manualshive.com logo in svg

ZyXEL Communications MGS3520 Series, User Manual

The ZyXEL Communications MGS3520 Series offers exceptional network performance and reliability. Explore its advanced features and functionalities through the comprehensive User Manual available for free download at manualshive.com, empowering you with all the necessary instructions to optimize the product's performance.

Share
Download
background image

 Chapter 26 AAA

MGS3520 Series User’s Guide

233

Refer to RFC 2865 for more information about RADIUS attributes used for authentication. Refer to 
RFC 2866 and RFC 2869 for RADIUS attributes used for accounting.

This section lists the attributes used by authentication and accounting functions on the Switch. In 
cases where the attribute has a specific format associated with it, the format is specified.

26.3.1  Attributes Used for Authentication 

The following sections list the attributes sent from the Switch to the RADIUS server when 
performing authentication. 

26.3.1.1  Attributes Used for Authenticating Privilege Access

User-Name

- the format of the User-Name attribute is 

$enab

#

$

, where # is the privilege level (1-14)

User-Password
NAS-Identifier
NAS-IP-Address

26.3.1.2  Attributes Used to Login Users

User-Name
User-Password
NAS-Identifier
NAS-IP-Address

26.3.1.3  Attributes Used by the IEEE 802.1x Authentication 

User-Name
NAS-Identifier
NAS-IP-Address
NAS-Port
NAS-Port-Type

- This value is set to 

Ethernet(15) 

on the Switch.

Calling-Station-Id
Frame-MTU
EAP-Message
State
Message-Authenticator

26.3.2  Attributes Used for Accounting

The following sections list the attributes sent from the Switch to the RADIUS server when 
performing authentication. 

Summary of Contents for MGS3520 Series

Page 1: ...yxel com MGS3520 Series Layer 2 Management Switch Version 4 10 Edition 1 12 2015 Copyright 2015 ZyXEL Communications Corporation User s Guide Default Login Details LAN IP Address http 192 168 1 1 User Name admin Password 1234 ...

Page 2: ...at the information in this manual is accurate Related Documentation Quick Start Guide The Quick Start Guide shows how to connect the Switch and access the Web Configurator CLI Reference Guide The CLI Reference Guide explains how to use the Command Line Interface CLI and CLI commands to configure the Switch Note It is recommended you use the Web Configurator to configure the Switch Web Configurator...

Page 3: ...g 77 VLAN 100 Static MAC Forward Setup 120 Static Multicast Forward Setup 122 Filtering 125 Spanning Tree Protocol 127 Bandwidth Control 146 Broadcast Storm Control 148 Mirroring 150 Link Aggregation 156 Port Authentication 163 Port Security 171 Range Profile 174 Classifier 179 Policy Rule 185 Queuing Method 190 VLAN Stacking 193 Multicast 200 AAA 223 IP Source Guard 236 Loop Guard 257 VLAN Mappin...

Page 4: ...otocol LLDP 289 Static Route 314 Differentiated Services 317 DHCP 321 ARP Setup 335 Maintenance 339 Access Control 348 Diagnostic 372 Syslog 374 Cluster Management 377 MAC Table 384 ARP Table 387 Path MTU Table 389 Configure Clone 390 Neighbor Table 393 Troubleshooting 395 ...

Page 5: ...anage the Switch 22 1 3 Good Habits for Managing the Switch 22 Chapter 2 Hardware Installation and Connection 23 2 1 Installation Scenarios 23 2 2 Desktop Installation Procedure 23 2 3 Mounting the Switch on a Rack 23 2 3 1 Rack mounted Installation Requirements 23 2 3 2 Attaching the Mounting Brackets to the Switch 24 2 3 3 Mounting the Switch on a Rack 24 Chapter 3 Hardware Overview 26 3 1 Front...

Page 6: ...6 6 1 How to Use DHCP Snooping on the Switch 46 6 2 How to Use DHCP Relay on the Switch 49 6 2 1 DHCP Relay Tutorial Introduction 49 6 2 2 Creating a VLAN 50 6 2 3 Configuring DHCPv4 Relay 52 6 2 4 Troubleshooting 53 6 3 How to Use PPPoE IA on the Switch 53 6 3 1 Configuring Switch A 54 6 3 2 Configuring Switch B 56 6 4 How to Use Error Disable and Recovery on the Switch 59 6 5 How to Set Up a Gue...

Page 7: ...Link Local Address Setup 93 8 8 6 IPv6 Global Address Setup 94 8 8 7 IPv6 Neighbor Discovery Setup 95 8 8 8 IPv6 Neighbor Setup 96 8 8 9 DHCPv6 Client Setup 98 Chapter 9 VLAN 100 9 1 Introduction to IEEE 802 1Q Tagged VLANs 100 9 1 1 Forwarding Tagged and Untagged Frames 100 9 2 Automatic VLAN Registration 101 9 2 1 GARP 101 9 2 2 GVRP 101 9 3 Port VLAN Trunking 102 9 4 Select the VLAN Type 102 9 ...

Page 8: ...nning Tree Protocol 127 13 1 STP RSTP Overview 127 13 1 1 STP Terminology 127 13 1 2 How STP Works 128 13 1 3 STP Port States 128 13 1 4 Multiple RSTP 128 13 1 5 Multiple STP 129 13 2 Spanning Tree Protocol Status Screen 132 13 3 Spanning Tree Configuration 132 13 4 Configure Rapid Spanning Tree Protocol 133 13 5 Rapid Spanning Tree Protocol Status 136 13 6 Configure Multiple Rapid Spanning Tree P...

Page 9: ... Link Aggregation Setting 158 17 5 Link Aggregation Control Protocol 160 17 6 Static Trunking Example 161 Chapter 18 Port Authentication 163 18 1 Port Authentication Overview 163 18 1 1 IEEE 802 1x Authentication 163 18 1 2 MAC Authentication 164 18 2 Port Authentication Configuration 165 18 2 1 Activate IEEE 802 1x Security 165 18 2 2 Guest VLAN 167 18 2 3 Activate MAC Authentication 169 Chapter ...

Page 10: ...iguration 187 22 4 Policy Example 188 Chapter 23 Queuing Method 190 23 1 Queuing Method Overview 190 23 1 1 Strictly Priority Queuing 190 23 1 2 Weighted Fair Queuing 190 23 1 3 Weighted Round Robin Scheduling WRR 191 23 2 Configuring Queuing 191 Chapter 24 VLAN Stacking 193 24 1 VLAN Stacking Overview 193 24 1 1 VLAN Stacking Example 193 24 2 VLAN Stacking Port Roles 194 24 3 VLAN Tag Format 194 ...

Page 11: ...R Ports 216 25 5 2 MVR Modes 216 25 5 3 How MVR Works 216 25 6 General MVR Configuration 217 25 6 1 MVR Group Configuration 219 25 6 2 MVR Configuration Example 221 Chapter 26 AAA 223 26 1 Authentication Authorization and Accounting AAA 223 26 1 1 Local User Accounts 223 26 1 2 RADIUS and TACACS 224 26 2 AAA Screens 224 26 2 1 RADIUS Server Setup 224 26 2 2 TACACS Server Setup 226 26 2 3 AAA Setup...

Page 12: ...Chapter 28 Loop Guard 257 28 1 Loop Guard Overview 257 28 2 Loop Guard Setup 259 Chapter 29 VLAN Mapping 260 29 1 VLAN Mapping Overview 260 29 1 1 VLAN Mapping Example 260 29 2 Enabling VLAN Mapping 260 29 3 Configuring VLAN Mapping 261 Chapter 30 Layer 2 Protocol Tunneling 263 30 1 Layer 2 Protocol Tunneling Overview 263 30 1 1 Layer 2 Protocol Tunneling Mode 264 30 2 Configuring Layer 2 Protocol...

Page 13: ...ter 34 Private VLAN 285 34 1 Private VLAN Overview 285 34 2 Configuring Private VLAN 285 Chapter 35 Green Ethernet 287 35 1 Green Ethernet Overview 287 35 2 Configuring Green Ethernet 287 Chapter 36 Link Layer Discovery Protocol LLDP 289 36 1 LLDP Overview 289 36 2 LLDP MED Overview 290 36 3 LLDP Screens 291 36 4 LLDP Local Status 292 36 4 1 LLDP Local Port Status Detail 293 36 5 LLDP Remote Statu...

Page 14: ... 39 2 DHCP Configuration 321 39 3 DHCPv4 Status 322 39 4 DHCPv4 Relay 322 39 4 1 DHCPv4 Relay Agent Information 322 39 4 2 DHCPv4 Option 82 Profile 323 39 4 3 Configuring DHCPv4 Global Relay 324 39 4 4 DHCPv4 Global Relay Port Configure 325 39 4 5 Global DHCPv4 Relay Configuration Example 326 39 4 6 Configuring DHCPv4 VLAN Settings 327 39 4 7 DHCPv4 VLAN Port Configure 328 39 4 8 Example DHCPv4 Re...

Page 15: ...2 3 1 SNMP v3 and Security 349 42 3 2 Supported MIBs 350 42 3 3 SNMP Traps 350 42 3 4 Configuring SNMP 355 42 3 5 Configuring SNMP Trap Group 357 42 3 6 Enabling Disabling Sending of SNMP Traps on a Port 358 42 3 7 Configuring SNMP User 359 42 4 Setting Up Login Accounts 361 42 5 SSH Overview 362 42 6 How SSH works 363 42 7 SSH Implementation on the Switch 364 42 7 1 Requirements for Using SSH 364...

Page 16: ...ew 384 46 2 Viewing the MAC Table 385 Chapter 47 ARP Table 387 47 1 ARP Table Overview 387 47 1 1 How ARP Works 387 47 2 The ARP Table Screen 387 Chapter 48 Path MTU Table 389 48 1 Path MTU Overview 389 48 2 Viewing the Path MTU Table 389 Chapter 49 Configure Clone 390 49 1 Configure Clone 390 Chapter 50 Neighbor Table 393 50 1 IPv6 Neighbor Table Overview 393 50 2 Viewing the IPv6 Neighbor Table ...

Page 17: ...Table of Contents MGS3520 Series User s Guide 17 Appendix B Common Services 405 Appendix C IPv6 409 Appendix D Legal Information 417 Index 422 ...

Page 18: ...18 PART I User s Guide ...

Page 19: ...third party SNMP management This section shows a few examples of using the Switch in various network environments 1 1 1 Backbone Application The Switch is an ideal solution for small networks where rapid growth can be expected in the near future The Switch can be used standalone for a group of heavy traffic users You can connect computers and servers directly to the Switch s port or connect other ...

Page 20: ...abit Ethernet mini GBIC port on the Switch Moreover the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location Figure 2 Bridging Application 1 1 3 High Performance Switching Example The Switch is ideal for connecting two networks that need high bandwidth In the following example use trunking to connect these two networks Switching ...

Page 21: ...han one group With VLAN a station cannot directly talk to or hear from stations that are not in the same group s unless such traffic first goes through a router For more information on VLANs refer to Chapter 9 on page 100 1 1 4 1 Tag based VLAN Example Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic VLAN groups ...

Page 22: ...apter 4 on page 34 Command Line Interface Line commands offer an alternative to the web configurator and in some cases are necessary to configure advanced features See the CLI Reference Guide FTP Use FTP for firmware upgrades and configuration backup restore See Section 41 9 on page 345 SNMP The Switch can be monitored by an SNMP manager See Section 42 3 on page 348 Cluster Management Cluster Mana...

Page 23: ... the Switch is clean and dry 2 Set the Switch on a smooth level surface strong enough to support the weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and the power cord 2 3 Mounting the Switch on a Rack The Switch can be mounted on an EIA standard size...

Page 24: ...side of the Switch lining up the four screw holes on the bracket with the screw holes on the side of the Switch Figure 5 Attaching the Mounting Brackets 2 Using a 2 Philips screwdriver install the M3 flat head screws through the mounting bracket holes into the Switch 3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch 4 You may now mount the Switch on a ra...

Page 25: ...es User s Guide 25 Figure 6 Mounting the Switch on a Rack 2 Using a 2 Philips screwdriver install the M5 flat head screws through the mounting bracket holes into the rack 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack ...

Page 26: ...el of the Switch Figure 7 MGS3520 28 Front Panel AC DC Model Figure 8 MGS3520 28F Front Panel AC DC Model Figure 9 MGS3520 50 Front Panel AC DC Model Gigabit Ethernet Ports Dual Personality Interfaces Console Port LEDs Power Connection Power Switch Signal slot SFP Slots Dual Personality Interfaces Console Port LEDs Power Connection Power Switch Signal slot Gigabit Ethernet Ports Dual Personality I...

Page 27: ...e ON position to turn on the Switch Power Connection Connect an appropriate power supply to this port RJ 45 Ethernet Ports Connect these ports to a computer a hub an Ethernet switch or router SFP Slots Use transceivers in these slots for fiber optic or copper connections to a computer a hub a switch or router Four or Two Dual Personality Interfaces Each interface has one 1000BASE T RJ 45 port and ...

Page 28: ...ble and using half duplex mode When the Switch s auto negotiation is turned off an Ethernet port uses the pre configured speed and duplex mode when making a connection thus requiring you to make sure that the settings of the peer Ethernet port are the same in order to connect 3 1 2 1 Default Ethernet Negotiation Settings The factory default negotiation settings for the Gigabit ports on the Switch ...

Page 29: ... 2 Press the transceiver firmly until it clicks into place 3 The Switch automatically detects the installed transceiver Check the LEDs to verify that it is functioning properly 4 Close the transceiver s latch latch styles vary 5 Connect the fiber optic cables to the transceiver Figure 11 Transceiver Installation Example Figure 12 Connecting the Fiber Optic Cables 3 1 3 2 Transceiver Removal Use th...

Page 30: ... Connection Connect the female end of the power cord to the power socket of your Switch Connect the other end of the cord to a power outlet 3 1 4 2 DC Power Connection The Switch uses a single ETB series terminal block plug with four pins which allows you to connect up to two separate power supplies If one power supply fails the system can operate on the remaining power supply Use two wires to con...

Page 31: ...switch which supports this feature the external alarm alert but not the system alarm is received on each Switch The Switch can be configured to send an SNMP trap to the SNMP server See Section 42 3 on page 348 for more information on using SNMP The Switch can be configured to create an error log of the alarm See Section 44 1 on page 374 for more information on using the system log 3 1 5 1 Connect ...

Page 32: ...wires of the correct gauge to connect either of the signal output pin pairs 1 normal close 2 common or 2 common 3 normal open on the Signal connector to the input signal pin pairs of an Signal connector on another ZyXEL Switch 2 When daisy chaining further Switches ensure that the signal output pins you use are the same as those you used when connecting to the first switch as shown in the diagram ...

Page 33: ...twork is up Amber Blinking The system is transmitting receiving to from a 100 Mbps Ethernet network On The link to a 100 Mbps Ethernet network is up Off The link to an Ethernet network is down 100 1000 Mbps SFP Slots MGS3520 28F 1 24 Green On The port has a successful 1000 Mbps connection Blinking The port is receiving or transmitting data at 1000 Mbps Amber On The port has a successfule 100 Mbps ...

Page 34: ...gurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 4 2 System Login 1 Start your web browser 2 Type http and the IP address of the Switch for example the default management IP address is 192 168 1 1 in the Location or Address field Press ENT...

Page 35: ...his guide uses the MGS3520 28 screens as an example The screens may vary slightly for different models The following figure shows the navigating components of a web configurator screen Figure 19 The Web Configurator Layout A Click the menu items to open submenu links and then click on a submenu link to open the screen in the main window B C D E These are quick links which allow you to perform cert...

Page 36: ...o to the status page of the Switch D Click this link to log out of the web configurator E Click this link to display web help pages The help pages provide descriptions for all of the configuration screens In the navigation panel click a main link to reveal a list of submenu links The following table describes the links in the navigation panel Table 4 Navigation Panel Sub links Overview BASIC SETTI...

Page 37: ...nk takes you to screens where you can configure the RSTP MRSTP MSTP to prevent network loops Bandwidth Control This link takes you to screens where you can cap the maximum bandwidth allowed on a port Broadcast Storm Control This link takes you to a screen to set up broadcast filters Mirroring This link takes you to screens where you can copy traffic from one port or ports to another port in order ...

Page 38: ... EEE auto power down and short reach for each port LLDP This link takes you to screens where you can configure LLDP settings IP Application Static Routing This link takes you to a screen where you can configure static routes A static route defines how the Switch should forward traffic by configuring the TCP IP parameters manually DiffServ This link takes you to screens where you can enable DiffSer...

Page 39: ... are lost when the Switch s power is turned off Click the Save link in the upper right hand corner of the web configurator to save your configuration to nonvolatile memory Nonvolatile memory refers to the Switch s storage that remains even if the Switch s power is turned off Note Use the Save link when you are done with a configuration session Configure Clone This link takes you to a screen where ...

Page 40: ... others from the Switch or forget the administrator password you will need to reload the factory default configuration file or reset the Switch back to the factory defaults 4 6 1 Reload the Configuration File Uploading the factory default configuration file replaces the current configuration file with the factory default configuration file This means that you will lose all previous configurations ...

Page 41: ...ve to log in with your password again after you log out This is recommended after you finish a management session for security reasons Figure 22 Web Configurator Logout Screen 4 8 Help The web configurator s online help has descriptions of individual screens and some supplementary information Click the Help link from a web configurator screen to view an online help description of that screen Bootb...

Page 42: ...VLAN ID Configure the Switch IP management address 5 1 1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port s belongs You can do this with port based VLAN or tagged static VLAN with fixed port members In this example you want to configure port 1 as a member of VLAN 2 Figure 23 Initial Setup Network Example VLAN 1 Click Advanced Application VLAN in the navigation pan...

Page 43: ...t member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs can receive frames properly clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 5 Click Add to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 2 Setting Port VID Use PVID to add a tag to incoming untag...

Page 44: ... for port 1 and click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 2 Configuring Switch Management IP Address The default management IP address of the Switch is 192 168 1 1 You can configure another IP address in a different subnet for management purposes The following figure shows an example Figure 25 Initi...

Page 45: ...k Basic Setting IP Setup in the navigation panel 4 Configure the related fields in the IP Setup screen 5 For the VLAN2 network enter 192 168 2 1 as the IP address and 255 255 255 0 as the subnet mask 6 In the VID field enter the ID of the VLAN group to which you want this management IP address to belong This is the same as the VLAN ID you configure in the Static VLAN screen 7 Click Add to save you...

Page 46: ... server A connected to port 5 to assign IP addresses to all devices in VLAN 100 Create a VLAN containing ports 5 6 and 7 Connect a computer M to the Switch s port which is not in VLAN 100 Note For related information about DHCP snooping see Section 27 1 on page 236 The settings in this tutorial are as the following 1 Access the Switch through http 192 168 1 1 Log into the Switch by entering the us...

Page 47: ...shown Deselect Tx Tagging because you don t want outgoing traffic to contain this VLAN tag Click Add 3 Go to Advanced Application VLAN VLAN Port Setting and set the PVID of the ports 5 6 and 7 to 100 This tags untagged incoming frames on ports 5 6 and 7 with the tag 100 4 Go to Advanced Application IP Source Guard DHCP snooping Configure activate and specify VLAN 100 as the DHCP VLAN as shown Clic...

Page 48: ...e connected to DHCP clients Click Apply 7 Go to Advanced Application IP Source Guard DHCP snooping Configure VLAN show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply Then select Yes in the Enabled field of the VLAN 100 entry shown at the bottom section of the screen If you want to add more information in the DHCP request packets such as source VLAN ID or system name y...

Page 49: ...dhcp snooping binding to see the DHCP snooping binding table as shown next 6 2 How to Use DHCP Relay on the Switch This tutorial describes how to configure your Switch to forward DHCP client requests to a specific DHCP server The DHCP server can then assign a specific IP address based on the information in the DHCP requests 6 2 1 DHCP Relay Tutorial Introduction In this example you have configured...

Page 50: ...to 802 1Q Click Apply to save the settings to the run time memory 3 Click Advanced Application VLAN Static VLAN 4 In the Static VLAN screen select ACTIVE enter a descriptive name VALN 102 for example in the Name field and enter 102 in the VLAN Group ID field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN ta...

Page 51: ...r is turned off 8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to save your changes back to the run time memory ...

Page 52: ...ay agent information such as the VLAN ID to DHCP requests 1 Click IP Application DHCP DHCPv4 and then the Global link to open the DHCP Relay screen 2 Select the Active check box 3 Enter the DHCP server s IP address 192 168 2 3 in this example in the Remote DHCP Server 1 field 4 Select a pre defined Option 82 Profile that includes the system name VLAN ID and port number in the client DHCP requests ...

Page 53: ...N 102 2 You configured the correct VLAN ID port number and system name for DHCP relay on both the DHCP server and the Switch 3 You clicked the Save link on the Switch to have your settings take effect 6 3 How to Use PPPoE IA on the Switch You want to configure PPPoE Intermediate Agent on the Switch A to pass a subscriber s information to a PPPoE server S There is another switch B between switch A ...

Page 54: ... then click Apply Click Port on the top of the screen 2 Select Untrusted for port 5 and enter userC as Circuit id and 00134900000A as Remote id Select Trusted for port 12 and then leave the other fields empty Click Apply Table 7 Settings in this Tutorial SWITCH PORT CONNECTED VLAN CIRCUIT ID REMOTE ID PPPOE IA PORT TRUSTED A Port 5 to C Port 12 to B 1 1 userC N A 00134900000A N A Untrusted Trusted...

Page 55: ...Then Click Intermediate Agent on the top of the screen 3 The Intermediate Agent screen appears Click VLAN on the top of the screen 4 Enter 1 for both Start VID and End VID since both the Switch and PPPoE server are in VLAN 1 in this example Click Apply ...

Page 56: ...elect Circuit id and Remote id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server Click Apply 6 3 2 Configuring Switch B The example uses another MGS3520 28 28F as switch B 1 Click Advanced Application PPPoE Intermediate Agent Select Active then click Apply ...

Page 57: ...er s Guide 57 Click Port on the top of the screen 2 Select Trusted for ports 11 and 12 and then click Apply Then Click Intermediate Agent on the top of the screen 3 The Intermediate Agent screen appears Click VLAN on the top of the screen ...

Page 58: ... Enter 1 for both Start VID and End VID Click Apply 5 Then select Yes to enable PPPoE IA in VLAN 1 and also select Circuit id and Remote id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server Click Apply ...

Page 59: ... of time 10 minutes before resuming the port automatically after the problem s are gone Loop guard and Errdiable features are helpful for this demand Note Refer to Section 28 2 on page 259 and Section 33 3 on page 279 for more information about Loop Guard and Errdiable To configure the settings 1 First click Advanced Application Loop Guard Select the Active option in the first section to enable lo...

Page 60: ...ble Detect select Active for cause ARP and inactive port as the mode Then click Apply 4 Click Advanced Application Errdisable Errdisable Recovery select Active and Timer Status for loopguard and ARP entries Also enter 180 180 seconds 3 minutes in the Interval field for both entries Then click Apply ...

Page 61: ...ey can authenticate with the authentication server In this guest VLAN clients can surf the Internet through the default gateway attached to port 10 but are not allowed to access other network resources such as the mail server or local data base 6 5 1 Creating a Guest VLAN Follow the steps below to configure port 1 2 3 and 10 as a member of VLAN 200 1 Access the web configurator through the Switch ...

Page 62: ...n the Name field and enter 200 in the VLAN Group ID field 5 Select Fixed to configure ports 1 2 3 and 10 to be permanent members of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending frames out of these ports 7 Click Add to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off ...

Page 63: ...then the VLAN Port Setting link in the VLAN Status screen 9 Enter 200 in the PVID field for ports 1 2 3 and 10 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to save your changes back to the run time memory ...

Page 64: ...ion Follow the steps below to enable port authentication to validate access to ports 1 8 to clients based on a RADIUS server 1 Click Advanced Application Port Authentication and then the Click Here link for 802 1x 2 Select the first Active checkbox to enable 802 1x authentication on the Switch Select the Active checkboxes for ports 1 to 8 to turn on 802 1x authentication on the selected ports Clic...

Page 65: ...guest VLAN ID 200 in this example on ports 1 2 and 3 The Switch puts unauthenticated clients in the specified guest VLAN Set Host mode to Multi Secure to have the Switch authenticate each client that connects to one of these ports and specify the maximum number of clients that the Switch will authenticate on each of these port 5 in this example Click Apply ...

Page 66: ...es in VLAN 1 6 6 How to Do Port Isolation in a VLAN You want to prevent communications between ports in a VLAN but still allow them to access the Internet or network resources through the uplink port in the same VLAN You use private VLAN to do port isolation in a VLAN instead of assigning each port to a separate VLAN and creating a different IP routing domain for each individual port In this examp...

Page 67: ... run time memory 3 Click Advanced Application VLAN Static VLAN 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN 123 for example in the Name field and enter 123 in the VLAN Group ID field 5 Select Fixed to configure ports 2 3 4 and 25 to be permanent members of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending frames out of these ...

Page 68: ...then the VLAN Port Setting link in the VLAN Status screen 9 Enter 123 in the PVID field for ports 2 3 4 and 25 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to save your changes back to the run time memory ...

Page 69: ...ve your configuration permanently 6 6 2 Creating a Private VLAN Rule Follow the steps below to configure private VLAN for VLAN 123 1 Click Advanced Application Private VLAN 2 In the Private VLAN screen select Active Enter a descriptive name PrivateVLAN123 for example in the Name field and enter 123 in the VLAN ID field Click Add ...

Page 70: ...f the web configurator to save your configuration permanently Ports 2 3 and 4 in this VLAN will be added to the isolated port list automatically and cannot send traffic to each other From port 2 3 or 4 you should be able to access the device that attachs to port 25 such as a server or default gateway ...

Page 71: ...71 PART II Technical Reference ...

Page 72: ...howing statistical details 7 2 Port Status Summary To view the port statistics click Status in all web configurator screens to display the Status screen as shown next Figure 26 Status The following table describes the labels in this screen Table 8 Status LABEL DESCRIPTION Port This identifies the Ethernet port Click a port number to display the Port Details screen refer to Figure 27 on page 74 Nam...

Page 73: ...more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP This fields displays whether LACP Link Aggregation Control Protocol has been enabled on the port TxPkts This field shows the number of transmitted frames on this port RxPkts This field shows the number of received frames on this port Errors This field shows the number of received er...

Page 74: ...1000Mbps and the duplex F for full duplex or H for half duplex It also shows the cable type Copper or Fiber This field displays Down if the port is not connected to any device Status If STP Spanning Tree Protocol is enabled this field displays the STP state of the port see Section 13 1 on page 127 for more information If STP is disabled this field displays FORWARDING if the link is up otherwise it...

Page 75: ...e This is a count of successfully transmitted packets for which transmission was inhibited by more than one collision Excessive This is a count of packets for which transmission failed due to excessive collisions Excessive collision is defined as the number of maximum collisions before the retransmission count is reset Late This is the number of times a late collision is detected that is after 512...

Page 76: ...cluding bad packets received that were between 1024 and 1518 octets in length Giant This field shows the number of packets including bad packets received that were between 1519 octets and the maximum frame size The maximum frame size varies depending on your switch model Table 9 Status Port Details continued LABEL DESCRIPTION ...

Page 77: ...gure the Basic Setting screens 8 1 System Information In the navigation panel click Basic Setting System Info to display the screen as shown You can check the firmware version number and monitor the Switch temperature fan speeds and voltage in this screen Figure 28 Basic Setting System Info ...

Page 78: ...ield displays the maximum temperature measured at this sensor MIN This field displays the minimum temperature measured at this sensor Threshold This field displays the upper temperature limit at this sensor Status This field displays Normal for temperatures below the threshold and Error for those above Fan Speed RPM A properly functioning fan is an essential component along with a sufficiently ven...

Page 79: ...r the name of the person in charge of this Switch You can use up to 32 printable ASCII characters spaces are allowed Use Time Server when Bootup Enter the time service protocol that your timeserver uses Not all time servers support all protocols so you may have to use trial and error to find a protocol that works The main differences between them are the time format When you select the Daytime RFC...

Page 80: ...r format Here are a couple of examples Daylight Saving Time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the United States you would select Second Sunday March and 2 00 Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the E...

Page 81: ... VLAN also increases network performance by limiting broadcasts to a smaller and more manageable logical broadcast domain In traditional switched environments all broadcast packets go to each and every individual port With VLAN all broadcasts are confined to a specific broadcast domain Note VLAN is unidirectional it only governs outgoing traffic See Chapter 9 on page 100 for information on port ba...

Page 82: ...RP in milliseconds Each port has a single Leave Period timer Leave Time must be two times larger than Join Timer the default is 600 milliseconds Leave All Timer Leave All Timer sets the duration of the Leave All Period timer for GVRP in milliseconds Each port has a single Leave All Period timer Leave All Timer must be larger than Leave Timer Priority Queue Assignment IEEE 802 1p defines up to eigh...

Page 83: ...The subnet mask specifies the network number portion of an IP address The factory default subnet mask is 255 255 255 0 You can configure up to 64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre defined VLAN s Note You must configure a VLAN first Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if i...

Page 84: ...have a DHCP server that can assign the Switch an IP address subnet mask a default gateway IP address and a domain name server IP address automatically Static IP Address Select this option if you don t have a DHCP server or if you wish to assign static IP address information to the Switch You need to fill in the following fields when you select this option IP Address Enter the IP address of your Sw...

Page 85: ...pre defined VLAN s You must configure a VLAN first IP Address Enter the IP address for managing the Switch by the members of the VLAN specified in the VID field below IP Subnet Mask Enter the IP subnet mask in dotted decimal notation VID Type the VLAN group identification number Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation Add Click Add to insert ...

Page 86: ...ator screens Type This field displays 10 100M for Fast Ethernet connections and 10 100 1000M for Gigabit connections Speed Duplex Select the speed and the duplex mode of the Ethernet connection on this port Choices are Auto 10M Half Duplex 10M Full Duplex 100M Half Duplex 100M Full Duplex and 1000M Full Duplex Gigabit connections only Selecting Auto auto negotiation allows one port to negotiate wi...

Page 87: ...plex mode and backpressure flow control in half duplex mode IEEE802 3x flow control is used in full duplex mode to send a pause signal to the sending port causing it to temporarily stop sending signals when the receiving port memory buffers fill Back Pressure flow control is typically used in half duplex mode to send a collision signal to the sending port mimicking a state of packet collision caus...

Page 88: ...ew entry This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Index This field displays the index number of an entry Interface Type T...

Page 89: ...following table describes the labels in this screen Table 17 Basic Setting IPv6 Interface Status LABEL DESCRIPTION IPv6 Active This field displays whether the IPv6 interface is activated or not MTU Size This field displays the Maximum Transmission Unit MTU size for IPv6 packets on this interface ICMPv6 Rate Limit Bucket Size This field displays the maximum number of ICMPv6 error messages which are...

Page 90: ...A is a collection of addresses assigned to a DHCP client through which the server and client can manage a set of related IP addresses Each IA must be associated with exactly one interface IA Type The IA type is the type of address in the IA Each IA holds one type of address IA_NA means an identity association for non temporary addresses and IA_TA is an identity association for temporary addresses ...

Page 91: ...ION Table 18 Basic Setting IPv6 IPv6 Configuration LABEL DESCRIPTION IPv6 Global Setup Click the link to go to a screen where you can configure the global IPv6 settings on the Switch IPv6 Interface Setup Click the link to go to a screen where you can enable an IPv6 interface on the Switch IPv6 Addressing IPv6 Link Local Address Setup Click the link to go to a screen where you can configure the IPv...

Page 92: ...vertisements This is the maximum number of hops on which an IPv6 packet is allowed to transmit before it is discarded by an IPv6 router which is similar to the TTL field in IPv4 ICMPv6 Rate Limit Bucket Size Specify the maximum number of ICMPv6 error messages from 1 to 200 which are allowed to transmit in a given time interval If the bucket is full subsequent error messages are suppressed ICMPv6 R...

Page 93: ...RIPTION Interface Select the IPv6 interface you want to configure Active Select this option to enable the interface Address Autoconfig Select this option to allow the interface to automatically generate a link local address via stateless autoconfiguration Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use ...

Page 94: ... default gateway IPv6 address for the interface When an interface cannot find a routing information for a frame s destination it forwards the packet to the default gateway Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the nonvolatile me...

Page 95: ...gnificant bits start from the left in the address compose the network address EUI 64 Select this option to have the interface ID be generated automatically using the EUI 64 format Add Click Add to create a new entry or update an existing one Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to the factory defaults Index This is the interface index nu...

Page 96: ... for this interface Enter 0 to turn off DAD NS Interval Specify the time interval from 1000 to 3600000 milliseconds at which neighbor solicitations are re sent for this interface Reachable Time Specify how long from 1000 to 3600000 milliseconds a neighbor is considered reachable for this interface Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes...

Page 97: ...MAC Specify the MAC address of the neighboring device which can be reached through the interface Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the nonvolatile memory when you are done c...

Page 98: ... it work well Options Select DNS to have the Switch obtain DNS server IPv6 addresses and or select Domain List to have the Switch obtain a list of domain names from the DHCP server Information Refresh Minimum Specify the time interval from 600 to 4294967295 seconds at which the Switch exchanges other configuration information with a DHCPv6 server again Apply Click Apply to save your changes to the...

Page 99: ...tains a list of domain names from the DHCP server Information Refresh Minimum This field displays the time interval in seconds at which the Switch exchanges other configuration information with a DHCPv6 server again Table 25 Basic Setting IPv6 IPv6 Configuration DHCPv6 Client Setup continued LABEL DESCRIPTION ...

Page 100: ...ort The remaining twelve bits define the VLAN ID giving a possible maximum number of 4 096 VLANs Note that user priority and VLAN ID are independent of each other A frame with VID VLAN Identifier of null 0 is called a priority frame meaning that only the priority level is significant and the default VID of the ingress port is given as the VID of the frame Of the 4096 possible VIDs a VID of 0 is us...

Page 101: ...mit VLAN groups beyond the local Switch Please refer to the following table for common IEEE 802 1Q VLAN terminology Table 26 IEEE 802 1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually Dynamic VLAN This is a VLAN configured by a GVRP registration deregistration process VLAN Administrative Control Registration Fixed Fixed registration...

Page 102: ...owever with VLAN Trunking enabled on a port s in each intermediary switch you only need to create VLAN groups in the end devices A and B C D and E automatically allow frames with VLAN group tags 1 and 2 VLAN groups that are unknown to those switches to pass through their VLAN trunking port s Figure 44 Port VLAN Trunking 9 4 Select the VLAN Type Select a VLAN type in the Basic Setting Switch Setup ...

Page 103: ...e this field blank and click Search to display all VLANs configured on the Switch The Number of VLAN This is the number of VLANs configured on the Switch The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only when you use the Search button to look for certain VLANs Index This is the VLAN index number Click o...

Page 104: ...L DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that was configured in the Static VLAN screen Port Number This column displays the ports that are participating in a VLAN A tagged port is marked as T an untagged port is marked as U and ports not participating in a VLAN are marked as Elapsed Time This field shows how long it has been si...

Page 105: ... identification purposes This name consists of up to 64 printable characters spaces are allowed VLAN Group ID Enter the VLAN ID for this static entry the valid range is between 1 and 4094 Port The port number identifies the port you are configuring Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common...

Page 106: ...tgoing frames transmitted with this VLAN Group ID Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to start con...

Page 107: ...m Ingress Check If this check box is selected for a port the Switch discards incoming frames for VLANs that do not include this port in its member set Clear this check box to disable ingress filtering PVID A PVID Port VLAN ID is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines Enter a number between 1and 4094 as ...

Page 108: ...ly you can configure VLAN with priority 3 and VID of 300 for traffic received from IP subnet 10 1 1 0 24 data services All untagged incoming frames will be classified based on their source IP subnet and prioritized accordingly That is video services receive the highest priority and data the lowest Figure 50 Subnet Based VLAN Application Example 9 6 1 Configuring Subnet Based VLAN Click Subnet Base...

Page 109: ...bnet VLAN you are creating or editing Name Enter up to 32 alphanumeric characters to identify this subnet based VLAN IP Enter the IP address of the subnet for which you want to configure this subnet based VLAN Mask Bits Enter the bit number of the subnet mask To find the bit number convert the subnet mask to binary format and add all the 1 s together Take 255 255 255 0 for example 255 converts to ...

Page 110: ...ream ARP traffic from port 1 2 and 3 will be grouped together and all upstream Apple Talk traffic from port 6 and 7 will be in another group and have higher priority than ARP traffic when they go through the uplink port to a backbone switch C Figure 52 Protocol Based VLAN Application Example Index This is the index number identifying this subnet based VLAN Click on any of these numbers to edit an ...

Page 111: ...d protocol to be included in this protocol based VLAN or select Others and type the protocol number in hexadecimal notation For example the IP protocol in hexadecimal notation is 0800 and Novell IPX protocol is 8137 Note Protocols in the hexadecimal number range of 0x0000 to 0x05ff are not allowed to be used for protocol based VLANs VID Enter the ID of a VLAN to which the port belongs This must be...

Page 112: ... Figure 54 Protocol Based VLAN Configuration Example To add more ports to this protocol based VLAN Active This field shows whether the protocol based VLAN is active or not Port This field shows which port belongs to this protocol based VLAN Name This field shows the name the protocol based VLAN Ethernet type This field shows which Ethernet protocol is part of this protocol based VLAN VID This fiel...

Page 113: ...N is valid ingress processing on the packet continues otherwise the packet is dropped This feature allows users to change ports without having to reconfigure the VLAN You can assign priority to the MAC based VLAN and define a MAC to VLAN mapping table by entering a specified source MAC address in the MAC based VLAN setup screen You can also delete a MAC based VLAN entry in the same screen Click MA...

Page 114: ... VID Type an ID from 1 to 4094 for the VLAN ID that is associated with the MAC based VLAN entry Priority Type a priority 0 7 for the MAC based VLAN entry The higher the numeric value you assign the higher the priority for this MAC based VLAN entry Add Click Add to save the new MAC based VLAN entry Cancel Click Cancel to clear the fields in the MAC based VLAN entry Index This field displays the ind...

Page 115: ...t s MAC address is not learned Select Drop packets with new source MAC to have the Switch discard any packet whose MAC address is not learmed Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done config...

Page 116: ...aged out MAC address aging out time can be set in the Switch Setup screen The valid range is from 0 to 16384 If you enter 0 here the Switch automatically changes to use the maximum value 16384 Note You also set the MAC address learning limit in the Port Security screen If you configure two different limits the Switch bases on the smaller one Add Click Add to save your changes to the Switch s run t...

Page 117: ...t depending on your VLAN and VLAN security requirements If VLAN members need to communicate directly with each other then select All Connected Select Port Isolated if you want to restrict users from communicating directly Click Apply to save your settings The following screen shows users on a port based all connected VLAN configuration Figure 57 Advanced Application VLAN Port Based VLAN Setup All ...

Page 118: ...Chapter 9 VLAN MGS3520 Series User s Guide 118 Figure 58 Advanced Application VLAN Port Based VLAN Setup Port Isolation ...

Page 119: ...hat is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the incoming port for the corresponding port listed on the left its outgoing port CPU refers to the Switch management port By default it forms a VLAN with all Ethernet ports If it does not form a VLAN with...

Page 120: ...he MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address forwarding together with port security allows only computers in the MAC address table on a port to access the Switch See Chapter 19 on page 171 for more information on port security Click Advan...

Page 121: ... or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to reset the fields to the factory defaults Index Click an index number to modify a static MAC address rule for a port Active This field displays whether this static MAC address f...

Page 122: ... a member without the member having to join the group first If a multicast group has no members then the switch will either flood the multicast frames to all ports or drop them You can configure this in the Advanced Application Multicast Multicast Setting screen see Section 25 3 1 on page 203 Figure 60 shows such unknown multicast frames flooded to all ports With static multicast forwarding you ca...

Page 123: ...els in this screen Table 37 Advanced Application Static Multicast Forwarding LABEL DESCRIPTION Active Select this check box to activate your rule You may temporarily deactivate a rule without deleting it by clearing this check box Name Type a descriptive name up to 32 printable ASCII characters for this static multicast MAC address forwarding rule This is for identification only MAC Address Enter ...

Page 124: ...ed values Clear Click Clear to begin configuring this screen afresh Index Click an index number to modify a static multicast MAC address rule for port s Active This field displays whether a static multicast MAC address forwarding rule is active Yes or not No You may temporarily deactivate a rule without deleting it Name This field displays the descriptive name for identification purposes for a sta...

Page 125: ...IPTION Active Make sure to select this check box to activate your rule You may temporarily deactivate a rule without deleting it by deselecting this check box Name Type a descriptive name up to 32 printable ASCII characters for this rule This is for identification only Action Select Discard source to drop frames from the source MAC address specified in the MAC field The Switch can still send frame...

Page 126: ...o the factory defaults Index This field displays the index number of the rule Click an index number to change the settings Active This field displays Yes when the rule is activated and No when is it deactivated Name This field displays the descriptive name for this rule This is for identification purposes only MAC Address This field displays the source destination MAC address with the VLAN identif...

Page 127: ...ge information is directly propagated throughout the network from the device that generates the topology change In STP a longer delay is required as the device that causes a topology change first notifies the root bridge and then the root bridge notifies the network Both RSTP and STP flush unwanted learned addresses from the filtering database In RSTP the port states are Discarding Learning and Fo...

Page 128: ...U after a predefined interval Max Age the bridge assumes that the link to the root bridge is down This bridge then initiates negotiations with other bridges to reconfigure the network to re establish a valid network topology 13 1 3 STP Port States STP assigns five port states to eliminate packet looping A bridge port is not allowed to go directly from blocking state to forwarding state so as to el...

Page 129: ...de the following features One Common and Internal Spanning Tree CIST that represents the entire network s connectivity Grouping of multiple bridges or switching devices into regions that appear as one single bridge on the network A VLAN can be mapped to a specific Multiple Spanning Tree Instance MSTI MSTI allows multiple VLANs to use the same spanning tree Load balancing is possible as traffic fro...

Page 130: ...hat appears as a single device to the rest of the network Each MSTP enabled device can only belong to one MST region When BPDUs enter an MST region external path cost of paths outside this region is increased by one Internal path cost of paths within this region is increased by one when BPDUs traverse the region Devices that belong to the same MST region are configured to have the same MSTP config...

Page 131: ...egions 1 and 2 have 2 spanning tree instances Figure 68 MSTIs in Different Regions 13 1 5 4 Common and Internal Spanning Tree CIST A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of an MST instance are members of the CIST In an MSTP enabled network there is on...

Page 132: ...e Protocol This screen differs depending on which STP mode RSTP MRSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration section for each STP mode Click Configuration to activate one of the STP standards on the Switch 13 3 Spanning Tree Configuration Use the Spanning Tree Configuration screen to activate one of the STP modes on the ...

Page 133: ...ee Multiple Rapid Spanning Tree or Multiple Spanning Tree See Section 13 1 on page 127 for background information on STP Type of Default Path Cost Select the default path cost method Short or Long you want the Switch to use in each STP mode Note If you select Long all the switches in your network also need to use the long path cost method Otherwise the spanning tree may not converge properly Apply...

Page 134: ...en to enable RSTP on the Switch Bridge Priority Bridge priority is used in determining the root switch root port and designated port The switch with the highest priority lowest numeric value becomes the STP root switch If all switches have the same priority the switch with the lowest MAC address will then become the root switch Select a value from the drop down list box The lower the numeric value...

Page 135: ...ort changes its initial STP port state from blocking state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge port or when its link status changes Note An edge port becomes a non edge port as soon as it receives a Bridge Protocol Data Unit BPDU Root Guard Select this check box to enable root guard on this port in order ...

Page 136: ...dge priority plus the MAC address This ID is the same for Root and Our Bridge if the Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds a switch can wait without receiving a configuration messa...

Page 137: ...le an STP tree Note You must also activate Multiple Rapid Spanning Tree in the Advanced Application Spanning Tree Protocol Configuration screen to enable MRSTP on the Switch Bridge Priority Bridge priority is used in determining the root switch root port and designated port The switch with the highest priority lowest numeric value becomes the STP root switch If all switches have the same priority ...

Page 138: ...m blocking state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge port or when its link status changes Note An edge port becomes a non edge port as soon as it receives a Bridge Protocol Data Unit BPDU Root Guard Select this check box to enable root guard on this port in order to prevent the switch es attached to the p...

Page 139: ... ID This is the unique identifier for this bridge consisting of bridge priority plus MAC address This ID is the same for Root and Our Bridge if the Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in se...

Page 140: ...ide 140 13 8 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Section 13 1 5 on page 129 for more information on MSTP Figure 76 Advanced Application Spanning Tree Protocol MSTP ...

Page 141: ...ceive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result The allowed range is 4 to 30 seconds As a general rule Note 2 Forward Delay 1 Max Age 2 Hello Time 1 Maximum hops Enter the number of hops between 1 and 255 in an ...

Page 142: ...rity for each port here Priority decides which port should be disabled when more than one port forms a loop in the Switch Ports with a higher priority numeric value are disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port It is recommended to assign this value according to the speed ...

Page 143: ...ng state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge port or when its link status changes Note An edge port becomes a non edge port as soon as it receives a Bridge Protocol Data Unit BPDU Root Guard Select this check box to enable root guard on this port in order to prevent the switch es attached to the port from...

Page 144: ...on the Switch CST This section describes the Common Spanning Tree settings Bridge Root refers to the base of the spanning tree the root bridge Our Bridge is this Switch This Switch may also be the root bridge Bridge ID This is the unique identifier for this bridge consisting of bridge priority plus MAC address This ID is the same for Root and Our Bridge if the Switch is the root switch Hello Time ...

Page 145: ...he spanning tree was last reconfigured Instance These fields display the MSTI to VLAN mapping In other words which VLANs run on each spanning tree instance Instance This field displays the MSTI ID VLAN This field displays which VLANs are mapped to an MSTI MSTI Select the MST instance settings you want to view Bridge Root refers to the base of the MST instance Our Bridge is this Switch This Switch ...

Page 146: ...ntrol screen 14 1 Bandwidth Control Overview Bandwidth control means defining a maximum allowable bandwidth for incoming and or out going traffic flows on a port 14 2 Bandwidth Control Setup Click Advanced Application Bandwidth Control in the navigation panel to bring up the screen as shown next Figure 79 Advanced Application Bandwidth Control ...

Page 147: ... to all the ports as soon as you make them Active Select this check box to activate ingress rate limits on this port Ingress Rate Specify the maximum bandwidth allowed in kilobits per second Kbps for the incoming traffic flow on a port Active Select this check box to activate egress rate limits on this port Egress Rate Specify the maximum bandwidth allowed in kilobits per second Kbps for the out g...

Page 148: ...packets the Switch receives per second on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port Click Advanced Application Broadcast Storm Control in the navigation pa...

Page 149: ...me settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second Multicast pkt s Select this option and specify how many multicast packets the port recei...

Page 150: ...g In remote port mirroring RMirror the mirroring ports and monitor port can be on different devices in a network You can use it to monitor multiple switches across your network Traffic from the source device s mirrored port s is sent to a mirroring port for VLAN tagging and forwarded to other switch es in the same remote port mirroring RMirror VLAN Traffic are then carried over the specified RMirr...

Page 151: ...he RMirror mirroring port on the source device can also be used as the mirroring port in local port mirroring But it cannot be the monitor port in local port mirroring Table 51 Port Rules between Different Remote Port Mirroring VLANs RMirror VLAN 1 Source Mirrored Port Source Mirroring Port Destination Monitor Port RMirror VLAN 2 Source Mirrored Port Y N N Source Mirroring Port N N N Destination M...

Page 152: ... Monitor Port The monitor port is the port you copy the traffic to in order to examine it in more detail without interfering with the traffic flow on the original port s Type the port number of the monitor port Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the com...

Page 153: ...e Mirroring screen The following screen opens Figure 82 Advanced Application Mirroring RMirror Source Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin confi...

Page 154: ...l the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify the direction of the traffic to mirror by selecting from the drop down list box Choices are Egress outgoing Ingress incoming and Both Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Sav...

Page 155: ...irrored traffic is forwarded Monitor Port Specify the port to which you copy the traffic in order to examine it in more detail without interfering with the traffic flow on the original port s Tagging Select whether to add the RMirror VLAN tag to mirrored traffic on the monitor port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned...

Page 156: ...s ensures increased network stability and control over the trunk groups on your Switch See Section 17 6 on page 161 for a static port trunking example 17 2 Dynamic Link Aggregation The Switch adheres to the IEEE 802 3ad standard for static and dynamic LACP port trunking The Switch supports the link aggregation IEEE802 3ad standard This standard describes the Link Aggregation Control Protocol LACP ...

Page 157: ...S KEY PORT PRIORITY PORT NUMBER 0000 00 00 00 00 00 00 0000 00 0000 Table 57 Link Aggregation ID Peer Switch SYSTEM PRIORITY MAC ADDRESS KEY PORT PRIORITY PORT NUMBER 0000 00 00 00 00 00 00 0000 00 0000 1 Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group not the individual port Table 58 Advanced Application Link Aggregation Status LABEL DESCRIPTION Group ID This fi...

Page 158: ... the same link within the trunk src mac means the Switch distributes traffic based on the packet s source MAC address dst mac means the Switch distributes traffic based on the packet s destination MAC address src dst mac means the Switch distributes traffic based on a combination of the packet s source and destination MAC addresses src ip means the Switch distributes traffic based on the packet s ...

Page 159: ...ent over the same link within the trunk By default the Switch uses the src dst mac distribution type If the Switch is behind a router the packet s destination or source MAC address will be changed In this case set the Switch to distribute traffic based on its IP address to make sure port trunking can work properly Select src mac to distribute traffic based on the packet s source MAC address Select...

Page 160: ...the trunk group to which a port belongs Note When you enable the port security feature on the Switch and configure port security settings for a port you cannot include the port in an active trunk group Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your...

Page 161: ...he higher the priority level Group ID The field identifies the link aggregation group that is one logical link containing multiple ports LACP Active Select this option to enable LACP for a trunk Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and...

Page 162: ...ink Aggregation Link Aggregation Setting In this screen activate trunk group T1 select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below Click Apply when you are done Figure 88 Trunking Example Configuration Screen Your trunk group 1 T1 configuration is now complete A B EXAMPLE ...

Page 163: ...configuring your RADIUS server settings Note If you enable IEEE 802 1x authentication and MAC authentication on the same port the Switch performs IEEE 802 1x authentication first If a user fails to authenticate via the IEEE 802 1x method then access to the port is denied 18 1 1 IEEE 802 1x Authentication The following figure illustrates how a client connecting to an IEEE 802 1x authentication enab...

Page 164: ...itch does not prompt the client for login credentials The login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch New Connection Access Request Authentication Reply 1 8 9 Challenge Response 7 6 Session Granted Denied Login Credentials Identity Request 3 2 Authentication...

Page 165: ...A Radius Server Setup screen To activate a port authentication method click Advanced Application Port Authentication in the navigation panel Select a port authentication method in the screen that appears Figure 91 Advanced Application Port Authentication 18 2 1 Activate IEEE 802 1x Security Use this screen to activate IEEE 802 1x security In the Port Authentication screen click 802 1x to display t...

Page 166: ...u make them Active Select this checkbox to permit 802 1x authentication on this port You must first allow 802 1x authentication on the Switch before configuring it on each port Max Req Specify the number of times the Switch tries to authenticate client s before sending unresponsive ports to the Guest VLAN This is set to 2 by default That is the Switch attempts to authenticate a client twice If the...

Page 167: ...mple Use this screen to enable and assign a guest VLAN to a port In the Port Authentication 802 1x screen click Guest Vlan to display the configuration screen as shown Quiet period Specify the number of seconds the port remains in the HELD state and rejects further authentication requests from the connected client after a failed authentication exchange Tx period Specify the number of seconds the S...

Page 168: ...n authenticated users to access limited network resources through the Switch You must also enable IEEE 802 1x authentication on the Switch and the associated ports Enter the number that identifies the guest VLAN Make sure this is a VLAN recognized in your network Host mode Specify how the Switch authenticates users when more than one user connect to the port using a hub Select Multi Host to authen...

Page 169: ...el Click Cancel to begin configuring this screen afresh Table 62 Advanced Application Port Authentication 802 1x Guest VLAN continued LABEL DESCRIPTION Table 63 Advanced Application Port Authentication MAC Authentication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch Note You must first enable MAC authentication on the Switch before configuring it on each...

Page 170: ...this setting See Section 8 4 on page 81 Port This field displays a port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this checkbox to permit MAC authentication on this port You must first allow MAC authentication on the S...

Page 171: ...al with no limit on individual ports other than the sum cannot exceed 16K For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address learning is still enabled even though the port security is ...

Page 172: ...d display in the Static MAC Forwarding screen MAC freeze Click MAC freeze to have the Switch automatically select the Active check boxes and clear the Address Learning check boxes only for the ports specified in the Port list Active Select this option to enable port security on the Switch Errdisable Select this option to turn on error disable for port security on the Switch The Switch shuts down a...

Page 173: ...ing enabled Limited Number of Learned MAC Address Use this field to limit the number of dynamic MAC addresses that may be learned on a port For example if you set this field to 5 on port 2 then only the devices with these five learned MAC addresses may access port 2 at any one time A sixth device must wait until one of the five learned MAC addresses ages out MAC address aging out time can be set i...

Page 174: ...ts IP addresses VLANs or socket ports 20 2 Range Profile Screen The Range Profile screens allow you to access and configure profiles for a range of VLANs IP addresses ports and socket ports Click Advanced Application Range Profile in the navigation panel to display the screen as shown Figure 97 Advanced Application Range Profile 20 3 VLAN Range Profile Use this screen to view manage and create VLA...

Page 175: ...nges to the Switch s run time memory The Switch loses this change if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Index This field displays the index number of the profile Click an index number to change the settings Name This...

Page 176: ...e your changes to the Switch s run time memory The Switch loses this change if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Index This field displays the index number of the profile Click an index number to change the settings...

Page 177: ...ve your changes to the Switch s run time memory The Switch loses this change if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Index This field displays the index number of the profile Click an index number to change the setting...

Page 178: ... it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Index This field displays the index number of the profile Click an index number to change the settings Name This field displays the descriptive name for this profile Type This fiel...

Page 179: ...rt number destination port number or incoming port number For example you can configure a classifier to select traffic from the same protocol port such as Telnet to form a flow Configure QoS on the Switch to group and prioritize application traffic and fine tune network performance Setting up QoS involves two separate steps 1 Configure classifiers to sort traffic into different flows 2 Configure p...

Page 180: ... The following table describes the labels in this screen Table 69 Advanced Application Classifier LABEL DESCRIPTION Active Select this option to enable this rule Name Enter a descriptive name for this rule for identifying purposes Layer 2 Specify the fields below to configure a layer 2 classifier ...

Page 181: ...nation MAC address of the packet in valid MAC address format six hexadecimal character pairs and type the mask for the specified MAC address to determine which bits a packet s MAC address should match Enter f for each bit of the specified MAC address that the traffic s MAC address should match Enter 0 for the bit s of the matched traffic s MAC address which can be of any hexadecimal character s Fo...

Page 182: ...r Select Range and choose a pre defined socket port range profile Destination IP Address Select Prefix to enter a destination IP address and specify the address prefix by entering the number of ones in the subnet mask Otherwise select Range and choose a predefined destination IP address range profile Socket Number Note You must select either UDP or TCP in the IP Protocol field before you configure...

Page 183: ... rule Click an index number to edit the rule Active This field displays Yes when the rule is activated and No when it is deactivated Name This field displays the descriptive name for this rule This is for identification purposes only Rule This field displays a summary of the classifier rule s settings Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to cl...

Page 184: ...er s Guide 184 Figure 104 Classifier Example After you have configured a classifier you can configure a policy to define action s on the classified traffic flow See Chapter 22 on page 185 for information on configuring a policy rule EXAMPLE ...

Page 185: ...ery flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 22 1 2 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following ...

Page 186: ...SCRIPTION Active Select this option to enable the policy Name Enter a descriptive name for identification purposes Classifier s This field displays the active classifier s you configure in the Classifier screen Select the classifier s to which this policy rule applies To select more than one classifier press SHIFT and select the choices at the same time Parameters Set the fields below for this pol...

Page 187: ...lect No change to keep the priority setting of the frames Select Set the packet s 802 1p priority and send the packet to priority queue to replace the packet s 802 1p priority field with the value you set in the Priority field Then put the packets in the designated queue Diffserv Select No change to keep the TOS and or DSCP fields in the packets Select Set the packet s TOS field to set the TOS fie...

Page 188: ...EL DESCRIPTION Rule Usage This field displays how many rules have been configured on the Switch Index This field displays the policy index number Click an index number to edit the policy Active This field displays Yes when policy is activated and No when is it deactivated Name This field displays the name you have assigned to this policy Classifier s This field displays the name s of the classifie...

Page 189: ...Chapter 22 Policy Rule MGS3520 Series User s Guide 189 Figure 107 Policy Example EXAMPLE ...

Page 190: ...rst When that queue empties traffic on the next highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent SP does not automatically adapt to changing network requirements 23 1 2 Weighted Fair Queuing Weighted Fair Queuing is used to guarantee each queue s mini...

Page 191: ...looping fashion until a queue is empty Weighted Round Robin Scheduling WRR uses the same algorithm as round robin scheduling but services queues based on their priority and queue weight the number you configure in the queue Weight field rather than a fixed amount of bandwidth WRR is activated only when a port has more traffic than it can handle Queues with larger weights get more service than queu...

Page 192: ...re in the Weight field Queues with larger weights get more guaranteed bandwidth than queues with smaller weights Weighted Round Robin Scheduling services queues on a rotating basis based on their queue weight the number you configure in the queue Weight field Queues with larger weights get more service than queues with smaller weights Weight Q0 Q7 When you select WFQ or WRR enter the queue weight ...

Page 193: ...ased on specific VLANs for many different customers A service provider s customers may require a range of VLANs to handle multiple applications A service provider s customers can assign their own inner VLAN tags on ports for these applications The service provider can assign an outer VLAN tag for each customer Therefore there is no VLAN tag overlap among customers so traffic from different custome...

Page 194: ...so a second VLAN tag outer VLAN tag can be added Note Static VLAN Tx Tagging MUST be disabled on a port where you choose Normal or Access Port Select Tunnel Port available for Gigabit ports only for egress ports at the edge of the service provider s network All VLANs belonging to a customer can be aggregated into a single service provider s VLAN using the outer VLAN tag defined by the Service Prov...

Page 195: ...dard that allows the service provider to prioritize traffic based on the class of service CoS the customer has paid for On the Switch configure priority level of the inner IEEE 802 1Q tag in the Port Setup screen 0 is the lowest priority level and 7 is the highest VID is the VLAN ID SP VID is the VID for the second service provider s VLAN tag 24 3 1 Frame Format The frame format for an untagged Et...

Page 196: ...able for Gigabit ports only for egress ports at the edge of the service provider s network Select Tunnel Port to have the Switch add the Tunnel TPID tag to all outgoing frames sent on this port In order to support VLAN stacking on a port the port must be able to allow frames of 1526 Bytes 1522 Bytes 4 Bytes for the second tag to pass through it Tunnel TPID TPID is a standard Ethernet type code ide...

Page 197: ...SPVID SPVID is the service provider s VLAN ID the outer VLAN tag Enter the service provider ID from 1 to 4094 for frames received on this port See Chapter 9 on page 100 for more background information on VLAN ID Priority Select a priority level from 0 to 7 This is the service provider s priority level that adds to the frames received on this port You can also select copy from inner to use the exis...

Page 198: ...ive name up to 32 printable ASCII characters for identification purposes Port The port number identifies the port you are configuring CVID Enter a customer VLAN ID the inner VLAN tag from 1 to 4094 This is the VLAN tag carried in the packets from the subscribers SPVID SPVID is the service provider s VLAN ID the outer VLAN tag Enter the service provider ID from 1 to 4094 for frames received on this...

Page 199: ... is applied CVID This is the customer VLAN ID in the incoming packets SPVID This is the service provider s VLAN ID that adds to the packets from the subscribers Priority This is the service provider s priority level in the packets Delete Check the rule s that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to clear the Delete check boxes Table 81 Advanc...

Page 200: ...poses see the IANA website for more information 25 1 2 IGMP Filtering With the IGMP filtering feature you can control which IGMP groups a subscriber on a port can join This allows you to control the distribution of multicast services such as content information distribution based on service plans and types of subscription You can set the Switch to filter the multicast group join reports on a per p...

Page 201: ... port in MLD snooping proxy can report group changes to a connected multicast router and forward MLD messages to other upstream ports This helps especially when you want to have a network that uses STP to provide backup links between switches and also performs MLD snooping and proxy functions MLD snooping proxy like MLD proxy can minimize MLD control messages and allow better network performance I...

Page 202: ...se this screen to configure IGMP for IPv4 or MLD for IPv6 and set up multicast VLANs Click Advanced Application Multicast in the navigation panel Figure 113 Advanced Application Multicast The following table describes the labels in this screen 25 3 IPv4 Multicast Status Click Advanced Applications Multicast IPv4 Multicast to display the screen as shown This screen shows the IPv4 multicast group in...

Page 203: ...hown See Section 25 1 on page 200 for more information on multicasting Figure 115 Advanced Application Multicast IPv4 Multicast IGMP Snooping Table 83 Advanced Application Multicast IPv4 Multicast LABEL DESCRIPTION Index This is the index number of the entry VID This field displays the multicast VLAN ID Port This field displays the port number that belongs to the multicast group Multicast Group Th...

Page 204: ...ticast Frame Specify the action to perform when the Switch receives an unknown multicast frame Select Drop to discard the frame s Select Flooding to send the frame s to all ports Reserved Multicast Group The IP address range of 224 0 0 0 to 224 0 0 255 are reserved for multicasting on the local network only For example 224 0 0 1 is for all hosts on a local network segment and 224 0 0 9 is used to ...

Page 205: ...nooping membership entry when an IGMP leave message is received on this port from a host Group Limited Select this option to limit the number of multicast groups this port is allowed to join Max Group Num Enter the number of multicast groups this port is allowed to join Once a port is registered in the specified number of multicast groups any new IGMP join report frame s is dropped on this port Th...

Page 206: ...icast IGMP Snooping continued LABEL DESCRIPTION Table 85 Advanced Application Multicast IPv4 Multicast IGMP Snooping IGMP Snooping VLAN LABEL DESCRIPTION Mode Select auto to have the Switch learn multicast group membership information of any VLANs automatically Select fixed to have the Switch only learn multicast group membership information of the VLAN s that you specify below In either auto or f...

Page 207: ...n which the Switch is to perform IGMP snooping Name Enter the descriptive name of the VLAN for identification purposes VID Enter the ID of a static VLAN the valid range is between 1 and 4094 Note You cannot configure the same VLAN ID as in the MVR screen Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these changes...

Page 208: ... profile If you want to add a single multicast IP address enter it in both the Start Address and End Address fields Add Click Add to save the profile to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to clea...

Page 209: ...ot receive report messages from the port Table 87 Advanced Application Multicast IPv6 Multicast LABEL DESCRIPTION Table 88 Advanced Application Multicast IPv6 Multicast MLD Snooping proxy LABEL DESCRIPTION MLD Snooping proxy Use these settings to configure MLD snooping proxy Active Select Active to enable MLD snooping proxy on the Switch to minimize MLD control messages and allow better network pe...

Page 210: ... amount of time in miliseconds the router connected to the upstream port waits for a response to an MLD general query message This value should be exactly the same as what s configured in the connected multicast router This value is used to calculate the amount of time an MLD snooping membership entry learned only on the upstream port can remain in the forwarding table When an MLD Report message i...

Page 211: ...the amount of time in miliseconds between general query messages sent by the downstream port Maximum Response Delay Enter the maximum time in miliseconds that the Switch waits for a response to a general query message sent by the downstream port Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes i...

Page 212: ... this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Port Role A port on the Switch can be either a Downstream port or Upstream port in MLD A downstream port connects to MLD hosts and acts as a multicast router t...

Page 213: ...cified downstream port s This defines how many seconds the Switch waits for an MLD report before removing an MLD snooping membership entry learned on a downstream port when an MLD Done message is received on this port from a host Fast Leave Timeout Enter the fast leave timeout in milliseconds for the specified downstream port s This defines how many seconds the Switch waits for an MLD report befor...

Page 214: ...ect this option to limit the number of multicast groups this port is allowed to join Max Group Num Enter the number of multicast groups this port is allowed to join Once a port is registered in the specified number of multicast groups any new MLD Report message is dropped on this port Filtering Profile Select the name of the MLD filtering profile to use for this port Otherwise select Default to pr...

Page 215: ...ing multicast IPv6 address for a range of multicast IPv6 addresses that you want to belong to the MLD filtering profile End Address Type the ending multicast IPv6 address for a range of IPv6 addresses that you want to belong to the MLD filtering profile If you want to add a single multicast IPv6 address enter it in both the Start Address and End Address fields Add Click this to create a new entry ...

Page 216: ...R Network Example 25 5 1 Types of MVR Ports In MVR a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic Once configured the Switch maintains a forwarding table that matches the multicast stream to the associated multicast group 25 5 2 MVR Modes You can set your Switch to operate in either dyna...

Page 217: ...he receiver port in this case an uplink port on the Switch If there is another subscriber device connected to this port in the same subscriber VLAN the receiving port will still be on the list of forwarding destination for the multicast traffic Otherwise the Switch removes the receiver port from the forwarding table Figure 125 MVR Multicast Television Example 25 6 General MVR Configuration Use the...

Page 218: ...er a descriptive name up to 32 printable ASCII characters for identification purposes Multicast VLAN ID Enter the VLAN ID 1 to 4094 of the multicast VLAN 802 1p Priority Select a priority level 0 7 with which the Switch replaces the priority in outgoing IGMP control packets belonging to this multicast VLAN Mode Specify the MVR mode on the Switch Choices are Dynamic and Compatible Select Dynamic to...

Page 219: ...ives multicast traffic None Select this option to set the port not to participate in MVR No MVR multicast traffic is sent or received on this port Tagging Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save ...

Page 220: ... IP address for a multicast group Refer to Section 25 1 1 on page 200 for more information on IP multicast addresses Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to ...

Page 221: ...receive the traffic Figure 128 MVR Configuration Example To configure the MVR settings on the Switch create a multicast group in the MVR screen and set the receiver and source ports Figure 129 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers configure multicast group settings in the Group Configuration screen The following figure shows an exampl...

Page 222: ...Chapter 25 Multicast MGS3520 Series User s Guide 222 Figure 130 MVR Group Configuration Example 1 Figure 131 MVR Group Configuration Example 2 EXAMPLE EXAMPLE ...

Page 223: ...witch itself or it can use an external server to authorize a large number of users Accounting is the process of recording what a user is doing The Switch can use an external server to track when users log in log out execute commands and so on Accounting can also record system related actions such as boot up and shut down times of the Switch The external servers that perform authentication authoriz...

Page 224: ...ettings RADIUS TACACS or both and then set up the authentication priority activate authorization and configure accounting settings Click Advanced Application AAA in the navigation panel to display the screen as shown Figure 133 Advanced Application AAA 26 2 1 RADIUS Server Setup Use this screen to configure your RADIUS server settings See Section 26 1 2 on page 224 for more information on RADIUS s...

Page 225: ...he RADIUS server If you are using index priority for your authentication and you are using two RADIUS servers then the timeout value is divided between the two RADIUS servers For example if you set the timeout value to 30 seconds then the Switch waits for a response from the first RADIUS server for 15 seconds and then tries the second RADIUS server Index This is a read only number representing a R...

Page 226: ... representing a RADIUS accounting server entry IP Address Enter the IP address of an external RADIUS accounting server in dotted decimal notation UDP Port The default port of a RADIUS accounting server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as the key to be shar...

Page 227: ... the TACACS server If you are using index priority for your authentication and you are using two TACACS servers then the timeout value is divided between the two TACACS servers For example if you set the timeout value to 30 seconds then the Switch waits for a response from the first TACACS server for 15 seconds and then tries the second TACACS server Index This is a read only number representing a...

Page 228: ...r entry IP Address Enter the IP address of an external TACACS accounting server in dotted decimal notation TCP Port The default port of a TACACS accounting server is 49 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as the key to be shared between the external TACACS accounting server and the...

Page 229: ...Switch CLI Reference Guide for local authentication The TACACS and RADIUS are external servers Before you specify the priority make sure you have set up the corresponding database correctly first You can specify up to three methods for the Switch to authenticate the access privilege level of administrators The Switch checks the methods in the order you configure them first Method 1 then Method 2 a...

Page 230: ...ver Active Select this to activate authorization for a specified event types Method Select whether you want to use RADIUS or TACACS for authorization of specific types of events RADIUS is the only method for IEEE 802 1x authorization Accounting Use this section to configure accounting settings on the Switch Update Period This is the amount of time in minutes before the Switch sends an update to th...

Page 231: ...or users authenticating via the RADIUS server Mode The Switch supports two modes of recording login events Select start stop to have the Switch send information to the accounting server when a user begins a session during a user s session if it lasts past the Update Period and when a user ends a session stop only to have the Switch send information to the accounting server only when a user ends a ...

Page 232: ...ed on the RADIUS server This section lists the RADIUS attributes supported by the Switch Table 99 Supported VSAs FUNCTION ATTRIBUTE Ingress Bandwidth Assignment Vendor Id 890 Vendor Type 1 Vendor data ingress rate Kbps in decimal format Egress Bandwidth Assignment Vendor Id 890 Vendor Type 2 Vendor data egress rate Kbps in decimal format Privilege Assignment Vendor ID 890 Vendor Type 3 Vendor Data...

Page 233: ...server when performing authentication 26 3 1 1 Attributes Used for Authenticating Privilege Access User Name the format of the User Name attribute is enab where is the privilege level 1 14 User Password NAS Identifier NAS IP Address 26 3 1 2 Attributes Used to Login Users User Name User Password NAS Identifier NAS IP Address 26 3 1 3 Attributes Used by the IEEE 802 1x Authentication User Name NAS ...

Page 234: ... that they are sent the difference between Console and Telnet SSH Exec events is that the Telnet SSH events utilize the Calling Station Id attribute Table 101 RADIUS Attributes Exec Events via Console ATTRIBUTE START INTERIM UPDATE STOP User Name NAS Identifier NAS IP Address Service Type Acct Status Type Acct Delay Time Acct Session Id Acct Authentic Acct Session Time Acct Terminate Cause Table 1...

Page 235: ... 103 RADIUS Attributes Exec Events via Console ATTRIBUTE START INTERIM UPDATE STOP User Name NAS IP Address NAS Port Class Called Station Id Calling Station Id NAS Identifier NAS Port Type Acct Status Type Acct Delay Time Acct Session Id Acct Authentic Acct Input Octets Acct Output Octets Acct Session Time Acct Input Packets Acct Output Packets Acct Terminate Cause Acct Input Gigawords Acct Output...

Page 236: ...ard consists of the following features Static bindings Use this to create static bindings in the binding table DHCP snooping Use this to filter unauthorized DHCP packets on the network and to build the binding table dynamically ARP inspection Use this to filter unauthorized ARP packets on the network If you want to use dynamic bindings to filter unauthorized ARP packets typical implementation you ...

Page 237: ... Switch restarts it loads static bindings from permanent memory but loses the dynamic bindings in which case the devices in the network have to send DHCP requests again As a result it is recommended you configure the DHCP snooping database The DHCP snooping database maintains the dynamic bindings for DHCP snooping and ARP inspection in a file on an external TFTP server If you set up the DHCP snoop...

Page 238: ... configure this setting for each source VLAN This setting is independent of the DHCP relay settings Chapter 39 on page 321 27 1 1 4 Configuring DHCP Snooping Follow these steps to configure DHCP snooping on the Switch 1 Enable DHCP snooping on the Switch 2 Enable DHCP snooping on each VLAN and configure DHCP relay option 82 3 Configure trusted and untrusted ports and specify the maximum number of ...

Page 239: ...d port or an untrusted port for ARP inspection This setting is independent of the trusted untrusted setting for DHCP snooping You can also specify the maximum rate at which the Switch receives ARP packets on untrusted ports The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on untrusted ports in the following situations The sender s information ...

Page 240: ...dress and VLAN ID as an existing static binding the new static binding replaces the original one To open this screen click Advanced Application IP Source Guard Static Binding Table 104 Advanced Application IP Source Guard LABEL DESCRIPTION Index This field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding IP Address This field displ...

Page 241: ...urrent ARP entries to the static bindings table Port List Select this and enter the number of the port s separated by a comma ARP entries learned on the specified port s are added to the static bindings table after you click ARP Freeze VLAN List Select this and enter the ID number of the VLAN s separated by a comma ARP entries for the specified VLAN s are added to the static bindings table after y...

Page 242: ...ing IP Address This field displays the IP address assigned to the MAC address in the binding Lease This field displays how long the binding is valid Type This field displays how the Switch learned the binding static This binding was learned from information provided manually by an administrator VLAN This field displays the source VLAN ID in the binding Port This field displays the port number in t...

Page 243: ...onfigure them in the DHCP Snooping Configure screen See Section 27 5 on page 245 Agent URL This field displays the location of the DHCP snooping database Write delay timer This field displays how long in seconds the Switch tries to complete a specific update in the DHCP snooping database before it gives up Abort timer This field displays how long in seconds the Switch waits to update the DHCP snoo...

Page 244: ...eate or read the DHCP snooping database when the Switch started up or a new URL is configured for the DHCP snooping database Successful transfers This field displays the number of times the Switch read bindings from or updated the bindings in the DHCP snooping database successfully Failed transfers This field displays the number of times the Switch was unable to read bindings from or update the bi...

Page 245: ... any bindings for any reason from the DHCP binding database Total ignored bindings counters This section displays the reasons the Switch has ignored bindings any time it read bindings from the DHCP binding database You can clear these counters by restarting the Switch or using CLI commands See the Ethernet Switch CLI Reference Guide Binding collisions This field displays the number of bindings the...

Page 246: ...g VLAN Configure screen Section 27 5 2 on page 248 to help the DHCP servers distinguish between DHCP requests from different VLAN Database If Timeout interval is greater than Write delay interval it is possible that the next update is scheduled to occur before the current update has finished successfully or timed out In this case the Switch waits to start the next update until it completes the cur...

Page 247: ... Switch to load it You can use this to load dynamic bindings from a different DHCP snooping database than the one specified in Agent URL When the Switch loads dynamic bindings from a DHCP snooping database it does not discard the current dynamic bindings first If there is a conflict the Switch keeps the dynamic binding in volatile memory and updates the Binding collisions counter in the DHCP Snoop...

Page 248: ...scards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high Untrusted ports are connected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The pac...

Page 249: ...e the VLAN the settings are applied to all VLANs Enabled Select Yes to enable DHCP snooping on the VLAN You still have to enable DHCP snooping on the Switch and specify trusted ports Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports Option 82 Profile Select a pre defined DHCP option 82 profile that the Switch applies to all ports in the specifie...

Page 250: ...umber port number VLAN ID and or system name specified in the profile to DHCP requests that it broadcasts to the DHCP VLAN if specified or VLAN You can specify the DHCP VLAN in the DHCP Snooping Configure screen see Section 27 5 on page 245 The profile you select here has priority over the one you select in the DHCP Snooping Configure VLAN screen Add Click this to create a new entry or to update a...

Page 251: ...ource VLAN ID in the MAC address filter Port This field displays the source port of the discarded ARP packet Expiry sec This field displays how long in seconds the MAC address filter remains in the Switch You can also delete the record manually Delete Reason This field displays the reason the ARP packet was discarded MAC VLAN The MAC address and VLAN ID were not in the binding table IP The MAC add...

Page 252: ... received from the VLAN since the Switch last restarted Forwarded This field displays the total number of ARP packets the Switch forwarded for the VLAN since the Switch last restarted Dropped This field displays the total number of ARP packets the Switch discarded for the VLAN since the Switch last restarted Table 112 Advanced Application IP Source Guard ARP Inspection VLAN Status LABEL DESCRIPTIO...

Page 253: ...ection 27 6 3 on page 253 Reason This field displays the reason the log message was generated dhcp deny An ARP packet was discarded because it violated a dynamic binding with the same MAC address and VLAN ID static deny An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID deny An ARP packet was discarded because there were no bindings with the same...

Page 254: ...messages and simply starts counting the number of entries that were dropped due to unavailable buffer Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter See Section 27 6 2 on page 252 Syslog rate Type the maximum number of syslog messages the Switch can send to the syslog server in one batch This number is expressed as a rate because the...

Page 255: ...rent bindings The rate at which ARP packets arrive is too high You can specify the maximum rate at which ARP packets can arrive on untrusted ports Limit Rate and Burst Interval settings have no effect on trusted ports Rate pps Specify the maximum rate 1 2048 packets per second at which the Switch receives ARP packets from each port The Switch discards any additional ARP packets Enter 0 to disable ...

Page 256: ...re applied to all VLANs Enabled Select Yes to enable ARP inspection on the VLAN Select No to disable ARP inspection on the VLAN Log Specify when the Switch generates log messages for receiving ARP packets from the VLAN None The Switch does not generate any log messages when it receives an ARP packet from the VLAN Deny The Switch generates log messages when it discards an ARP packet from the VLAN P...

Page 257: ... Loop state occurs as a result of human error It happens when two ports on a switch are connected with the same cable When a switch in loop state sends out broadcast messages the messages loop back to the switch and are re broadcast again and again causing a broadcast storm If a switch not in loop state connects to a switch in loop state then it will be affected by the switch in loop state in the ...

Page 258: ...s not affected by the switch in loop state Figure 154 Loop Guard Probe Packet The Switch also shuts down port N if the probe packet returns to switch A on any other port In other words loop guard also protects against standard network loops The following figure illustrates three switches forming a loop A sample path of the loop guard probe packet is also shown In this example the probe packet is s...

Page 259: ...t number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to check if the Switch it is connected to is in loop state If the S...

Page 260: ...g table the Switch forwards the tagged packet according to its VLAN tag If the incoming packets are untagged the Switch adds a PVID based on the VLAN setting Note You can not enable VLAN mapping and VLAN stacking at the same time 29 1 1 VLAN Mapping Example In the following example figure packets that carry VLAN ID 12 and are received on port 3 match a pre configured VLAN mapping rule The Switch t...

Page 261: ...d displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the VLAN mapping feature on this port Clear this check box to disable the VLAN mapping feature Apply Click Apply to save your changes to...

Page 262: ...e rule is applied Choices are Egress outgoing Ingress incoming and Both Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel ...

Page 263: ...ncapsulates layer 2 protocol packets with a specific MAC address before sending them across the service provider s network to other edge switches Figure 160 Layer 2 Protocol Tunneling Network Scenario In the following example if you enable L2PT for STP you can have switches A B C and D in the same spanning tree even though switch A is not directly connected to switches B C and D Topology change in...

Page 264: ... Incoming layer 2 protocol packets received on an access port are encapsulated and forwarded to the tunnel ports The Tunnel port is an egress port at the edge of the service provider s network and connected to another service provider s switch Incoming encapsulated layer 2 protocol packets received on a tunnel port are decapsulated and sent to an access port 30 2 Configuring Layer 2 Protocol Tunne...

Page 265: ...ches in the service provider s network should be set to use the same MAC address for encapsulation Port This field displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them CDP Select this option to have the Switch tunnel CDP Cisc...

Page 266: ...tus of a link Mode Select Access to have the Switch encapsulate the incoming layer 2 protocol packets and forward them to the tunnel port s Select Access for ingress ports at the edge of the service provider s network Note You can enable L2PT services for STP LACP VTP CDP UDLD and PAGP on the access port s only Select Tunnel for egress ports at the edge of the service provider s network The Switch...

Page 267: ...collector The sFlow collector is a server that collects and analyzes sFlow datagram An sFlow datagram includes packet header input and output interface sampling process parameters and forwarding information sFlow minimizes impact on CPU load of the Switch as it analyzes sample data only sFlow can continuously monitor network traffic and create reports for network performance analysis and troublesh...

Page 268: ...lick Cancel to begin configuring this screen afresh Port This field displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this to allow the Switch to monitor traffic on this port and generate and send sFlow datag...

Page 269: ...o allow incoming traffic if the collector is behind a firewall Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 121 Adv...

Page 270: ...This field displays IP address of the sFlow collector UDP Port This field displays port number the Switch uses to send sFlow datagram to the collector Delete Check the rule s that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to begin configuring this screen afresh Table 122 Advanced Application sFlow Collector continued LABEL DESCRIPTION ...

Page 271: ...oE Active Discovery Initialization and PADR PPPoE Active Discovery Request packets from PPPoE clients This tag is defined in RFC 2516 and has the following format for this feature The Tag_Type is 0x0105 for vendor specific tags as defined in RFC 2516 The Tag_Len indicates the length of Value i1 and i2 The Value is the 32 bit number 0x00000DE9 which stands for the ADSL Forum IANA entry i1 and i2 ar...

Page 272: ...long to VLAN 123 32 1 2 2 WT 101 Default Circuit ID Syntax If you do not configure a Circuit ID string for a specific VLAN on a port or for a specific port and disable the flexible Circuit ID syntax in the PPPoE Intermediate Agent screen the Switch automatically generates a Circuit ID string according to the default Circuit ID syntax which is defined in the DSL Forum Working Text WT 101 The defaul...

Page 273: ...sent from a PPPoE client and received on an untrusted port the Switch adds a vendor specific tag to the packet and then forwards it to the trusted port s The Switch discards PADO and PADS packets which are sent from a PPPoE server but received on an untrusted port 32 2 PPPoE Screen Use this screen to configure the PPPoE Intermediate Agent on the Switch Click Advanced Application PPPoE in the navig...

Page 274: ...pty and configure circuit id and remote id in the Per Port or Per Port Per VLAN screen Active Select this option to have the Switch add the user defined identifier string and variables specified in the option field to PADI or PADR packets from PPPoE clients If you leave this option unselected and do not configure any Circuit ID string using CLI commands on the Switch the Switch will use the string...

Page 275: ...escribes the labels in this screen Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 128 Advanced Application PPPoE Inte...

Page 276: ...e sent from a PPPoE server but received on an untrusted port Circuit id Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Circuit ID sub option for PPPoE discovery packets received on this port Spaces are allowed The Circuit ID you configure for a specific VLAN on a port in the Advanced Application PPPoE Intermediate Agent Port VLAN screen has the highest priority Rem...

Page 277: ...to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Note Changes in this row are copied to all the VLANs as soon as you make them Circuit id Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Circuit ID sub option for this VLAN on the specified port Spaces are allowed The Circuit ID you configure here has the ...

Page 278: ...ick Apply to display the specified range of VLANs in the section below VID This field displays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Note Changes in this row are copied to all the VLANs as soon a...

Page 279: ... port This enhances the CPU efficiency and protects against potential DoS attacks or errors from other network s You then can choose to drop control packets that exceed the specified rate limit or disable a port on which the packets are received 33 2 Error Disable Recovery Overview Some features such as loop guard or CPU protection allow the Switch to shut down a port or discard specific packets o...

Page 280: ...cted that control packets exceeded the rate limit configured for a port or a port is disabled according to the feature requirements and what action you configure and related information Click the Click here link next to Errdisable Status in the Advanced Application Errdisable screen to display the screen as shown Figure 172 Advanced Application Errdisable Errdisable Status ...

Page 281: ...trol packet received on the port or the feature enabled on the port and causing the Switch to take the specified action Active This field displays whether the control packets ARP BPDU and or IGMP on the port is being detected or not It also shows whether loop guard anti arp scanning BPDU guard or ZULD is enabled on the port Mode This field shows the action that the Switch takes for the cause inact...

Page 282: ...ere Port This field displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Note Changes in this row are copied to all the ports as soon as you make them Rate Limit pkt s Enter a number from 0 to 256 to specify how many control packets this port can receive or transmit per second 0 means no rate limit Y...

Page 283: ...o all the entries as soon as you make them Active Select this option to have the Switch detect if the configured rate limit for a specific control packet is exceeded and take the action selected below Mode Select the action that the Switch takes when the number of control packets exceed the rate limit on a port set in the Advanced Application Errdisable CPU protection screen inactive port The Swit...

Page 284: ...all entries Use this row first and then make adjustments to each entry if necessary Note Changes in this row are copied to all the entries as soon as you make them Timer Status Select this option to allow the Switch to wait for the specified time interval to activate a port or allow specific packets on a port after the error was gone Deselect this option to turn off this rule Interval Enter the nu...

Page 285: ...miscuous port can communicate with any port in the same VLAN An isolated port can communicate with the promiscuous port s only Note You can have up to one private VLAN rule for each VLAN In the following example ports 1 2 3 and 25 belong to VLAN 123 You configure and enable private VLAN for VLAN 123 on the Switch Then ports 1 2 and or 3 cannot send traffic to each other but they all can talk to th...

Page 286: ...your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to clear the fields to the factory defaults Index This is the index numbe...

Page 287: ...E signal is sent to the link partner to return the link to active mode Auto Power Down Auto Power Down turns off almost all functions of the port s physical layer functions when the link is down so the port only uses power to check for a link up pulse from the link partner After the link up pulse is detected the port wakes up from Auto Power Down and operates normally Short Reach Traditional Ether...

Page 288: ...he same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them EEE Select this to activate Energy Efficient Ethernet on this port Auto Power Down Select this to activate Auto Power Down on this port Short Reach Select this to activate Short Reach on this port Apply Click Apply to save your change...

Page 289: ...e basic management TLVs End of LLDPDU mandatory Chassis ID mandatory Port ID mandatory Time to Live mandatory Port Description optional System Name optional System Description optional System Capabilities optional Management Address optional The Switch also supports the IEEE 802 1 and IEEE 802 3 organizationally specific TLVs IEEE 802 1 specific TLVs Port VLAN ID TLV optional Port and Protocol VLA...

Page 290: ...MED supports Class I IP Communications Controllers or other communication related servers Class II Voice Gateways Conference Bridges or Media Servers Class III IP Phones PC based Softphones End user Communication Appliances supporting IP Media The following figure shows that with the LLDP MED network connectivity devices NCD like Switches and Routers will transmit LLDP TLV to endpoint device ED li...

Page 291: ...e labels in this screen Table 138 Advanced Application LLDP LABEL DESCRIPTION LLDP LLDP Local Status Click here to show a screen with the Switch s LLDP information LLDP Remote Status Click here to show a screen with LLDP information from the neighboring devices LLDP Configuration Click here to show a screen to configure LLDP parameters LLDP MED LLDP MED Configuration Click here to show a screen to...

Page 292: ... as shown next Figure 182 Advanced Application LLDP LLDP Local Status LLDP MED Network Policy Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices network policy parameters LLDP MED Location Click here to show a screen to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices location parameters Table 138 Advanced Applicati...

Page 293: ... Switch System Capabilities Supported Bridge System Capabilities Enabled Bridge Management Address TLV The Management Address TLV identifies an address associated with the local LLDP agent that may be used to reach higher layer entities to assist discovery by network management The TLV may also include the system interface number and an object identifier OID that are associated with this managemen...

Page 294: ...Chapter 36 Link Layer Discovery Protocol LLDP MGS3520 Series User s Guide 294 Figure 183 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail ...

Page 295: ...rt supports or does not support auto negotiation AN Enabled The current auto negotiation status of the port AN Advertised Capability The auto negotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capable of being aggregated whether the link is currently in an aggregation...

Page 296: ...nfiguration Information LCI Table 140 Advanced Application LLDP LLDP Local Status LLDP Local Port Status Detail LABEL DESCRIPTION Table 141 Advanced Application LLDP LLDP Remote Status LABEL DESCRIPTION Index The index number shows the number of remote devices that are connected to the Switch Click on an index number to view the detailed LLDP status for this remote device in the LLDP Remote Port S...

Page 297: ...r for example 1 in the Index column in the LLDP Remote Status screen to display the screen as shown next Figure 185 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail Basic TLV The following table describes the labels in Basic TLV part of the screen Table 142 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail Basic TLV LABEL DESCRIPTION Local Port ...

Page 298: ...arded when its corresponding TTL expires The TTL value is to multiply the TTL multiplier by the LLDP frames transmitting interval Port Description TLV This displays the remote port description System Name TLV This displays the system name of the remote device System Description TLV This displays the system description of the remote device System Capabilities TLV This displays whether the system ca...

Page 299: ...ed Application LLDP LLDP Remote Status LLDP Remote Port Status Detail Dot1 and Dot3 TLV LABEL DESCRIPTION Dot1 TLV Port VLAN ID TLV This displays the VLAN ID of this port on the remote device Port Protocol VLAN ID TLV This displays the IEEE 802 1 Port Protocol VLAN ID TLV which indicates whether the VLAN ID and whether it is enabled and supported on the port of remote Switch which sent the LLDPDU ...

Page 300: ...dvertised Capability The auto negotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indicates whether the link is capable of being aggregated whether the link is currently in an aggregation and if in an aggregation the port identification of the aggregation Aggregation Capability The current aggregat...

Page 301: ...Chapter 36 Link Layer Discovery Protocol LLDP MGS3520 Series User s Guide 301 Figure 187 Advanced Application LLDP LLDP Remote Status LLDP Remote Port Status Detail MED TLV ...

Page 302: ...This displays the MED capabilities the remote port supports Network Policy Location Extend Power via MDI PSE Extend Power via MDI PD Inventory Management Device Type TLV LLDP MED endpoint device classes Endpoint Class I Endpoint Class II Endpoint Class III Network Connectivity Network Policy TLV This displays a network policy for the specified application Voice Voice Signaling Guest Voice Guest Vo...

Page 303: ...D Extended Power via MDI TLV Extended Power Via MDI Discovery enables detailed power information to be advertised by Media Endpoints such as IP phones and Network Connectivity Devices such as the Switch Power Type whether it is currently operating from primary power or is on backup power backup power may indicate to the Endpoint Device that it should move to a power conservation mode Power Source ...

Page 304: ... discarded when its corresponding TTL expires The TTL value is to multiply the TTL multiplier by the LLDP packets transmitting interval Transmit Delay Enter the delay in seconds between successive LLDPDU transmissions initiated by value or status changes in the Switch MIB Reinitialize Delay Enter the number of seconds for LLDP to wait before initializing on a port Apply Click Apply to save your ch...

Page 305: ...s row are copied to all the ports as soon as you make them Admin Status Select whether LLDP transmission and or reception is allowed on this port Disable not allowed Tx Only transmit only Rx Only receive only Tx Rx transmit and receive Notification Select whether LLDP notification is enabled on this port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these ...

Page 306: ...hem Management Address Select the check box es to enable or disable the sending of Management Address TLVs on the port s Port Description Select the check box es to enable or disable the sending of Port Description TLVs on the port s System Capabilities Select the check box es to enable or to disable the sending of System Capabilities TLVs on the port s System Description Select the check box es t...

Page 307: ...hem Dot1 TLV Port Protocol VLAN ID Select the check box es to enable or disable the sending of IEEE 802 1 Port and Protocol VLAN ID TLVs on the port s Port VLAN ID Select the check box es to enable or disable the sending of IEEE 802 1 Port VLAN ID TLVs on the port s All check boxes in this column are enabled by default Dot3 TLV Link Aggregation Select the check box es to enable or disable the send...

Page 308: ...MDI power support capabilities of the sending port on the remote device Port Class MDI Supported MDI Enabled Pair Controlable PSE Power Pairs Power Class Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are...

Page 309: ...he same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them Notification Topology Change Select to enable LLDP MED topology change traps on this port MED TLV Setting Location Select to enable transmitting LLDP MED location TLV Network Policy Select to enable transmitting LLDP MED Network Polic...

Page 310: ...policy The value is defined from 0 through 63 with the 0 representing use of the default DSCP value Priority Enter the priority value for the network policy Add Click Add after finish entering the network policy information A summary table will list all the Switch you ve added Cancel Click Cancel to begin entering the information afresh Index This field displays the of index number of the network ...

Page 311: ...ocation Coordinates The LLDP MED uses geographical coordinates and Civic Address to set the location information of the remote device Geographical based coordinates includes latitude longitude altitude and datum Civic Address includes Country State County City Street and other related information Latitude Enter the latitude information The value should be from 0º to 90º The negative value represen...

Page 312: ...ical digit string corresponding to the ELIN identifier which is used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP The valid length is from 10 to 25 characters Add Click Add after finish entering the location information Cancel Click Cancel to begin entering the location information afresh Index This lists the index number of the location configuration Click an index n...

Page 313: ...o select a specific entry Otherwise select the check box in the table heading row to select all entries Delete Check the locations that you want to remove then click the Delete button Cancel Click Cancel to clear the selected check boxes Table 150 Advanced Application LLDP LLDP MED Location LABEL DESCRIPTION ...

Page 314: ...utes to send data to a server or device that is not reachable through the default gateway for example when sending SNMP traps or using ping to test IP connectivity This figure shows a Telnet session coming in from network N1 The Switch sends reply traffic to default gateway R1 which routes it back to the manager s computer The Switch needs a static route to tell it to use router R2 to send traffic...

Page 315: ... DESCRIPTION Active This field allows you to activate deactivate this static route Name Enter a descriptive name up to 10 printable ASCII characters for identification purposes Destination IP Address This parameter specifies the IP network address of the final destination IP Subnet Mask Enter the subnet mask for this destination Routing is always based on network number If you need to specify a ro...

Page 316: ...ar to set the above fields back to the factory defaults Index This field displays the index number of the route Click a number to edit the static route entry Active This field displays Yes when the static route is activated and No when it is deactivated Name This field displays the descriptive name for this route This is for identification purposes only Destination Address This field displays the ...

Page 317: ...iffServ defines a new DS Differentiated Services field to replace the Type of Service ToS field in the IP header The DS field contains a 6 bit DSCP field which can define up to 64 service levels and the remaining 2 bits are defined as currently unused CU The following figure illustrates the DS field Figure 197 DiffServ Differentiated Service Field DSCP is backward compatible with the three precede...

Page 318: ...ic flow are more likely to be dropped when congestion occurs than the packets in the Platinum traffic flow as they move across the DiffServ network Figure 198 DiffServ Network 38 2 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802 1p priority mapping on the selected port s Click IP Application DiffServ in the navigation panel to display the screen as shown G S B P S B B G P ...

Page 319: ...displays the index number of a port on the Switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select Active to enable DiffServ on the port Apply Cli...

Page 320: ...apping DSCP VALUE 0 7 8 15 16 23 24 31 32 39 40 47 48 55 56 63 IEEE 802 1p 0 1 2 3 4 5 6 7 Table 154 IP Application DiffServ DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses the...

Page 321: ...relay agent When the Switch receives a request from a computer on your network it contacts the DHCP server for the necessary IP information and then relays the assigned information back to the computer 39 1 2 DHCP Configuration Options The DHCP configuration on the Switch is divided into Global and VLAN screens The screen you should use for configuration depends on the DHCP services you want to of...

Page 322: ... a global DHCP relay This means that the Switch forwards all DHCP requests from all domains to the same DHCP server You can also configure the Switch to relay DHCP information based on the VLAN membership of the DHCP clients 39 4 1 DHCPv4 Relay Agent Information The Switch can add information about the source of client DHCP requests that it relays to a DHCP server by adding Relay Agent Information...

Page 323: ...e Switch sends to the DHCP server 39 4 2 DHCPv4 Option 82 Profile Use this screen to create DHCPv4 option 82 profiles Click IP Application DHCP DHCPv4 in the navigation panel and click the Option 82 Profile link to display the screen as shown Figure 203 IP Application DHCP DHCPv4 Option 82 Profile Table 156 Relay Agent Information FIELD LABELS DESCRIPTION Slot ID 1 byte This value is always 0 for ...

Page 324: ...this section to configure the Remote ID sub option to include information that identifies the relay agent the Switch Enable Select this option to have the Switch append the Remote ID sub option to the option 82 field of DHCP requests mac Select this option to have the Switch add its MAC address to the client DHCP requests that it relays to a DHCP server string Enter a string of up to 64 ASCII char...

Page 325: ...k box to enable DHCP relay Remote DHCP Server 1 3 Enter the IP address of a DHCP server in dotted decimal notation Option 82 Profile Select a pre defined DHCPv4 option 82 profile that the Switch applies to all ports The Switch adds the Circuit ID sub option and or Remote ID sub option specified in the profile to DHCP requests that it relays to a DHCP server Apply Click Apply to save your changes t...

Page 326: ...P server The profile you select here has priority over the one you select in the DHCP DHCPv4 Global screen Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you...

Page 327: ...ress according to the VLAN ID Figure 207 DHCP Relay Configuration Example 39 4 6 Configuring DHCPv4 VLAN Settings Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients Click IP Application DHCP DHCPv4 in the navigation panel then click the VLAN link In the DHCP Status screen that displays Note You must set up a management IP address for each VLAN that you wan...

Page 328: ... ID sub option and or Remote ID sub option specified in the profile to DHCP requests that it relays to a DHCP server Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to ...

Page 329: ...o a DHCP server The profile you select here has priority over the one you select in the DHCP DHCPv4 VLAN screen Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory whe...

Page 330: ...a DHCPv6 server on its network it then needs a DHCPv6 relay agent to send a message to a DHCPv6 server that is not attached to the same network The DHCPv6 relay agent can add the remote identification remote ID option and the interface ID option to the Relay Forward DHCPv6 messages The remote ID option carries a user defined string such as the system name The interface ID option provides slot numb...

Page 331: ...elays to a DHCP server Add Click this to create a new entry or to update an existing one This saves your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved va...

Page 332: ...quests from the clients before the Switch forwards them to a DHCPv6 server Enter a string of up to 64 printable characters to be carried in the interface ID option Option 37 Remote ID Select Enable to have the Switch add the remote ID option in the DHCPv6 requests from the clients before the Switch forwards them to a DHCPv6 server Select mac to have the Switch add its MAC address to the client DHC...

Page 333: ... Option37 This field displays the information that is included in the Remote ID option Option38 This field displays the information that is included in the Subscriber ID option Referenced This field displays whether this profile is in use by a feature such as DHCPv6 relay Delete Check the entry ies that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to...

Page 334: ... Clear to reset the fields to the factory defaults Index This field displays a sequential number for each entry Click an index number to change the settings VID This field displays the VLAN to which the port s belongs Port This field displays the port s to which the Switch applies the settings Profile Name This field displays the DHCPv6 options profile that the Switch applies to the specified port...

Page 335: ...st address The replying device which is either the IP address of the device being sought or the router that knows the way replaces the broadcast address with the target s MAC address swaps the sender and target pairs and unicasts the answer directly back to the requesting machine ARP updates the ARP Table for future reference and then sends the packet to the MAC address that replied 40 1 0 2 ARP L...

Page 336: ...There will be no reply to a gratuitous ARP request A device may send a gratuitous ARP packet to detect IP collisions If a device restarts or its MAC address is changed it can also use gratuitous ARP to inform other devices in the same network to update their ARP table with the new mapping information In Gratuitous ARP learning mode the Switch updates its ARP table with either an ARP reply or a gra...

Page 337: ...pplication ARP Setup in the navigation panel to display the screen as shown Click the link next to ARP Learning to open a screen where you can set the ARP learning mode for each port Figure 215 IP Application ARP Setup 40 2 1 ARP Learning Use this screen to configure each port s ARP learning mode Click the link next to ARP Learning in the IP Application ARP Setup screen to display the screen as sh...

Page 338: ... Learning Mode Select the ARP learning mode the Switch uses on the port Select ARP Reply to have the Switch update the ARP table only with the ARP replies to the ARP requests sent by the Switch Select Gratuitous ARP to have the Switch update its ARP table with either an ARP reply or a gratuitous ARP request Select ARP Request to have the Switch update the ARP table with both ARP replies gratuitous...

Page 339: ...rade Click Click Here to go to the Firmware Upgrade screen Restore Configuration Click Click Here to go to the Restore Configuration screen Backup Configuration Click Click Here to go to the Backup Configuration screen Load Factory Default Click Click Here to reset the configuration to the factory default settings Save Configuration Click Config 1 to save the current configuration settings to Conf...

Page 340: ...the default Switch IP address 192 168 1 1 41 3 Save Configuration Click Config 1 to save the current configuration settings permanently to Configuration 1 on the Switch Click Config 2 to save the current configuration settings to Configuration 2 on the Switch Alternatively click Save on the top right hand corner in any screen to save the configuration changes to the current configuration Note Clic...

Page 341: ...he Switch restarts and which configuration file is currently in use on the Switch 1 or 2 Refresh Click Refresh to update the time information in the Reboot Scheduled in field Cancel Click Cancel to disable the scheduled restart and reset the screen to its default settings Reboot System Select Immediately to have the Switch restart right after you click Apply Select Delayed in 24 days to schedule a...

Page 342: ...wish to upload to the Switch in the File Path text box or click Browse to locate it Select the Rebooting check box if you want to reboot the Switch and apply the new firmware immediately Firmware upgrades are only applied after a reboot Click Upgrade to load the new firmware After the firmware upgrade process is complete see the System Info screen to verify your current firmware version number Tab...

Page 343: ...on the Switch Firmware 1 or Firmware 2 Config Boot Image Select which firmware Firmware 1 or Firmware 2 should load click Apply and reboot the Switch to see changes you will also see changes in the Current Boot Image field above as well Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on th...

Page 344: ...f a Save As screen displays after you click Save or Save File choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the configuration file to your computer 41 8 Tech Support The Tech Support feature is a log enhancement tool that logs useful information such as CPU utilization history ...

Page 345: ...e Mbuf 50 means a log will be created when the Mbuf utilization is over 50 The higher the Mbuf threshold number the fewer logs will be created and the less data technical support will have to analyze and vice versa Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel...

Page 346: ...ut using commands The system does not reboot after it switches from one image to the other 41 9 1 1 Example FTP Commands ftp put firmware bin ras 0 This is a sample FTP session showing the transfer of the computer file firmware bin to the Switch ftp get config config cfg This is a sample FTP session saving the current configuration to a file called config cfg on your computer If your T FTP client ...

Page 347: ...ts The following table describes some of the commands that you may see in GUI based FTP clients 41 9 4 FTP Restrictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote Management screen does not match the client IP address If it does not match the Switch will disconnect the FTP session immediately General Commands for GUI based FT...

Page 348: ...ation on disabling multi login 42 2 The Access Control Main Screen Click Management Access Control in the navigation panel to display the main screen as shown Figure 224 Management Access Control 42 3 About SNMP Simple Network Management Protocol SNMP is an application layer protocol used to manage and monitor TCP IP based devices SNMP is used to exchange management information between the network...

Page 349: ...gents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol based on the manager agent model The manager issues a request and the agent returns responses using the following protocol operations 42 3 1 SNMP v3 and Security SNMP v3 enhances security for SNMP management SNMP managers can be required to authenticate with agents before conducting SN...

Page 350: ...urs The following tables outline the SNMP traps by category An OID Object ID that begins with 1 3 6 1 4 1 890 1 15 is defined in private MIBs Otherwise it is a standard MIB OID Table 173 SNMP System Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION coldstart coldStart 1 3 6 1 6 3 1 1 5 1 This trap is sent when the Switch is turned on warmstart warmStart 1 3 6 1 6 3 1 1 5 2 This trap is sent when the...

Page 351: ...utOfRange 1 3 6 1 4 1 890 1 15 3 26 2 3 This trap is sent when the voltage goes above or below the normal operating range zyHwMonitorPowerSupplyV oltageOutOfRangeRecovere d 1 3 6 1 4 1 890 1 15 3 26 2 8 This trap is sent when the power supply voltage is recovered from the out of range to normal operating range reset zySysMgmtUncontrolledSys temReset 1 3 6 1 4 1 890 1 15 3 49 2 1 This trap is sent ...

Page 352: ...inkup linkUp 1 3 6 1 6 3 1 1 5 4 This trap is sent when the Ethernet link is up linkdown linkDown 1 3 6 1 6 3 1 1 5 3 This trap is sent when the Ethernet link is down autonegotiation zyPortAutonegotiationFailed 1 3 6 1 4 1 890 1 15 3 61 3 1 This trap is sent when an Ethernet interface fails to auto negotiate with the peer Ethernet interface zyPortAutonegotiationFailedRe covered 1 3 6 1 4 1 890 1 1...

Page 353: ...ias current is above or below the normal operating range zyTransceiverDdmiTemperatur eOutOfRangeRecovered 1 3 6 1 4 1 890 1 15 3 84 3 6 This trap is sent when the transceiver temperature is recovered from the out of normal operating range zyTransceiverDdmiTxPowerOut OfRangeRecovered 1 3 6 1 4 1 890 1 15 3 84 3 7 This trap is sent when the transmitted optical power is recovered from the out of norm...

Page 354: ...zationFailure 1 3 6 1 4 1 890 1 15 3 8 3 2 This trap is sent when management connection authorization failed accounting zyRadiusServerAccountingServe rNotReachable 1 3 6 1 4 1 890 1 15 3 71 2 2 This trap is sent when there is no response message from the RADIUS accounting server zyTacacsServerAccountingServe rUnreachable 1 3 6 1 4 1 890 1 15 3 83 2 2 This trap is sent when there is no response mes...

Page 355: ...gy changes zyMrstpTopologyChange 1 3 6 1 4 1 890 1 15 3 52 3 2 This trap is sent when the MRSTP topology changes zyMstpTopologyChange 1 3 6 1 4 1 890 1 15 3 53 3 2 This trap is sent when the MSTP root switch changes mactable zyMacForwardingTableFull 1 3 6 1 4 1 890 1 15 3 48 2 1 This trap is sent when more than 99 of the MAC table is used zyMacForwardingTableFullReco vered 1 3 6 1 4 1 890 1 15 3 4...

Page 356: ...e management station The Get Community string is only used by SNMP managers using SNMP version 2c or lower Note that as you type a password the screen displays an asterisk for each character you type Set Community Enter the Set Community which is the password for incoming Set requests from the management station The Set Community string is only used by SNMP managers using SNMP version 2c or lower ...

Page 357: ...on the Switch configured in the Management Access Control SNMP User screen Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh T...

Page 358: ...box automatically clears all of the category s trap check boxes the Switch only sends traps from selected categories Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel...

Page 359: ...nager Clear this check box to disable the sending of SNMP traps on this port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh...

Page 360: ...ype a password the screen displays an asterisk for each character you type Group SNMP v3 adopts the concept of View based Access Control Model VACM group SNMP managers in one group are assigned common access rights to MIBs Specify in which SNMP group this user is admin Members of this group can perform all types of system configuration including the management of administrator accounts readwrite M...

Page 361: ...ministrator password is 1234 Note It is highly recommended that you change the default administrator password 1234 A non administrator username is something other than admin is someone who can view but not configure Switch settings Click Management Access Control Logins to view the screen as shown next Figure 230 Management Access Control Logins Delete Click Delete to remove the selected entry fro...

Page 362: ... Retype your new system password for confirmation Privilege Type the privilege level for this user At the time of writing users may have a privilege level of 0 3 13 or 14 representing different configuration rights as shown below 0 Display basic system information 3 Display configuration or status 13 Configure features except for login accounts SNMP user accounts the authentication method sequence...

Page 363: ...quest to the SSH server The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client automatically saves any new server public keys In subsequent connections the server public key is checked against the saved version on the client computer 2 Encryption Method Once the identifica...

Page 364: ...e Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring confidentiality an unauthorized party cannot read the transferred data authentication one party can identify the other party and data integrity you know if data has been changed It relies upon certificates public keys and private keys HTTPS on the Switch is used so that you may securely access ...

Page 365: ...b site address where Switch IP Address is the IP address or domain name of the Switch you wish to access 42 9 1 Internet Explorer Warning Messages 42 9 1 1 Internet Explorer 6 When you attempt to access the Switch HTTPS server a Windows dialog box pops up asking if you trust the server certificate You see the following Security Alert screen in Internet Explorer Select Yes to proceed to the web con...

Page 366: ...to this website not recommended to proceed to the web configurator login screen Figure 235 Security Certificate Warning Internet Explorer 7 or 8 After you log in you will see the red address bar with the message Certificate Error Click on Certificate Error next to the address bar and click View certificates Figure 236 Certificate Error Internet Explorer 7 or 8 Click Install Certificate and follow ...

Page 367: ...rnet Explorer 7 or 8 42 9 2 Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server a This Connection is Unstructed screen may display If that is the case click I Understand the Risks and then the Add Exception button Figure 238 Security Alert Mozilla Firefox ...

Page 368: ... to the web configurator login screen Figure 239 Security Alert Mozilla Firefox 42 9 3 The Main Screen After you accept the certificate and enter the login username and password the Switch main screen appears The lock displayed in the bottom right of the browser status bar or next to the website address denotes a secure connection EXAMPLE ...

Page 369: ...rol allows you to decide what services you may use to access the Switch You may also change the default service port and configure trusted computer s for each service in the Remote Management screen discussed later Click Management Access Control Service Access Control to view the screen as shown Figure 241 Management Access Control Service Access Control EXAMPLE ...

Page 370: ...want to allow to access the Switch Service Port For Telnet SSH FTP HTTP or HTTPS services you may change the default service port by typing the new port number in the Server Port field If you change the default port number then you will have to let people who wish to use the service know the new port number for that service Timeout Type how many minutes from 1 to 255 a management session can be le...

Page 371: ...Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here The Switch immediately disconnects the session if it does not match Telnet FTP HTTP ICMP SNMP SSH HTTPS Select services that may be used for managing the Switch from the specified trusted compu...

Page 372: ... navigation panel to open this screen Use this screen to check system logs ping IP addresses or perform port tests Figure 243 Management Diagnostic The following table describes the labels in this screen Table 185 Management Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi line text box Click Clear to empty the text box and reset the syslog entry Ping T...

Page 373: ...ch Channel An Ethernet cable usually has four pairs of wires A 10BASE T or 100BASE TX port only use and test two pairs while a 1000BASE T port requires all four pairs This displays the descriptive name of the wire pair in the cable Pair status Ok The physical connection between the wire pair is okay Open There is no physical connection an open circuit detected between the wire pair Short There is ...

Page 374: ...r to the documentation of your syslog program for details The following table describes the syslog severity levels 44 2 Syslog Setup Click Management Syslog in the navigation panel to display this screen The syslog feature sends logs to an external syslog server Use this screen to configure the device s system logging settings Table 186 Syslog Severity Levels CODE SEVERITY 0 Emergency The system i...

Page 375: ...ve Select this option to set the device to generate logs for the corresponding category Facility The log facility allows you to send logs to different files in the syslog server Refer to the documentation of your syslog program for more details Privilege Select a command privilege level The Switch will only generate logs for commands that have a privilege level greater than or equal to the specifi...

Page 376: ...tch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to return the fields to the factory defaults Index This is the index number of a syslog server entry Click ...

Page 377: ...be able to communicate with one another In the following example switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members Table 189 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models Must be compatible with ZyXEL cluster management implementation Cluster Manager The switch throu...

Page 378: ... 378 Figure 246 Clustering Application Example 45 2 Cluster Management Status Click Management Cluster Management in the navigation panel to display the following screen Note A cluster can only have one manager Figure 247 Management Cluster Management Status ...

Page 379: ...er nor a member of a cluster Manager This field displays the cluster manager switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage cluster member switches via the cluster manager switch Each number in the Index column is a hyperlink leading to the cluster...

Page 380: ...ure 248 Cluster Management Cluster Member Web Configurator Screen 45 2 1 1 Uploading Firmware to a Cluster Member Switch You can use FTP to upload firmware to a cluster member switch through the cluster manager switch as shown in the following example example example ...

Page 381: ...1 12 00 ras 1 rw rw rw 1 owner group 8388608 Jul 01 12 00 config 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 410AABB0C0 bin ras 0 200 Port command okay 150 Opening data connection for STOR ras 0 226 File received OK ftp 262144 bytes sent in 0 63Seconds 415 44Kbytes sec ftp Table 191 FTP Upload to Cluster Member Example FTP PARAMETER DESC...

Page 382: ...r in the Cluster Management Status screen and a warning icon appears in the member summary list below Name Type a name to identify the Clustering Manager You may use up to 32 printable characters spaces are allowed VID This is the VLAN ID and is only applicable if the Switch is set to 802 1Q VLAN All switches must be directly connected and in the same VLAN group to belong to the same cluster Switc...

Page 383: ...s in the member summary list below If multiple devices have the same password then hold SHIFT and click those switches to select them Then enter their common web configurator password Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non vo...

Page 384: ...rmine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the MAC table If the Switch has already learned the port for this MAC address then it forwards the frame to that port If the Switch has ...

Page 385: ...Static to display the MAC entries manually configured on the Switch Select MAC and enter a MAC address in the field provided to display a specified MAC entry Select VID and enter a VLAN ID in the field provided to display the MAC entries belonging to the specified VLAN Select Port and enter a port number in the field provided to display the MAC addresses which are forwarded on the specified port S...

Page 386: ...ering entries These entries will then display only in the Filtering screen and the default filtering action is Discard source Cancel Click Cancel to change the fields back to their last saved values Index This is the incoming frame index number MAC Address This is the MAC address of the device from which this incoming frame came VID This is the VLAN group to which this frame belongs Port This is t...

Page 387: ...entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast address The replying device which is either the IP ad...

Page 388: ...ed port Flush Click Flush to remove the ARP entries according to the condition you specified Cancel Click Cancel to return the fields to the factory defaults Index This is the ARP table entry number IP Address This is the learned IP address of a device connected to a Switch port with the corresponding MAC address below MAC Address This is the MAC address of the device with the corresponding IP add...

Page 389: ...creen to view IPv6 path MTU information on the Switch Click Management Path MTU Table in the navigation panel to display the screen as shown Figure 254 Management Path MTU Table The following table describes the labels in this screen Table 195 Management Path MTU Table LABEL DESCRIPTION Path MTU aging time This field displays how long an entry remains in the Path MTU table before it ages out and n...

Page 390: ...hapter shows you how you can copy the settings of one port onto other ports 49 1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management Configure Clone to open the following screen ...

Page 391: ...e copied Enter the destination port or ports under the Destination label These are the ports which are going to have the same attributes as the source port You can enter individual ports separated by a comma or a range of ports by using a dash Example 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select w...

Page 392: ...ports Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 196 Management Configure Clone continued LABEL DESCRIPTION ...

Page 393: ...e Switch cannot find an entry in the neighbor table or the state for the neighbor is not reachable it starts the address resolution process This helps reduce the number of IPv6 solicitation and advertisement messages 50 2 Viewing the IPv6 Neighbor Table Use this screen to view IPv6 neighbor information on the Switch Click Management Neighbor Table in the navigation panel to display the screen as s...

Page 394: ...ays sending request packets for a short to give upper layer protocols a chance to determine reachability probe P The Switch is sending request packets and waiting for the neighbor s response invalid IV The neighbor address is with an invalid IPv6 address unknown The status of the neighboring interface can not be determined for some reason incomplete I Address resolution is in progress and the link...

Page 395: ...ith the Switch 3 Make sure the power adaptor or cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the Switch off and on in DC models or if the DC power supply is connected in AC DC models 5 Disconnect and re connect the power adaptor or cord to the Switch in AC models or if the AC power supply is connected in AC DC models 6...

Page 396: ... AC DC models 6 If the problem continues contact the vendor 51 2 Switch Access and Login I forgot the IP address for the Switch 1 The default management IP address is 192 168 1 1 2 Use the console port to log in to the Switch 3 If this does not work you have to reset the device to its factory defaults See Section 4 6 on page 40 I forgot the username and or password 1 The default username is admin ...

Page 397: ...cess the Switch check the remote management settings to find out why the Switch does not respond to HTTP I can see the Login screen but I cannot log in to the Switch 1 Make sure you have entered the user name and password correctly The default user name is admin and the default password is 1234 These fields are case sensitive so make sure Caps Lock is not on 2 You may have exceeded the maximum num...

Page 398: ...to check for unauthorized access to your Switch To avoid unauthorized access configure the secured client setting in the Management Access Control Remote Management screen for telnet HTTP and SSH see Section 42 11 on page 370 Computers not belonging to the secured client set cannot get permission to access the Switch 51 3 Switch Configuration I lost my configuration settings after I restart the Sw...

Page 399: ...information Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it Corporate Headquarters Worldwide Taiwan ZyXEL Communications Corporation http www zyxel com Asia China ZyXEL Communications Shanghai Corp Zy...

Page 400: ...com pk Philippines ZyXEL Philippines http www zyxel com ph Singapore ZyXEL Singapore Pte Ltd http www zyxel com sg Taiwan ZyXEL Communications Corporation http www zyxel com tw zh Thailand ZyXEL Thailand Co Ltd http www zyxel co th Vietnam ZyXEL Communications Corporation Vietnam Office http www zyxel com vn vi Europe Austria ZyXEL Deutschland GmbH http www zyxel de Belarus ZyXEL BY http www zyxel...

Page 401: ... Czech Republic ZyXEL Communications Czech s r o http www zyxel cz Denmark ZyXEL Communications A S http www zyxel dk Estonia ZyXEL Estonia http www zyxel com ee et Finland ZyXEL Communications http www zyxel fi France ZyXEL France http www zyxel fr Germany ZyXEL Deutschland GmbH http www zyxel de Hungary ZyXEL Hungary SEE http www zyxel hu Italy ZyXEL Communications Italy http www zyxel it ...

Page 402: ...nelux http www zyxel nl Norway ZyXEL Communications http www zyxel no Poland ZyXEL Communications Poland http www zyxel pl Romania ZyXEL Romania http www zyxel com ro ro Russia ZyXEL Russia http www zyxel ru Slovakia ZyXEL Communications Czech s r o organizacna zlozka http www zyxel sk Spain ZyXEL Communications ES Ltd http www zyxel es Sweden ZyXEL Communications http www zyxel se Switzerland Stu...

Page 403: ...kraine http www ua zyxel com Latin America Argentina ZyXEL Communication Corporation http www zyxel com ec es Brazil ZyXEL Communications Brasil Ltda https www zyxel com br pt Ecuador ZyXEL Communication Corporation http www zyxel com ec es Middle East Israel ZyXEL Communication Corporation http il zyxel com homepage shtml Middle East ZyXEL Communication Corporation http www zyxel com me en ...

Page 404: ... User s Guide 404 North America USA ZyXEL Communications Inc North America Headquarters http www zyxel com us en Oceania Australia ZyXEL Communications Corporation http www zyxel com au en Africa South Africa Nology Pty Ltd http www zyxel co za ...

Page 405: ...ications that use this service or the situations in which this service is used Table 198 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is also used as a listening port by ICQ AUTH TCP 113 Authentication protocol used by some serv...

Page 406: ...ork environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING User Defined 1 Packet INternet Groper is a protocol that sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or ...

Page 407: ...mote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to all...

Page 408: ...Appendix B Common Services MGS3520 Series User s Guide 408 ...

Page 409: ...f 0000 0000 0015 can be written as 2001 0db8 1a2f 0000 0000 0015 2001 0db8 0000 0000 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length...

Page 410: ... group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 The following table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and can not be assigned to a multicast group Table 200 Predefined Multicast Address MULTICAST ADDRESS DESCRIPTION FF01 0 ...

Page 411: ... the first byte of the MAC address See the following example Stateless Autoconfiguration With stateless autoconfiguration in IPv6 addresses can be uniquely and automatically generated Unlike DHCPv6 Dynamic Host Configuration Protocol version six which is used in IPv6 stateful autoconfiguration the owner and status of addresses don t need to be maintained by a DHCP server Every IPv6 device is able ...

Page 412: ...Each IA holds one type of address IA_NA means an identity association for non temporary addresses and IA_TA is an identity association for temporary addresses An IA_NA option contains the T1 and T2 fields but an IA_TA option does not The DHCPv6 server uses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA_NA before the lif...

Page 413: ...es Neighbor solicitation A request from a host to determine a neighbor s link layer address MAC address and detect if the neighbor is still reachable A neighbor being reachable means it responds to a neighbor solicitation message from the host with a neighbor advertisement message Neighbor advertisement A response from a node to announce its link layer address Router solicitation A request from a ...

Page 414: ...auto generated IP addresses IPv6 is installed and enabled by default in Windows Vista Use the ipconfig command to check your automatic configured IPv6 address as well You should see at least one IPv6 address available for the interface on your computer Example Enabling DHCPv6 on Windows XP Windows XP does not support DHCPv6 If your network uses DHCPv6 for IP address assignment you have to addition...

Page 415: ... from a DHCPv6 server Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 checkbox to enable it 3 Click OK to save the change ...

Page 416: ...ur dynamic IPv6 address This example shows a global address 2001 b021 2d 1000 obtained from a DHCP server C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address 2001 b021 2d 1000 Link local IPv6 Address fe80 25d8 dcab c80a 5189 11 IPv4 Address 172 16 100 61 Subnet Mask 255 255 255 0 Default Gateway fe80 213 49ff feaa 7125 11 172 16 10...

Page 417: ...wo conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operations Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This equipment has been tested and found to comply with the limits for a Class A ...

Page 418: ...ctronic device For detailed information about recycling of this product please contact your local city office your household waste disposal service or the store where you purchased the product Use ONLY power wires of the appropriate wire gauge for your device Connect it to a power supply of the correct voltage Fuse Warning Replace a fuse only with a fuse of the same type and rating The POE Power o...

Page 419: ... llévelo a un punto limpio Cuando llegue el momento de desechar el producto la recogida por separado éste y o su batería ayudará a salvar los recursos naturales y a proteger la salud humana y medioambiental Le symbole ci dessous signifie que selon les réglementations locales votre produit et ou sa batterie doivent être éliminés séparément des ordures ménagères Lorsque ce produit atteint sa fin de ...

Page 420: ...Appendix D Legal Information MGS3520 Series User s Guide 420 Environmental Product Declaration ...

Page 421: ...parts or labor and to whatever extent it shall deem necessary to restore the product or components to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product has been modified misused tampered with damaged by an act of God o...

Page 422: ...MAC filter 239 configuring 239 syslog messages 239 trusted ports 239 ARP Reply 335 ARP Request 336 authentication and RADIUS 224 setup 228 authorization privilege levels 231 setup 228 auto crossover 28 automatic VLAN registration 101 B back up configuration file 343 basic settings 77 basic setup tutorial 46 binding 236 binding table 236 building 236 BPDUs Bridge Protocol Data Units 128 Bridge Prot...

Page 423: ...on 281 overview 279 current date 80 current time 80 customer support 399 D daylight saving time 80 default Ethernet settings 28 DHCP 321 configuration options 321 modes 321 relay agent 321 relay example 329 setup 321 327 DHCP Dynamic Host Configuration Protocol 321 DHCP relay option 82 238 DHCP snooping 46 236 configuring 238 DHCP relay option 82 238 trusted ports 237 untrusted ports 237 DHCP snoo...

Page 424: ... Generic Attribute Registration Protocol 101 GARP terminology 101 GARP timer 82 101 general setup 79 getting help 41 Gigabit ports 28 GMT Greenwich Mean Time 80 gratuitous ARP 336 green Ethernet 287 and uplink port 287 auto power down 287 EEE 287 short reach 287 Guide CLI Reference 2 Quick Start 2 GVRP 101 107 and port assignment 107 GVRP GARP VLAN Registration Protocol 101 H hardware installation...

Page 425: ...neighbor table 393 L L2PT 263 access port 264 CDP 263 configuration 264 encapsulation 263 LACP 263 MAC address 263 mode 264 overview 263 PAgP 263 point to point 263 STP 263 tunnel port 264 UDLD 263 VTP 263 LACP 156 266 system priority 161 timeout 161 Layer 2 protocol tunneling see L2PT LEDs 33 limit MAC address learning 173 Link Aggregate Control Protocol LACP 156 link aggregation 156 dynamic 156 ...

Page 426: ... See command interface 22 using the command interface See command interface 22 man in the middle attacks 238 max age 141 hops 141 maximum transmission unit 389 MDIX Media Dependent Interface Crossover 28 Metric 316 MIB and SNMP 349 supported MIBs 350 MIB Management Information Base 349 mirroring ports 150 MLD filtering profile 215 MLD snooping proxy 209 filtering 213 filtering profile 215 port rol...

Page 427: ...7 policy configuration 188 Port Aggregation Protocol see PAgP port authentication 163 and RADIUS 224 IEEE802 1x 165 169 226 MAC authentication 164 port based VLAN type 82 port cloning 390 391 advanced settings 390 391 basic settings 390 391 port details 73 port isolation 119 port mirroring 150 152 direction 152 154 egress 152 154 ingress 152 154 port redundancy 156 port security 171 address learni...

Page 428: ...0 Reference Guide CLI 2 reflector port 150 registration product 421 related documentation 2 remote management 370 service 371 trusted computers 371 remote port mirroring 150 resetting 40 340 to factory default settings 340 restoring configuration 40 343 RFC 3164 374 RMirror 150 monitor port 153 reflector port 153 source 153 Round Robin Scheduling 191 RSTP 127 S save configuration 39 340 service ac...

Page 429: ... 136 139 bridge priority 134 137 configuration 133 137 140 designated bridge 128 forwarding delay 135 138 Hello BPDU 128 Hello Time 134 136 137 139 how it works 128 Max Age 135 136 138 139 path cost 127 135 138 port priority 135 138 port state 128 root port 128 status 136 139 144 terminology 127 vs loop guard 257 subnet based VLAN 108 subnet based VLANs 107 and DHCP VLAN 109 and priority 108 confi...

Page 430: ...utomatic registration 101 ID 100 ingress filtering 107 introduction 80 number of VLANs 103 port number 104 port settings 106 port based VLAN 116 port based all connected 119 port based isolation 119 port based wizard 119 static VLAN 104 status 103 104 tagged 100 trunking 102 107 type 82 102 VLAN Virtual Local Area Network 80 VLAN ID 85 VLAN mapping 260 activating 260 configuration 261 example 260 ...

Page 431: ...Index MGS3520 Series User s Guide 431 navigation panel 36 weight queuing 191 Weighted Round Robin Scheduling WRR 191 WRR Weighted Round Robin Scheduling 191 Z ZyNOS ZyXEL Network Operating System 346 ...

Reviews:

No comments

Related manuals for MGS3520 Series

Kathrein EXR 221 Quick Start Manual preview
EXR 221
Brand: Kathrein Pages: 8
Nayar Systems Switch Manual preview
Switch
Brand: Nayar Systems Pages: 21
Kathrein EXD 1532 User Manual preview
EXD 1532
Brand: Kathrein Pages: 24
Kasia Switch Installation Manual preview
Switch
Brand: Kasia Pages: 5
Kathrein EXE 159 Manual preview
EXE 159
Brand: Kathrein Pages: 41
Ubiquiti ES-24-250W Quick Start Manual preview
ES-24-250W
Brand: Ubiquiti Pages: 24
Ubiquiti USW-24 User Manual preview
USW-24
Brand: Ubiquiti Pages: 13
Ubisys ZIGBEE S2(-R) Quick Start Manual preview
ZIGBEE S2(-R)
Brand: Ubisys Pages: 2
NETGEAR ProSafe GS104 Installation Manual preview
ProSafe GS104
Brand: NETGEAR Pages: 8
socomec 95333400 Instruction Manual preview
95333400
Brand: socomec Pages: 43
Linksys ProConnect PS2KVM2 User Manual preview
ProConnect PS2KVM2
Brand: Linksys Pages: 17
Barco MatrixPRO 8x8 DVI Quick Start Manual preview
MatrixPRO 8x8 DVI
Brand: Barco Pages: 2
StarTech.com VS123HD User Manual preview
VS123HD
Brand: StarTech.com Pages: 10
Synology NEXT-POE4210L2S-TP Quick Installation And Initial Configuration preview
NEXT-POE4210L2S-TP
Brand: Synology Pages: 15
Black Box Personal MiniHub Manual preview
Personal MiniHub
Brand: Black Box Pages: 22
PIKA mWARP Manual preview
mWARP
Brand: PIKA Pages: 7
Avocent AMX Switch Series Installer/User Manual preview
AMX Switch Series
Brand: Avocent Pages: 236
Banner SI-HG63FQDR Instruction Manual preview
SI-HG63FQDR
Brand: Banner Pages: 8

Brands by name

Popular brands

Load more brands