read the transferred data authentication one party can identify the other party and data integrity you know if data has been changed It relies upon certificates public keys and private keys ...

Page 331: ...sages Internet Explorer 6 When you attempt to access the Switch HTTPS server a Windows dialog box pops up asking if you trust the server certificate You see the following Security Alert screen in Internet Explorer Select Yes to proceed to the Web Configurator login screen if you select No then Web Configurator access is blocked Figure 235 Security Alert Dialog Box Internet Explorer 6 Internet Expl...

Page 332: ...r you log in you will see the red address bar with the message Certificate Error Click on Certificate Error next to the address bar and click View certificates Figure 237 Certificate Error Internet Explorer 11 Click Install Certificate and follow the on screen instructions to install the certificate in your browser EXAMPLE ...

Page 333: ...ernet Explorer 11 Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server a Your connection is not secure screen may display If that is the case click I Understand the Risks and then the Add Exception button Figure 239 Security Alert Mozilla Firefox EXAMPLE ...

Page 334: ... the Web Configurator login screen Figure 240 Security Alert Mozilla Firefox 38 8 4 Google Chrome Warning Messages When you attempt to access the Switch HTTPS server a Your connection is not private screen may display If that is the case click Advanced and then Proceed to x x x x unsafe to proceed to the Web Configurator login screen EXAMPLE ...

Page 335: ...t Google Chrome 58 0 3029 110 38 8 4 1 Main Settings After you accept the certificate and enter the login user name and password the Switch main screen appears The lock displayed in the bottom right of the browser status bar or next to the website address denotes a secure connection ...

Page 336: ...XMG1930 Series User s Guide 336 Figure 242 Example Lock Denoting a Secure Connection EXAMPLE ...

Page 337: ...he Diagnostic screen You can use this screen to help you identify problems 39 2 Diagnostic Click Management Diagnostic in the navigation panel to open this screen Use this screen to ping IP addresses run a traceroute perform port tests or show the Switch s location between devices Figure 243 Management Diagnostic ...

Page 338: ... you want to perform a traceroute Click Trace Route to have the Switch perform the traceroute function This determines the path a packet takes to the specified device TTL Enter the Time To Live TTL value for the ICMP Echo Request packets This is to set the maximum number of the hops routers a packet can travel through Each router along the path will decrement the TTL value by one and forward the p...

Page 339: ...e cable length Distance to fault This displays the distance between the port and the location where the cable is open or shorted This shows N A if the Pair status is Ok This shows Unsupported if the Switch chipset does not support to show the distance Locator LED Enter a time interval in minutes and click Blink to show the actual location of the Switch between several devices in a rack The default...

Page 340: ...en a log reaches the maximum number of log messages new log messages automatically overwrite existing log messages starting with the oldest existing log message first Figure 244 Management System Log The summary table shows the time the log message was recorded and the reason the log message was generated Click Refresh to update this screen Click Clear to clear the whole log regardless of what is ...

Page 341: ...els 41 1 1 What You Can Do Use the Syslog Setup screen Section 41 2 on page 341 to configure the device s system logging settings and configure a list of external syslog servers 41 2 Syslog Setup The syslog feature sends logs to an external syslog server Use this screen to configure the device s system logging settings and configure a list of external syslog servers Click Management Syslog Setup i...

Page 342: ... changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Syslog Server Setup Active Select this check box to have the device send logs to this syslog server Clear ...

Page 343: ...er to edit the entry Active This field displays Yes if the device is to send logs to the syslog server No displays if the device is not to send logs to the syslog server IP Address This field displays the IP address of the syslog server UDP Port This field displays the port of the syslog server Log Level This field displays the severity level of the logs that the device is to send to this syslog s...

Page 344: ...ther switches on the upper floors of the building are cluster members Figure 246 Clustering Application Example 42 1 1 What You Can Do Use the Cluster Management Status screen Section 42 2 on page 345 to view the role of the Switch within the cluster and to access a cluster member Switch s Web Configurator Table 179 Zyxel Clustering Management Specifications Maximum number of cluster members 24 Cl...

Page 345: ...not through the cluster manager None neither a manager nor a member of a cluster Manager This field displays the cluster manager Switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage cluster member switches through the cluster manager Switch Each number i...

Page 346: ...then its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below Name Type a name to identify the Clustering Manager You may use up to 32 printable characters spaces are allowed VID This is the VLAN ID and is only applicable if the Switch is set to 802 1Q VLAN All switches must be directly connected and in the same VLAN group...

Page 347: ... be managed from the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen If multiple devices have the same password then hold SHIFT and click those switches to select them Then enter their common Web Configurator password Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use t...

Page 348: ... Figure 249 Cluster Management Cluster Member Web Configurator Screen 42 4 1 1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example example ...

Page 349: ...K ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 470ACAQ0 bin fw 00 a0 c5 01 23 46 200 Port command okay 150 Opening data connection for STOR fw 00 a0 c5 01 23 46 226 File received OK ftp 262144 bytes sent in 0 63Seconds 415 44Kbytes sec ftp Table 182 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION User Enter admin Password The Web Configurat...

Page 350: ...witch uses the MAC Table to determine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the MAC Table If the Switch has already learned the port for this MAC address then it forwards the frame...

Page 351: ...e Use this screen to search specific MAC addresses You can also directly add dynamic MAC addresses into the static MAC forwarding table or MAC filtering table from the MAC table using this screen Click Management MAC Table in the navigation panel to display the following screen Figure 252 Management MAC Table ...

Page 352: ...Select PORT to display and arrange the data according to port number Transfer Type Select Dynamic to MAC forwarding and click the Transfer button to change all dynamically learned MAC address entries in the summary table below into static entries They also display in the Advanced Application Static MAC Forwarding screen Select Dynamic to MAC filtering and click the Transfer button to change all dy...

Page 353: ...itch examines a received packet and learns the port from which this source IP address came 2 The Switch checks to see if the packet s destination IP address matches a source IP address already learned in the IP Table If the Switch has already learned the port for this IP address then it forwards the packet to that port If the Switch has not already learned the port for this IP address then the pac...

Page 354: ...IP Click this button to display and arrange the data according to IP address VID Click this button to display and arrange the data according to VLAN group Port Click this button to display and arrange the data according to port number Index This field displays the index number IP Address This is the IP address of the device from which the incoming packets came VID This is the VLAN group to which t...

Page 355: ... it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast...

Page 356: ...ancel to return the fields to the factory defaults Index This is the ARP table entry number IP Address This is the IP address of a device connected to a Switch port with the corresponding MAC address below MAC Address This is the MAC address of the device with the corresponding IP address above VID This field displays the VLAN to which the device belongs Port This field displays the port to which ...

Page 357: ...display the main screen as shown Click the link next to IPv4 Routing Table to open a screen where you can view the IPv4 routing table information Click the link next to IPv6 Routing Table to open a screen where you can view the IPv6 routing table information Figure 256 Management Routing Table 46 3 IPv4 Routing Table Use this screen to view IPv4 routing table information Click Management Routing T...

Page 358: ... of the route Type This field displays the method used to learn the route STATIC added as a static entry LOCAL added as a local interface entry Uptime This field displays how long the route has been running since the Switch learned the route and added an entry in the routing table Table 187 Management Routing Table IPv6 Routing Table LABEL DESCRIPTION Index This field displays the index number Rou...

Page 359: ...e Use this screen to view IPv6 path MTU information on the Switch Click Management Path MTU Table in the navigation panel to display the screen as shown Figure 259 Management Path MTU Table The following table describes the labels in this screen Table 188 Management Path MTU Table LABEL DESCRIPTION Path MTU aging time This field displays how long an entry remains in the Path MTU table before it ag...

Page 360: ...48 1 Overview This chapter shows you how you can copy the settings of one port onto other ports 48 2 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management Configure Clone to open the following screen ...

Page 361: ...s the source port You can enter individual ports separated by a comma or a range of ports by using a dash Example 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Select to apply all settings to the port Use this first to select the common settings and then remove the settings you do not want copied Basic Setting Select w...

Page 362: ...memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 189 Management Configure Clone continued LABEL DESCRIPTION ...

Page 363: ...nfiguration IPv6 Neighbor Setup screen When the Switch needs to send a packet it first consults other table to determine the next hop Once the next hop IPv6 address is known the Switch looks into the neighbor table to get the link layer address and sends the packet when the neighbor is reachable If the Switch cannot find an entry in the neighbor table or the state for the neighbor is not reachable...

Page 364: ... initial request The field displays this also when the Switch receives an unrequested response from the neighbor s interface delay D The neighboring interface is no longer known to be reachable and traffic has been sent to the neighbor recently The Switch delays sending request packets for a short to give upper layer protocols a chance to determine reachability probe P The Switch is sending reques...

Page 365: ...bels in this screen Table 191 Management Port Status LABEL DESCRIPTION Port This identifies the Ethernet port Click a port number to display the Port Details screen Name This is the name you assigned to this port in the Basic Setting Port Setup screen Link This field displays the speed such as 100M for 100 Mbps 1G for 1000 Mbps or 1 Gbps 2 5G for 2 5 Gbps 5G for 5 Gbps or 10G for 10 Gbps and the d...

Page 366: ...xPkts This field shows the number of transmitted frames on this port RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port Tx kB s This field shows the number of kilobytes per second transmitted on this port Rx kB s This field shows the number of kilobytes per second received on this port Up Time This field shows the t...

Page 367: ...x This field displays Down if the port is not connected to any device State If STP Spanning Tree Protocol is enabled this field displays the STP state of the port If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP When LACP Link Aggregation Control Protocol STP and dot1x are in blocking state it displays Blocking LACP This field shows if LACP is enabled ...

Page 368: ... one collision Multiple This is a count of successfully transmitted packets for which transmission was inhibited by more than one collision Excessive This is a count of packets for which transmission failed due to excessive collisions Excessive collision is defined as the number of maximum collisions before the retransmission count is reset Late This is the number of times a late collision is dete...

Page 369: ...o display the Port Status screen and then click the DDMI link tab Figure 264 Management Port Status DDMI The following table describes the labels in this screen 1024 to 1518 This field shows the number of packets including bad packets received that were between 1024 and 1518 octets in length Giant This field shows the number of packets including bad packets received that were between 1519 octets a...

Page 370: ...Code This displays the date when the optical transceiver was manufactured Transceiver This displays the type of transceiver installed in the SGP slot Table 193 Management Port Status DDMI continued LABEL DESCRIPTION Table 194 Management Port Status DDMI DDMI Details LABEL DESCRIPTION Transceiver Information Port No This identifies the SFP port Connector Type This displays the connector type of the...

Page 371: ...displays the level of voltage being supplied to the SFP transceiver TX Bias mA This displays the milliamps mA being supplied to the SFP transceiver s Laser Diode Transmitter TX Power dbm This displays the amount of power the SFP transceiver is transmitting RX Power dbm This displays the amount of power the SFP transceiver is receiving from the fiber cable Current This displays the current status f...

Page 372: ... F for full duplex This field displays Down if the port is not connected to any device Tx kB s This field shows the transmission speed of data sent on this port in kilobytes per second Tx Utilization This field shows the percentage of actual transmitted frames on this port as a percentage of the Link speed Rx kB s This field shows the transmission speed of data received on this port in kilobytes p...

Page 373: ...373 PART III Troubleshooting and Appendices ...

Page 374: ...h 2 Make sure the power adapter or cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adapter or cord to the Switch 4 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of the LED See Section 3 3 on page 43 2 Ch...

Page 375: ...ing managed by NCC again Note After performing step 3 and you want to use the Cloud management mode make sure the Switch is registered in your organization and site in the NCC portal To register the Switch again scan the QR code using the Zyxel Nebula Mobile app See the Section on page 23 for more information on using the app to register the Switch I forgot the IP address for the Switch 1 The defa...

Page 376: ...anced suggestion Advanced Suggestion Try to access the Switch using another service such as Telnet If you can access the Switch check the remote management settings to find out why the Switch does not respond to HTTP Pop up Windows JavaScripts and Java Permissions In order to use the Web Configurator you need to allow Web browser pop up windows from your device JavaScripts enabled by default Java ...

Page 377: ...manently See also Section 37 2 2 on page 304 for more information about how to save your configuration I accidentally unplugged the Switch I am not sure which configuration file will be loaded If you plug the power cable back to the Switch it will reboot and load the configuration file that was used the last time For example if Config 1 was used on the Switch before you accidentally unplugged the ...

Page 378: ...com index shtml for the latest information Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it Corporate Headquarters Worldwide Taiwan Zyxel Communications Corporation https www zyxel com Asia China Zyxel...

Page 379: ...pk Philippines Zyxel Philippines http www zyxel com ph Singapore Zyxel Singapore Pte Ltd http www zyxel com sg Taiwan Zyxel Communications Corporation https www zyxel com tw zh Thailand Zyxel Thailand Co Ltd https www zyxel com th th Vietnam Zyxel Communications Corporation Vietnam Office https www zyxel com vn vi Europe Belarus Zyxel BY https www zyxel by Bulgaria Zyxel България https www zyxel c...

Page 380: ... https www zyxel com fi fi France Zyxel France https www zyxel fr Germany Zyxel Deutschland GmbH https www zyxel com de de Hungary Zyxel Hungary SEE https www zyxel com hu hu Italy Zyxel Communications Italy https www zyxel com it it Netherlands Zyxel Benelux https www zyxel com nl nl Norway Zyxel Communications https www zyxel com no no Poland Zyxel Communications Poland https www zyxel com pl pl...

Page 381: ...sk Spain Zyxel Communications ES Ltd https www zyxel com es es Sweden Zyxel Communications https www zyxel com se sv Switzerland Studerus AG https www zyxel ch de https www zyxel ch fr Turkey Zyxel Turkey A S https www zyxel com tr tr UK Zyxel Communications UK Ltd https www zyxel com uk en Ukraine Zyxel Ukraine http www ua zyxel com South America Argentina Zyxel Communications Corporation https w...

Page 382: ...ations Corporation https www zyxel com co es Ecuador Zyxel Communications Corporation https www zyxel com co es South America Zyxel Communications Corporation https www zyxel com co es Middle East Israel Zyxel Communications Corporation http il zyxel com North America USA Zyxel Communications Inc North America Headquarters https www zyxel com us en ...

Page 383: ...ions in which this service is used Table 196 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is also used as a listening port by ICQ AUTH TCP 113 Authentication protocol used by some servers BGP TCP 179 Border Gateway Protocol BOOT...

Page 384: ...that sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or other PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP_TUNNEL GRE User Defined 47 PPTP Point ...

Page 385: ...CS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FT...

Page 386: ... 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means th...

Page 387: ...owing table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and cannot be assigned to a multicast group Table 198 Predefined Multicast Address MULTICAST ADDRESS DESCRIPTION FF01 0 0 0 0 0 0 1 All hosts on a local node FF01 0 0 0 0 0 0 2 All routers on a local node FF02 0 0 0 0 0 0 1 All hosts on a local connected link FF...

Page 388: ...sing UDP Each DHCP client and server has a unique DHCP Unique IDentifier DUID which is used for identification when they are exchanging DHCPv6 messages The DUID is generated from the MAC address time vendor assigned ID and or the vendor s private enterprise number registered with the IANA It should not change over time even after you reboot the device Identity Association An Identity Association I...

Page 389: ...d uplink router for its LAN The Switch uses the received IPv6 prefix for example 2001 db2 48 to generate its LAN IP address Through sending Router Advertisements RAs regularly by multicast the Switch passes the IPv6 prefix information to its LAN hosts The hosts then can use the prefix to generate their IPv6 addresses ICMPv6 Internet Control Message Protocol for IPv6 ICMPv6 or ICMP for IPv6 is defi...

Page 390: ...d as the next hop Otherwise the Switch determines the next hop from the default router list or routing table Once the next hop IP address is known the Switch looks into the neighbor cache to get the link layer address and sends the packet when the neighbor is reachable If the Switch cannot find an entry in the neighbor cache or the state for the neighbor is not reachable it starts the address reso...

Page 391: ... DHCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 client on your computer 1 Install Dibbler and select the DHCPv6 client option on your computer 2 Afte...

Page 392: ... Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 check box to enable it 3 Click OK to save the change ...

Page 393: ... DHCPv6 is enabled when you enable IPv6 on a Windows 10 PC To enable IPv6 in Windows 10 1 Select Control Panel Network and Sharing Center 2 On the left side of the Network and Sharing Center select Change adapter settings 3 Right click your network connection and select Properties C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address...

Page 394: ...your computer 1 Select Start Settings Network Internet 2 On the left side of the Network Internet select Ethernet Then select the Ethernet network you are connected to 3 Under IP assignment select Edit 4 Under Edit IP settings select Automatic DHCP or Manual Then click Save When you select Automatic DHCP the IP address settings and DNS server address setting are set automatically by your router Wh...

Page 395: ...ject to the following two conditions 1 This Switch may not cause harmful interference 2 This Switch must accept any interference received including interference that may cause undesired operations Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This equipment has been tested and found to comply with th...

Page 396: ...and electronic Switch For detailed information about recycling of this product please contact your local city office your household waste disposal service or the store where you purchased the product Use ONLY power wires of the appropriate wire gauge for your Switch Connect it to a power supply of the correct voltage Fuse Warning Replace a fuse only with a fuse of the same type and rating The POE ...

Page 397: ...itpunkt der Entsorgung wird die getrennte Sammlung von Produkt und oder seiner Batterie dazu beitragen natürliche Ressourcen zu sparen und die Umwelt und die menschliche Gesundheit zu schützen El símbolo de abajo indica que según las regulaciones locales su producto y o su batería deberán depositarse como basura separada de la doméstica Cuando este producto alcance el final de su vida útil llévelo...

Page 398: ...損壞 請從插座拔除 若您還繼續插電使用 會有觸電死亡的風險 請勿試圖修理電源變壓器或電源變壓器的纜線 若有毀損 請直接聯絡您購買的店家 購買 個新的電源變壓器 請勿將此設備安裝於室外 此設備僅適合放置於室內 請勿隨 般垃圾丟棄 請參閱產品背貼上的設備額定功率 請參考產品型錄或是彩盒上的作業溫度 設備必須接地 接地導線不允許被破壞或沒有適當安裝接地導線 如果不確定接地方式是否符合要求可聯繫相應的電氣檢驗機構檢驗 如果您提供的系統中有提供熱插拔電源 連接或斷開電源請遵循以下指導原則 先連接電源線至設備連 再連接電源 先斷開電源再拔除連接至設備的電源線 如果系統有多個電源 需拔除所有連接至電源的電源線再關閉設備電源 產品沒有斷電裝置或者採用電源線的插頭視為斷電裝置的 部分 以下警語將適用 對永久連接之設備 在設備外部須安裝可觸及之斷電裝置 對插接式之設備 插座必須接近安裝之地點而且是易於觸及的 ...

Page 399: ... with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose Zyxel shall in no event be held liable for indirect or consequen...

Page 400: ...ation for cooling 30 All connected Setting Wizard 137 applications backbone 26 bridging 27 fiber uplink 27 IEEE 802 1Q VLAN 28 PoE 25 switched workgroup 27 ARP how it works 297 learning mode 297 overview 297 setup 299 ARP Address Resolution Protocol 355 ARP Learning screen 299 ARP Setup screen 299 ARP Table screen 355 ARP Reply 298 ARP Request 299 ATM Asynchronous Transmission Mode 27 authenticati...

Page 401: ...itch passwords 347 cluster manager 344 346 cluster member 344 346 cluster member firmware upgrade 348 network example 344 setup 346 specification 344 status 345 switch models 344 VID 346 Web Configurator 347 Cluster Management Configuration screen 346 cluster manager 344 Common and Internal Spanning Tree see CIST 161 configuration 280 back up 29 change running config 304 saving 70 configuration fi...

Page 402: ...e ID 295 remote ID 295 DHCPv6 Relay screen 295 diagnostics 337 ping 338 Digital Diagnostics Monitoring Interface 369 disclaimer 395 disposal and recycling information EU 397 dual firmware images 306 dust plug 37 Dynamic Host Configuration Protocol for IPv6 DHCPv6 388 dynamic link aggregation 168 E egress port 137 egress rate 163 electrical inspection authority 40 electrician 40 electrostatic disch...

Page 403: ... GVRP GARP VLAN Registration Protocol 124 H hardware installation 30 hardware monitor 89 hardware overview 34 hello time 154 hops 155 HTTPS 330 certificates 330 implementation 330 public keys private keys 330 HTTPS Certificates screen 311 HTTPS example 331 I IANA Internet Assigned Number Authority 383 Identity Association IA 388 IEEE 802 1x activate 178 port authentication 176 re authentication 18...

Page 404: ...obal address 113 global unicast address 109 link local address 113 link local IP 109 neighbor discovery 115 neighbor table 118 status 108 IPv6 Interface Setup screen 112 IPv6 Interface Status screen 109 IPv6 Link Local Address Setup screen 113 IPv6 Neighbor Setup screen 119 IPv6 Neighbor Table screen 363 IPv6 screen 108 IPv6 static route configuration 282 J Java permission 47 376 JavaScript 47 376...

Page 405: ... setup 234 vs STP 232 Wizard 60 M MAC Media Access Control 89 MAC address 89 355 maximum number per port 186 MAC address learning 93 186 specify limit 186 MAC table 350 display criteria 352 how it works 350 sorting criteria 352 transfer type 352 viewing 351 maintenance 302 configuration backup 308 current configuration 303 firmware 306 main screen 303 restore configuration 307 Maintenance screen 3...

Page 406: ...mode 67 NCC registration 23 Nebula Cloud Management 22 Nebula setup wizard select site 23 Nebula Switch Registration screen 122 Nebula web portal 22 Neighbor Detail screen 86 Neighbor Discovery Protocol NDP 389 Neighbor screen 84 network applications 25 network management system NMS 326 NTP RFC 1305 91 O one time schedule 187 Option 82 286 Organizationally Unique Identifiers OUI 132 Org specific T...

Page 407: ...ing 186 setup 185 Port Setup screen 99 port status 365 port details 366 port utilization 371 port utilization 371 Port VID PVID 74 port VLAN ID see PVID 131 port VLAN trunking 125 port based VLAN 135 all connected 137 configure 135 port isolation 137 settings wizard 137 ports diagnostics 339 mirroring 166 speed duplex 100 standby 169 power maximum per port 25 voltage 90 power connection 40 power m...

Page 408: ...57 RSTP configuration 152 rubber feet attach 31 running configuration 304 erase 304 reset 304 S safety precautions using the Switch 30 safety warnings 396 save configuration 70 304 Save link 70 schedule one time 187 recurring 187 type 188 Secure Shell see SSH service access control 322 service port 323 Setup Wizard parts 55 Setup Wizard screen 49 SFP SFP slot 36 Simple Network Management Protocol ...

Page 409: ...port role 151 port state 148 151 root port 148 status 149 150 terminology 148 vs loop guard 232 STP Path Cost 148 straight through Ethernet cable 35 subnet masking 388 Switch DHCP client 47 fanless type usage precaution 30 fan type usage precaution 30 switch lockout 70 Switch reset 71 Switch Setup screen 92 Switch s QR code 23 syslog 341 protocol 341 settings 341 setup 341 severity levels 341 Sysl...

Page 410: ...ocal Area Network 92 VLAN 92 acceptable frame type 131 and IGMP snooping 206 automatic registration 124 creation 72 77 ID 123 ingress filtering 131 introduction 92 123 number of VLANs 127 port number 128 port settings 130 port based 137 port based VLAN 135 port based isolation 137 port based wizard 137 PVID 131 static VLAN 129 status 126 127 128 tagged 123 terminology 125 trunking 125 131 type 93 ...

Page 411: ... description 55 icon description 54 installation requirements 51 introduction 24 minimum hardware requirements 52 network adapter select 53 password prompt 54 run 52 supported firmware version 52 supported models 52 Switch IP address 47 ZON utility use for troubleshooting 375 ZyNOS Zyxel Network Operating System 312 Zyxel AP Configurator ZAC 55 Zyxel Discovery Protocol ZDP 51 Zyxel Nebula Mobile A...

Reviews:

No comments

Related manuals for MG1930-30

GAIM Compact Troubleshooting preview
Compact
Brand: GAIM Pages: 2
BABBITT LS8000 Owner'S Manual preview
LS8000
Brand: BABBITT Pages: 14
BABBITT LS6000 Owner'S Manual preview
LS6000
Brand: BABBITT Pages: 10
Communica CST-2042 User Manual preview
CST-2042
Brand: Communica Pages: 5
Abtus MAX-USB44P Manual preview
MAX-USB44P
Brand: Abtus Pages: 15
Kramer Sierra Pro XL 1616V3 Specifications preview
Sierra Pro XL 1616V3
Brand: Kramer Pages: 2
Extron electronics MSW 4SV rs Specifications preview
MSW 4SV rs
Brand: Extron electronics Pages: 2
Westell A99-BAI-ACSF-UGKIT Install Instructions preview
A99-BAI-ACSF-UGKIT
Brand: Westell Pages: 3
AdLuminis 324002 Quick Start Manual preview
324002
Brand: AdLuminis Pages: 8
Comprehensive CDA-CV20 User Manual preview
CDA-CV20
Brand: Comprehensive Pages: 6
H3C S12500G-AF Series Installation Manual preview
S12500G-AF Series
Brand: H3C Pages: 105
hager EHN010 Installation And Instruction Manual preview
EHN010
Brand: hager Pages: 6
M-E CUVEO CT-W2 Manual preview
CUVEO CT-W2
Brand: M-E Pages: 36
Kramer VP-26 User Manual preview
VP-26
Brand: Kramer Pages: 46
Optone OPT-6016 Manual preview
OPT-6016
Brand: Optone Pages: 10
NVision NV3128 Instruction Manual preview
NV3128
Brand: NVision Pages: 92
Sun Oracle Sun Datacenter InfiniBand Switch 36 Hardware Security Manual preview
Sun Datacenter InfiniBand Switch 36
Brand: Sun Oracle Pages: 12
ATEN VM7814 Quick Start Manual preview
VM7814
Brand: ATEN Pages: 2

Brands by name

Popular brands

Load more brands