manualshive.com logo in svg

ZyXEL Communications MGS3700-12C, User Manual

The ZyXEL Communications MGS3700-12C is a high-performance and feature-rich networking switch. Unlock the true potential of this device with the comprehensive User Manual, available for free download at manualshive.com. This manual provides detailed instructions and insights, enabling you to optimize your network experience effortlessly.

Share
Download
background image

www.zyxel.com

www.zyxel.com

MGS3700-12C

MetroGigabit Switch

Copyright © 2012 
ZyXEL Communications Corporation

Firmware Version 3.90

Edition 15, 11/2012

Default Login Details

IP Address

http://192.168.1.1
http://192.168.0.1 

(Out-of-band 

MGMT port)

User Name

admin

Password

1234

Summary of Contents for MGS3700-12C

Page 1: ...00 12C MetroGigabit Switch Copyright 2012 ZyXEL Communications Corporation Firmware Version 3 90 Edition 15 11 2012 Default Login Details IP Address http 192 168 1 1 http 192 168 0 1 Out of band MGMT port User Name admin Password 1234 ...

Page 2: ......

Page 3: ...r Online Help The embedded Web Help contains descriptions of individual screens and supplementary information Command Reference Guide The Command Reference Guide explains how to use the Command Line Interface CLI and CLI commands to configure the Switch Note It is recommended you use the web configurator to configure the Switch Support Disc Refer to the included CD for support documents Documentat...

Page 4: ...swers to previously asked questions about ZyXEL products Forum This contains discussions on ZyXEL products Learn from others who use ZyXEL products and share your experiences as well Customer Support Should problems arise that cannot be solved by the methods listed above you should contact your vendor If you cannot contact your vendor then contact a ZyXEL office for the region in which you bought ...

Page 5: ...font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance Log Log Setting means you first...

Page 6: ...r s Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Switch icon is not an exact representation of your device The Switch Computer Notebook computer Server DSLAM Firewall Telephone Router ...

Page 7: ...isassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on the power adaptor or cord Do NOT use the device if the power adaptor or cord is damaged as it might cause electrocu...

Page 8: ...Safety Warnings MGS3700 12C User s Guide 8 ...

Page 9: ...rt Statistics 93 Basic Setting 99 Advanced 115 VLAN 117 Static MAC Forward Setup 137 Static Multicast Forward Setup 141 Filtering 145 Spanning Tree Protocol 147 Bandwidth Control 169 Broadcast Storm Control 173 Mirroring 175 Link Aggregation 185 Port Authentication 195 203 Port Security 205 Classifier 211 Policy Rule 219 Queuing Method 227 VLAN Stacking 231 Multicast 239 AAA 255 IP Source Guard 26...

Page 10: ...tatic Route 337 Differentiated Services 341 DHCP 349 Management 357 Maintenance 359 Access Control 367 Diagnostic 389 Syslog 391 Cluster Management 395 MAC Table 403 ARP Table 407 Configure Clone 409 Troubleshooting Product Specifications 413 Troubleshooting 415 Product Specifications 419 Appendices and Index 429 ...

Page 11: ... 1 1 4 IEEE 802 1Q VLAN Application Examples 27 1 2 IPv6 Support 28 1 3 Ways to Manage the Switch 28 1 4 Good Habits for Managing the Switch 29 Chapter 2 Hardware Installation and Connection 31 2 1 Installation Scenarios 31 2 2 Desktop Installation Procedure 31 2 3 Mounting the Switch on a Rack 32 2 3 1 Rack mounted Installation Requirements 32 2 3 2 Attaching the Mounting Brackets to the Switch 3...

Page 12: ...55 Chapter 5 Initial Setup Example 57 5 1 Overview 57 5 1 1 Creating a VLAN 57 5 1 2 Setting Port VID 58 5 2 Configuring Switch Management IP Address 60 Chapter 6 Tutorials 63 6 1 How to Use DHCP Snooping on the Switch 63 6 2 How to Use DHCP Relay on the Switch 67 6 2 1 DHCP Relay Tutorial Introduction 67 6 2 2 Creating a VLAN 68 6 2 3 Configuring DHCP Relay 71 6 2 4 Troubleshooting 72 6 3 How to ...

Page 13: ...General Setup 102 8 4 Introduction to VLANs 104 8 4 1 Smart Isolation 105 8 5 Switch Setup Screen 106 8 6 IP Setup 108 8 6 1 Management IP Addresses 108 8 7 Port Setup 112 Part III Advanced 115 Chapter 9 VLAN 117 9 1 Introduction to IEEE 802 1Q Tagged VLANs 117 9 1 1 Forwarding Tagged and Untagged Frames 118 9 2 Automatic VLAN Registration 118 9 2 1 GARP 118 9 2 2 GVRP 118 9 3 Port VLAN Trunking 1...

Page 14: ...2 Chapter 12 Filtering 145 12 1 Configure a Filtering Rule 145 Chapter 13 Spanning Tree Protocol 147 13 1 STP RSTP Overview 147 13 1 1 STP Terminology 147 13 1 2 How STP Works 148 13 1 3 STP Port States 149 13 1 4 Multiple RSTP 149 13 1 5 Multiple STP 150 13 2 Spanning Tree Protocol Status Screen 153 13 3 Spanning Tree Configuration 154 13 4 Configure Rapid Spanning Tree Protocol 155 13 5 Rapid Sp...

Page 15: ... 185 17 2 Dynamic Link Aggregation 185 17 2 1 Link Aggregation ID 186 17 3 Link Aggregation Status 187 17 4 Link Aggregation Setting 189 17 5 Link Aggregation Control Protocol 191 17 6 Static Trunking Example 192 Chapter 18 Port Authentication 195 18 1 Port Authentication Overview 195 18 1 1 IEEE 802 1x Authentication 195 18 1 2 MAC Authentication 196 18 2 Port Authentication Configuration 197 18 ...

Page 16: ...ueuing Method 227 22 1 Queuing Method Overview 227 22 1 1 Strictly Priority Queuing 227 22 1 2 Weighted Fair Queuing 227 22 1 3 Weighted Round Robin Scheduling WRR 228 22 2 Configuring Queuing 229 Chapter 23 VLAN Stacking 231 23 1 VLAN Stacking Overview 231 23 1 1 VLAN Stacking Example 231 23 2 VLAN Stacking Port Roles 232 23 3 VLAN Tag Format 233 23 3 1 Frame Format 233 23 4 Configuring VLAN Stac...

Page 17: ...etup 259 25 2 3 AAA Setup 261 25 2 4 Vendor Specific Attribute 264 25 3 Supported RADIUS Attributes 265 25 3 1 Attributes Used for Authentication 266 25 3 2 Attributes Used for Accounting 267 Chapter 26 IP Source Guard 269 26 1 IP Source Guard Overview 269 26 1 1 DHCP Snooping Overview 270 26 1 2 ARP Inspection Overview 272 26 2 IP Source Guard 273 26 3 IP Source Guard Static Binding 274 26 4 DHCP...

Page 18: ... 305 Chapter 30 sFlow 307 30 1 sFlow Overview 307 30 2 sFlow Configuration 308 30 2 1 sFlow Collector Configuration 309 Chapter 31 Error Diable 311 31 1 CPU Protection Overview 311 31 2 Error Disable Recovery Overview 311 31 3 The Error Disable Screen 312 31 4 CPU Protection Configuration 312 31 5 Error Disable Detect Configuration 313 31 6 Error Disable Recovery Configuration 315 Chapter 32 PPPoE...

Page 19: ...ces 341 36 1 DiffServ Overview 341 36 1 1 DSCP and Per Hop Behavior 341 36 1 2 DiffServ Network Example 342 36 2 Two Rate Three Color Marker Traffic Policing 342 36 2 1 TRTCM Color blind Mode 343 36 2 2 TRTCM Color aware Mode 344 36 3 Activating DiffServ 344 36 3 1 Configuring 2 Rate 3 Color Marker Settings 346 36 4 DSCP to IEEE 802 1p Priority Settings 347 36 4 1 Configuring DSCP Settings 348 Cha...

Page 20: ...38 8 2 FTP Command Line Procedure 364 38 8 3 GUI based FTP Clients 365 38 8 4 FTP Restrictions 365 Chapter 39 Access Control 367 39 1 Access Control Overview 367 39 2 The Access Control Main Screen 367 39 3 About SNMP 368 39 3 1 SNMP v3 and Security 369 39 3 2 Supported MIBs 369 39 3 3 SNMP Traps 370 39 3 4 Configuring SNMP 374 39 3 5 Configuring SNMP Trap Group 377 39 3 6 Setting Up Login Account...

Page 21: ... 42 2 Cluster Management Status 396 42 2 1 Cluster Member Switch Management 397 42 3 Clustering Management Configuration 400 Chapter 43 MAC Table 403 43 1 MAC Table Overview 403 43 2 Viewing the MAC Table 404 Chapter 44 ARP Table 407 44 1 ARP Table Overview 407 44 1 1 How ARP Works 407 44 2 Viewing the ARP Table 408 Chapter 45 Configure Clone 409 45 1 Configure Clone 409 Part VI Troubleshooting Pr...

Page 22: ...er s Guide 22 46 3 Switch Configuration 418 Chapter 47 Product Specifications 419 47 1 Fan Module Removal and Installation 427 Part VII Appendices and Index 429 Appendix A Common Services 431 Appendix B Legal Information 435 Index 439 ...

Page 23: ...23 PART I Introduction and Hardware Getting to Know Your Switch 25 Hardware Installation and Connection 31 Hardware Overview 35 Tutorials 63 v3 91 AAFX 0 ...

Page 24: ...24 ...

Page 25: ... configuring the Switch is easy In addition the Switch can also be managed via Telnet any terminal emulator program on the console port or third party SNMP management This section shows a few examples of using the Switch in various network environments See Chapter 47 on page 419 for a full list of software features available on the Switch 1 1 1 Backbone Application The Switch is an ideal solution ...

Page 26: ... the Switch connects different company departments RD and Sales to the corporate backbone It can alleviate bandwidth contention and eliminate server and network bottlenecks All users that need high bandwidth can connect to high speed department servers via the Switch You can provide a super fast uplink connection by using a Gigabit Ethernet mini GBIC port on the Switch Moreover the Switch eases su...

Page 27: ...re can be retained as all ports can freely communicate with each other Figure 3 High Performance Switched Workgroup Application 1 1 4 IEEE 802 1Q VLAN Application Examples A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple logical networks Stations on a logical network belong to one group A station can belong to more than one group With VLAN a station canno...

Page 28: ... allows up to 3 4 x 1038 IP addresses At the time of writing the Switch supports the following features Static address assignment and stateless auto configuration Neighbor Discovery Protocol a protocol used to discover other IPv6 devices in a network Remote Management using ping SNMP telnet HTTP and FTP services ICMPv6 to report errors encountered in packet processing and perform diagnostic functi...

Page 29: ...h one switch called the cluster manager See Chapter 42 on page 395 1 4 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively Change the password Use a password that s not easy to guess and that consists of different types of characters such as numbers and letters v3 91 AAFX 0 Write down the password and put it...

Page 30: ...Chapter 1 Getting to Know Your Switch MGS3700 12C User s Guide 30 ...

Page 31: ...at least 4 inches 10 cm of clearance at the front and 3 4 inches 8 cm at the back of the Switch This is especially important for enclosed rack installations 2 2 Desktop Installation Procedure 1 Make sure the Switch is clean and dry 2 Set the Switch on a smooth level surface strong enough to support the weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make su...

Page 32: ...19 inch rack or in a wiring closet with other equipment Follow the steps below to mount your Switch on a standard EIA rack using a rack mounting kit 2 3 1 Rack mounted Installation Requirements Two mounting brackets Eight M3 flat head screws and a 2 Philips screwdriver Four M5 flat head screws and a 2 Philips screwdriver Failure to use the proper screws may damage the unit 2 3 1 1 Precautions Make...

Page 33: ... four screw holes on the bracket with the screw holes on the side of the Switch Figure 6 Attaching the Mounting Brackets 2 Using a 2 Philips screwdriver install the M3 flat head screws through the mounting bracket holes into the Switch 3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch 4 You may now mount the Switch on a rack Proceed to the next section ...

Page 34: ...o the Switch on one side of the rack lining up the two screw holes on the bracket with the screw holes on the side of the rack Figure 7 Mounting the Switch on a Rack 2 Using a 2 Philips screwdriver install the M5 flat head screws through the mounting bracket holes into the rack 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack ...

Page 35: ...l The following table describes the port labels on the front panel Dual Personality Interfaces Console Port LEDs Signal slot Management Port Table 1 Front Panel Connections LABEL DESCRIPTION 12 Dual Personality Interfaces Each interface has one 1000BASE T RJ 45 port and one Small Form Factor Pluggable SFP slot also called a mini GBIC slot with one port or transceiver active at a time 12 100 1000 M...

Page 36: ... duplex mode full duplex or half duplex of the connected device An auto crossover auto MDI MDI X port automatically works with a straight through or crossover Ethernet cable Four of the 1000Base T Ethernet ports are paired with a mini GBIC slot to create a dual personality interface The Switch uses up to one connection for each mini GBIC and 1000Base T Ethernet pair The mini GBIC slots have priori...

Page 37: ...s auto MDIX ports Media Dependent Interface Crossover so you may use either a straight through Ethernet cable or crossover Ethernet cable for all Gigabit port connections Auto crossover ports automatically sense whether they need to function as crossover or straight ports so crossover cables can connect both computers and switches hubs 3 1 3 Mini GBIC Slots These are slots for mini GBIC Gigabit In...

Page 38: ...e 3 The Switch automatically detects the installed transceiver Check the LEDs to verify that it is functioning properly 4 Close the transceiver s latch latch styles vary 5 Connect the fiber optic cables to the transceiver Figure 9 Transceiver Installation Example Figure 10 Connecting the Fiber Optic Cables 3 1 3 2 Transceiver Removal Use the following steps to remove a mini GBIC transceiver SFP mo...

Page 39: ...nfigurator The default IP address of the management port is 192 168 0 1 with a subnet mask of 255 255 255 0 3 1 5 Power Connector Make sure you are using the correct power source as shown on the panel and that no objects obstruct the airflow of the fans Use the following procedures to connect the Switch to a power source after you have installed it Note Check the power supply requirements in Chapt...

Page 40: ... be greater than 20 Amps The power supply to which the Switch connects must have a built in circuit breaker or switch to toggle the power Note When installing the power wire push it wire firmly into the terminal as deep as possible and make sure that no exposed bare wire can be seen or touched Exposed power wire is dangerous Use extreme care when connecting a DC power source to the device To conne...

Page 41: ...Switch can be configured to create an error log of the alarm See Section 41 1 on page 391 for more information on using the system log 3 1 6 1 Connect a Sensor to the Signal Slot This section shows you how to connect an external sensor device to the Switch 1 Use a connector to connect wires of the correct gauge to the sensor s signal output pins See Chapter 47 on page 419 for the wire specificatio...

Page 42: ...witch which supports the external alarm feature If daisy chaining to a ZyXEL switch that is a different model check your switch s documentation for the correct pin assignments 1 Use wires of the correct gauge to connect either of the signal output pin pairs 1 normal close 2 common or 2 common 3 normal open on the Signal connector to the input signal pin pairs of an Signal connector on another ZyXE...

Page 43: ...s show the rear panels of the Switch The rear panel contains a connector for external backup power supply Figure 16 Rear Panel 3 3 LEDs After you connect the power to the Switch view the LEDs to ensure proper functioning of the Switch and as an aid in troubleshooting 1 2 3 11 10 1 2 3 11 10 1 2 3 11 10 Pin Assignments Table 2 LED Descriptions LED COLOR STATU S DESCRIPTION BPS Green On The backup p...

Page 44: ...icon on each SFP slot indicates the LED status for the slot while the down arrow icon indicates the LED status for the corresponding Ethernet port Green Blinking The system is transmitting receiving to from an Ethernet network On The link to a 1000 Mbps Ethernet network is up Amber Blinking The system is transmitting receiving to from an Ethernet network On The link to a 100 Mbps Ethernet network ...

Page 45: ...cess the command line interface using a terminal emulation program on a computer connected to the Switch console port see Section 3 1 1 on page 36 or access the Switch using Telnet The next part of this guide discusses configuring the Switch using the web configurator ...

Page 46: ...Chapter 3 Hardware Overview MGS3700 12C User s Guide 46 ...

Page 47: ...versions The recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 4 2 System Login 1 Start your web browser 2 Type http and the IP address of the Switch the defau...

Page 48: ...nfigured a time server nor manually entered a time and date in the General Setup screen Figure 17 Web Configurator Login 4 Click OK to view the first web configurator screen 4 3 The Web Configurator Layout The Status screen is the first screen that displays when you access the web configurator The following figure shows the navigating components of a web configurator screen Figure 18 The Web Confi...

Page 49: ... Nonvolatile memory is the configuration of your Switch that stays the same even if the Switch s power is turned off C Click this link to go to the status page of the Switch D Click this link to logout of the web configurator E Click this link to display web help pages The help pages provide descriptions for all of the configuration screens F This is the main window to view and or configure settin...

Page 50: ...Forwarding This link takes you to a screen where you can configure static multicast MAC addresses for port s These static multicast MAC addresses do not age out Filtering This link takes you to a screen to set up filtering rules Spanning Tree Protocol This link takes you to screens where you can configure the RSTP MRSTP MSTP to prevent network loops Bandwidth Control This link takes you to a scree...

Page 51: ...es you to screens where you can configure sFlow settings on the Switch This feature is used to monitor traffic in switched networks Errdisable This link takes you to a screen where you can configure the Switch to limit specific traffic to shut down a port because of specific reasons and activate the port automatically for preconfigured criteria PPPoE This link takes you to a screen where you can c...

Page 52: ...rned off Diagnostic This link takes you to a screen where you can view system logs and test port s Syslog This link takes you to screens where you can setup system logs and a system log server Cluster Management This link takes you to screens where you can configure clustering management and view its status MAC Table This link takes you to a screen where you can view the MAC addresses and types of...

Page 53: ...rt of the Switch 3 Filter all traffic to the CPU port 4 Disable all ports 5 Misconfigure the text configuration file 6 Forget the password and or IP address 7 Prevent all services from accessing the Switch 8 Change a service port number but forget it Note Be careful not to lock yourself and others out of the Switch If you do lock yourself out try using out of band management via the management por...

Page 54: ... any key to enter Debug Mode within 3 seconds press any key to enter debug mode 4 Type atlc after the Enter Debug Mode message 5 Wait for the Starting XMODEM upload message before activating XMODEM upload on your terminal 6 After a configuration file upload type atgo to restart the Switch Figure 20 Resetting the Switch Via the Console Port The Switch is now reinitialized with a default configurati...

Page 55: ... your password again after you log out This is recommended after you finish a management session for security reasons Figure 21 Web Configurator Logout Screen 4 8 Help The web configurator s online help has descriptions of individual screens and some supplementary information Click the Help link from a web configurator screen to view an online help description of that screen ...

Page 56: ...Chapter 4 The Web Configurator MGS3700 12C User s Guide 56 ...

Page 57: ...r the initial setup Create a VLAN Set port VLAN ID Configure the Switch IP management address 5 1 1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port s belongs You can do this with port based VLAN or tagged static VLAN with fixed port members In this example you want to configure port 1 as a member of VLAN 2 Figure 22 Initial Setup Network Example VLAN ...

Page 58: ...nce the VLAN2 network is connected to port 1 on the Switch select Fixed to configure port 1 to be a permanent member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs can receive frames properly clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 5 Click Add to save the settings to the run time memory Settings in the run time memory a...

Page 59: ...on that port get sent to VLAN 2 Figure 23 Initial Setup Network Example Port VID 1 Click Advanced Applications VLAN in the navigation panel Then click the VLAN Port Setting link 2 Enter 2 in the PVID field for port 1 and click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off ...

Page 60: ...ferent subnet for management purposes The following figure shows an example Figure 24 Initial Setup Example Management IP Address 1 Connect your computer to any Ethernet port on the Switch Make sure your computer is in the same subnet as the Switch 2 Open your web browser and enter 192 168 1 1 the default IP address in the address bar to access the web configurator See Section 4 2 on page 47 for m...

Page 61: ...rk enter 192 168 2 1 as the IP address and 255 255 255 0 as the subnet mask 6 In the VID field enter the ID of the VLAN group to which you want this management IP address to belong This is the same as the VLAN ID you configure in the Static VLAN screen 7 Click Add to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off ...

Page 62: ...Chapter 5 Initial Setup Example MGS3700 12C User s Guide 62 ...

Page 63: ... Use Error Disable and Recovery on the Switch How to Set Up a Guest VLAN How to Do Port Isolation in a VLAN 6 1 How to Use DHCP Snooping on the Switch You only want DHCP server A connected to port 5 to assign IP addresses to all devices in VLAN network V Create a VLAN containing ports 5 6 and 7 Connect a computer M to the Switch s MGMT port Figure 25 Tutorial DHCP Snooping Tutorial Overview Note F...

Page 64: ...ation VLAN Static VLAN and create a VLAN with ID of 100 Add ports 5 6 and 7 in the VLAN by selecting Fixed in the Control field as shown Deselect Tx Tagging because you don t want outgoing traffic to contain this VLAN tag Click Add Figure 26 Tutorial Create a VLAN and Add Ports to It Table 5 Tutorial Settings in this Tutorial HOST PORT CONNECTED VLAN PVID DHCP SNOOPING PORT TRUSTED DHCP Server A 5...

Page 65: ...ID of the ports 5 6 and 7 to 100 This tags untagged incoming frames on ports 5 6 and 7 with the tag 100 Figure 27 Tutorial Tag Untagged Frames 4 Go to Advanced Application IP Source Guard DHCP snooping Configure activate and specify VLAN 100 as the DHCP VLAN as shown Click Apply Figure 28 Tutorial Specify DHCP VLAN ...

Page 66: ...al Set the DHCP Server Port to Trusted 7 Go to Advanced Application IP Source Guard DHCP snooping Configure VLAN show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply Then select Yes in the Enabled field of the VLAN 100 entry shown at the bottom section of the screen If you want to add more information in the DHCP request packets such as source VLAN ID or system name yo...

Page 67: ...If DHCP Snooping Works You can also telnet or log into the Switch s console Use the command show dhcp snooping binding to see the DHCP snooping binding table as shown next 6 2 How to Use DHCP Relay on the Switch This tutorial describes how to configure your Switch to forward DHCP client requests to a specific DHCP server The DHCP server can then assign a specific IP address based on the informatio...

Page 68: ...Client A connects to the Switch s port 2 in VLAN 102 Figure 32 Tutorial DHCP Relay Scenario 6 2 2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 102 1 Access the web configurator through the Switch s management port VLAN 102 DHCP Server Port 2 PVID 102 172 16 1 18 A 192 168 2 3 ...

Page 69: ...utorial Set VLAN Type to 802 1Q 3 Click Advanced Application VLAN Static VLAN 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN 102 for example in the Name field and enter 102 in the VLAN Group ID field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending ...

Page 70: ...Figure 34 Tutorial Create a Static VLAN 8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen Figure 35 Tutorial Click the VLAN Port Setting Link 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines ...

Page 71: ...uration permanently 6 2 3 Configuring DHCP Relay Follow the steps below to enable DHCP relay on the Switch and allow the Switch to add relay agent information such as the VLAN ID to DHCP requests 1 Click IP Application DHCP and then the Global link to open the DHCP Relay screen 2 Select the Active check box 3 Enter the DHCP server s IP address 192 168 2 3 in this example in the Remote DHCP Server ...

Page 72: ...the IP address 172 16 1 18 make sure 1 Client A is connected to the Switch s port 2 in VLAN 102 2 You configured the correct VLAN ID port number and system name for DHCP relay on both the DHCP server and the Switch 3 You clicked the Save link on the Switch to have your settings take effect 6 3 How to Use PPPoE IA on the Switch You want to configure PPPoE Intermediate Agent on the switch A to pass ...

Page 73: ... Switch A 1 Click Advanced Application PPPoE Intermediate Agent Select Active then click Apply Click Port on the top of the screen Table 6 Settings in This Tutorial SWITCH PORT CONNECTED VLAN CIRCUIT ID REMOTE ID PPPOE IA PORT TRUSTED A Port 5 to C Port 12 to B 1 1 userC N A 00134900000A N A Untrusted Trusted B Port 11 to A Port 12 to S 1 1 N A N A N A N A Trusted Trusted A B C S Port 5 Untrusted ...

Page 74: ...ort 5 and enter userC as Circuit id and 00134900000A as Remote id Select Trusted for port 12 and then leave the other fields empty Click Apply Then Click Intermediate Agent on the top of the screen 3 The Intermediate Agent screen appears Click VLAN on the top of the screen ...

Page 75: ...erver are in VLAN 1 in this example Click Apply 5 Then select Yes to enable PPPoE IA in VLAN 1 and also select Circuit id and Remote id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server Click Apply 6 3 2 Configuring Switch B The example uses another MGS 3712D as switch B ...

Page 76: ...uide 76 1 Click Advanced Application PPPoE Intermediate Agent Select Active then click Apply Click Port on the top of the screen 2 Select Trusted for ports 11 and 12 and then click Apply Then Click Intermediate Agent on the top of the screen ...

Page 77: ...able PPPoE IA in VLAN 1 and also select Circuit id and Remote id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server Click Apply The settings are completed now If you miss some settings above subscriber C could not successfully receive an IP address assigned by the PPPoE Server If this happens make sure you follow the steps exactly in this tutoria...

Page 78: ...utes before resuming the port automatically after the problem s are gone Loop guard and Errdiable features are helpful for this demand Note Refer to Section 27 2 on page 297 and Section 31 3 on page 312 for more information about Loop Guard and Errdiable To configure the settings 1 First click Advanced Application Loop Guard Select the Active option in the first section to enable loop guard on the...

Page 79: ... Protection select ARP as the reason enter 100 as the rate limit packets per second for the first entry port to apply the setting to all ports Then click Apply 3 Click Advanced Application Errdisable Errdisable Detect select Active for cause ARP and inactive port as the mode Then click Apply ...

Page 80: ...ble IEEE 802 1x authentication on ports 1 to 8 Clients that connect to these ports should provide the correct user name and password in order to access the ports You want to assign clients that connect to ports 1 2 or 3 to a guest VLAN 200 for example before they can authenticate with the authentication server In this guest VLAN clients can surf the Internet through the default gateway attached to...

Page 81: ...he VLAN type to 802 1Q Click Apply to save the settings to the run time memory 3 Click Advanced Application VLAN Static VLAN 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN 200 for example in the Name field and enter 200 in the VLAN Group ID field 5 Select Fixed to configure ports 1 2 3 and 10 to be permanent members of this VLAN 6 Clear the TX Tagging check box to set the ...

Page 82: ... when the Switch s power is turned off 8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen 9 Enter 200 in the PVID field for ports 1 2 3 and 10 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the tag defines ...

Page 83: ...he upper right corner of the web configurator to save your configuration permanently 6 5 2 Enabling IEEE 802 1x Port Authentication Follow the steps below to enable port authentication to validate access to ports 1 8 to clients based on a RADIUS server 1 Click Advanced Application Port Authentication and then the Click Here link for 802 1x ...

Page 84: ...the first Active checkbox to enable 802 1x authentication on the Switch Select the Active checkboxes for ports 1 to 8 to turn on 802 1x authentication on the selected ports Click Apply 6 5 3 Enabling Guest VLAN 1 Click the Guest Vlan link in the 802 1x screen ...

Page 85: ...ch will authenticate on each of these port 5 in this example Click Apply 3 Click the Save link in the upper right corner of the web configurator to save your configuration permanently Clients that attach to port 1 2 or 3 and fail to authenticate with the RADIUS server now should be in VLAN 200 and can access the Internet but cannot communicate with devices in VLAN 1 6 6 How to Do Port Isolation in...

Page 86: ...o 5 in VLAN 123 and create a private VLAN rule for VLAN 123 to block traffic between ports 2 3 and 4 6 6 1 Creating a VLAN Follow the steps below to configure port 2 3 4 and 5 as a member of VLAN 123 1 Access the web configurator through the Switch s management port 2 Go to Basic Setting Switch Setup and set the VLAN type to 802 1Q Click Apply to save the settings to the run time memory 3 Click Ad...

Page 87: ...er 123 in the VLAN Group ID field 5 Select Fixed to configure ports 2 3 4 and 5 to be permanent members of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending frames out of these ports 7 Click Add to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off ...

Page 88: ... 9 Enter 123 in the PVID field for ports 2 3 4 and 5 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to save your changes back to the run time memory 11 Click the Save link in the upper right corner of the web configurator to save your configuration permanently ...

Page 89: ...me field and enter 123 in the VLAN ID field List the port s that can communicate with any port in VLAN 123 5 in this example Then other ports in this VLAN 2 3 and 4 for example will be added to the isolated port list and cannot send traffic to each other Click Add 3 Click the Save link in the upper right corner of the web configurator to save your configuration permanently From port 2 3 or 4 you s...

Page 90: ...Chapter 6 Tutorials MGS3700 12C User s Guide 90 ...

Page 91: ...91 PART II Basic Configuration System Status and Port Statistics 93 Basic Setting 99 ...

Page 92: ...92 ...

Page 93: ...tus and Port Statistics This chapter describes the system status web configurator home page and port details screens 7 1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details ...

Page 94: ...s and the duplex F for full duplex or H for half It also shows the cable type Copper or Fiber for the combo ports State If STP Spanning Tree Protocol is enabled this field displays the STP state of the port see Section 13 1 on page 147 for more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP This fields displays whether LACP Link Aggr...

Page 95: ...hows the total amount of time in hours minutes and seconds the port has been up Clear Counter Enter a port number and then click Clear Counter to erase the recorded statistical information for that port or select Any to clear statistics for all ports Table 7 Status continued LABEL DESCRIPTION ...

Page 96: ...screen to display individual port statistics Use this screen to check status and detailed performance data about an individual port on the Switch Figure 40 Status Port Details The following table describes the labels in this screen Table 8 Status Port Details LABEL DESCRIPTION Port Info Port NO This field displays the port number you are viewing ...

Page 97: ...exceeded bandwidth TrTcM Drops This field shows the number of packets destined to Two Rate Three Color Marker Tx KB s This field shows the number kilobytes per second transmitted on this port Rx KB s This field shows the number of kilobytes per second received on this port Up Time This field shows the total amount of time the connection has been up Tx Packet The following fields display detailed i...

Page 98: ... Check error s Length This field shows the number of packets received with a length that was out of range Runt This field shows the number of packets received that were too short shorter than 64 octets including the ones with CRC errors Distribution 64 This field shows the number of packets including bad packets received that were 64 octets in length 65 127 This field shows the number of packets i...

Page 99: ...eneral Setup screen also allows you to set the system time manually or get the current time and date from an external server when you turn on your Switch The real time is then displayed in the Switch logs The Switch Setup screen allows you to set up and configure global Switch features The IP Setup screen allows you to configure a Switch IP address in each routing domain subnet mask s and DNS doma...

Page 100: ...stem Name This field displays the descriptive name of the Switch for identification purposes ZyNOS F W Version This field displays the version number of the Switch s current firmware including the date created Ethernet Address This field refers to the Ethernet MAC Media Access Control address of the Switch Power Source Status Note This section is not available for all MGS models Power Source Mode ...

Page 101: ...per temperature limit at this sensor Status This field displays Normal for temperatures below the threshold and Error for those above Fan Speed RPM A properly functioning fan is an essential component along with a sufficiently ventilated cool operating environment in order for the device to stay within the temperature threshold Each fan has a sensor that is capable of detecting and reporting if th...

Page 102: ... acceptable operating range at this point otherwise Error is displayed Table 9 Basic Setting System Info continued LABEL DESCRIPTION Table 10 Basic Setting General Setup LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes This name consists of up to 64 printable characters spaces are allowed Location Enter the geographic location of your Switch You can use up to 32 ...

Page 103: ...er you click Apply Current Date This field displays the date you open this menu New Date yyyy mm dd Enter the new date in year month and day format The new date then appears in the Current Date field after you click Apply Time Zone Select the time difference between UTC Universal Time Coordinated formerly known as GMT Greenwich Mean Time and your time zone from the drop down list box Daylight Savi...

Page 104: ...e Chapter 9 on page 117 for information on port based and 802 1Q tagged VLANs End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Saving Time The time field uses the 24 hour format Here are a couple of examples Daylight Saving Time ends in the United States on the first Sunday of November Each time zone in the United States stops using Daylight Saving Time a...

Page 105: ...llowing example switch A is the root bridge Switch B s root port 7 connects to switch A and switch B s designated port 8 connects to switch C Traffic from isolated ports on switch B can only be sent through non isolated port 1 or root port 7 to switch A This prevents isolated ports on switch B sending traffic through designated port 8 to switch C Traffic received on designated port 8 from switch C...

Page 106: ... the VLAN Type field in this screen Refer to the chapter on VLAN Figure 43 Basic Setting Switch Setup The following table describes the labels in this screen Table 11 Basic Setting Switch Setup LABEL DESCRIPTION VLAN Type Choose 802 1Q or Port Based The VLAN Setup screen changes depending on whether you choose 802 1Q VLAN type or Port Based VLAN type in this screen See Chapter 9 on page 117 for mo...

Page 107: ...ds See the chapter on VLAN setup for more background information Leave Timer Leave Time sets the duration of the Leave Period timer for GVRP in milliseconds Each port has a single Leave Period timer Leave Time must be two times larger than Join Timer the default is 600 milliseconds Leave All Timer Leave All Timer sets the duration of the Leave All Period timer for GVRP in milliseconds Each port ha...

Page 108: ...fined VLAN s Level 4 Typically used for controlled load latency sensitive traffic such as SNA Systems Network Architecture transactions Level 3 Typically used for excellent effort or better than best effort and would include important business traffic that can tolerate some delay Level 2 This is for spare bandwidth Level 1 This is typically used for non critical background traffic such as bulk tra...

Page 109: ...he following table describes the labels in this screen Table 12 Basic Setting IP Setup LABEL DESCRIPTION Domain Name Server DNS Domain Name System is for mapping a domain name to its corresponding IP address and vice versa Enter a domain name server IP address in order to be able to use a domain name instead of an IP address ...

Page 110: ... address of the default outgoing gateway in dotted decimal notation for example 192 168 1 254 VID Enter the VLAN identification number associated with the Switch IP address This is the VLAN ID of the CPU and is used for management only The default is 1 All ports by default are fixed members of this management VLAN in order to manage the device from any port If a port is not a member of this VLAN t...

Page 111: ...Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Index This field displays the index number of the rule Click an index number to edit the rule IP Address This f...

Page 112: ...only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable a port The factory default for all ports is enabled A port must be enabled for data transmission to occur Name Enter a descri...

Page 113: ... backpressure flow control in half duplex mode IEEE802 3x flow control is used in full duplex mode to send a pause signal to the sending port causing it to temporarily stop sending signals when the receiving port memory buffers fill Back Pressure flow control is typically used in half duplex mode to send a collision signal to the sending port mimicking a state of packet collision causing the sendi...

Page 114: ...Chapter 8 Basic Setting MGS3700 12C User s Guide 114 ...

Page 115: ...h Control 169 Broadcast Storm Control 173 Mirroring 175 Link Aggregation 185 Port Authentication 195 Port Security 205 Classifier 211 Policy Rule 219 Queuing Method 227 VLAN Stacking 231 Multicast 239 AAA 255 IP Source Guard 269 Loop Guard 295 VLAN Mapping 299 Layer 2 Protocol Tunneling 303 sFlow 307 Error Diable 311 PPPoE 317 Private VLAN 327 ...

Page 116: ...116 ...

Page 117: ...fier residing within the type length field of the Ethernet frame and two bytes of TCI Tag Control Information starts after the source address field of the Ethernet frame The CFI Canonical Format Indicator is a single bit flag always set to zero for Ethernet switches If a frame received at an Ethernet port has a CFI set to 1 then that frame should not be forwarded as it is to an untagged port The r...

Page 118: ...thus confining the broadcast to a specific domain 9 2 Automatic VLAN Registration GARP and GVRP are the protocols used to automatically register VLAN membership across switches 9 2 1 GARP GARP Generic Attribute Registration Protocol allows network switches to register and de register attribute values with other GARP participants within a bridged LAN GARP is a protocol that provides a generic mecha...

Page 119: ... with Table 14 IEEE 802 1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually Dynamic VLAN This is a VLAN configured by a GVRP registration deregistration process VLAN Administrative Control Registration Fixed Fixed registration ports are permanent VLAN members Registration Forbidden Ports with registration forbidden are forbidden to jo...

Page 120: ... in the Basic Setting Switch Setup screen Figure 47 Switch Setup Select VLAN Type 9 5 Static VLAN Use a static VLAN to decide whether an incoming frame on a port should be sent to a VLAN group as normal depending on its VLAN tag sent to a group whether it has a VLAN tag or not blocked from a VLAN group regardless of its VLAN tag You can also tag all outgoing frames that were previously untagged fr...

Page 121: ...N This is the number of VLANs configured on the Switch The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only when you use the Search button to look for certain VLANs Index This is the VLAN index number Click on an index number to view more VLAN details VID This is the VLAN identification number that was con...

Page 122: ...ion on static VLAN To configure a Table 16 Advanced Application VLAN VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that was configured in the Static VLAN screen Port Number This column displays the ports that are participating in a VLAN A tagged port is marked as T an untagged port is marked as U and ports not partic...

Page 123: ... 17 Advanced Application VLAN Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN settings Name Enter a descriptive name for the VLAN group for identification purposes This name consists of up to 64 printable characters VLAN Group ID Enter the VLAN ID for this static entry the valid range is between 1 and 4094 Address learning Enable Disable MAC learning per VLAN Port T...

Page 124: ...ansmitted with this VLAN Group ID Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to change the fields back to their last saved values Clear Click Clear to start config...

Page 125: ...nced Application VLAN VLAN Port Setting LABEL DESCRIPTION GVRP GVRP GARP VLAN Registration Protocol is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network Select this check box to permit VLAN groups beyond the local Switch Port This field displays the port number Settings in this row apply to all ports Use this row only if you want...

Page 126: ...the frames are forwarded to the VLAN group that the tag defines Enter a number between 1and 4094 as the port VLAN ID GVRP Select this check box to allow GVRP on this port Acceptable Frame Type Specify the type of frames allowed on a port Choices are All Tag Only and Untag Only Select All from the drop down list box to accept all untagged or tagged frames on this port This is the default setting Se...

Page 127: ... 3 and VID of 300 for traffic received from IP subnet 10 1 1 0 24 data services All untagged incoming frames will be classified based on their source IP subnet and prioritized accordingly That is video services receive the highest priority and data the lowest Figure 52 Subnet Based VLAN Application Example 9 7 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to...

Page 128: ...their IP address through the DHCP VLAN or via another DHCP server on the subnet based VLAN Select this checkbox to force the DHCP clients in this IP subnet to obtain their IP addresses through the DHCP VLAN Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save...

Page 129: ...VLAN are tagged This must be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch assigns to frames belonging to this VLAN Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes...

Page 130: ...and 7 will be in another group and have higher priority than ARP traffic when they go through the uplink port to a backbone switch C Figure 54 Protocol Based VLAN Application Example 9 9 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown Note Protocol based VLAN applies to un tagged packets and is applicable only w...

Page 131: ... an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch will assign to frames belonging to this VLAN Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile mem...

Page 132: ...Leave the default value IP 5 Type the VLAN ID of an existing VLAN In our example we already created a static VLAN with an ID of 5 Type 5 6 Leave the priority set to 0 and click Add Figure 56 Protocol Based VLAN Configuration Example To add more ports to this protocol based VLAN 1 Click the index number of the protocol based VLAN entry Click 1 2 Change the value in the Port field to the next port y...

Page 133: ...egress port is an outgoing port that is a port through which a data packet leaves for both ports Port based VLANs are specific only to the Switch on which they were created Note When you activate port based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that require a VID you must enter 1 as the VID The port based VLAN setup screen i...

Page 134: ...sed VLAN Select Port Based as the VLAN Type in the Basic Setting Switch Setup screen and then click Advanced Application VLAN from the navigation panel to display the next screen Figure 57 Port Based VLAN Setup All Connected Figure 58 Port Based VLAN Setup Port Isolation ...

Page 135: ...through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the incoming port for the corresponding port listed on the left its outgoing port CPU refers to the Switch management port By default it forms a VLAN with all Ethernet ports If it does not form a VLAN with a particular ...

Page 136: ...Chapter 9 VLAN MGS3700 12C User s Guide 136 ...

Page 137: ...MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the...

Page 138: ... number Port Enter the port where the MAC address entered in the previous field will be automatically forwarded Add Click Add to save your rule to the Switch s run time memory The Switch loses this rule if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fi...

Page 139: ...VLAN group Port This field displays the port where the MAC address shown in the next field will be forwarded Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete check boxes Table 22 Advanced Application Static MAC Forwarding continued LABEL DESCRIPTION ...

Page 140: ...Chapter 10 Static MAC Forward Setup MGS3700 12C User s Guide 140 ...

Page 141: ...age out Static multicast forwarding allows you the administrator to forward multicast frames to a member without the member having to join the group first If a multicast group has no members then the switch will either flood the multicast frames to all ports or drop them You can configure this in the Advanced Application Multicast Multicast Setting screen see Section 24 3 on page 241 Figure 60 sho...

Page 142: ... 3 within VLAN group 4 Figure 60 No Static Multicast Forwarding Figure 61 Static Mutlicast Forwarding to A Single Port Figure 62 Static Mutlicast Forwarding to Multiple Ports 11 2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames such as streaming or control frames to specific port s ...

Page 143: ...air 00000001 is 01 and 00000011 is 03 in hexadecimal so 01 00 5e 00 00 0A and 03 00 5e 00 00 27 are valid multicast MAC addresses VID You can forward frames with matching destination MAC address to port s within a VLAN group Enter the ID that identifies the VLAN group here If you don t have a specific target VLAN enter 1 Port Enter the port s where frames with destination MAC address that matched ...

Page 144: ... This field displays the multicast MAC address that identifies a multicast group VID This field displays the ID number of a VLAN group to which frames containing the specified multicast MAC address will be forwarded Port This field displays the port s within a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded Delete Click Delete to remove the se...

Page 145: ...g 12 1 Configure a Filtering Rule Filtering means sifting traffic going through the Switch based on the source and or destination MAC addresses and VLAN group ID Click Advanced Application Filtering in the navigation panel to display the screen as shown next Figure 64 Advanced Application Filtering ...

Page 146: ... is six hexadecimal character pairs VID Type the VLAN group identification number Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous c...

Page 147: ...nt switches in your network to ensure that only one path exists between any two stations on the network The Switch uses IEEE 802 1w RSTP Rapid Spanning Tree Protocol that allows faster convergence of the spanning tree than STP while also being backwards compatible with STP only aware bridges In RSTP topology change information is directly propagated throughout the network from the device that gene...

Page 148: ...or connected LANs and disables all other ports that participate in STP Network packets are therefore only forwarded between enabled ports eliminating any possible network loops STP aware switches exchange Bridge Protocol Data Units BPDUs periodically When the bridged LAN topology changes a new spanning tree is constructed Once a stable network topology has been established all bridges listen for H...

Page 149: ...ndependently with its own bridge information In the following example there are two RSTP instances MRSTP 1 and MRSTP2 on switch A To set up MRSTP activate MRSTP on the Switch and specify which port s belong to which spanning tree Table 26 STP Port States PORT STATE DESCRIPTION Disabled STP is disabled default Blocking Only configuration and management BPDUs are received and processed Listening All...

Page 150: ...Spanning Tree CIST that represents the entire network s connectivity Grouping of multiple bridges or switching devices into regions that appear as one single bridge on the network A VLAN can be mapped to a specific Multiple Spanning Tree Instance MSTI MSTI allows multiple VLANs to use the same spanning tree Load balancing is possible as traffic from different VLANs can use distinct paths in a regi...

Page 151: ...The following figure shows the network example using MSTP Figure 67 MSTP Network Example 13 1 5 2 MST Region An MST region is a logical grouping of multiple network devices that appears as a single device to the rest of the network Each MSTP enabled device can only belong to one MST region When BPDUs enter an MST region external path cost of paths outside this region is increased by one Internal p...

Page 152: ... created MSTI is identified by a unique number known as an MST ID known internally to a region Thus an MSTI does not span across MST regions The following figure shows an example where there are two MST regions Regions 1 and 2 have 2 spanning tree instances Figure 68 MSTIs in Different Regions 13 1 5 4 Common and Internal Spanning Tree CIST A CIST represents the connectivity of the entire network ...

Page 153: ...l status screen changes depending on what standard you choose to implement on your network Click Advanced Application Spanning Tree Protocol to see the screen as shown Figure 70 Advanced Application Spanning Tree Protocol This screen differs depending on which STP mode RSTP MRSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration se...

Page 154: ...lication Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree or Multiple Spanning Tree See Section 13 1 on page 147 for background information on STP Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned of...

Page 155: ...dvanced Application Spanning Tree Protocol RSTP The following table describes the labels in this screen Table 28 Advanced Application Spanning Tree Protocol RSTP LABEL DESCRIPTION Status Click Status to display the RSTP Status screen see Figure 73 on page 157 Active Select this check box to activate RSTP Clear this checkbox to disable RSTP Note You must also activate Rapid Spanning Tree in the Adv...

Page 156: ...6 to 40 seconds Forwarding Delay This is the maximum time in seconds the Switch will wait before changing states This delay is required because every switch must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result...

Page 157: ...a higher priority numeric value are disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port It is recommended to assign this value according to the speed of the bridge The slower the media the higher the cost see Table 25 on page 148 for more information Apply Click Apply to save your c...

Page 158: ...l in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds the Switch can wait without receiving a configuration message before attempting to reconfigure Forwarding Delay second This is the time in seconds the root switch will wait before changing states that is listen...

Page 159: ... The following table describes the labels in this screen Table 30 Advanced Application Spanning Tree Protocol MRSTP LABEL DESCRIPTION Status Click Status to display the MRSTP Status screen see Figure 73 on page 157 Tree This is a read only index number of the STP trees Active Select this check box to activate an STP tree Clear this checkbox to disable an STP tree Note You must also activate Multip...

Page 160: ...6 to 40 seconds Forwarding Delay This is the maximum time in seconds the Switch will wait before changing states This delay is required because every switch must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result...

Page 161: ... are disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port It is recommended to assign this value according to the speed of the bridge The slower the media the higher the cost see Table 25 on page 148 for more information Tree Select which STP tree configuration this port should parti...

Page 162: ...econd This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds the Switch can wait without receiving a configuration message before attempting to reconfigure Forwarding Delay second This is the time in seconds the root switch will wait before ...

Page 163: ...e 163 13 8 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Section 13 1 5 on page 150 for more information on MSTP Figure 76 Advanced Application Spanning Tree Protocol MSTP ...

Page 164: ...orwarding Delay This is the maximum time in seconds the Switch will wait before changing states This delay is required because every switch must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result The allowed rang...

Page 165: ... common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to add this port to the MST instance Priority Configure the priority for each port here Priority decides which port should be disabled when more than one port forms a loop in a switch Ports with a higher priority numeric value...

Page 166: ...n 13 1 5 on page 150 for more information on MSTP Note This screen is only available after you activate MSTP on the Switch Figure 77 Advanced Application Spanning Tree Protocol Status MSTP Delete Check the rule s that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to begin configuring this screen afresh Table 32 Advanced Application Spanning Tree Proto...

Page 167: ...ost from the root port on this Switch to the root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree Configuration Name This field displays the configuration name for this MST region Revision Number This field displays the revision number for this MST region Configuration Digest A configuration dige...

Page 168: ...rom the root port in this MST instance to the regional root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the MST instance Table 33 Advanced Application Spanning Tree Protocol Status MSTP continued LABEL DESCRIPTION ...

Page 169: ...e guaranteed bandwidth for the incoming traffic flow on a port The Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion The CIR and PIR should be set for all ports that use the same uplink bandwidth If the CIR is reached packets are sent at the rate up to the PIR When network congestion occurs packets through the ing...

Page 170: ...rts Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Ingress Rate Active Select this check box to activate commit rate limits on this port Commit Rate Specify the guaranteed bandwidth allowed in kilob...

Page 171: ...t Egress Rate Specify the maximum bandwidth allowed in kilobits per second Kbps for the out going traffic flow on a port Egress Burst Specify the number of bits allowed to be sent per interval Tc to conform with the target rate CIR per second Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link...

Page 172: ...Chapter 14 Bandwidth Control MGS3700 12C User s Guide 172 ...

Page 173: ...ackets the Switch receives per second on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port Click Advanced Application Broadcast Storm Control in the navigation pan...

Page 174: ...ments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second Multicast pkt s Select this option and specify how many multicast packets the port receives per second DLF pkt s Select this option and specify how many destination lookup failure DLF packe...

Page 175: ...ow to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference Click Advanced Application Mirroring in the navigation panel to display the Mirroring screen Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port Figure 80 Advanced Application Mirroring ...

Page 176: ...rts Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify the direction of the traffic to mirror by selecting from the drop dow...

Page 177: ...iew RMirror feature supported Remote mirroring of ingress and egress traffic Control packets mirrored Two types of source switch for different requirements CLI WEB and MIB interface of configuration RMirror VLAN traffic priority setup Before you start setting RMirror VLAN you should know all the roles of switch in the network Source switch The port traffic mirrored on RMirror VLAN Intermediate swi...

Page 178: ...itches by connected port Intermediate switch The RMirror VLAN traffic must pass through connected port In order to mirror control packets it SHOULD support classification for RMirror VLAN forwarding Learning SHOULD be disabled on VLAN For other supplier switch device it MUST support 802 1q for basis function on RMirror If user wants to have fully support on RMirror condition 2 and 3 should be cons...

Page 179: ...8 Advanced Application Mirroring RMirror LABEL DESCRIPTION Active Enable RMirror RMirror VLAN ID Enter a RMirror VLAN ID to create a RMirror VLAN Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done co...

Page 180: ...rror screen from the drop down list box Reflector Port Enter a port number to create a reflector port 802 1p Priority Select a 802 1p Priority 0 7 from the drop down list box Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustmen...

Page 181: ...the traffic to mirror by selecting from the drop down list box Choices are Egress outgoing Ingress incoming and Both Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel...

Page 182: ...ur changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh VLAN This field displays the VLAN ID Monitor Port This field displays the monitor port number Tagging Th...

Page 183: ...witch in the same RMirror VLAN and it can t be Mirror port or Monitor Port Click Advanced Application Mirroring RMirror Connected Port on the up right of the navigation panel to display the screen shown See the Table 41 on page 184 for more information on Connected Port Figure 85 Advanced Application Mirroring RMirror Connected Port ...

Page 184: ...mmon settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Connected Port Select this option to set a connected port This port s is used for switch es connection by RMirror VLAN Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so...

Page 185: ...ical link containing multiple ports The beginning port of each trunk group must be physically connected to form a trunk group The Switch supports both static and dynamic link aggregation Note In a properly planned network it is recommended to implement static link aggregation only This ensures increased network stability and control over the trunk groups on your Switch See Section 17 6 on page 192...

Page 186: ...n full duplex links All ports in the same trunk group must have the same media type speed duplex mode and flow control settings Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network topology loops 17 2 1 Link Aggregation ID LACP aggregation ID consists of the following information1 Table 42 Link Aggregation ID Local Switch SYSTEM PRIORITY MAC ADDRESS KEY PO...

Page 187: ...unk group that is one logical link containing multiple ports Enabled Ports These are the ports you have configured in the Link Aggregation screen to be in the trunk group The port number s displays only when this trunk group is activated and there is a port belonging to this group Synchronized Ports These are the ports that are currently transmitting data as one logical link in this trunk group Ag...

Page 188: ...ic based on a combination of the packet s source and destination MAC addresses src ip means the Switch distributes traffic based on the packet s source IP address dst ip means the Switch distributes traffic based on the packet s destination IP address src dst ip means the Switch distributes traffic based on a combination of the packet s source and destination IP addresses Status This field display...

Page 189: ...dvanced Application Link Aggregation Link Aggregation Setting The following table describes the labels in this screen Table 45 Advanced Application Link Aggregation Link Aggregation Setting LABEL DESCRIPTION Link Aggregation Setting This is the only screen you need to configure to enable static link aggregation Group ID The field identifies the link aggregation group that is one logical link conta...

Page 190: ... addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distribute traffic based on a combination of the packet s source and destination IP addresses Port This field displays the port number Group Select the trunk group to which a port belongs Note When you enable th...

Page 191: ... on dynamic link aggregation Figure 88 Advanced Application Link Aggregation Link Aggregation Setting LACP The following table describes the labels in this screen Table 46 Advanced Application Link Aggregation Link Aggregation Setting LACP LABEL DESCRIPTION Link Aggregation Control Protocol Note Do not configure this screen unless you want to enable dynamic link aggregation Active Select this chec...

Page 192: ...same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them LACP Timeout Timeout is the time interval between the individual port exchanges of LACP packets in order to check that the peer port in the trunk group is still up If a port does not respond after three trie...

Page 193: ...tch A connected to switch B Figure 89 Trunking Example Physical Connections 2 Configure static trunking Click Advanced Application Link Aggregation Link Aggregation Setting In this screen activate trunking group T1 select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below Click Apply when you are done Figure 90 T...

Page 194: ...Chapter 17 Link Aggregation MGS3700 12C User s Guide 194 Your trunk group 1 T1 configuration is now complete you do not need to go to any additional screens ...

Page 195: ...alidate users See Section 25 1 2 on page 256 for more information on configuring your RADIUS server settings Note If you enable IEEE 802 1x authentication and MAC authentication on the same port the Switch performs IEEE 802 1x authentication first If a user fails to authenticate via the IEEE 802 1x method then access to the port is denied 18 1 1 IEEE 802 1x Authentication The following figure illu...

Page 196: ...ation Process 18 1 2 MAC Authentication MAC authentication works in a very similar way to IEEE 802 1x authentication The main difference is that the Switch does not prompt the client for login credentials The login credentials are based on the source MAC address of the New Connection Authentication Request Authentication Reply 1 4 5 Login Credentials Login Info Request 3 2 Session Granted Denied ...

Page 197: ...n To enable port authentication first activate the port authentication method s you want to use both on the Switch and the port s then configure the RADIUS server settings in the Auth and Acct Radius Server Setup screen Click Advanced Application Port Authentication in the navigation panel to display the screen as shown Figure 93 Advanced Application Port Authentication New Connection Authenticati...

Page 198: ...check box to permit 802 1x authentication on the Switch Note You must first enable 802 1x authentication on the Switch before configuring it on each port Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port ...

Page 199: ...econd request the Switch sends the client to the Guest VLAN The client needs to send a new request to be authenticated by the Switch again Reauth Specify whether a subscriber has to periodically re enter his or her username and password to stay connected to the port Reauth period Specify how often a client has to re enter his or her username and password to stay connected to the port Quiet period ...

Page 200: ...s switches or routers with the guest network feature Figure 95 Guest VLAN Example Use this screen to enable and assign a Guest VLAN to a port In the Port Authentication 802 1x screen click Guest Vlan to display the configuration screen as shown Figure 96 Advanced Application Port Authentication 802 1x Guest VLAN Internet 2 VLAN 100 A VLAN 102 ...

Page 201: ...ers when more than one user connect to the port using a hub Select Multi Host to authenticate only the first user that connects to this port If the first user enters the correct credential any other users are allowed to access the port without authentication If the first user fails to enter the correct credential they are all put in the guest VLAN Once the first user who did authentication logs ou...

Page 202: ...tication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch Note You must first enable MAC authentication on the Switch before configuring it on each port Name Prefix Type the prefix that is appended to all MAC addresses sent to the RADIUS server for authentication You can enter up to 32 printable ASCII characters If you leave this field blank then only the M...

Page 203: ...See Section 8 5 on page 106 Port This field displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this checkbox to permit MAC authentication on this port You must first allow MAC authentication on the Switch befo...

Page 204: ...Chapter 18 MGS3700 12C User s Guide 204 ...

Page 205: ... Switch The Switch can learn up to 16K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 16K For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address ...

Page 206: ... to enable port security on the Switch Port List Enter the number of the port s separated by a comma on which you want to enable port security and disable MAC address learning After you click MAC freeze all previously learned MAC addresses on the specified port s will become static MAC addresses and display in the Static MAC Forwarding screen MAC freeze Click MAC freeze to have the Switch automati...

Page 207: ...itself must be active with address learning enabled Limited Number of Learned MAC Address Use this field to limit the number of dynamic MAC addresses that may be learned on a port For example if you set this field to 5 on port 2 then only the devices with these five learned MAC addresses may access port 2 at any one time A sixth device would have to wait until one of the five learned MAC addresses...

Page 208: ...t in a specified VLAN For example if you set this field to 5 on port 2 then only the devices with these five learned MAC addresses may access port 2 at any one time A sixth device would have to wait until one of the five learned MAC addresses aged out MAC address aging out time can be set in the Switch Setup screen The valid range is from 0 to 16384 0 means this feature is disabled Alarm Threshold...

Page 209: ... to which the port belongs Limit Number This is the maximum number of MAC addresses which a port can learn in a VLAN Alarm Threshold Alarm threshold of learned MAC address by VLAN Delete Check the rule s that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to clear the selected checkbox es in the Delete column Table 51 Advanced Application Port Security...

Page 210: ...Chapter 19 Port Security MGS3700 12C User s Guide 210 ...

Page 211: ...h as the source address destination address source port number destination port number or incoming port number For example you can configure a classifier to select traffic from the same protocol port such as Telnet to form a flow Configure QoS on the Switch to group and prioritize application traffic and fine tune network performance Setting up QoS involves two separate steps 1 Configure classifie...

Page 212: ...n Classifier LABEL DESCRIPTION Active Select this option to enable this rule Name Enter a descriptive name for this rule for identifying purposes Packet Format Specify the format of the packet Choices are All 802 3 tagged 802 3 untagged Ethernet II tagged and Ethernet II untagged A value of 802 3 indicates that the packets are formatted according to the IEEE 802 3 standards A value of Ethernet II ...

Page 213: ...ly or all ports Any Destination MAC Address Select Any to apply the rule to all MAC addresses To specify a destination select the second choice and type a MAC address in valid MAC address format six hexadecimal character pairs Layer 3 Specify the fields below to configure a layer 3 classifier DSCP Select Any to classify traffic from any DSCP or select the second option and specify a DSCP DiffServ ...

Page 214: ...ddress Prefix Enter a destination IP address in dotted decimal notation Specify the address prefix by entering the number of ones in the subnet mask Socket Number Note You must select either UDP or TCP in the IP Protocol field before you configure the socket numbers Select Any to apply the rule to all TCP UDP protocol port numbers or select the second option and enter a TCP UDP protocol port numbe...

Page 215: ...mber to edit the rule Active This field displays Yes when the rule is activated and No when it is deactivated Name This field displays the descriptive name for this rule This is for identification purpose only Rule This field displays a summary of the classifier rule s settings Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete check box...

Page 216: ...r information on commonly used port numbers 20 4 Classifier Example The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 Table 56 Common TCP and UDP Port Numbers PROTOCOL NAME TCP UDP PORT NUMBER FTP 21 Telnet 23 SMTP 25 DNS 53 HTTP 80 POP3 110 ...

Page 217: ...20 Classifier MGS3700 12C User s Guide 217 After you have configured a classifier you can configure a policy in the Policy screen to define action s on the classified traffic flow Figure 102 Classifier Example ...

Page 218: ...Chapter 20 Classifier MGS3700 12C User s Guide 218 ...

Page 219: ...g the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 21 1 2 DSCP and Per Hop Behavior DiffS...

Page 220: ...the DiffServ network Based on the marking rule different kinds of traffic can be marked for different kinds of forwarding Resources can then be allocated according to the DSCP values and the configured policies 21 2 Configuring Policy Rules You must first configure a classifier in the Classifier screen Refer to Section 20 2 on page 211 for more information ...

Page 221: ...tion panel to display the screen as shown Figure 103 Advanced Application Policy Rule The following table describes the labels in this screen Table 57 Advanced Application Policy Rule LABEL DESCRIPTION Active Select this option to enable the policy Name Enter a descriptive name for identification purposes ...

Page 222: ...ut of profile traffic Action Specify the action s the Switch takes on the associated classified traffic flow Forwarding Select No change to forward the packets Select Discard the packet to drop the packets Select Do not drop the matching frame previously marked for dropping to retain the frames that were marked to be dropped before Priority Select No change to keep the priority setting of the fram...

Page 223: ... traffic Select Drop the packet to discard the out of profile traffic Select Change the DSCP value to replace the DSCP field with the value specified in the Out of profile DSCP field Select Set Out Drop Precedence to mark out of profile traffic and drop it when network is congested Select Do not drop the matching frame previously marked for dropping to queue the frames that are marked to be droppe...

Page 224: ...index number Click an index number to edit the policy Active This field displays Yes when policy is activated and No when is it deactivated Name This field displays the name you have assigned to this policy Classifier s This field displays the name s of the classifier to which this policy applies Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear t...

Page 225: ...licy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out of profile traffic on a traffic flow classified using the Example classifier refer to Section 20 4 on page 216 Figure 105 Policy Example ...

Page 226: ...Chapter 21 Policy Rule MGS3700 12C User s Guide 226 ...

Page 227: ...is transmitted first When that queue empties traffic on the next highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent SP does not automatically adapt to changing network requirements 22 1 2 Weighted Fair Queuing Weighted Fair Queuing is used to guarantee ...

Page 228: ... so on depending on the number of queues being used This works in a looping fashion until a queue is empty Weighted Round Robin Scheduling WRR uses the same algorithm as round robin scheduling but services queues based on their priority and queue weight the number you configure in the queue Weight field rather than a fixed amount of bandwidth WRR is activated only when a port has more traffic than...

Page 229: ...Chapter 22 Queuing Method MGS3700 12C User s Guide 229 22 2 Configuring Queuing Click Advanced Application Queuing Method in the navigation panel Figure 106 Advanced Application Queuing Method ...

Page 230: ...ght the number you configure in the queue Weight field Queues with larger weights get more service than queues with smaller weights Q0 Q7 Weight When you select WFQ or WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their weights Queues with larger weights get more service than queues with smaller weights Hybrid SPQ Lowest Queue This field is a...

Page 231: ... up to 4 094 customer VLANs This allows a service provider to provide different service based on specific VLANs for many different customers A service provider s customers may require a range of VLANs to handle multiple applications A service provider s customers can assign their own inner VLAN tags on ports for these applications The service provider can assign an outer VLAN tag for each customer...

Page 232: ...ame switching Select Access Port for ingress ports on the service provider s edge devices 1 and 2 in the VLAN stacking example figure The incoming frame is treated as untagged so a second VLAN tag outer VLAN tag can be added Note Static VLAN Tx Tagging MUST be disabled on a port where you choose Normal or Access Port Select Tunnel Port available for Gigabit ports only for egress ports at the edge ...

Page 233: ...llows the service provider to prioritize traffic based on the class of service CoS the customer has paid for On the Switch configure priority level of inner IEEE 802 1Q tag in the Port Setup screen 0 is the lowest priority level and 7 is the highest VID is the VLAN ID SP VID is the VID for the second service provider s VLAN tag 23 3 1 Frame Format The frame format for an untagged Ethernet frame a ...

Page 234: ...he following table describes the labels in this screen Table 62 802 1Q Frame DA Destination Address Priority 802 1p Priority SA Source Address Len Etype Length and type of Ethernet frame Tunnel TPID Tag Protocol IDentifier added on a tunnel port Data Frame data VID VLAN ID FCS Frame Check Sequence Table 63 Advanced Application VLAN Stacking LABEL DESCRIPTION Active Select this to enable VLAN stack...

Page 235: ...d the Tunnel TPID tag to all outgoing frames sent on this port In order to support VLAN stacking on a port the port must be able to allow frames of 1526 Bytes 1522 Bytes 4 Bytes for the second tag to pass through it Tunnel TPID TPID is a standard Ethernet type code identifying the frame and indicates whether the frame carries IEEE 802 1Q tag information Enter a four digit hexadecimal number from 0...

Page 236: ...rovider ID from 1 to 4094 for frames received on this port See Chapter 9 on page 117 for more background information on VLAN ID Priority Select a priority level from 0 to 7 This is the service provider s priority level that adds to the frames received on this port 0 is the lowest priority level and 7 is the highest Inner Tag Priority Select Trust Untrust inner tag priority Apply Click Apply to sav...

Page 237: ...acking screen to display the screen as shown Figure 110 Advanced Application VLAN Stacking Selective QinQ The following table describes the labels in this screen Table 65 Advanced Application VLAN Stacking Selective QinQ LABEL DESCRIPTION Active Check this box to activate this rule Name Enter a descriptive name up to 32 printable ASCII characters for identification purposes Port The port number id...

Page 238: ...onfiguring Cancel Click Cancel to begin configuring this screen afresh Index This is the number of the selective VLAN stacking rule Active This shows whether this rule is activated or not Name This is the descriptive name for this rule Port This is the port number to which this rule is applied VID This is the customer VLAN ID in the incoming packets SPVID This is the service provider s VLAN ID tha...

Page 239: ...cast address allows a device to send packets to a specific group of hosts multicast group in a different subnetwork A multicast IP address represents a traffic receiving group not individual receiving devices IP addresses in the Class D range 224 0 0 0 to 239 255 255 255 are used for IP multicasting Certain IP multicast numbers are reserved by IANA for special purposes see the IANA web site for mo...

Page 240: ...Ns You can configure the Switch to automatically learn multicast group membership of any VLANs The Switch then performs IGMP snooping on the first 16 VLANs that send IGMP packets This is referred to as auto mode Alternatively you can specify the VLANs that IGMP snooping should be performed on This is referred to as fixed mode In fixed mode the Switch does not learn multicast group membership of an...

Page 241: ...cast Multicast Setting The following table describes the labels in this screen Table 67 Advanced Application Multicast Multicast Setting LABEL DESCRIPTION IGMP Snooping Use these settings to configure IGMP Snooping Active Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group Querier Select this option to allow the Switch to send IGMP ...

Page 242: ...ion IP address within this range to other networks See the IANA web site for more information The layer 2 multicast MAC addresses used by Cisco layer 2 protocols 01 00 0C CC CC CC and 01 00 0C CC CC CD are also included in this group Specify the action to perform when the Switch receives a frame with a reserved multicast address Select Drop to discard the frame s Select Flooding to send the frame ...

Page 243: ...IGMP Filtering Profile Select the name of the IGMP filtering profile to use for this port Otherwise select Default to prohibit the port from joining any multicast group You can create IGMP filtering profiles in the Multicast Multicast Setting IGMP Filtering Profile screen IGMP Querier Mode The Switch treats an IGMP query port as being connected to an IGMP multicast router or server The Switch forw...

Page 244: ...cations Multicast in the navigation panel Click the Multicast Setting link and then the IGMP Snooping VLAN link to display the screen as shown See Section 24 1 4 on page 240 for more information on IGMP Snooping VLAN Figure 113 Advanced Application Multicast Multicast Setting IGMP Snooping VLAN ...

Page 245: ...tion panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh VLAN Use this section of the screen to add VLANs upon which the Switch is to perform IGMP snooping Name Enter the descriptive name of the VLAN for identification purposes VID Enter the ID of a static VLAN the valid range is between 1 and 4094 Note You...

Page 246: ...s shown Figure 114 Advanced Application Multicast Multicast Setting IGMP Filtering Profile The following table describes the labels in this screen Table 69 Advanced Application Multicast Multicast Setting IGMP Filtering Profile LABEL DESCRIPTION Profile Name Enter a descriptive name for the profile for identification purposes To configure additional rule s for a profile that you have already added...

Page 247: ...rver S In addition the multicast VLAN information is only visible to the Switch and S Figure 115 MVR Network Example Add Click Add to save the profile to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to cle...

Page 248: ... multicast VLAN 24 6 3 How MVR Works The following figure shows a multicast television example where a subscriber device such as a computer in VLAN 1 receives multicast traffic from the streaming media server S via the Switch Multiple subscriber devices can connect through a port configured as the receiver on the Switch When the subscriber selects a television channel computer A sends an IGMP repo...

Page 249: ...lticast Television Example 24 7 General MVR Configuration Use the MVR screen to create multicast VLANs and select the receiver port s and a source port for each multicast VLAN Click Advanced Applications Multicast Multicast Setting MVR link to display the screen as shown next Note You can create up to five multicast VLANs and up to 256 multicast rules on the Switch ...

Page 250: ...LAN to be shared among different subscriber VLANs on the network Name Enter a descriptive name up to 32 printable ASCII characters for identification purposes Multicast VLAN ID Enter the VLAN ID 1 to 4094 of the multicast VLAN 802 1p Priority Select a priority level 0 7 with which the Switch replaces the priority in outgoing IGMP control packets belonging to this multicast VLAN Mode Specify the MV...

Page 251: ...te in MVR No MVR multicast traffic is sent or received on this port Tagging Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memor...

Page 252: ...n Refer to Section 24 1 1 on page 239 for more information on IP multicast addresses End Address Enter the ending IP multicast address of the multicast group in dotted decimal notation Enter the same IP address as the Start Address field if you want to configure only one IP address for a multicast group Refer to Section 24 1 1 on page 239 for more information on IP multicast addresses Add Click Ad...

Page 253: ...n VLAN are able to receive the traffic Figure 119 MVR Configuration Example To configure the MVR settings on the Switch create a multicast group in the MVR screen and set the receiver and source ports Figure 120 MVR Configuration Example End Address This field displays the ending IP address of the multicast group Delete Select Delete Group and click Delete to remove the selected entry ies from the...

Page 254: ...raffic to the subscribers configure multicast group settings in the Group Configuration screen The following figure shows an example where two multicast groups News and Movie are configured for the multicast VLAN 200 Figure 121 MVR Group Configuration Example Figure 122 MVR Group Configuration Example ...

Page 255: ...e levels associated with them For example user A may have the right to create new login accounts on the Switch but user B cannot The Switch can authorize users based on user accounts configured on the Switch itself or it can use an external server to authorize a large number of users Accounting is the process of recording what a user is doing The Switch can use an external server to track when use...

Page 256: ...ited to the memory capacity of the device In essence RADIUS and TACACS authentication both allow you to validate an unlimited number of users from a central location The following table describes some key differences between RADIUS and TACACS 25 2 AAA Screens The AAA screens allow you to enable authentication authorization accounting or all of them on the Switch First configure your authentication...

Page 257: ...tup Use this screen to configure your RADIUS server settings See Section 25 1 2 on page 256 for more information on RADIUS servers and Section 25 3 on page 265 for RADIUS attributes utilized by the authentication and accounting features on the Switch Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown Figure 125 Advanced Application AAA RADIUS Server Setup ...

Page 258: ...ecimal notation UDP Port The default port of a RADIUS server for authentication is 1812 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as the key to be shared between the external RADIUS server and the Switch This key is not sent over the network This key must be the same on the external RADI...

Page 259: ...he Switch This key is not sent over the network This key must be the same on the external RADIUS accounting server and the Switch Delete Check this box if you want to remove an existing RADIUS accounting server entry from the Switch This entry is deleted when you click Apply Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or...

Page 260: ...in dotted decimal notation TCP Port The default port of a TACACS server for authentication is 49 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as the key to be shared between the external TACACS server and the Switch This key is not sent over the network This key must be the same on the exte...

Page 261: ...over the network This key must be the same on the external TACACS accounting server and the Switch Delete Check this box if you want to remove an existing TACACS accounting server entry from the Switch This entry is deleted when you click Apply Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save li...

Page 262: ...xternal servers Login These fields specify which database the Switch should use first second and third to authenticate administrator accounts users for Switch management Configure the local user accounts in the Access Control Logins screen The TACACS and RADIUS are external servers Before you specify the priority make sure you have set up the corresponding database correctly first You can specify ...

Page 263: ... have the Switch send accounting information to all configured accounting servers at the same time If you don t select this and you have two accounting servers set up then the Switch sends information to the first accounting server and if it doesn t get a response from the accounting server then it tries the second accounting server Mode The Switch supports two modes of recording login events Sele...

Page 264: ...CLI Reference Guide for more information on account privilege levels for the authenticated user The VSAs are composed of the following Vendor ID An identification number assigned to the company by the IANA Internet Assigned Numbers Authority ZyXEL s vendor ID is 890 Vendor Type A vendor specified attribute identifying the setting you want to modify Vendor data A value you want to assign to the set...

Page 265: ...ored on the RADIUS server This appendix lists the RADIUS attributes supported by the Switch Egress Bandwidth Assignment Vendor Id 890 Vendor Type 2 Vendor data egress rate Kbps in decimal format Privilege Assignment Vendor ID 890 Vendor Type 3 Vendor Data shell priv lvl N or Vendor ID 9 CISCO Vendor Type 1 CISCO AVPAIR Vendor Data shell priv lvl N where N is a privilege level from 0 to 14 Note If ...

Page 266: ...e following sections list the attributes sent from the Switch to the RADIUS server when performing authentication 25 3 1 1 Attributes Used for Authenticating Privilege Access User Name The format of the User Name attribute is enab where is the privilege level 1 14 User Password NAS Identifier NAS IP Address 25 3 1 2 Attributes Used to Login Users User Name User Password NAS Identifier NAS IP Addre...

Page 267: ...attributes are listed in the following table along with the time that they are sent the difference between Console and Telnet SSH Exec events is that the Telnet SSH events utilize the Calling Station Id attribute Table 78 RADIUS Attributes Exec Events via Console ATTRIBUTE START INTERIM UPDATE STOP User Name Y Y Y NAS Identifier Y Y Y NAS IP Address Y Y Y Service Type Y Y Y Acct Status Type Y Y Y ...

Page 268: ...RIBUTE START INTERIM UPDATE STOP Table 80 RADIUS Attributes Exec Events via 802 1x ATTRIBUTE START INTERIM UPDATE STOP User Name Y Y Y NAS IP Address Y Y Y NAS Port Y Y Y Class Y Y Y Called Station Id Y Y Y Calling Station Id Y Y Y NAS Identifier Y Y Y NAS Port Type Y Y Y Acct Status Type Y Y Y Acct Delay Time Y Y Y Acct Session Id Y Y Y Acct Authentic Y Y Y Acct Input Octets Y Y Acct Output Octet...

Page 269: ... is a binding the Switch forwards the packet If there is not a binding the Switch discards the packet The Switch builds the binding table by snooping DHCP packets dynamic bindings and from information provided manually by administrators static bindings IP source guard consists of the following features Static bindings Use this to create static bindings in the binding table DHCP snooping Use this t...

Page 270: ...l not succeed Untrusted ports are connected to subscribers The Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address and source port do not ma...

Page 271: ...he requests The Switch can add the following information Slot ID 1 byte port ID 1 byte and source VLAN ID 2 bytes System name up to 32 bytes This information is stored in an Agent Information field in the option 82 field of the DHCP headers of client DHCP request frames See Chapter 37 on page 349 for more information about DHCP relay option 82 When the DHCP server responds the Switch removes the i...

Page 272: ...r X does the following things It pretends to be computer A and responds to computer B It pretends to be computer B and sends a message to computer A As a result all the communication between computer A and computer B passes through computer X Computer X can read and alter the information passed between them 26 1 2 1 ARP Inspection and MAC Address Filters When the Switch identifies an unauthorized ...

Page 273: ...witch can send syslog messages to the specified syslog server Chapter 41 on page 391 when it forwards or discards ARP packets The Switch can consolidate log messages and send log messages in batches to make this mechanism more efficient 26 1 2 4 Configuring ARP Inspection Follow these steps to configure ARP inspection on the Switch 1 Configure DHCP snooping See Section 26 1 1 4 on page 271 Note It...

Page 274: ...urce Guard LABEL DESCRIPTION Index This field displays a sequential number for each binding Mac Address This field displays the source MAC address in the binding IP Address This field displays the IP address assigned to the MAC address in the binding Lease This field displays how many days hours minutes and seconds the binding is valid for example 2d3h4m5s means the binding is still valid for 2 da...

Page 275: ...ies to all ports select Any Add Click this to create the specified static binding or to update an existing one Cancel Click this to reset the values above based on the last selected static binding or if not applicable to clear the fields above Clear Click this to clear the fields above Index This field displays a sequential number for each binding MAC Address This field displays the source MAC add...

Page 276: ...uard MGS3700 12C User s Guide 276 Delete Select this and click Delete to remove the specified entry Cancel Click this to clear the Delete check boxes above Table 82 IP Source Guard Static Binding continued LABEL DESCRIPTION ...

Page 277: ...MGS3700 12C User s Guide 277 26 4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database To open this screen click Advanced Application IP Source Guard DHCP Snooping Figure 132 DHCP Snooping ...

Page 278: ...s field displays how much longer in seconds the Switch tries to complete the current update before it gives up It displays Not Running if the Switch is not updating the DHCP snooping database right now Abort timer expiry This field displays when in seconds the Switch is going to update the DHCP snooping database again It displays Not Running if the current bindings have not changed since the last ...

Page 279: ...nce Guide Binding collisions This field displays the number of bindings the Switch ignored because the Switch already had a binding with the same MAC address and VLAN ID Invalid interfaces This field displays the number of bindings the Switch ignored because the port number was a trusted interface or does not exist anymore Parse failures This field displays the number of bindings the Switch ignore...

Page 280: ...art To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Figure 133 DHCP Snooping Configure Parse failures This field displays the number of bindings the Switch has ignored because the Switch was unable to understand the binding in the DHCP binding database Expired leases This field displays the number of bindings the Switch has ignored because the lease time had ...

Page 281: ...to start the next update until it completes the current one Agent URL Enter the location of the DHCP snooping database The location should be expressed like this tftp domain name or IP address directory if applicable file name for example tftp 192 168 10 1 database txt Timeout interval Enter how long 10 65535 seconds the Switch tries to complete a specific update in the DHCP snooping database befo...

Page 282: ... can receive each second To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Port Figure 134 DHCP Snooping Port Configure Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you ...

Page 283: ...ted ports are connected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address and source port do not match any of the c...

Page 284: ...specified above If you configure the VLAN the settings are applied to all VLANs Enabled Select Yes to enable DHCP snooping on the VLAN You still have to enable DHCP snooping on the Switch and specify trusted ports Note If DHCP is enabled and there are no trusted ports DHCP requests will not succeed Option82 Select this to have the Switch add the slot number port number and VLAN ID to DHCP requests...

Page 285: ...ower so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last saved values Table 86 DHCP Snooping VLAN Configure continued LABEL DESCRIPTION Table 87 ARP Inspection Status LABEL DESCRIPTION Total number of filters This field displays the current number of MAC add...

Page 286: ... the binding table but the port number was not valid Delete Select this and click Delete to remove the specified entry Cancel Click this to clear the Delete check boxes above Table 87 ARP Inspection Status continued LABEL DESCRIPTION Table 88 ARP Inspection VLAN Status LABEL DESCRIPTION Show VLAN range Use this section to specify the VLANs you want to look at in the section below Enabled VLAN Sele...

Page 287: ... the Switch last restarted Dropped This field displays the total number of ARP packets the Switch discarded for the VLAN since the Switch last restarted Table 88 ARP Inspection VLAN Status continued LABEL DESCRIPTION Table 89 ARP Inspection Log Status LABEL DESCRIPTION Clearing log status table Click Apply to remove all the log messages that were generated by ARP packets and that have not been sen...

Page 288: ... generated dhcp deny An ARP packet was discarded because it violated a dynamic binding with the same MAC address and VLAN ID static deny An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID deny An ARP packet was discarded because there were no bindings with the same MAC address and VLAN ID dhcp permit An ARP packet was forwarded because it matched...

Page 289: ...AC address filter remains in the Switch after the Switch identifies an unauthorized ARP packet The Switch automatically deletes the MAC address filter afterwards Enter 0 if you want the MAC address filter to be permanent Log Profile Log buffer size Enter the maximum number 1 1024 of log messages that were generated by ARP packets and have not been sent to the syslog server yet Make sure this numbe...

Page 290: ...ing examples 4 invalid ARP packets per second Syslog rate is 5 Log interval is 1 the Switch sends 4 syslog messages every second 6 invalid ARP packets per second Syslog rate is 5 Log interval is 2 the Switch sends 5 syslog messages every 2 seconds Log interval Enter how often 1 86400 seconds the Switch sends a batch of syslog messages to the syslog server Enter 0 if you want the Switch to send sys...

Page 291: ...his port is a trusted port Trusted or an untrusted port Untrusted The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on untrusted ports in the following situations The sender s information in the ARP packet does not match any of the current bindings The rate at which ARP packets arrive is too high You can specify the maximum rate at which ARP pa...

Page 292: ... one second interval If the burst interval is 5 seconds then the Switch accepts a maximum of 75 ARP packets in every five second interval Enter the length 1 15 seconds of the burst interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to ...

Page 293: ...ages when it receives an ARP packet from the VLAN Deny The Switch generates log messages when it discards an ARP packet from the VLAN Permit The Switch generates log messages when it forwards an ARP packet from the VLAN All The Switch generates log messages every time it receives an ARP packet from the VLAN Apply Click Apply to save your changes to the Switch s run time memory The Switch loses the...

Page 294: ...Chapter 26 IP Source Guard MGS3700 12C User s Guide 294 ...

Page 295: ...re 142 Loop Guard vs STP Loop guard is designed to handle loop problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a switch are connected with the same cable When a switch in loop state sends out broadcast messages the messages loop back to the switch and are re br...

Page 296: ... port If this is the case the Switch will shut down the port connected to the switch in loop state The following figure shows a loop guard enabled port N on switch A sending a probe packet P to switch B Since switch B is in loop state the probe packet P returns to port N on A The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state Figure...

Page 297: ...ur network you can re activate the disabled port via the web configurator see Section 8 7 on page 112 or via commands See the CLI Reference Guide 27 2 Loop Guard Setup Click Advanced Application Loop Guard in the navigation panel to display the screen as shown Note The loop guard feature can not be enabled on the ports that have Spanning Tree Protocol RSTP MRSTP or MSTP enabled Figure 146 Advanced...

Page 298: ...hanges in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to check if the switch it is connected to is in loop state If the switch that this port is connected is in loop state the Switch will shut down this port Clear this check box to disable the loop guard featur...

Page 299: ... Gigabit uplink port When VLAN mapping is enabled the Switch discards the tagged packets that do not match an entry in the VLAN mapping table If the incoming packets are untagged the Switch adds a PVID based on the VLAN setting Note You can not enable VLAN mapping and VLAN stacking at the same time 28 1 1 VLAN Mapping Example In the following example figure packets that carry VLAN ID 12 and are re...

Page 300: ...e setting the same for all ports Use this row first and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the VLAN mapping feature on this port Clear this check box to disable the VLAN mapping feature Apply Click Apply to save your changes to the Switch s run time memory The Switch loses the...

Page 301: ...anslated VID field Translated VID Enter a VLAN ID from 1 to 4094 into which the customer VID carried in the packets will be translated Priority Select a priority level from 0 to 7 This is the priority level that replaces the customer priority level in the tagged packets or adds to the untagged packets Add Click Add to insert the entry in the summary table below and save your changes to the Switch ...

Page 302: ...the customer VLAN ID in the tagged packets Priority This is the priority level that replaces the customer priority level in the tagged packets Delete Check the rule s that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to clear the Delete check boxes Table 95 VLAN Mapping Configuration continued LABEL DESCRIPTION ...

Page 303: ...ce provider s network The edge switch encapsulates layer 2 protocol packets with a specific MAC address before sending them across the service provider s network to other edge switches Figure 150 Layer 2 Protocol Tunneling Network Scenario In the following example if you enable L2PT for STP you can have switches A B C and D in the same spanning tree even though switch A is not directly connected t...

Page 304: ...rt on the service provider s edge device 1 or 2 in Figure 151 on page 304 and connected to a customer switch A or B Incoming layer 2 protocol packets received on an access port are encapsulated and forwarded to the tunnel ports The Tunnel port is an egress port at the edge of the service provider s network and connected to another service provider s switch Incoming encapsulated layer 2 protocol pa...

Page 305: ...elect this to enable layer 2 protocol tunneling on the Switch Destination MAC Address Specify an MAC address with which the Switch uses to encapsulate the layer 2 protocol packets by replacing the destination MAC address in the packets Note The MAC address can be either a unicast MAC address or multicast MAC address If you use a unicast MAC address make sure the MAC address does not exist in the a...

Page 306: ...and detect a unidirectional link PAGP Select this option to have the Switch send PAgP packets to a peer to automatically negotiate and build a logical port aggregation LACP Select this option to have the Switch send LACP packets to a peer to dynamically creates and manages trunk groups UDLD Select this option to have the Switch send UDLD packets to a peer s port it connected to monitor the physica...

Page 307: ...ow agent then creates sFlow data and sends it to an sFlow collector The sFlow collector is a server that collects and analyzes sFlow datagram An sFlow datagram includes packet header input and output interface sampling process parameters and forwarding information sFlow minimizes impact on CPU load of the Switch as it analyzes sample data only sFlow can continuously monitor network traffic and cre...

Page 308: ...r so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Port This field displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all th...

Page 309: ...You must have the sFlow collector already configured in the sFlow Collector screen The sFlow collector does not need to be in the same subnet as the Switch but it must be accessible from the Switch Note Configure UDP port 6343 the default on a NAT router to allow port forwarding if the collector is behind a NAT router Configure a firewall rule for UDP port 6343 the default to allow incoming traffi...

Page 310: ...s these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to clear the fields to the factory defaults Index This field displays the index number of this entry Collector Address This field dis...

Page 311: ...ows you to limit the rate of ARP BPDU and IGMP packets to be delivered to the CPU on a port This enhances the CPU efficiency and protects against potential DoS attacks or errors from other network s You then can choose to drop control packets that exceed the specified rate limit or disable a port on which the packets are received 31 2 Error Disable Recovery Overview Some features such as loop guar...

Page 312: ...guration Use this screen to limit the maximum number of ARP BPDU and or IGMP packets that the Switch can receive or transmit per second on a port Click the Click Here link next to CPU protection in the Advanced Application Errdisable screen to display the screen as shown Note After you configure this screen make sure you also enable error detection for the specific control packets in the Advanced ...

Page 313: ... here Port This field displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Note Changes in this row are copied to all the ports as soon as you make them Rate Limit pkt s Enter a number from 0 to 256 to specify how many control packets this port can receive or transmit per second 0 means no rate limit...

Page 314: ...ow Mode Select the action that the Switch takes when the number of control packets exceed the rate limit on a port set in the Advanced Application Errdisable CPU protection screen inactive port The Switch shuts down the port inactive reason The Switch bypasses the processing of the specified control packets such as ARP or IGMP packets or drops all the specified control packets such as BPDU on the ...

Page 315: ...d packets on a port according to the feature requirements and what action you configure Use this row to make the setting the same for all entries Use this row first and then make adjustments to each entry if necessary Note Changes in this row are copied to all the entries as soon as you make them Timer Status Select this to allow the Switch to wait for the specified time interval to activate a por...

Page 316: ...Chapter 31 Error Diable MGS3700 12C User s Guide 316 ...

Page 317: ...r 32 2 PPPoE Intermediate Agent Tag Format If the PPPoE Intermediate Agent is enabled the Switch adds a vendor specific tag to PADI PPPoE Active Discovery Initialization and PADR PPPoE Active Discovery Request packets from PPPoE clients This tag is defined in RFC 2516 and has the following format for this feature The Tag_Type is 0x0105 for vendor specific tags as defined in RFC 2516 The Tag_Len in...

Page 318: ...rt the Switch adds the user defined identifier string and variables into the Agent Circuit ID Sub option The variables can be the slot ID of the PPPoE client the port number of the PPPoE client and or the VLAN ID on the PPPoE packet The identifier string slot ID port number and VLAN ID are separated from each other by a pound key semi colon period comma forward slash or space An Agent Circuit ID S...

Page 319: ...ected to PPPoE servers If a PADO PPPoE Active Discovery Offer PADS PPPoE Active Discovery Session confirmation or PADT PPPoE Active Discovery Terminate packet is sent from a PPPoE server and received on a trusted port the Switch forwards it to all other ports If a PADI or PADR packet is sent from a PPPoE client but received on a trusted port the Switch forwards it to other trusted port s Note The ...

Page 320: ...k here to open the Intermediate Agent screen Figure 160 Advanced Application PPPoE 32 4 PPPoE Intermediate Agent Use this screen to configure the Switch to give a PPPoE termination server additional subscriber information that the server can use to identify and authenticate a PPPoE client Click Advanced Application PPPoE Intermediate Agent to display the screen as shown Figure 161 Advanced Applica...

Page 321: ... circuit id and remote id in the Per Port or Per Port Per VLAN screen Active Select this if you want the Switch to add the user defined identifier string and variables specified in the option field to PADI and PADR packets from PPPoE clients If you leave this option unselected and do not configure any Circuit ID string using CLI commands on the Switch the Switch will use the string specified in th...

Page 322: ...een as shown Figure 162 Advanced Application PPPoE Intermediate Agent Port The following table describes the labels in this screen Table 108 Advanced Application PPPoE Intermediate Agent Port LABEL DESCRIPTION Port This field displays the port number Use this row to make the settings the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this ro...

Page 323: ...haracters that the Switch adds into the Agent Circuit ID sub option for PPPoE discovery packets received on this port Spaces are allowed The Circuit ID you configure for a specific VLAN on a port in the Advanced Application PPPoE Intermediate Agent Port VLAN screen has the highest priority Remote id Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Remote ID sub optio...

Page 324: ...t VLAN ID you want to configure in the section below End VID Enter the highest VLAN ID you want to configure in the section below Apply Click Apply to display the specified range of VLANs in the section below Port This field displays the port number specified above VID This field displays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to al...

Page 325: ...not specify a string here or in the Remote id field for a specific port the Switch automatically uses the PPPoE client s MAC address The Remote ID you configure for a specific VLAN on a port has the highest priority Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation pane...

Page 326: ...l the VLANs as soon as you make them Enabled Select this option to turn on the PPPoE Intermediate Agent on a VLAN Circuit id Select this option to make the Circuit ID settings for a specific VLAN take effect Remote id Select this option to make the Remote ID settings for a specific VLAN take effect Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these change...

Page 327: ...h automatically adds other ports in this VLAN to the isolated port list and blocks traffic between the isolated ports A promiscuous port can communicate with any port in the same VLAN An isolated port can communicate with the promiscuous port s only Note You can have up to one private VLAN rules for each VLAN Figure 165 Private VLAN Example Note Make sure you keep at least one port in the promiscu...

Page 328: ... Other ports belonging to this VLAN will be added to the isolation list and can only send and receive traffic from the port s you specify here Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the...

Page 329: ...er s Guide 329 Delete Check the rule s that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to clear the Delete check boxes Table 111 Advanced Application Private VLAN continued LABEL DESCRIPTION ...

Page 330: ...Chapter 33 Private VLAN MGS3700 12C User s Guide 330 ...

Page 331: ...n the port is link down It disables almost all functions of PHY in link down state Recovery from this mode to normal mode without frames lost Enables Auto Power down function it turns off the power to the Ethernet PHY when either no cable is connected or the Ethernet port at the other end is down The PHY remains capable of detecting energy on the port and resuming normal activity when an active de...

Page 332: ...wn on the Switch Port This field displays a port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Auto Power Down Select this check box to enable Auto Power Down on this port Auto Power Down Auto Power Down is designed to save power when t...

Page 333: ...the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh LABEL DESCRIPTION ...

Page 334: ...Chapter 34 Green Ethernet MGS3700 12C User s Guide 334 ...

Page 335: ...335 PART IV IP Application Static Route 337 Differentiated Services 341 DHCP 349 ...

Page 336: ...336 ...

Page 337: ...ot reachable through the default gateway use static routes For example the next figure shows a computer A connected to the Switch The Switch routes most traffic from A to the Internet through the Switch s default gateway R1 You create one static route to connect to services offered by your ISP behind router R2 You create another static route to communicate with a separate network behind a router R...

Page 338: ...orce the network number to be identical to the host ID Gateway IP Address Enter the IP address of the gateway The gateway is an immediate neighbor of your Switch that will forward the packet to the destination The gateway must be a router on the same segment as your Switch Metric The metric represents the cost of transmission for routing purposes IP routing uses hop count as the measurement of cos...

Page 339: ...ess This field displays the IP network address of the final destination Subnet Mask This field displays the subnet mask for this destination Gateway Address This field displays the IP address of the gateway The gateway is an immediate neighbor of your Switch that will forward the packet to the destination Metric This field displays the cost of transmission for routing purposes Delete Click Delete ...

Page 340: ...Chapter 35 Static Route MGS3700 12C User s Guide 340 ...

Page 341: ...SCPs indicating the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 36 1 1 DSCP and Per Hop ...

Page 342: ...ic flows Platinum Gold Silver Bronze based on the configured marking rules A network administrator can then apply various traffic policies to the traffic flows An example traffic policy is to give higher drop precedence to one traffic flow over others In our example packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Platinum traffic flow...

Page 343: ...v is enabled the following actions are performed on the colored packets Red high loss priority level packets are dropped Yellow medium loss priority level packets are dropped if there is congestion on the network Green low loss priority level packets are forwarded TRTCM operates in one of two modes color blind or color aware In color blind mode packets are marked based on evaluating against the PI...

Page 344: ...iority continue to be red without evaluation against the PIR or CIR Packets marked yellow can only be marked red or remain yellow so they are only evaluated against the PIR Only the packets marked green are first evaluated against the PIR and then if they don t exceed the PIR level are they evaluated against the CIR Figure 173 TRTCM Color aware Mode 36 3 Activating DiffServ Activate DiffServ to ap...

Page 345: ...ply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select Active to enable DiffServ on the port Apply Click Apply to save your changes to the Switch s run time memory The Switch ...

Page 346: ...rv 2 rate 3 Color Marker LABEL DESCRIPTION Active Select this to activate TRTCM Two Rate Three Color Marker on the Switch The Switch evaluates and marks the packets based on the TRTCM settings Note You must also activate DiffServ on the Switch and the individual ports for the Switch to drop red high loss priority colored packets Mode Select color blind to have the Switch treat all incoming packets...

Page 347: ...formation Rate CIR for this port Peak Rate Specify the Peak Information Rate PIR for this port DSCP Use this section to specify the DSCP values that you want to assign to packets based on the color they are marked via TRTCM green Specify the DSCP value to use for packets with low packet loss priority yellow Specify the DSCP value to use for packets with medium packet loss priority red Specify the ...

Page 348: ...117 IP Application DiffServ DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to...

Page 349: ...se the client computers must be configured manually 37 1 1 DHCP Modes If there is already a DHCP server on your network then you can configure the Switch as a DHCP relay agent When the Switch receives a request from a computer on your network it contacts the DHCP server for the necessary IP information and then relays the assigned information back to the computer 37 1 2 DHCP Configuration Options ...

Page 350: ...he Switch The Switch can be configured as a global DHCP relay This means that the Switch forwards all DHCP requests from all domains to the same DHCP server You can also configure the Switch to relay DHCP information based on the VLAN membership of the DHCP clients 37 3 1 DHCP Relay Agent Information The Switch can add information about the source of client DHCP requests that it relays to a DHCP s...

Page 351: ...ation that the Switch sends to the DHCP server 37 3 2 Configuring DHCP Global Relay Configure global DHCP relay in the DHCP Relay screen Click IP Application DHCP in the navigation panel and click the Global link to display the screen as shown Figure 178 IP Application DHCP Global Table 119 Relay Agent Information FIELD LABELS DESCRIPTION Slot ID 1 byte This value is always 0 for stand alone switc...

Page 352: ...y Remote DHCP Server 1 3 Enter the IP address of a DHCP server in dotted decimal notation Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This read only field displays the system name you configure in the General Setup screen Select the check box for the...

Page 353: ...tings Use this screen to configure your DHCP settings based on the VLAN domain of the DHCP clients Click IP Application DHCP in the navigation panel then click the VLAN link In the DHCP Status screen that displays Note You must set up a management IP address for each VLAN that you want to configure DHCP settings for on the Switch See Section 8 6 on page 108 for information on how to set up managem...

Page 354: ...nformation This read only field displays the system name you configure in the General Setup screen Select the check box for the Switch to add the system name to the client DHCP requests that it relays to a DHCP server Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel ...

Page 355: ...emic buildings VLAN 2 are sent to the other DHCP server with an IP address of 172 23 10 100 Figure 182 DHCP Relay for Two VLANs For the example network configure the VLAN Setting screen as shown Figure 183 DHCP Relay for Two VLANs Configuration Example VLAN 1 VLAN 2 DHCP 192 168 1 100 DHCP 172 23 10 100 ...

Page 356: ...Chapter 37 DHCP MGS3700 12C User s Guide 356 ...

Page 357: ...357 PART V Management Maintenance 359 Access Control 367 Diagnostic 389 Syslog 391 Cluster Management 395 MAC Table 403 ARP Table 407 Configure Clone 409 ...

Page 358: ...358 ...

Page 359: ...ntenance The following table describes the labels in this screen Table 122 Management Maintenance LABEL DESCRIPTION Current This field displays which configuration Configuration 1 or Configuration 2 is currently operating on the Switch Firmware Upgrade Click Click Here to go to the Firmware Upgrade screen Restore Configuration Click Click Here to go to the Restore Configuration screen Backup Confi...

Page 360: ...omputer to be in the same subnet as that of the default Switch IP address 192 168 1 1 38 3 Save Configuration Click Config 1 to save the current configuration settings permanently to Configuration 1 on the Switch Click Config 2 to save the current configuration settings to Configuration 2 on the Switch Save Configuration Click Config 1 to save the current configuration settings to Configuration 1 ...

Page 361: ...ou reboot Follow the steps below to reboot the Switch 1 In the Maintenance screen click the Config 1 button next to Reboot System to reboot and load configuration one The following screen displays Figure 186 Reboot System Confirmation 2 Click OK again and then wait for the Switch to restart This takes up to two minutes This does not affect the Switch s configuration Click Config 2 and follow steps...

Page 362: ...ade to load the new firmware After the firmware upgrade process is complete see the System Info screen to verify your current firmware version number 38 6 Restore a Configuration File Restore a previously saved configuration from your computer to the Switch using the Restore Configuration screen Figure 188 Management Maintenance Restore Configuration Type the path and file name of the configuratio...

Page 363: ...ay the Save As screen 3 Choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the configuration file to your computer 38 8 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands First understand the filename conventions...

Page 364: ...ered copies of both files for later use Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 38 8 2 FTP Command Line Procedure 1 Launch the FTP client on your computer 2 Enter open followed by a space and the IP address of your Switch 3 Press ENTER when prompted for a username 4 Enter your password as requested the default is 1234 5 Enter bin to...

Page 365: ...estrictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote Management screen does not match the client IP address If it does not match the Switch will disconnect the FTP session immediately General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server Login Type Anonymous This is...

Page 366: ...Chapter 38 Maintenance MGS3700 12C User s Guide 366 ...

Page 367: ...rol sessions are allowed A console port access control session and Telnet access control session cannot coexist when multi login is disabled See the CLI Reference Guide for more information on disabling multi login 39 2 The Access Control Main Screen Click Management Access Control in the navigation panel to display the main screen as shown Figure 190 Management Access Control Table 124 Access Con...

Page 368: ...network consists of two main components agents and a manager An agent is a management software module that resides in a managed switch the Switch An agent translates the local management information from the managed switch into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and m...

Page 369: ...Bs let administrators collect statistics and monitor status and performance The Switch supports the following MIBs SNMP MIB II RFC 1213 RFC 1157 SNMP v1 RFC 1493 Bridge MIBs RFC 1643 Ethernet MIBs RFC 1155 SMI RFC 2674 SNMPv2 SNMPv2c RFC 1757 RMON SNMPv2 SNMPv2c or later version compliant with RFC 2011 SNMPv2 MIB for IP RFC 2012 SNMPv2 MIB for TCP RFC 2013 SNMPv2 MIB for UDP Table 125 SNMP Command...

Page 370: ...ure goes above or below the normal operating range TemperatureEventClear 1 3 6 1 4 1 890 1 5 8 55 2 5 2 2 This trap is sent when the temperature returns to the normal operating range voltage VoltageEventOn 1 3 6 1 4 1 890 1 5 8 55 2 5 2 1 This trap is sent when the voltage goes above or below the normal operating range VoltageEventClear 1 3 6 1 4 1 890 1 5 8 55 2 5 2 2 This trap is sent when the v...

Page 371: ... external alarm is stops sending an alert Dyinggasp DyingGaspEventOn 1 3 6 1 4 1 890 1 5 8 55 2 5 2 1 The trap is sent when the device power goes below the normal value ACPrefer ACPreferEventOn 1 3 6 1 4 1 890 1 5 8 55 2 5 2 1 The trap is sent when the Switch changes to use AC power when both AC power and DC power are available ACPreferEventClear 1 3 6 1 4 1 890 1 5 8 55 2 5 2 2 The trap is sent w...

Page 372: ...wer received optical power and transceiver supply voltage is above or below a factory set normal range transceiverddmiEventCle ar 1 3 6 1 4 1 890 1 5 8 55 27 2 2 This trap is sent when all device operating parameters return to the normal operating range Table 127 SNMP InterfaceTraps continued OPTION OBJECT LABEL OBJECT ID DESCRIPTION Table 128 AAA Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION au...

Page 373: ... completed traceroute traceRoutePathChange 1 3 6 1 2 1 81 0 1 This trap is sent when path to target has changed from a previously determined path traceRouteTestFailed 1 3 6 1 2 1 81 0 2 This trap is sent when a traceroute test fails traceRouteTestCompleted 1 3 6 1 2 1 81 0 3 This trap is sent when a traceroute test is completed Table 130 SNMP Switch Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION ...

Page 374: ...C table is used MacTableFullEventClear 1 3 6 1 4 1 890 1 5 8 55 2 5 2 2 This trap is sent when less than 95 of the MAC table is used rmon RmonRisingAlarm 1 3 6 1 2 1 16 0 1 This trap is sent when a variable goes over the RMON rising threshold RmonFallingAlarm 1 3 6 1 2 1 16 0 2 This trap is sent when the variable falls below the RMON falling threshold CFM dot1agCfmFaultAlarm 1 3 111 2 802 1 1 8 0 ...

Page 375: ...using SNMP version 2c or lower Trap Community Enter the Trap Community string which is the password sent with each trap to the SNMP manager The Trap Community string is only used by SNMP managers using SNMP version 2c or lower Trap Destination Use this section to configure where to send SNMP traps from the Switch Version Specify the version of the SNMP trap messages IP Enter the IP addresses of up...

Page 376: ... Digest 5 and SHA Secure Hash Algorithm are hash algorithms used to authenticate SNMP data SHA authentication is generally considered stronger than MD5 but is slower Privacy Specify the encryption method for SNMP communication from this user You can choose one of the following DES Data Encryption Standard is a widely used but breakable method of data encryption It applies a 56 bit key to each 64 b...

Page 377: ...t SNMP manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See Section 39 3 3 on page 370 for individual trap descriptions The traps are grouped by category Selecting a category automatically selects all of the category s traps Clear the check boxes for individual tra...

Page 378: ...34 A non administrator username is something other than admin is someone who can view but not configure Switch settings Click Management Access Control Logins to view the screen as shown next Figure 194 Management Access Control Logins The following table describes the labels in this screen Table 133 Management Access Control Logins LABEL DESCRIPTION Administrator This is the default administrator...

Page 379: ... read only access You can give users higher privileges via the CLI For more information on assigning privileges see the CLI Reference Guide User Name Set a user name up to 32 ASCII characters long Password Enter your new system password Retype to confirm Retype your new system password for confirmation Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these ch...

Page 380: ...ver The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client automatically saves any new server public keys In subsequent connections the server public key is checked against the saved version on the client computer 2 Encryption Method Once the identification is verified bot...

Page 381: ...col over Secure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring confidentiality an unauthorized party cannot read the transferred data authentication one party can identify the other party and data integrity you know if data has been changed It relies u...

Page 382: ...ol screen then the Switch blocks all HTTP connection attempts 39 8 HTTPS Example If you haven t changed the default HTTPS port on the Switch then in your browser enter https Switch IP Address as the web site address where Switch IP Address is the IP address or domain name of the Switch you wish to access 39 8 1 Internet Explorer Warning Messages When you attempt to access the Switch HTTPS server a...

Page 383: ...198 Security Alert Dialog Box Internet Explorer 39 8 2 Netscape Navigator Warning Messages When you attempt to access the Switch HTTPS server a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate Click Examine Certificate if you want to verify that the certificate is from the Switch If Accept this certificate temporarily for this session is selected ...

Page 384: ...12C User s Guide 384 Select Accept this certificate permanently to import the Switch s certificate into the SSL client Figure 199 Security Certificate 1 Netscape Figure 200 Security Certificate 2 Netscape example example example example ...

Page 385: ...ayed in the bottom right of the browser status bar denotes a secure connection Figure 201 Example Lock Denoting a Secure Connection 39 9 Service Port Access Control Service Access Control allows you to decide what services you may use to access the Switch You may also change the default service port and configure trusted computer s for each service in the Remote Management screen discussed example...

Page 386: ...Telnet SSH FTP HTTP or HTTPS services you may change the default service port by typing the new port number in the Server Port field If you change the default port number then you will have to let people who wish to use the service know the new port number for that service Timeout Type how many minutes a management session via the web configurator can be left idle before the session times out Afte...

Page 387: ...ient set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here The Switch immediately disconnects the session if it does not match Telnet ...

Page 388: ...Chapter 39 Access Control MGS3700 12C User s Guide 388 ...

Page 389: ...ostic This chapter explains the Diagnostic screen 40 1 Diagnostic Click Management Diagnostic in the navigation panel to open this screen Use this screen to check system logs ping IP addresses or perform port tests Figure 204 Management Diagnostic ...

Page 390: ...ay to display a log of events in the multi line text box Click Clear to empty the text box and reset the syslog entry IP Ping Type the IP address of a device that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address in the field to the left Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test ...

Page 391: ... message has a facility and severity level The syslog facility identifies a file in the syslog server Refer to the documentation of your syslog program for details The following table describes the syslog severity levels Table 137 Syslog Severity Levels CODE SEVERITY 0 Emergency The system is unusable 1 Alert Action must be taken immediately 2 Critical The system condition is critical 3 Error Ther...

Page 392: ...etting Logging Type This column displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category Facility The log facility allows you to send logs to different files in the syslog server Refer to the documentation of your syslog program for more details Apply Click Apply to save your changes to the...

Page 393: ...mber the more critical the logs are Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to return the fields to th...

Page 394: ...Chapter 41 Syslog MGS3700 12C User s Guide 394 ...

Page 395: ...switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another Table 140 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models Must be compatible with ZyXEL cluster management implementation Cluster Manager The switch through which you manage the cluster member switches Cluster Members The switches ...

Page 396: ... and the other switches on the upper floors of the building are cluster members Figure 207 Clustering Application Example 42 2 Cluster Management Status Click Management Cluster Management in the navigation panel to display the following screen Note A cluster can only have one manager Figure 208 Management Cluster Management Status ...

Page 397: ...plays the cluster manager switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage cluster member switches via the cluster manager switch Each number in the Index column is a hyperlink leading to the cluster member switch s web configurator see Figure 209 on...

Page 398: ...o 192 168 1 1 220 Switch FTP version 1 0 ready at Thu Jan 1 00 58 46 1970 User 192 168 0 1 none admin 331 Enter PASS command Password 230 Logged in ftp ls 200 Port command okay 150 Opening data connection for LIST w w w 1 owner group 3042210 Jul 01 12 00 ras rw rw rw 1 owner group 393216 Jul 01 12 00 config w w w 1 owner group 0 Jul 01 12 00 fw 00 a0 c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 ...

Page 399: ... default is 1234 ls Enter this command to list the name of cluster member switch s firmware and configuration file 390BBA0 bin This is the name of the firmware file you want to upload to the cluster member switch fw 00 a0 c5 01 23 46 This is the cluster member switch s firmware name as seen in the cluster manager switch config 00 a0 c5 01 23 46 This is the cluster member switch s configuration fil...

Page 400: ...CRIPTION Clustering Manager Active Select Active to have this Switch become the cluster manager switch A cluster can only have one manager Other directly connected switches that are set to be cluster managers will not be visible in the Clustering Candidates list If a switch that was previously a cluster member is later set to become a cluster manager then its Status is displayed as Error in the Cl...

Page 401: ...n the Clustering Candidate list and then enter its web configurator password If that switch administrator changes the web configurator password afterwards then it cannot be managed from the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below If multiple devices have the same password then hold SHIFT an...

Page 402: ...Chapter 42 Cluster Management MGS3700 12C User s Guide 402 ...

Page 403: ...manually entered in the Static MAC Forwarding screen The Switch uses the MAC table to determine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the MAC table If the Switch has already learne...

Page 404: ... port for this MAC address but the destination port is the same as the port it came in on then it filters the frame Figure 212 MAC Table Flowchart 43 2 Viewing the MAC Table Click Management MAC Table in the navigation panel to display the following screen Figure 213 Management MAC Table ...

Page 405: ...ct VID to display and arrange the data according to VLAN group Select PORT to display and arrange the data according to port number Transfer Type Select Dynamic to MAC forwarding and click the Transfer button to change all dynamically learned MAC address entries in the summary table below into static entries They also display in the Static MAC Forwarding screen Select Dynamic to MAC filtering and ...

Page 406: ...Chapter 43 MAC Table MGS3700 12C User s Guide 406 ...

Page 407: ...tch s ARP program looks in the ARP Table and if it finds the address sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field...

Page 408: ...Table The following table describes the labels in this screen Table 145 Management ARP Table LABEL DESCRIPTION Index This is the ARP Table entry number IP Address This is the learned IP address of a device connected to a Switch port with corresponding MAC address below MAC Address This is the MAC address of the device with corresponding IP address above Type This shows whether the MAC address is d...

Page 409: ...you can copy the settings of one port onto other ports 45 1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management Configure Clone to open the following screen Figure 215 Management Configure Clone ...

Page 410: ...2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings you configured in the Basic Setting menus should be copied to the destination port s Advanced Application Select which port settings you configured in the Advanced Application menus should be copied to the destination ports Apply Cli...

Page 411: ...Chapter 45 Configure Clone MGS3700 12C User s Guide 411 ...

Page 412: ...Chapter 45 Configure Clone MGS3700 12C User s Guide 412 ...

Page 413: ...413 PART VI Troubleshooting Product Specifications Troubleshooting 415 Product Specifications 419 ...

Page 414: ...414 ...

Page 415: ...urn on None of the LEDs turn on 1 Make sure you are using the power adaptor or cord included with the Switch 2 Make sure the power adaptor or cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or cord to the Switch 4 If the problem continues contact the vendor The ALM LED is on 1 Discon...

Page 416: ...forgot the IP address for the Switch 1 The default IP address is 192 168 1 1 2 Use the console port to log in to the Switch 3 Use the MGMT port to log in to the Switch the default IP address of the MGMT port is 192 168 0 1 4 If this does not work you have to reset the device to its factory defaults See Section 4 6 on page 53 I forgot the username and or password 1 The default username is admin and...

Page 417: ...ct the vendor or try one of the advanced suggestions Advanced Suggestions Try to access the Switch using another service such as Telnet If you can access the Switch check the remote management settings to find out why the Switch does not respond to HTTP I can see the Login screen but I cannot log in to the Switch 1 Make sure you have entered the user name and password correctly The default user na...

Page 418: ...telnet HTTP and SSH Click the Display button in the System Log field in the Management Diagnostic screen to check for unauthorized access to your Switch To avoid unauthorized access configure the secured client setting in the Management Access Control Remote Management screen for telnet HTTP and SSH see Section 39 10 on page 386 Computers not belonging to the secured client set cannot get permissi...

Page 419: ...re is no tolerance for the DC input voltage Power Consumption 38 W maximum Interfaces All Models 12 GbE Dual Personality interfaces Each interface has one 1000Base T RJ 45 port and one Small Form Factor Pluggable SFP slot with one port active at a time One local management 100Base T RJ 45 port Auto negotiation Auto MDIX One console port Compliant with IEEE 802 3ad u x Back pressure flow control fo...

Page 420: ...55 0 24 bits Administrator User Name admin Default Password 1234 Number of Login Accounts Configurable on the Switch 4 management accounts configured on the Switch Authentication via RADIUS and TACACS also available Maximum Frame Size 13 K 13312 bytes VLAN A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple logical networks Devices on a logical network belon...

Page 421: ...eak Information Rate PIR Port Mirroring Port mirroring allows you to copy traffic going from one or all ports to another or all ports in order that you can examine the traffic from the mirror port the port you copy the traffic to without interference Static Route Static routes allow the Switch to communicate with management stations not reachable via the default gateway Multicast VLAN Registration...

Page 422: ...irmware Upgrade Download new firmware when available from the ZyXEL web site and use the web configurator CLI or an FTP TFTP tool to put it on the Switch Note Only upload firmware for your specific model Configuration Backup Restoration Make a copy of the Switch s configuration and put it back on the Switch later if you decide you want to revert back to an earlier configuration Cluster Management ...

Page 423: ... Multiple Spanning Tree Protocol QoS IEEE 802 1p Eight priority queues per port Port based egress traffic shaping Rule based traffic mirroring Supports IGMP snooping VLAN Port based VLAN setting Tag based IEEE 802 1Q VLAN Number of VLAN 4K 4K static maximum Supports GVRP for dynamic registration Double tagging for VLAN stacking Private VLAN for port isolation Protocol Based VLAN IP subnet based VL...

Page 424: ... services DHCP DHCPv6 client DHCP DHCPv6 relay VLAN based DHCP relay DHCP snooping Multicast IGMP snooping IGMP v1 v2 v3 16 VLAN maximum user configurable IGMP filtering MVR IGMP timer Multicast reserve group Static multicast IGMP snooping fast leave IGMP snooping statistics IGMP throttling MLD Snooping proxy IGMP message Limit AAA Support RADIUS and TACACS Table 149 Feature Specifications continu...

Page 425: ...P Inspection MAC authentication Guest VLAN Table 149 Feature Specifications continued Table 150 Standards Supported STANDARD DESCRIPTION RFC 826 Address Resolution Protocol ARP RFC 867 Daytime Protocol RFC 868 Time Protocol RFC 894 Ethernet II Encapsulation RFC 1112 IGMP v1 RFC 1155 SMI RFC 1157 SNMPv1 Simple Network Management Protocol version 1 RFC 1213 SNMP MIB II RFC 1305 Network Time Protocol...

Page 426: ...USM for version 3 of the Simple Network Management Protocol SNMP v3 RFC 3580 RADIUS Tunnel Protocol Attribute IEEE 802 1ab Link Layer Discovery Protocol LLDP IEEE 802 1ag Connectivity Fault Management CFM IEEE 802 1x Port Based Network Access Control IEEE 802 1D MAC Bridges IEEE 802 1p Traffic Types Packet Priority IEEE 802 1Q Tagged VLAN IEEE 802 1w Rapid Spanning Tree Protocol RSTP IEEE 802 1s M...

Page 427: ...t on the Switch s front panel Perform the following procedure to remove the fan module in order to change a fan fuse or the fan module 1 Loosen the thumbscrew on the front of the fan module 2 Slide out the fan module 3 Replace the fuse if it is burnt out If the fuse is not the problem use a different fan module from the manufacturer 4 Slide the fan module back into the fan module slot 5 Tighten th...

Page 428: ...Chapter 47 Product Specifications MGS3700 12C User s Guide 428 ...

Page 429: ...429 PART VII Appendices and Index Common Services 431 Legal Information 435 Index 417 ...

Page 430: ...430 ...

Page 431: ...er information about port numbers If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation of the applications that use this service or the situations in which this service is used Table 151 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authe...

Page 432: ... a specific group of hosts IKE UDP 500 The Internet Key Exchange algorithm is used for key distribution and management IRC TCP UDP 6667 This is another popular Internet chat program MSN Messenger TCP 1863 Microsoft Networks messenger service uses this protocol NEW ICQ TCP 5190 An Internet chat program NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server d...

Page 433: ... UDP 162 Traps for use with the SNMP RFC 1215 SQL NET TCP 1521 Structured Query Language is an interface to access data on many different types of database systems including mainframes midrange systems UNIX systems and network servers SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACA...

Page 434: ...Appendix A Common Services MGS3700 12C User s Guide 434 ...

Page 435: ...not assume any liability arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is ...

Page 436: ...s Operation of this device in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense CE Mark Warning This is a class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Taiwanese BSMI Bureau of Standards Metrology and ...

Page 437: ...nsist of a new or re manufactured functionally equivalent product of equal or higher value and will be solely at the discretion of ZyXEL This warranty shall not apply if the product has been modified misused tampered with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warr...

Page 438: ...Appendix B Legal Information MGS3700 12C User s Guide 438 ...

Page 439: ...rks 407 viewing 408 ARP Address Resolution Protocol 407 ARP inspection 269 272 and MAC filter 272 configuring 273 syslog messages 273 trusted ports 273 authentication 255 setup 261 Authentication Authorization and Accounting see AAA 255 authorization 255 privilege levels 262 setup 261 auto crossover 37 automatic VLAN registration 118 B back up configuration file 363 Backup Power Supply BPS 43 back...

Page 440: ...ore 53 362 saving 360 configuration saving 52 console port 36 copying port settings See port cloning copyright 435 CPU management port 133 CPU protection overview 311 current date 103 current time 103 D daylight saving time 103 DC power status 101 default Ethernet settings 37 default IP address 39 DHCP 349 configuration options 349 modes 349 relay agent 349 relay example 354 setup 353 DHCP Dynamic...

Page 441: ...g delay 164 frames tagged 126 untagged 126 front panel 35 FTP 363 file transfer procedure 364 restrictions over WAN 365 G GARP 118 GARP Generic Attribute Registration Protocol 118 GARP terminology 119 GARP timer 107 118 general features 423 general setup 102 getting help 55 Gigabit ports 36 GMT Greenwich Mean Time 103 GVRP 118 125 126 and port assignment 126 GVRP GARP VLAN Registration Protocol 11...

Page 442: ...C address 303 mode 304 overview 303 PAgP 303 point to point 303 STP 303 tunnel port 304 UDLD 303 VTP 303 LACP 185 306 system priority 192 timeout 192 layer 2 features 423 Layer 2 protocol tunneling see L2PT layer 3 features 424 LEDs 43 ALM 44 BPS 43 PWR 44 SYS 44 limit MAC address learning 207 Link Aggregate Control Protocol LACP 185 link aggregation 185 dynamic 185 ID information 186 setup 189 19...

Page 443: ...hops 164 MDIX Media Dependent Interface Crossover 37 MGMT port 39 MIB and SNMP 368 supported MIBs 369 MIB Management Information Base 368 mirroring ports 175 monitor port 175 176 mounting brackets 33 MRSTP status 161 MST ID 152 MST Instance See MSTI 152 MST region 151 MSTI 152 MSTP 147 150 bridge ID 167 configuration 163 configuration digest 167 forwarding delay 164 Hello Time 167 hello time 164 M...

Page 444: ...view 205 setup 206 297 305 port setup 112 port status 94 port VLAN ID see PVID 126 port VLAN trunking 119 port based VLAN 132 all connected 135 port isolation 135 settings wizard 135 ports diagnostics 390 mirroring 175 speed duplex 113 tandby 186 power AC 101 BPS 101 voltage 101 power connector 39 power consumption 419 power module current rating 40 power wire 40 power source mode 100 power specif...

Page 445: ...228 routing protocols 424 RSTP 147 rubber feet 32 S safety certifications 426 safety warnings 7 save configuration 52 360 Secure Shell See SSH security 424 service access control 385 service port 386 Simple Network Management Protocol see SNMP Small Form factor Pluggable SFP 37 SNMP 368 agent 368 and MIB 368 and security 369 authentication 376 communities 375 management model 368 manager 368 MIB 3...

Page 446: ...ard 295 subnet based VLAN 128 and DHCP VLAN 128 priority 128 setup 127 subnet based VLANs 126 switch lockout 53 switch reset 53 switch setup 106 switching 423 syntax conventions 5 SYS LED 44 syslog 273 391 protocol 391 server setup 393 settings 392 setup 392 severity levels 391 system information 100 system log 390 system reboot 361 T TACACS 255 256 setup 259 TACACS Terminal Access Controller Acce...

Page 447: ...ration 118 ID 117 IGMP snooping 240 ingress filtering 126 introduction 104 number of VLANs 121 port number 122 port settings 125 port based VLAN 132 port based all connected 135 port based isolation 135 port based wizard 135 PVID 126 static VLAN 122 status 121 122 subnet based 126 trunking 119 126 type 106 120 VLAN Virtual Local Area Network 104 VLAN ID 110 VLAN mapping 299 activating 300 configur...

Page 448: ...00 12C User s Guide 448 home 48 login 47 logout 55 navigation panel 49 weight queuing 228 Weighted Round Robin Scheduling WRR 228 WRR Weighted Round Robin Scheduling 228 Z ZyNOS ZyXEL Network Operating System 364 ...

Reviews:

No comments

Related manuals for MGS3700-12C

ABB EDS500 Series Operating Instruction preview
EDS500 Series
Brand: ABB Pages: 7
ABB Sense7 Series Original Instructions Manual preview
Sense7 Series
Brand: ABB Pages: 15
ABB NAL Series Mounting And Operation Manual preview
NAL Series
Brand: ABB Pages: 32
ABB VUBB User Manual preview
VUBB
Brand: ABB Pages: 44
N-Tron 100 Series User Manual & Installation Manual preview
100 Series
Brand: N-Tron Pages: 20
Barksdale 9000 Series Operating Instructions preview
9000 Series
Brand: Barksdale Pages: 5
Barksdale 8000 Series Operating Instructions Manual preview
8000 Series
Brand: Barksdale Pages: 6
S&C 2000 series Instructions For Field Assembly And Installation preview
2000 series
Brand: S&C Pages: 26
S&C 2000 series Installation Manual preview
2000 series
Brand: S&C Pages: 28
S&C 2000 series Installation And Operation Manual preview
2000 series
Brand: S&C Pages: 37
D-Link DKVM-IP1 Manual preview
DKVM-IP1
Brand: D-Link Pages: 73
La Toulousaine 1400 Installation Manual preview
1400
Brand: La Toulousaine Pages: 6
JDS Uniphase SB Series User Manual preview
SB Series
Brand: JDS Uniphase Pages: 40
Magnetrol T20 Series Instruction Manual And Replacement Parts List preview
T20 Series
Brand: Magnetrol Pages: 12
Magnetrol T20 Series Installation And Operating Manual preview
T20 Series
Brand: Magnetrol Pages: 24
ABLE 6 Series Installation & Maintenance Instructions preview
6 Series
Brand: ABLE Pages: 5
TAMS 1800 Series Installation & Operation Manual preview
1800 Series
Brand: TAMS Pages: 28
D-Link DFE-550TX Datasheet preview
DFE-550TX
Brand: D-Link Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

ABB AEG Acer Asus Beko Black & Decker Bosch Brother Candy Canon Cisco Craftsman D-Link DeWalt Dell Electrolux Emerson Epson Frigidaire Fujitsu GE HP Haier Hitachi Honeywell Huawei Husqvarna JVC Kenmore Kenwood KitchenAid LG Lenovo Makita Miele Mitsubishi Electric Motorola NEC Nikon Nokia Panasonic Philips Pioneer Samsung Sanyo Sharp Siemens Sony TP-Link Toshiba Whirlpool Xiaomi Yamaha Zanussi Load more brands