Home
/
ZyXEL Communications
/
XGS-4528F
/
User Manual

ZyXEL Communications XGS-4528F, User Manual, Page: 176 / 491

Share

Page: 176 / 491

ZyXEL Communications XGS-4528F User Manual Download Page 176

Chapter 16 Mirroring

XGS-4526/4528F/4728F User’s Guide

176

The following table describes the labels in this screen.

Table 38

Advanced Application > Mirroring

LABEL

DESCRIPTION

Active

Select this check box to activate port mirroring on the Switch. Clear this check
box to disable the feature.

Monitor
Port

The monitor port is the port you copy the traffic to in order to examine it in
more detail without interfering with the traffic flow on the original port(s).
Type the port number of the monitor port.

Port

This field displays the port number.

*

Settings in this row apply to all ports.

Use this row only if you want to make some settings the same for all ports.
Use this row first to set the common settings and then make adjustments on
a port-by-port basis.

Note: Changes in this row are copied to all the ports as soon as you

make them.

Mirrored

Select this option to mirror the traffic on a port.

Direction

Specify the direction of the traffic to mirror by selecting from the drop-down
list box. Choices are Egress (outgoing), Ingress (incoming) and Both.

Apply

Click Apply to save your changes to the Switch’s run-time memory. The
Switch loses these changes if it is turned off or loses power, so use the Save
link on the top navigation panel to save your changes to the non-volatile
memory when you are done configuring.

Cancel

Click Cancel to begin configuring this screen afresh.

«
...
174
175
176
177
178
...
»

Summary of Contents for XGS-4528F

Page 1: ...Intelligent Layer 3 Switch Copyright 2011 ZyXEL Communications Corporation Firmware Version 4 00 Edition 1 03 2011 Default Login Details IP Address http 192 168 0 1 Out of band MGMT port http 192 168...

Page 2: ......

Page 3: ...ference Guide The Command Reference Guide explains how to use the Command Line Interface CLI and CLI commands to configure the Switch Note It is recommended you use the web configurator to configure t...

Page 4: ...d questions about ZyXEL products Forum This contains discussions on ZyXEL products Learn from others who use ZyXEL products and share your experiences as well Customer Support Should problems arise th...

Page 5: ...labels and field choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type...

Page 6: ...r s Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Switch icon is not an exact representation of your device The Switch Computer Notebook computer S...

Page 7: ...this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in E...

Page 8: ...Safety Warnings XGS 4526 4528F 4728F User s Guide 8...

Page 9: ...ing 101 VLAN 117 Static MAC Forward Setup 137 Static Multicast Forward Setup 141 Filtering 145 Spanning Tree Protocol 147 Bandwidth Control 169 Broadcast Storm Control 173 Mirroring 175 Link Aggregati...

Page 10: ...Differentiated Services 353 DHCP 361 VRRP 371 ARP Learning 381 Load Sharing 387 Maintenance 389 Access Control 397 Diagnostic 423 Syslog 425 Cluster Management 435 MAC Table 443 IP Table 447 ARP Tabl...

Page 11: ...1 1 4 IEEE 802 1Q VLAN Application Example 29 1 1 5 IPv6 Support 30 1 2 Ways to Manage the Switch 30 1 3 Good Habits for Managing the Switch 31 Chapter 2 Hardware Installation and Connection 33 2 1 F...

Page 12: ...6 1 Reload the Configuration File 55 4 7 Logging Out of the Web Configurator 56 4 8 Help 56 Chapter 5 Initial Setup Example 57 5 1 Overview 57 5 1 1 Configuring an IP Interface 57 5 1 2 Configuring DH...

Page 13: ...cal Reference 93 Chapter 7 System Status and Port Statistics 95 7 1 Overview 95 7 2 Port Status Summary 95 7 2 1 Status Port Details 97 Chapter 8 Basic Setting 101 8 1 Overview 101 8 2 System Informat...

Page 14: ...icast Forwarding Overview 141 11 2 Configuring Static Multicast Forwarding 142 Chapter 12 Filtering 145 12 1 Configure a Filtering Rule 145 Chapter 13 Spanning Tree Protocol 147 13 1 STP RSTP Overview...

Page 15: ...gregation ID 178 17 3 Link Aggregation Status 179 17 4 Link Aggregation Setting 181 17 5 Link Aggregation Control Protocol 183 17 6 Static Trunking Example 184 Chapter 18 Port Authentication 187 18 1...

Page 16: ...riority 215 22 1 2 Weighted Fair Queuing 215 22 1 3 Weighted Round Robin Scheduling WRR 216 22 2 Configuring Queuing 217 Chapter 23 VLAN Stacking 219 23 1 VLAN Stacking Overview 219 23 1 1 VLAN Stacki...

Page 17: ...5 Tunnel Protocol Attribute 253 25 3 Supported RADIUS Attributes 254 25 3 1 Attributes Used for Authentication 254 25 3 2 Attributes Used for Accounting 255 Chapter 26 IP Source Guard 259 26 1 IP Sour...

Page 18: ...ow Overview 295 30 2 sFlow Port Configuration 296 30 2 1 sFlow Collector Configuration 297 Chapter 31 PPPoE 299 31 1 PPPoE Intermediate Agent Overview 299 31 1 1 PPPoE Intermediate Agent Tag Format 29...

Page 19: ...hapter 36 RIP 327 36 1 RIP Overview 327 36 1 1 Administrative Distance 327 36 2 Configuring RIP 328 Chapter 37 OSPF 331 37 1 OSPF Overview 331 37 1 1 OSPF Autonomous Systems and Areas 331 37 1 2 How O...

Page 20: ...ng 354 40 2 1 TRTCM Color blind Mode 355 40 2 2 TRTCM Color aware Mode 355 40 3 Activating DiffServ 356 40 3 1 Configuring 2 Rate 3 Color Marker Settings 357 40 4 DSCP to IEEE 802 1p Priority Settings...

Page 21: ...er 44 Load Sharing 387 44 1 Load Sharing Overview 387 44 2 Configuring Load Sharing 387 Chapter 45 Maintenance 389 45 1 The Maintenance Screen 389 45 2 Load Factory Default 390 45 3 Save Configuration...

Page 22: ...Netscape Navigator Warning Messages 417 46 9 3 The Main Screen 419 46 10 Service Port Access Control 419 46 11 Remote Management 420 Chapter 47 Diagnostic 423 47 1 Diagnostic 423 Chapter 48 Syslog 42...

Page 23: ...hapter 53 Routing Table 453 53 1 Overview 453 53 2 Viewing the Routing Table Status 453 Chapter 54 Configure Clone 455 54 1 Configure Clone 455 Chapter 55 Troubleshooting 457 55 1 Power Hardware Conne...

Page 24: ...Table of Contents XGS 4526 4528F 4728F User s Guide 24...

Page 25: ...25 PART I User s Guide...

Page 26: ...26...

Page 27: ...ule with one port active at a time The XGS 4526 requires 100 VAC to 240 VAC 0 8 A power There are two XGS 4528F or XGS 4728F models The XGS 4528F or XGS 4728F DC model requires DC power supply input o...

Page 28: ...need high bandwidth In the following example a company uses the optional 10 Gigabit uplink modules to connect the headquarters to a branch office network Within the headquarters network a company can...

Page 29: ...nternet To expand the network simply add more networking devices such as switches routers computers print servers and so on Figure 3 Gigabit to the Desktop 1 1 4 IEEE 802 1Q VLAN Application Example A...

Page 30: ...dress allows up to 3 4 x 1038 IP addresses At the time of writing the Switch supports the following features Static address assignment and stateless auto configuration Neighbor Discovery Protocol a pr...

Page 31: ...on page 398 1 3 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively Change the password Use a password that...

Page 32: ...Chapter 1 Getting to Know Your Switch XGS 4526 4528F 4728F User s Guide 32...

Page 33: ...the weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables...

Page 34: ...tion Requirements Two mounting brackets Eight M3 flat head screws and a 2 Philips screwdriver Four M5 flat head screws and a 2 Philips screwdriver Failure to use the proper screws may damage the unit...

Page 35: ...the Switch on a rack Proceed to the next section 2 2 3 Mounting the Switch on a Rack 1 Position a mounting bracket that is already attached to the Switch on one side of the rack lining up the two scr...

Page 36: ...Chapter 2 Hardware Installation and Connection XGS 4526 4528F 4728F User s Guide 36...

Page 37: ...l of the Switch and shows you how to make the hardware connections 3 1 Front Panel Connections The figure below shows the front panel of the Switch Figure 8 Front Panel XGS 4526 Figure 9 Front Panel X...

Page 38: ...peed 100 1000 Mbps and duplex mode full duplex or half duplex of the connected device An auto crossover auto MDI MDI X port automatically works with a straight through or crossover Ethernet cable Tabl...

Page 39: ...r Pluggable SFP Transceiver MultiSource Agreement MSA See the SFF committee s INF 8074i specification Rev 1 0 for details You can change transceivers while the Switch is operating You can use differen...

Page 40: ...verify that it is functioning properly Figure 12 Installed Transceiver 3 1 3 2 Transceiver Removal Use the following steps to remove a mini GBIC transceiver SFP module 1 Open the transceiver s latch l...

Page 41: ...232 management console port D A connector for the power receptacle E 3 2 2 XGS 4528F or XGS 4728F The following figures show the rear panels of the AC and DC power input model switches The rear panel...

Page 42: ...switches for stacking in you network For EM 422 connection Use 10 Gigabit Small Form Factor Pluggable XFP transceivers to connect 1000Base X fiber optic cables to these ports See Section 3 1 3 1 on pa...

Page 43: ...cord to the power socket of your Switch Connect the other end of the cord to a power outlet 3 2 5 2 DC Power Connection Note This is only for the DC model of the Switch The Switch uses a single ETB se...

Page 44: ...pply Connector The Switch supports external backup power supply BPS The Switch constantly monitors the status of the internal power supply The backup power supply automatically provides power to the S...

Page 45: ...728F Green On The Switch is connected to other switches in the stack on Stacking Port 1 Off The Switch is not connected to other switches in the stack on Stacking Port 1 S2 XGS 4528F or XGS 4728F Gree...

Page 46: ...S 4526 4528F 4728F User s Guide 46 1 24 or 21 24 Green On The port has a successful connection Blinking The port is receiving or transmitting data Off This link is disconnected Table 3 LEDs continued...

Page 47: ...The recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in...

Page 48: ...ave not configured a time server nor manually entered a time and date in the General Setup screen Figure 19 Web Configurator Login 4 Click OK to view the first web configurator screen 4 3 The Web Conf...

Page 49: ...ou are currently working in B Click this link to save your configuration into the Switch s nonvolatile memory Nonvolatile memory is saved in the configuration file from which the Switch booted from an...

Page 50: ...e monitoring information General Setup This link takes you to a screen where you can configure general identification information and time settings for the Switch Switch Setup This link takes you to a...

Page 51: ...entication This link takes you to a screen where you can configure IEEE 802 1x port authentication as well as MAC authentication for clients communicating via the Switch Port Security This link takes...

Page 52: ...RIP Routing Information Protocol direction and versions OSPF This link takes you to screens where you can view the OSPF status and configure OSPF settings IGMP This link takes you to a screen where y...

Page 53: ...view its status MAC Table This link takes you to a screen where you can view the MAC address and VLAN ID of a device attach to a port You can also view what kind of MAC address it is IP Table This lin...

Page 54: ...nd management managing through the data ports if you do one of the following 1 Delete the management VLAN default is VLAN 1 2 Delete all port based VLANs with the CPU port as a member The CPU port is...

Page 55: ...or details 2 Disconnect and reconnect the Switch s power to begin a session When you reconnect the Switch s power you will see the initial screen 3 When you see the message Press any key to enter Debu...

Page 56: ...een to exit the web configurator You have to log in with your password again after you log out This is recommended after you finish a management session for security reasons Figure 23 Web Configurator...

Page 57: ...t port VLAN ID Enable RIP 5 1 1 Configuring an IP Interface On a layer 3 switch an IP interface also known as an IP routing domain is not bound to a physical port The default IP address of the Switch...

Page 58: ...for management Make sure your computer is in the same subnet as the MGMT port 2 Open your web browser and enter 192 168 0 1 the default MGMT port IP address in the address bar to access the web confi...

Page 59: ...For the example network configure two DHCP client pools on the Switch for the DHCP clients in the RD and Sales networks 1 In the web configurator click IP Application and DHCP in the navigation panel...

Page 60: ...Example VLAN 1 Click Advanced Application VLAN in the navigation panel and click the Static VLAN link 2 In the Static VLAN screen select ACTIVE enter a descriptive name in the Name field and enter 2...

Page 61: ...st when the Switch s power is turned off 5 1 4 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag...

Page 62: ...ol in the RIP screen 1 Click IP Application and RIP in the navigation panel 2 Select Both in the Direction field to set the Switch to broadcast and receive routing information 3 In the Version field s...

Page 63: ...isable and Recovery on the Switch How to Set Up a Guest VLAN How to Do Port Isolation in a VLAN How to Configure Routing Policy 6 1 How to Use DHCP Snooping on the Switch You only want DHCP server A c...

Page 64: ...fault 1234 2 Go to Advanced Application VLAN Static VLAN and create a VLAN with ID of 100 Add ports 5 6 and 7 in the VLAN by selecting Fixed in the Control field as shown Deselect Tx Tagging because y...

Page 65: ...ing and set the PVID of the ports 5 6 and 7 to 100 This tags untagged incoming frames on ports 5 6 and 7 with the tag 100 4 Go to Advanced Application IP Source Guard DHCP snooping Configure activate...

Page 66: ...Source Guard DHCP snooping Configure VLAN show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply Then select Yes in the Enabled field of the VLAN 100 entry shown at the bot...

Page 67: ...se the command show dhcp snooping binding to see the DHCP snooping binding table as shown next 6 2 How to Use DHCP Relay on the Switch This tutorial describes how to configure your Switch to forward D...

Page 68: ...l DHCP Relay Scenario 6 2 2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 102 1 Access the web configurator through the Switch s management port 2 Go to Basic Setting...

Page 69: ...he Name field and enter 102 in the VLAN Group ID field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags b...

Page 70: ...tus screen 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 10 Click Appl...

Page 71: ...e DHCP Server 1 field 4 Select the Option 82 and the Information check boxes 5 Click Apply to save your changes back to the run time memory 6 Click the Save link in the upper right corner of the web c...

Page 72: ...is way PPPoE server S can identify subscriber C and may apply different settings to it Figure 29 Tutorial PPPoE Intermediate Agentt Tutorial Overview Note For related information about PPPoE IA see Se...

Page 73: ...PPPoE Intermediate Agent Select Active then click Apply Click Port on the top of the screen 2 Select Untrusted for port 5 and enter userC as Circuit id and 00134900000A as Remote id Select Trusted for...

Page 74: ...6 4528F 4728F User s Guide 74 3 The Intermediate Agent screen appears Click VLAN on the top of the screen 4 Enter 1 for both Start VID and End VID since both the Switch and PPPoE server are in VLAN 1...

Page 75: ...id and Remote id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server Click Apply 6 3 2 Configuring Switch B The example uses another XGS 4728F as sw...

Page 76: ...4526 4528F 4728F User s Guide 76 2 Select Trusted for ports 11 and 12 and then click Apply Then Click Intermediate Agent on the top of the screen 3 The Intermediate Agent screen appears Click VLAN on...

Page 77: ...1 and pass to the PPPoE server Click Apply The settings are completed now If you miss some settings above subscriber C could not successfully receive an IP address assigned by the PPPoE Server If this...

Page 78: ...e features are helpful for this demand Note Refer to Section 27 2 on page 285 and Section 32 3 on page 310 for more information about Loop Guard and Errdiable To configure the settings 1 First click A...

Page 79: ...CPU Protection select ARP as the reason enter 100 as the rate limit packets per second for the first entry port to apply the setting to all ports Then click Apply 3 Click Advanced Application Errdisa...

Page 80: ...enable IEEE 802 1x authentication on ports 1 to 8 Clients that connect to these ports should provide the correct user name and password in order to access the ports You want to assign clients that con...

Page 81: ...t the VLAN type to 802 1Q Click Apply to save the settings to the run time memory 3 Click Advanced Application VLAN Static VLAN 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN...

Page 82: ...lost when the Switch s power is turned off 8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen 9 Enter 200 in the PVID field for ports...

Page 83: ...n the upper right corner of the web configurator to save your configuration permanently 6 5 2 Enabling IEEE 802 1x Port Authentication Follow the steps below to enable port authentication to validate...

Page 84: ...ct the first Active checkbox to enable 802 1x authentication on the Switch Select the Active checkboxes for ports 1 to 8 to turn on 802 1x authentication on the selected ports Click Apply 6 5 3 Enabli...

Page 85: ...Switch will authenticate on each of these port 5 in this example Click Apply 3 Click the Save link in the upper right corner of the web configurator to save your configuration permanently Clients that...

Page 86: ...2 to 5 in VLAN 123 and create a private VLAN rule for VLAN 123 to block traffic between ports 2 3 and 4 6 6 1 Creating a VLAN Follow the steps below to configure port 2 3 4 and 5 as a member of VLAN...

Page 87: ...enter 123 in the VLAN Group ID field 5 Select Fixed to configure ports 2 3 4 and 5 to be permanent members of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before se...

Page 88: ...reen 9 Enter 123 in the PVID field for ports 2 3 4 and 5 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the tag defines 10 Cli...

Page 89: ...Name field and enter 123 in the VLAN ID field List the port s that can communicate with any port in VLAN 123 5 in this example Then other ports in this VLAN 2 3 and 4 for example will be added to the...

Page 90: ...with DSCP value 58 into a flow Packets marked with different DSCP values such as 13 are forwarded to the default gateway The Switch applies policy based routing rules to incoming packets prior to the...

Page 91: ...Policy Routing Rule Follow the steps below to set up a policy routing profile first and then a rule to forward traffic of classifier DSCP58 to gateway R2 1 Click IP Application Policy Routing 2 Selec...

Page 92: ...ndex number to 1 in the Sequence field Select Permit to have the Switch send matched traffic to the specified gateway Select the name of the layer 3 classifier to which the rule applies Enter the IP a...

Page 93: ...93 PART II Technical Reference...

Page 94: ...94...

Page 95: ...or home page and port details screens 7 1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details 7 2 Port Status Summa...

Page 96: ...state of the port See Section 13 1 3 on page 149 for more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP This fields displays whether L...

Page 97: ...port on the Switch Figure 31 Status Port Details The following table describes the labels in this screen Table 9 Status Port Details LABEL DESCRIPTION Port Info Port NO This field displays the port n...

Page 98: ...ckets transmitted Tagged This field shows the number of packets with VLAN tags transmitted Rx Packet The following fields display detailed information about packets received Unicast This field shows t...

Page 99: ...5 and 127 octets in length 128 255 This field shows the number of packets including bad packets received that were between 128 and 255 octets in length 256 511 This field shows the number of packets i...

Page 100: ...Chapter 7 System Status and Port Statistics XGS 4526 4528F 4728F User s Guide 100...

Page 101: ...ication information The General Setup screen also allows you to set the system time manually or get the current time and date from an external server when you turn on your Switch The real time is then...

Page 102: ...of the Switch ZyNOS F W Version This field displays the version number of the Switch s current firmware including the date created Ethernet Address This field refers to the Ethernet MAC Media Access C...

Page 103: ...m speed measured in RPM 41 is displayed for speeds too small to measure under 2000 RPM Threshold This field displays the minimum speed at which a normal fan should work Status Normal indicates that th...

Page 104: ...wing table describes the labels in this screen Table 11 Basic Setting General Setup LABEL DESCRIPTION System Name Type a descriptive name for identification purposes This name consists of up to 64 pri...

Page 105: ...displays the date you open this menu New Date yyyy mm dd Enter the new date in year month and day format The new date then appears in the Current Date field after you click Apply Time Zone Select the...

Page 106: ...c See Chapter 9 on page 117 for information on port based and 802 1Q tagged VLANs End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Saving Time The time field...

Page 107: ...following example switch A is the root bridge Switch B s root port 7 connects to switch A and switch B s designated port 8 connects to switch C Traffic from isolated ports on switch B can only be sen...

Page 108: ...Based in the VLAN Type field in this screen Refer to the chapter on VLAN Figure 34 Basic Setting Switch Setup The following table describes the labels in this screen Table 12 Basic Setting Switch Setu...

Page 109: ...conds See Chapter 9 on page 117 for more background information Leave Timer Leave Time sets the duration of the Leave Period timer for GVRP in milliseconds Each port has a single Leave Period timer Le...

Page 110: ...he same VLAN as long as the IP address ranges for the domains do not overlap To change the IP address of the Level 4 Typically used for controlled load latency sensitive traffic such as SNA Systems Ne...

Page 111: ...dress and vice versa Enter a domain name server IP address in order to be able to use a domain name instead of an IP address Default Management Specify which traffic flow In Band or Out of band the Sw...

Page 112: ...This is the IP address of the Switch in an IP routing domain IP Subnet Mask Enter the IP subnet mask of an IP routing domain in dotted decimal notation for example 255 255 255 0 VID Enter the VLAN id...

Page 113: ...all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select th...

Page 114: ...regulate transmission of signals to match the bandwidth of the receiving port The Switch uses IEEE 802 3x flow control in full duplex mode and backpressure flow control in half duplex mode IEEE 802 3...

Page 115: ...e memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configurin...

Page 116: ...Chapter 8 Basic Setting XGS 4526 4528F 4728F User s Guide 116...

Page 117: ...l Information starting after the source address field of the Ethernet frame The CFI Canonical Format Indicator is a single bit flag always set to zero for Ethernet switches If a frame received at an E...

Page 118: ...etwork switches to register and de register attribute values with other GARP participants within a bridged LAN GARP is a protocol that provides a generic mechanism for protocols that serve a more spec...

Page 119: ...evices A and B C D and E automatically VLAN Administrative Control Registration Fixed Fixed registration ports are permanent VLAN members Registration Forbidden Ports with registration forbidden are f...

Page 120: ...a VLAN type in the Basic Setting Switch Setup screen Figure 38 Switch Setup Select VLAN Type 9 5 Static VLAN Use a static VLAN to decide whether an incoming frame on a port should be sent to a VLAN g...

Page 121: ...N This is the number of VLANs configured on the Switch The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only...

Page 122: ...rmation on static VLAN To configure a Table 17 Advanced Application VLAN VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number...

Page 123: ...Enter a descriptive name for the VLAN group for identification purposes This name consists of up to 64 printable characters spaces are allowed VLAN Group ID Enter the VLAN ID for this static entry th...

Page 124: ...outgoing frames transmitted with this VLAN Group ID Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save...

Page 125: ...forwarded to the VLAN group that the tag defines Enter a number between 1and 4094 as the port VLAN ID GVRP Select this check box to allow GVRP on this port Acceptable Frame Type Specify the type of f...

Page 126: ...0 24 video for 192 168 1 0 24 and data for 10 1 1 0 24 The Switch can then be configured to group incoming traffic based on the source IP subnet of incoming frames You can then configure a subnet base...

Page 127: ...ctivate this subnet based VLANs on the Switch DHCP Vlan Override When DHCP snooping is enabled DHCP clients can renew their IP address through the DHCP VLAN or via another DHCP server on the subnet ba...

Page 128: ...be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch assigns to frames belonging to this VLAN Add Click Add to save your c...

Page 129: ...ceived on port 6 and 7 All upstream ARP traffic from port 1 2 and 3 will be grouped together and all upstream Apple Talk traffic from port 6 and 7 will be in another group and have higher priority tha...

Page 130: ...must be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch will assign to frames belonging to this VLAN Add Click Add to sa...

Page 131: ...1 3 Give this protocol based VLAN a descriptive name Type IP VLAN 4 Select the protocol Leave the default value IP 5 Type the VLAN ID of an existing VLAN In our example we already created a static VLA...

Page 132: ...ated Note When you activate port based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that require a VID you must enter 1 as the VID Th...

Page 133: ...pter 9 VLAN XGS 4526 4528F 4728F User s Guide 133 The following screen shows users on a port based all connected VLAN configuration Figure 48 Advanced Application VLAN Port Based VLAN Setup All Connec...

Page 134: ...ter 9 VLAN XGS 4526 4528F 4728F User s Guide 134 The following screen shows users on a port based port isolated VLAN configuration Figure 49 Advanced Application VLAN Port Based VLAN Setup Port Isolat...

Page 135: ...that is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the...

Page 136: ...Chapter 9 VLAN XGS 4526 4528F 4728F User s Guide 136...

Page 137: ...ic MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are settin...

Page 138: ...port where the MAC address entered in the previous field will be automatically forwarded Add Click Add to save your rule to the Switch s run time memory The Switch loses this rule if it is turned off...

Page 139: ...d displays the port where the MAC address shown in the next field will be forwarded Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete chec...

Page 140: ...Chapter 10 Static MAC Forward Setup XGS 4526 4528F 4728F User s Guide 140...

Page 141: ...not age out Static multicast forwarding allows you the administrator to forward multicast frames to a member without the member having to join the group first If a multicast group has no members then...

Page 142: ...and 3 within VLAN group 4 Figure 51 No Static Multicast Forwarding Figure 52 Static Multicast Forwarding to A Single Port Figure 53 Static Multicast Forwarding to Multiple Ports 11 2 Configuring Stati...

Page 143: ...octet pair 00000001 is 01 and 00000011 is 03 in hexadecimal so 01 00 5e 00 00 0A and 03 00 5e 00 00 27 are valid multicast MAC addresses VID You can forward frames with matching destination MAC addres...

Page 144: ...ess This field displays the multicast MAC address that identifies a multicast group VID This field displays the ID number of a VLAN group to which frames containing the specified multicast MAC address...

Page 145: ...ing in the navigation panel to display the screen as shown next Figure 55 Advanced Application Filtering The following table describes the related labels in this screen Table 25 Advanced Application F...

Page 146: ...the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear t...

Page 147: ...witches in your network to ensure that only one path exists between any two stations on the network The Switch uses IEEE 802 1w RSTP Rapid Spanning Tree Protocol that allows faster convergence of the...

Page 148: ...or connected LANs and disables all other ports that participate in STP Network packets are therefore only forwarded between enabled ports eliminating any possible network loops STP aware switches exch...

Page 149: ...with its own bridge information In the following example there are two RSTP instances MRSTP 1 and MRSTP2 on switch A Figure 56 MRSTP Network Example To set up MRSTP activate MRSTP on the Switch and sp...

Page 150: ...ltiple bridges or switching devices into regions that appear as one single bridge on the network A VLAN can be mapped to a specific Multiple Spanning Tree Instance MSTI MSTI allows multiple VLANs to u...

Page 151: ...region external path cost of paths outside this region is increased by one Internal path cost of paths within this region is increased by one when BPDUs traverse the region Devices that belong to the...

Page 152: ...A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of an MST in...

Page 153: ...ree Protocol This screen differs depending on which STP mode RSTP MRSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration section for...

Page 154: ...anced Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree...

Page 155: ...ssage generations by the root switch The allowed range is 1 to 10 seconds Max Age This is the maximum time in seconds a switch can wait without receiving a BPDU before attempting to reconfigure All sw...

Page 156: ...Protocol Data Unit BPDU Priority Configure the priority for each port here Priority decides which port should be disabled when more than one port forms a loop in a switch Ports with a higher priority...

Page 157: ...itch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second...

Page 158: ...RSTP The following table describes the labels in this screen Table 31 Advanced Application Spanning Tree Protocol MRSTP LABEL DESCRIPTION Status Click Status to display the MRSTP Status screen see Fig...

Page 159: ...is 6 to 40 seconds Forwarding Delay This is the maximum time in seconds a switch will wait before changing states This delay is required because every switch must receive information about topology c...

Page 160: ...ue are disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port It is recommended that y...

Page 161: ...ime second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the...

Page 162: ...Guide 162 13 8 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Section 13 1 5 on page 150 for more information on M...

Page 163: ...s Forwarding Delay This is the maximum time in seconds a switch will wait before changing states This delay is required because every switch must receive information about topology changes before it s...

Page 164: ...he common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to add this port to the...

Page 165: ...Delete column and then click the Delete button Cancel Click Cancel to begin configuring this screen afresh Table 33 Advanced Application Spanning Tree Protocol MSTP continued LABEL DESCRIPTION Table 3...

Page 166: ...An edge port changes its initial STP port state from blocking state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge po...

Page 167: ...h cost from the root port on this Switch to the root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning T...

Page 168: ...h cost from the root port in this MST instance to the regional root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of...

Page 169: ...he guaranteed bandwidth for the incoming traffic flow on a port The Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congesti...

Page 170: ...you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the po...

Page 171: ...going traffic flow on a port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top n...

Page 172: ...Chapter 14 Bandwidth Control XGS 4526 4528F 4728F User s Guide 172...

Page 173: ...F packets the Switch receives per second on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this...

Page 174: ...n a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per sec...

Page 175: ...c flow to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference Click Advanced Application Mirroring in the navigation pa...

Page 176: ...this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are cop...

Page 177: ...logical link containing multiple ports The beginning port of each trunk group must be physically connected to form a trunk group The Switch supports both static and dynamic link aggregation Note In a...

Page 178: ...ks on full duplex links All ports in the same trunk group must have the same media type speed duplex mode and flow control settings Configure trunk groups or LACP before you connect the Ethernet switc...

Page 179: ...a trunk group that is one logical link containing multiple ports Enabled Port These are the ports you have configured in the Link Aggregation screen to be in the trunk group The port number s displays...

Page 180: ...raffic based on a combination of the packet s source and destination MAC addresses src ip means the Switch distributes traffic based on the packet s source IP address dst ip means the Switch distribut...

Page 181: ...4 Advanced Application Link Aggregation Link Aggregation Setting The following table describes the labels in this screen Table 42 Advanced Application Link Aggregation Link Aggregation Setting LABEL D...

Page 182: ...tion MAC addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to dis...

Page 183: ...Control Protocol Click in the Advanced Application Link Aggregation Link Aggregation Setting LACP to display the screen shown next See Section 17 2 on page 177 for more information on dynamic link ag...

Page 184: ...al link containing multiple ports LACP Active Select this option to enable LACP for a trunk Port This field displays the port number Settings in this row apply to all ports Use this row only if you wa...

Page 185: ...B Figure 76 Trunking Example Physical Connections 2 Configure static trunking Click Advanced Application Link Aggregation Link Aggregation Setting In this screen activate trunk group T1 select the tr...

Page 186: ...Chapter 17 Link Aggregation XGS 4526 4528F 4728F User s Guide 186...

Page 187: ...validate users See Section 25 1 2 on page 244 for more information on configuring your RADIUS server settings Note If you enable IEEE 802 1x authentication and MAC authentication on the same port the...

Page 188: ...ss 18 1 2 MAC Authentication MAC authentication works in a very similar way to IEEE 802 1x authentication The main difference is that the Switch does not prompt the client for login credentials The lo...

Page 189: ...ion first activate the port authentication method s you want to use both on the Switch and the port s then configure the RADIUS server settings in the AAA Radius Server Setup screen To activate a port...

Page 190: ...his check box to permit 802 1x authentication on the Switch Note You must first enable 802 1x authentication on the Switch before configuring it on each port Port This field displays a port number Set...

Page 191: ...est the Switch sends the client to the Guest VLAN The client needs to send a new request to be authenticated by the Switch again Reauth Specify if a subscriber has to periodically re enter his or her...

Page 192: ...gures switches or routers with the guest network feature Figure 82 Guest VLAN Example Use this screen to enable and assign a guest VLAN to a port In the Port Authentication 802 1x screen click Guest V...

Page 193: ...s the guest VLAN Make sure this is a VLAN recognized in your network Host mode Specify how the Switch authenticates users when more than one user connect to the port using a hub Select Multi Host to a...

Page 194: ...thentication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch Note You must first enable MAC authentication on the Switch before configuring it on each port Na...

Page 195: ...rsedes this setting See Section 8 5 on page 108 Port This field displays a port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by...

Page 196: ...Chapter 18 Port Authentication XGS 4526 4528F 4728F User s Guide 196...

Page 197: ...th no limit on individual ports other than the sum cannot exceed 16K The XGS 4526 or XGS 4528F can learn up to 8K MAC addresses in total with no limit on individual ports other than the sum cannot exc...

Page 198: ...reviously learned MAC addresses on the specified port s will become static MAC addresses and display in the Static MAC Forwarding screen MAC freeze Click MAC freeze to have the Switch automatically se...

Page 199: ...ort itself must be active with address learning enabled Limited Number of Learned MAC Address Use this field to limit the number of dynamic MAC addresses that may be learned on a port For example if y...

Page 200: ...in the XGS 4526 or XGS 4528F 0 means this feature is disabled Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so u...

Page 201: ...such as the source address destination address source port number destination port number or incoming port number For example you can configure a classifier to select traffic from the same protocol po...

Page 202: ...tion Classifier LABEL DESCRIPTION Active Select this option to enable this rule Name Enter a descriptive name for this rule for identifying purposes Packet Format Specify the format of the packet Choi...

Page 203: ...format six hexadecimal character pairs Layer 3 Specify the fields below to configure a layer 3 classifier DSCP Select Any to classify traffic from any DSCP or select the second option and specify a D...

Page 204: ...P UDP protocol port number Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or lose...

Page 205: ...ancel Click Cancel to clear the Delete check boxes Table 51 Common Ethernet Types and Protocol Number ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X 75 Internet 0801 NBS Internet 0802 ECMA Internet 080...

Page 206: ...configuring a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 Figure 89 Classifier Example After you have configured a classifier you can configure a policy to def...

Page 207: ...ating the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or...

Page 208: ...ss the DiffServ network Based on the marking rule different kinds of traffic can be marked for different kinds of forwarding Resources can then be allocated according to the DSCP values and the config...

Page 209: ...vigation panel to display the screen as shown Figure 90 Advanced Application Policy Rule The following table describes the labels in this screen Table 53 Advanced Application Policy Rule LABEL DESCRIP...

Page 210: ...out of profile traffic Action Specify the action s the Switch takes on the associated classified traffic flow Forwarding Select No change to forward the packets Select Discard the packet to drop the p...

Page 211: ...of profile traffic Select Drop the packet to discard the out of profile traffic Select Change the DSCP value to replace the DSCP field with the value specified in the Out of profile DSCP field Select...

Page 212: ...er Click an index number to edit the policy Active This field displays Yes when policy is activated and No when is it deactivated Name This field displays the name you have assigned to this policy Cla...

Page 213: ...licy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out of profile traffic on a traffic flow classified using the Example classifie...

Page 214: ...Chapter 21 Policy Rule XGS 4526 4528F 4728F User s Guide 214...

Page 215: ...tch traffic on the highest priority queue Q7 is transmitted first When that queue empties traffic on the next highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted...

Page 216: ...an equal amount of bandwidth and then moves to the end of the list and so on depending on the number of queues being used This works in a looping fashion until a queue is empty Weighted Round Robin S...

Page 217: ...the labels in this screen Table 55 Advanced Application Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring Settings in this row apply to all ports Use this row only i...

Page 218: ...e service than queues with smaller weights Weight Q0 Q7 When you select WFQ or WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their weights Hybri...

Page 219: ...4 094 customer VLANs This allows a service provider to provide different service based on specific VLANs for many different customers A service provider s customers may require a range of VLANs to han...

Page 220: ...ing Select Access Port for ingress ports on the service provider s edge devices 1 and 2 in the VLAN stacking example figure The incoming frame is treated as untagged so a second VLAN tag outer VLAN ta...

Page 221: ...nnel Port then the Switch only adds the SP TPID tag to all incoming frames on the service provider s edge devices 1 and 2 in the VLAN stacking example figure that have an SP TPID different to the one...

Page 222: ...e and Double Tagged 802 11Q Frame Format DA SA Len Etype Dat a FCS Untagged Ethernet frame DA SA TPI D Priorit y VI D Len Etype Dat a FCS IEEE 802 1Q customer tagged frame D A SA SPTPI D Priori ty VI...

Page 223: ...ngress ports at the edge of the service provider s network Select Tunnel Port available for Gigabit ports only for egress ports at the edge of the service provider s network Select Tunnel Port to have...

Page 224: ...r identifies the port you are configuring SPVID SPVID is the service provider s VLAN ID the outer VLAN tag Enter the service provider ID from 1 to 4094 for frames received on this port See Chapter 9 o...

Page 225: ...nfiguring CVID Enter a customer VLAN ID the inner VLAN tag from 1 to 4094 This is the VLAN tag carried in the packets from the subscribers SPVID SPVID is the service provider s VLAN ID the outer VLAN...

Page 226: ...is the service provider s VLAN ID that adds to the packets from the subscribers Priority This is the service provider s priority level in the packets Delete Check the rule s that you want to remove in...

Page 227: ...ulticast address allows a device to send packets to a specific group of hosts multicast group in a different subnetwork A multicast IP address represents a traffic receiving group not individual recei...

Page 228: ...on up to 16 VLANs You can configure the Switch to automatically learn multicast group membership of any VLANs The Switch then performs IGMP snooping on the first 16 VLANs that send IGMP packets This...

Page 229: ...se settings to configure IGMP Snooping Active Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group Querier Select this option to allow...

Page 230: ...ess Select Drop to discard the frame s Select Flooding to send the frame s to all ports Port This field displays the port number Settings in this row apply to all ports Use this row only if you want t...

Page 231: ...entry is aged out Select Replace to replace an existing entry in the multicast forwarding table with the new IGMP report s received on this port IGMP Filtering Profile Select the name of the IGMP fil...

Page 232: ...mation of any VLANs automatically Select fixed to have the Switch only learn multicast group membership information of the VLAN s that you specify below In either auto or fixed mode the Switch can lea...

Page 233: ...r the ID of a static VLAN the valid range is between 1 and 4094 Note You cannot configure the same VLAN ID as in the MVR screen Add Click Add to insert the entry in the summary table below and save yo...

Page 234: ...icast IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile End Address Type the ending multicast IP address for a range of IP addresses that you want to...

Page 235: ...ups are managed by IGMP snooping The following figure shows a network example The subscriber VLAN 1 2 and 3 information is hidden from the streaming media server S In addition the multicast VLAN infor...

Page 236: ...om the streaming media server S via the Switch Multiple subscriber devices can connect through a port configured as the receiver on the Switch When the subscriber selects a television channel computer...

Page 237: ...ch automatically creates a static VLAN with the same VID when you create a multicast VLAN in this screen Figure 104 Advanced Application Multicast Multicast Setting MVR The following table describes t...

Page 238: ...eives multicast traffic None Select this option to set the port not to participate in MVR No MVR multicast traffic is sent or received on this port Tagging Select this checkbox if you want the port to...

Page 239: ...he labels in this screen Table 67 Advanced Application Multicast Multicast Setting MVR Group Configuration LABEL DESCRIPTION Multicast VLAN ID Select a multicast VLAN ID that you configured in the MVR...

Page 240: ...ink on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh MVLAN This field displays the...

Page 241: ...on the Switch create a multicast group in the MVR screen and set the receiver and source ports Figure 107 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subs...

Page 242: ...8F User s Guide 242 following figure shows an example where two multicast groups News and Movie are configured for the multicast VLAN 200 Figure 108 MVR Group Configuration Example Figure 109 MVR Grou...

Page 243: ...ilege levels associated with them For example user A may have the right to create new login accounts on the Switch but user B cannot The Switch can authorize users based on user accounts configured on...

Page 244: ...limited to the memory capacity of the device In essence RADIUS and TACACS authentication both allow you to validate an unlimited number of users from a central location The following table describes s...

Page 245: ...r Setup Use this screen to configure your RADIUS server settings See Section 25 1 2 on page 244 for more information on RADIUS servers and Section 25 3 on page 254 for RADIUS attributes utilized by th...

Page 246: ...imal notation UDP Port The default port of a RADIUS server for authentication is 1812 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a pa...

Page 247: ...ing server and the Switch This key is not sent over the network This key must be the same on the external RADIUS accounting server and the Switch Delete Check this box if you want to remove an existin...

Page 248: ...erver in dotted decimal notation TCP Port The default port of a TACACS server for authentication is 49 You need not change this value unless your network administrator instructs you to do so Shared Se...

Page 249: ...ent over the network This key must be the same on the external TACACS accounting server and the Switch Delete Check this box if you want to remove an existing TACACS accounting server entry from the S...

Page 250: ...lds Select local to have the Switch check the access privilege configured for local authentication Select radius or tacacs to have the Switch check the access privilege via the external servers Login...

Page 251: ...ient begins a session authenticates via the Switch ends a session as well as interim updates of a session Commands Configure the Switch to send information when commands of specified privilege level a...

Page 252: ...yXEL s vendor ID is 890 Vendor Type A vendor specified attribute identifying the setting you want to modify Vendor data A value you want to assign to the setting Note Refer to the documentation that c...

Page 253: ...Kbps in decimal format Privilege Assignment Vendor ID 890 Vendor Type 3 Vendor Data shell priv lvl N or Vendor ID 9 CISCO Vendor Type 1 CISCO AVPAIR Vendor Data shell priv lvl N where N is a privileg...

Page 254: ...tes used by authentication and accounting functions on the Switch In cases where the attribute has a specific format associated with it the format is specified 25 3 1 Attributes Used for Authenticatio...

Page 255: ...t sequential number for example 2007041917210300000001 date 2007 04 19 time 17 21 03 serial number 00000001 Acct Delay Time 25 3 2 2 Attributes Used for Accounting Exec Events The attributes are liste...

Page 256: ...D Acct Status Type D D D Acct Delay Time D D D Acct Session Id D D D Acct Authentic D D D Acct Session Time D D Acct Terminate Cause D Table 76 RADIUS Attributes Exec Events via Console ATTRIBUTE STAR...

Page 257: ...Chapter 25 AAA XGS 4526 4528F 4728F User s Guide 257 Acct Input Gigawords D D Acct Output Gigawords D D Table 76 RADIUS Attributes Exec Events via Console ATTRIBUTE START INTERIM UPDATE STOP...

Page 258: ...Chapter 25 AAA XGS 4526 4528F 4728F User s Guide 258...

Page 259: ...ere is a binding the Switch forwards the packet If there is not a binding the Switch discards the packet The Switch builds the binding table by snooping DHCP packets dynamic bindings and from informat...

Page 260: ...here are no trusted ports Untrusted ports are connected to subscribers The Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example...

Page 261: ...of the requests The Switch can add the following information Slot ID 1 byte port ID 1 byte and source VLAN ID 2 bytes System name up to 32 bytes This information is stored in an Agent Information fiel...

Page 262: ...uter X does the following things It pretends to be computer A and responds to computer B It pretends to be computer B and sends a message to computer A As a result all the communication between comput...

Page 263: ...e Switch can send syslog messages to the specified syslog server Chapter 48 on page 425 when it forwards or discards ARP packets The Switch can consolidate log messages and send log messages in batche...

Page 264: ...P Source Guard LABEL DESCRIPTION Index This field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding IP Address This field displays the...

Page 265: ...applies to all ports select Any Add Click this to create the specified static binding or to update an existing one Cancel Click this to reset the values above based on the last selected static binding...

Page 266: ...cs about the DHCP snooping database To open this screen click Advanced Application IP Source Guard DHCP Snooping Figure 119 DHCP Snooping Delete Select this and click Delete to remove the specified en...

Page 267: ...This field displays how much longer in seconds the Switch tries to complete the current update before it gives up It displays Not Running if the Switch is not updating the DHCP snooping database righ...

Page 268: ...ference Guide Binding collisions This field displays the number of bindings the Switch ignored because the Switch already had a binding with the same MAC address and VLAN ID Invalid interfaces This fi...

Page 269: ...restart To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Figure 120 DHCP Snooping Configure Parse failures This field displays the number of bindings the Switch h...

Page 270: ...s tftp domain name or IP address directory if applicable file name for example tftp 192 168 10 1 database txt Timeout interval Enter how long 10 65535 seconds the Switch tries to complete a specific u...

Page 271: ...s for DHCP snooping Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports You can also specify the maximum number for DHCP packets that each port trust...

Page 272: ...rusted ports are connected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The sou...

Page 273: ...the Switch and specify trusted ports Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports Option82 Select this to have the Switch add the slot number...

Page 274: ...dentified unauthorized ARP packets Index This field displays a sequential number for each MAC address filter MAC Address This field displays the source MAC address in the MAC address filter VID This f...

Page 275: ...ge in the section below Then enter the lowest VLAN ID Start VID and the highest VLAN ID End VID you want to look at Apply Click this to display the specified range of VLANs in the section below VID Th...

Page 276: ...t were generated by ARP packets and that have not been sent to the syslog server yet If one or more log messages are dropped due to unavailable buffer there is an entry called overflow with the curren...

Page 277: ...inding with the same MAC address and VLAN ID static deny An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID deny An ARP packet was discarded because...

Page 278: ...ear the log and reset this counter See Section 26 6 2 on page 276 Syslog rate Type the maximum number of syslog messages the Switch can send to the syslog server in one batch This number is expressed...

Page 279: ...nfigure the port the settings are applied to all of the ports Trusted State Select whether this port is a trusted port Trusted or an untrusted port Untrusted The Switch does not discard ARP packets on...

Page 280: ...in every five second interval Enter the length 1 15 seconds of the burst interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned...

Page 281: ...n ARP packet from the VLAN Permit The Switch generates log messages when it forwards an ARP packet from the VLAN All The Switch generates log messages every time it receives an ARP packet from the VLA...

Page 282: ...Chapter 26 IP Source Guard XGS 4526 4528F 4728F User s Guide 282...

Page 283: ...igure 129 Loop Guard vs STP Loop guard is designed to handle loop problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as...

Page 284: ...same port If this is the case the Switch will shut down the port connected to the switch in loop state The following figure shows a loop guard enabled port N on switch A sending a probe packet P to sw...

Page 285: ...etwork you can re activate the disabled port via the web configurator see Section 8 7 on page 113 or via commands see the Ethernet Switch CLI Reference Guide 27 2 Loop Guard Setup Click Advanced Appli...

Page 286: ...e Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to c...

Page 287: ...the Gigabit uplink port When VLAN mapping is enabled the Switch discards the tagged packets that do not match an entry in the VLAN mapping table If the incoming packets are untagged the Switch adds a...

Page 288: ...e the setting the same for all ports Use this row first and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this ch...

Page 289: ...o the VID you specified in the Translated VID field Translated VID Enter a VLAN ID from 1 to 4094 into which the customer VID carried in the packets will be translated Priority Select a priority level...

Page 290: ...his is the VLAN ID that replaces the customer VLAN ID in the tagged packets Priority This is the priority level that replaces the customer priority level in the tagged packets Delete Check the rule s...

Page 291: ...rvice provider s network The edge switch encapsulates layer 2 protocol packets with a specific MAC address before sending them across the service provider s network to other edge switches Figure 137 L...

Page 292: ...port on the service provider s edge device 1 or 2 in Figure 138 on page 292 and connected to a customer switch A or B Incoming layer 2 protocol packets received on an access port are encapsulated and...

Page 293: ...e Select this to enable layer 2 protocol tunneling on the Switch Destination MAC Address Specify an MAC address with which the Switch uses to encapsulate the layer 2 protocol packets by replacing the...

Page 294: ...tus and detect a unidirectional link PAGP Select this option to have the Switch send PAgP packets to a peer to automatically negotiate and build a logical port aggregation LACP Select this option to h...

Page 295: ...sFlow agent then creates sFlow data and sends it to an sFlow collector The sFlow collector is a server that collects and analyzes sFlow datagram An sFlow datagram includes packet header input and outp...

Page 296: ...me memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuri...

Page 297: ...tor Collector Address Enter the IP address of the sFlow collector Note You must have the sFlow collector already configured in the sFlow Collector screen The sFlow collector does not need to be in the...

Page 298: ...loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cance...

Page 299: ...rver 31 1 1 PPPoE Intermediate Agent Tag Format If the PPPoE Intermediate Agent is enabled the Switch adds a vendor specific tag to PADI PPPoE Active Discovery Initialization and PADR PPPoE Active Dis...

Page 300: ...ic port the Switch adds the user defined identifier string and variables into the Agent Circuit ID Sub option The variables can be the slot ID of the PPPoE client the port number of the PPPoE client a...

Page 301: ...connected to PPPoE servers If a PADO PPPoE Active Discovery Offer PADS PPPoE Active Discovery Session confirmation or PADT PPPoE Active Discovery Terminate packet is sent from a PPPoE server and recei...

Page 302: ...to the Intermediate Agent screen Figure 143 Advanced Application PPPoE Intermediate Agent 31 3 PPPoE Intermediate Agent Use this screen to configure the Switch to give a PPPoE termination server addit...

Page 303: ...nfigure circuit id and remote id in the Per Port or Per Port Per VLAN screen Active Select this option to have the Switch add the user defined identifier string and variables specified in the option f...

Page 304: ...creen as shown Figure 145 Advanced Application PPPoE Intermediate Agent Port The following table describes the labels in this screen Table 101 Advanced Application PPPoE Intermediate Agent Port LABEL...

Page 305: ...an untrusted port Circuit id Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Circuit ID sub option for PPPoE discovery packets received on this port Spaces are allowed...

Page 306: ...re in the section below End VID Enter the highest VLAN ID you want to configure in the section below Apply Click Apply to display the specified range of VLANs in the section below Port This field disp...

Page 307: ...o the Agent Remote ID sub option for this VLAN on the specified port Spaces are allowed If you do not specify a string here or in the Remote id field for a specific port the Switch automatically uses...

Page 308: ...settings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Note Changes in this row are copied to al...

Page 309: ...allows you to limit the rate of ARP BPDU and IGMP packets to be delivered to the CPU on a port This enhances the CPU efficiency and protects against potential DoS attacks or errors from other network...

Page 310: ...Configuration Use this screen to limit the maximum number of control packets ARP BPDU and or IGMP that the Switch can receive or transmit on a port Click the Click Here link next to CPU protection in...

Page 311: ...re here Port This field displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Note Changes in this row...

Page 312: ...he action that the Switch takes when the number of control packets exceed the rate limit on a port set in the Advanced Application Errdisable CPU protection screen inactive port The Switch disables th...

Page 313: ...scard packets on a port according to the feature requirements and what action you configure Use this row to make the setting the same for all entries Use this row first and then make adjustments to ea...

Page 314: ...Chapter 32 Error Disable XGS 4526 4528F 4728F User s Guide 314...

Page 315: ...witch automatically adds other ports in this VLAN to the isolated port list and blocks traffic between the isolated ports A promiscuous port can communicate with any port in the same VLAN An isolated...

Page 316: ...VLAN Other ports belonging to this VLAN will be added to the isolation list and can only send and receive traffic from the port s you specify here Add Click Add to insert the entry in the summary tabl...

Page 317: ...User s Guide 317 Delete Check the rule s that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to clear the Delete check boxes Table 107 Advanced Applicati...

Page 318: ...Chapter 33 Private VLAN XGS 4526 4528F 4728F User s Guide 318...

Page 319: ...s not reachable through the default gateway use static routes For example the next figure shows a computer A connected to the Switch The Switch routes most traffic from A to the Internet through the S...

Page 320: ...host ID IP Subnet Mask Enter the subnet mask for this destination Gateway IP Address Enter the IP address of the gateway The gateway is an immediate neighbor of your Switch that will forward the pack...

Page 321: ...ddress This field displays the IP network address of the final destination Subnet Mask This field displays the subnet mask for this destination Gateway Address This field displays the IP address of th...

Page 322: ...Chapter 34 Static Route XGS 4526 4528F 4728F User s Guide 322...

Page 323: ...prior to the normal routing Individual routing policies are used as part of the overall policy routing process A routing policy defines the action to take when a packet meets the criteria in a specif...

Page 324: ...Add Click Add to insert a new policy routing profile to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel...

Page 325: ...forward packets based on the classifier and action you specify A policy route rule defines the matching classifier and the action to take when a packet meets the criteria in the classifier The action...

Page 326: ...ess of the gateway The gateway is an immediate neighbor of your Switch that will forward the packet to the destination Add Click Add to insert the entry in the summary table below and save your change...

Page 327: ...ved The Version field controls the format and the broadcasting method of the RIP packets that the Switch sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carrie...

Page 328: ...lication RIP The following table describes the labels in this screen Table 111 Default Distance Value ROUTE SOURCE ADMINISTRATIVE DISTANCE Local 0 Static 1 OSPF 110 RIP 120 Table 112 IP Application RI...

Page 329: ...ng Both and None Version Select the RIP version from the drop down list box Choices are RIP 1 RIP 2B and RIP 2M Apply Click Apply to save your changes to the Switch s run time memory The Switch loses...

Page 330: ...Chapter 36 RIP XGS 4526 4528F 4728F User s Guide 330...

Page 331: ...routing protocols such as RIP The following table summarizes some of the major differences between OSPF and RIP 37 1 1 OSPF Autonomous Systems and Areas An OSPF autonomous system AS can be divided in...

Page 332: ...ths to network destinations Layer 3 devices build a synchronized link state database by exchanging Hello messages to confirm which neighbor layer 3 devices exist and then they exchange database descri...

Page 333: ...ection is fine but in some situations it must be controlled In the following figure only router A has direct connectivity with all the other routers on the network segment Routers B and C do not have...

Page 334: ...isplay the screen as shown next See Section 37 1 on page 331 for more information on OSPF Figure 161 IP Application OSPF Status The following table describes the labels in this screen Table 115 IP App...

Page 335: ...is used in the designated router election Designated Router This field displays the router ID of the designated router Backup Designated Router This field displays the router ID of a backup designated...

Page 336: ...field displays the time in seconds since the last LSA was sent Seq This field displays the link sequence number of the LSA Checksum This field displays the checksum value of the LSA Link Count This fi...

Page 337: ...e that is assigned to routes learned by OSPF The lower the administrative distance value is the more preferable the routing protocol is See Section 36 1 1 on page 327 for more information about admini...

Page 338: ...Authenticati on Select an authentication method Simple or MD5 to activate authentication Select None default to disable authentication Usually interface s and virtual interface s should use the same a...

Page 339: ...s turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this...

Page 340: ...ed protocol Type Select 1 for routing protocols such as RIP whose external metrics are directly comparable to the internal OSPF cost When selecting a path the internal OSPF cost is added to the AB bou...

Page 341: ...mple you can use 192 168 8 0 22 instead of using 192 168 8 0 24 192 168 9 0 24 192 168 10 0 24 and 192 168 11 0 24 The third octet of these four network IP addresses is 00001000 00001001 00001010 0000...

Page 342: ...n you want to use Key When you select Simple in the Authentication field enter a password eight character long Characters after the eighth character will be ignored When you select MD5 in the Authenti...

Page 343: ...t This field displays the interface cost used for calculating the routing table Priority This field displays the priority for this OSPF interface Delete Click Delete to remove the selected entry from...

Page 344: ...sword eight character long When you select MD5 in the Authentication field enter a password 16 character long Add Click Add to save your changes to the Switch s run time memory The Switch loses these...

Page 345: ...ip between a multicast server multicast routers and multicast hosts A multicast server transmits multicast packets and multicast routers forward multicast packets to multicast hosts Figure 168 IP Mult...

Page 346: ...ersion 1 to version 3 IGMP version 1 defines how a multicast router checks to see if any multicast hosts are part of a multicast group It checks for group membership by sending out an IGMP Query packe...

Page 347: ...and multicast server Z IP address 13 2 2 2 both send multicast traffic to the same multicast group identified by the multicast IP address 225 1 1 1 In IGMP version 3 multicast host A can join multica...

Page 348: ...has not recorded any group members Select Drop to discard the frame s Select Flooding to send the frame s to all ports Index This field displays an index number of an entry Network This field displays...

Page 349: ...t have IGMP enabled when you enable DVMRP otherwise you see the screen as in Figure 175 on page 351 39 2 How DVMRP Works DVMRP uses the Reverse Path Multicasting RPM algorithm to generate an IP Multic...

Page 350: ...lticast routing table that is used to build source trees and also perform Reverse Path Forwarding RPF checks on incoming multicast packets RPF checks prevent duplicate packets being filtered when loop...

Page 351: ...fic This applies only to multicast traffic this Switch sends out Index Index is the DVMRP configuration for the IP routing domain defined under Network The maximum number of DVMRP configurations allow...

Page 352: ...VID Error Message 39 4 Default DVMRP Timer Values The following are some default DVMRP timer values Table 125 DVMRP Default Timer Values DVMRP FIELD DEFAULT VALUE Probe interval 10 sec Report interval...

Page 353: ...kets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or g...

Page 354: ...ld be to give higher drop precedence to one traffic flow over others In our example packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Plat...

Page 355: ...network Green low loss priority level packets are forwarded TRTCM operates in one of two modes color blind or color aware In color blind mode packets are marked based on evaluating against the PIR an...

Page 356: ...luated against the PIR Only the packets marked green are first evaluated against the PIR and then if they don t exceed the PIR level are they evaluated against the CIR Figure 181 TRTCM Color aware Mod...

Page 357: ...t on the Switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustmen...

Page 358: ...ed high loss priority colored packets Mode Select color blind to have the Switch treat all incoming packets as uncolored All incoming packets are evaluated against the CIR and PIR Select color aware t...

Page 359: ...hey are marked via TRTCM green Specify the DSCP value to use for packets with low packet loss priority yellow Specify the DSCP value to use for packets with medium packet loss priority red Specify the...

Page 360: ...le 129 IP Application DiffServ DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop...

Page 361: ...ally 41 1 1 DHCP Modes The Switch can be configured as a DHCP server or DHCP relay agent If you configure the Switch as a DHCP server it will maintain the pool of IP addresses along with subnet masks...

Page 362: ...onfiguration to view the screen as shown Use Table 130 IP Application DHCP Status LABEL DESCRIPTION Server Status This section displays configuration settings related to the Switch s DHCP server mode...

Page 363: ...gateway value sent to clients from this DHCP server instance Primary DNS Server This field displays the primary DNS server value sent to clients from this DHCP server instance Secondary DNS Server Thi...

Page 364: ...equests that it relays to a DHCP server by adding Relay Agent Information This helps provide authentication about the source of the requests The DHCP server can then provide an IP address based on thi...

Page 365: ...tation Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information...

Page 366: ...s the DHCP clients in both domains Figure 188 Global DHCP Relay Network Example Configure the DHCP Relay screen as shown Make sure you select the Option 82 check box to set the Switch to send addition...

Page 367: ...each VLAN that you want to configure DHCP settings for on the Switch See Section 8 6 on page 110 for information on how to do this Figure 190 IP Application DHCP VLAN The following table describes the...

Page 368: ...o client DHCP requests that it relays to a DHCP server Informati on This read only field displays the system name you configure in the General Setup screen Select the check box for the Switch to add t...

Page 369: ...servers are installed to serve each VLAN The system is set up to forward DHCP requests from the dormitory rooms VLAN 1 to the DHCP server with an IP address of 192 168 1 100 Requests from the academi...

Page 370: ...Chapter 41 DHCP XGS 4526 4528F 4728F User s Guide 370 For the example network configure the VLAN Setting screen as shown Figure 192 DHCP Relay for Two VLANs Configuration Example EXAMPLE...

Page 371: ...ays available In VRRP a virtual router VR represents a number of physical layer 3 devices An IP address is associated with the virtual router A layer 3 device having the same IP address is the preferr...

Page 372: ...Click IP Application VRRP in the navigation panel to display the VRRP Status screen as shown next Figure 194 IP Application VRRP Status The following table describes the labels in this screen 172 21 1...

Page 373: ...ch functions as the master router This field is Backup indicating that this Switch functions as a backup router This field displays Init when this Switch is initiating the VRRP protocol or when the Up...

Page 374: ...t of an IP domain Authenticati on Select None to disable authentication This is the default setting Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface Key W...

Page 375: ...All routers participating in the virtual router must use the same advertisement interval 42 3 2 2 Priority Configure the priority level 1 to 254 to set which backup router to take over in case the ma...

Page 376: ...outer number 1 to 7 for which this VRRP entry is created You can configure up to seven virtual routers for one network Advertisement Interval Specify the number of seconds between Hello message transm...

Page 377: ...ar Click Clear to set the above fields back to the factory defaults Table 137 IP Application VRRP Configuration VRRP Parameters continued LABEL DESCRIPTION Table 138 VRRP Configuring VRRP Parameters L...

Page 378: ...00 The host computer X is set to use VR1 as the default gateway Figure 198 VRRP Configuration Example One Virtual Router Network You want to set switch A as the master router Configure the VRRP parame...

Page 379: ...s in the two network groups use different default gateways Each switch is configured to backup a virtual router using VRRP You wish to configure switch A as the master router for virtual router VR1 an...

Page 380: ...e 204 VRRP Example 2 VRRP Parameter Settings for VR2 on Switch A Figure 205 VRRP Example 2 VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration the VRRP Stat...

Page 381: ...t to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts th...

Page 382: ...e ARP reply from host B it updates its ARP table and also forwards host A s ICMP request to host B After the Switch gets the ICMP reply from host B it sends out an ARP request to get host A s MAC addr...

Page 383: ...1 2 3 ARP Request When the Switch is in ARP Request learning mode it updates the ARP table with both ARP replies gratuitous ARP requests and ARP requests Therefore in the following example the Switch...

Page 384: ...make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon...

Page 385: ...memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring...

Page 386: ...Chapter 43 ARP Learning XGS 4526 4528F 4728F User s Guide 386...

Page 387: ...g paths 1 2 and 3 of equal path cost This allows you to balance or share traffic loads between multiple routing paths when the Switch is connected to more than one next hop ECMP works with static rout...

Page 388: ...acket s source and destination IP addresses into a hash value which acts as an index to a route path Aging Time Specify the time interval from 0 to 86400 in increments of 10 in seconds at which the Sw...

Page 389: ...ment Maintenance The following table describes the labels in this screen Table 141 Management Maintenance LABEL DESCRIPTION Current This field displays which configuration Configuration 1 or Configura...

Page 390: ...d to change the IP address of your computer to be in the same subnet as that of the default Switch IP address 192 168 1 1 45 3 Save Configuration Click Config 1 to save the current configuration setti...

Page 391: ...one Config 1 or configuration two Config 2 when you reboot Follow the steps below to reboot the Switch 1 In the Maintenance screen click the Config 1 button next to Reboot System to reboot and load co...

Page 392: ...rmware After the firmware upgrade process is complete see the System Info screen to verify your current firmware version number 45 6 Restore a Configuration File Restore a previously saved configurati...

Page 393: ...splay the Save As screen 3 Choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the c...

Page 394: ...of both files for later use Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 45 8 2 FTP Command Line Procedure 1 Launch the FTP client on your...

Page 395: ...strictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote Management screen does not match the client IP address If it does not mat...

Page 396: ...Chapter 45 Maintenance XGS 4526 4528F 4728F User s Guide 396...

Page 397: ...essions are allowed A console port access control session and Telnet access control session cannot coexist when multi login is disabled See the Ethernet Switch CLI Reference Guide for more information...

Page 398: ...ed network consists of two main components agents and a manager An agent is a management software module that resides in a managed Switch the Switch An agent translates the local management informatio...

Page 399: ...MIBs let administrators collect statistics and monitor status and performance The Switch supports the following MIBs SNMP MIB II RFC 1213 RFC 1157 SNMP v1 RFC 1493 Bridge MIBs RFC 1643 Ethernet MIBs...

Page 400: ...with 1 3 6 1 4 1 890 1 5 8 46 are specific to the XGS 4728F switch Table 146 SNMP System Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION coldstart coldStart 1 3 6 1 6 3 1 1 5 1 This trap is sent when...

Page 401: ...above or below the normal operating range VoltageEventClear 1 3 6 1 4 1 890 1 5 8 52 3 1 2 2 1 3 6 1 4 1 890 1 5 8 39 3 1 2 2 1 3 6 1 4 1 890 1 5 8 46 3 1 2 2 This trap is sent when the voltage return...

Page 402: ...ion lock occurs on a port loopguard LoopguardEventOn 1 3 6 1 4 1 890 1 5 8 52 3 1 2 1 1 3 6 1 4 1 890 1 5 8 39 3 1 2 1 1 3 6 1 4 1 890 1 5 8 46 3 1 2 1 This trap is sent when loopguard shuts down a po...

Page 403: ...en the Ethernet link is down autonegotiati on AutonegotiationFailedEven tOn 1 3 6 1 4 1 890 1 5 8 52 31 2 1 1 3 6 1 4 1 890 1 5 8 39 31 2 1 1 3 6 1 4 1 890 1 5 8 46 31 2 1 This trap is sent when an Et...

Page 404: ...ice operating parameters return to the normal operating range Table 147 SNMP InterfaceTraps continued OPTION OBJECT LABEL OBJECT ID DESCRIPTION Table 148 AAA Traps OPTION OBJECT LABEL OBJECT ID DESCRI...

Page 405: ...US accounting server can be reached Table 148 AAA Traps continued OPTION OBJECT LABEL OBJECT ID DESCRIPTION Table 149 SNMP IP Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION ping pingProbeFailed 1 3 6...

Page 406: ...1 2 1 17 0 2 This trap is sent when the STP topology changes MRSTPTopologyChange 1 3 6 1 4 1 890 1 5 8 52 4 2 2 2 1 3 6 1 4 1 890 1 5 8 39 4 2 2 2 1 3 6 1 4 1 890 1 5 8 46 4 2 2 2 This trap is sent wh...

Page 407: ...1 16 0 2 This trap is sent when the variable falls below the RMON falling threshold cfm dot1agCfmFaultAlarm 1 3 111 2 802 1 1 8 0 1 The trap is sent when the Switch detects a connectivity fault Table...

Page 408: ...estination Use this section to configure where to send SNMP traps from the Switch Version Specify the version of the SNMP trap messages IP Enter the IP addresses of up to four managers to send your SN...

Page 409: ...SNMP manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See Section...

Page 410: ...witch Security Level Select whether you want to implement authentication and or encryption for SNMP communication from this user Choose noauth to use the username as the password string to send to the...

Page 411: ...ve read rights only meaning the user can collect information from the Switch Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Swit...

Page 412: ...me is something other than admin is someone who can view but not configure Switch settings Click Management Access Control Logins to view the screen as shown Figure 221 Management Access Control Login...

Page 413: ...igher privileges via the CLI For more information on assigning privileges see the Ethernet Switch CLI Reference Guide User Name Set a user name up to 32 ASCII characters long Password Enter your new s...

Page 414: ...server The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client automatical...

Page 415: ...r Secure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensur...

Page 416: ...ontrol screen then the Switch blocks all HTTP connection attempts 46 9 HTTPS Example If you haven t changed the default HTTPS port on the Switch then in your browser enter https Switch IP Address as t...

Page 417: ...Figure 225 Security Alert Dialog Box Internet Explorer 46 9 2 Netscape Navigator Warning Messages When you attempt to access the Switch HTTPS server a Website Certified by an Unknown Authority screen...

Page 418: ...4728F User s Guide 418 Select Accept this certificate permanently to import the Switch s certificate into the SSL client Figure 226 Security Certificate 1 Netscape Figure 227 Security Certificate 2 N...

Page 419: ...Switch main screen appears The lock displayed in the bottom right of the browser status bar denotes a secure connection Figure 228 Example Lock Denoting a Secure Connection 46 10 Service Port Access...

Page 420: ...s the Switch Service Port For Telnet SSH FTP HTTP or HTTPS services you may change the default service port by typing the new port number in the Server Port field If you change the default port number...

Page 421: ...a group of one or more trusted computers from which an administrator may use a service to manage the Switch Active Select this check box to activate this secured client set Clear the check box if you...

Page 422: ...The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel...

Page 423: ...open this screen Use this screen to check system logs ping IP addresses or perform port tests Figure 231 Management Diagnostic The following table describes the labels in this screen Table 157 Manage...

Page 424: ...a device that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address in the field to the left Ethernet Port Test Enter a port number and click Port Test to pe...

Page 425: ...log message has a facility and severity level The syslog facility identifies a file in the syslog server Refer to the documentation of your syslog program for details The following table describes the...

Page 426: ...og setting Logging Type This column displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding categor...

Page 427: ...the more critical the logs are Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navi...

Page 428: ...sername username SP_SYSLOG_TYPE_AAA SYSLOG_NOTICE Console authentication failure username username SP_SYSLOG_TYPE_AAA SYSLOG_NOTICE HTTP s authentication failure username username SP_SYSLOG_TYPE_AAA S...

Page 429: ...SYSLOG_TYPE_AAA SYSLOG_WARNING 802 1x Ingress bandwidth bandwidth is out of range User name username NAS Port port SP_SYSLOG_TYPE_AAA SYSLOG_WARNING 802 1x Egress bandwidth bandwidth is out of range U...

Page 430: ...rt port Current Value value SP_SYSLOG_TYPE_INTE RFACE SYSLOG_NOTICE Temperature Under Alarm Low Threshold threshold On Port port Current Value value SP_SYSLOG_TYPE_INTE RFACE SYSLOG_NOTICE Temperature...

Page 431: ...ICE RxPower Over Warn High Threshold threshold On Port port Current Value value SP_SYSLOG_TYPE_INTE RFACE SYSLOG_NOTICE RxPower Under Alarm Low Threshold threshold On Port port Current Value value SP_...

Page 432: ...g probe to target ip address failed SP_SYSLOG_TYPE_IP SYSLOG_INFO Ping test to target ip address failed SP_SYSLOG_TYPE_IP SYSLOG_INFO Ping test to target ip address completed SP_SYSLOG_TYPE_IP SYSLOG_...

Page 433: ...SP_SYSLOG_TYPE_SWIT CH SYSLOG_NOTICE External alarm input index clear SP_SYSLOG_TYPE_SWIT CH SYSLOG_NOTICE System reboot SP_SYSLOG_TYPE_SWIT CH SYSLOG_NOTICE MSTP instance instance ID new root SP_SYSL...

Page 434: ...Index index and MD Index index has no defects SP_SYSLOG_TYPE_SWIT CH SYSLOG_WARNING CFM MEP ID index with MA Index index and MD Index index has XconCCM defect ErrorCCM defect RemoteCCM defect MACstatu...

Page 435: ...nnected and be in the same VLAN group so as to be able to communicate with one another Table 162 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models C...

Page 436: ...manager and the other switches on the upper floors of the building are cluster members Figure 234 Clustering Application Example 49 2 Cluster Management Status Click Management Cluster Management in t...

Page 437: ...plays the cluster manager switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switc...

Page 438: ...r Management XGS 4526 4528F 4728F User s Guide 438 configurator home page and the home page that you d see if you accessed it directly are different Figure 236 Cluster Management Cluster Member Web Co...

Page 439: ...00 a0 c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 370lt0 bin fw...

Page 440: ...witches that are set to be cluster managers will not be visible in the Clustering Candidates list If a switch that was previously a cluster member is later set to become a cluster manager then its Sta...

Page 441: ...managed from the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below If multiple devices have the same...

Page 442: ...Chapter 49 Cluster Management XGS 4526 4528F 4728F User s Guide 442...

Page 443: ...is dynamic learned by the Switch or static manually entered in the Static MAC Forwarding screen The Switch uses the MAC Table to determine how to forward frames See the following figure 1 The Switch...

Page 444: ...it filters the frame Figure 239 MAC Table Flowchart 50 2 Viewing the MAC Table Click Management MAC Table in the navigation panel to display the following screen Use this screen to search specific MA...

Page 445: ...elect the criteria here into the static MAC forwarding table see Section 10 2 on page 137 The type of the MAC address es will be changed to static Select Dynamic to MAC filtering and click Transfer to...

Page 446: ...Chapter 50 MAC Table XGS 4526 4528F 4728F User s Guide 446...

Page 447: ...learned by the Switch or static belonging to the Switch The Switch uses the IP Table to determine how to forward packets See the following figure 1 The Switch examines a received packet and learns th...

Page 448: ...bes the labels in this screen Table 167 Management IP Table LABEL DESCRIPTION Sort by Click one of the following buttons to display and arrange the data according to that button type The information i...

Page 449: ...ongs Port This is the port from which the above IP address was learned This field displays CPU to indicate the IP address belongs to the Switch Type This shows whether the IP address is dynamic learne...

Page 450: ...Chapter 51 IP Table XGS 4526 4528F 4728F User s Guide 450...

Page 451: ...witch s ARP program looks in the ARP Table and if it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Sw...

Page 452: ...ed IP address Select Port and enter a port number to remove the dynamic entries learned on the specified port Flush Click Flush to remove the ARP entries according to the condition you specified Cance...

Page 453: ...the navigation panel to display the screen as shown Figure 244 Management Routing Table The following table describes the labels in this screen Table 169 Management Routing Table LABEL DESCRIPTION Ind...

Page 454: ...Chapter 53 Routing Table XGS 4526 4528F 4728F User s Guide 454...

Page 455: ...how you can copy the settings of one port onto other ports 54 1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Manag...

Page 456: ...Example 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings configured in the Basic S...

Page 457: ...s turned on in DC models or if the DC power supply is connected in AC DC models 2 Make sure you are using the power adaptor or cord included with the Switch 3 Make sure the power adaptor or cord is co...

Page 458: ...37 3 Inspect your cables for damage Contact the vendor to replace any damaged cables 4 Turn the Switch off and on in DC models or if the DC power supply is connected in AC DC models 5 Disconnect and r...

Page 459: ...the hardware connections and make sure the LEDs are behaving as expected See Section 3 3 on page 45 3 Make sure your Internet browser does not block pop up windows and has JavaScripts and Java enabled...

Page 460: ...ows JavaScripts and Java Permissions In order to use the web configurator you need to allow Web browser pop up windows from your device JavaScripts enabled by default Java permissions enabled by defau...

Page 461: ...gs after I restart the Switch Make sure you save your configuration into the Switch s nonvolatile memory each time you make changes Click Save at the top right corner of the web configurator to save t...

Page 462: ...Chapter 55 Troubleshooting XGS 4526 4528F 4728F User s Guide 462...

Page 463: ...2 3 A max 80 W consumption There is no tolerance for the DC input voltage One Backup Power Supply BPS connector Interfaces XGS 4526 20 Gigabit Ethernet GbE copper ports plus 4 Dual Personality interf...

Page 464: ...bps Amber 100 Mbps mini GBIC 1000Base T LEDs steady link state blinking transmitting receiving Operating Environment Temperature 0 C 45 C 32 F 113 F Humidity 10 90 non condensing Storage Environment T...

Page 465: ...he Switch assign IP addresses an IP default gateway and DNS servers to computers on your network IGMP Snooping The Switch supports IGMP snooping enabling group multicast traffic to be only forwarded t...

Page 466: ...protocol with IP Multicast support and the IGMP protocol VRRP Virtual Router Redundancy Protocol VRRP defined in RFC 2338 allows you to create redundant backup gateways to ensure that the default gate...

Page 467: ...ng sample data and packet statistics from traffic and send information to an sFlow collector for analysis PPPoE IA With the PPPoE Intermediate Agent enabled the Switch can give a PPPoE termination ser...

Page 468: ...rrupted packets STP IEEE 802 1w Rapid Spanning Tree Protocol RSTP Multiple Rapid Spanning Tree capability 4 configurable trees IEEE 802 1s Multiple Spanning Tree Protocol BPDU transparency Smart isola...

Page 469: ...orwarding IPv6 MLD snooping proxy XGS 4728F only DHCPv6 client and relay ICMPv6 IPv6 Path MTU NDP host and router IPv6 address stateless auto configuration host and router IPv6 static route Routing pr...

Page 470: ...P snooping ARP inspection MAC authentication Guest VLAN PPPoE IA and option 82 Configurable ARP learning mode Management IEEE 802 3ah OAM IEEE 802 1AB LLDP IEEE 802 1ag CFM Loop guard Password encrypt...

Page 471: ...Internet Group Management Protocol Version 3 RFC 3414 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMP v3 RFC 3580 RADIUS Tunnel Protocol Attribute IEEE 802...

Page 472: ...Chapter 56 Product Specifications XGS 4526 4528F 4728F User s Guide 472...

Page 473: ...rther information about port numbers If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation of...

Page 474: ...4000 This is a popular Internet chat program IGMP MULTICAST User Defined 2 Internet Group Multicast Protocol is used when sending packets to a specific group of hosts IKE UDP 500 The Internet Key Exch...

Page 475: ...eal Time Streaming media control Protocol RTSP is a remote control for multimedia on the Internet SFTP TCP 115 Simple File Transfer Protocol SMTP TCP 25 Simple Mail Transfer Protocol is the message ex...

Page 476: ...TCP IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP...

Page 477: ...arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves th...

Page 478: ...device in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense CE Mark Warning This is a class A product I...

Page 479: ...red with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in li...

Page 480: ...Appendix B Legal Information XGS 4526 4528F 4728F User s Guide 480...

Page 481: ...262 configuring 263 syslog messages 263 trusted ports 263 AS Boundary Router 332 authentication 338 and OSPF 337 and RADIUS 244 setup 249 authorization privilege levels 251 setup 249 automatic VLAN re...

Page 482: ...See port cloning copyright 477 CPU management port 132 CPU protection configuration 310 overview 309 current date 105 current time 105 D Database Description DD 332 daylight saving time 105 default g...

Page 483: ...nterference statement 477 file transfer using FTP command example 394 filename convention configuration configuration file names 393 filtering 145 rules 145 filtering database MAC table 443 firmware 1...

Page 484: ...ternet Protocol version 6 see IPv6 introduction 27 IP capability 469 interface 110 373 routing domain 110 services 469 setup 110 IP multicast example 345 IP source guard 259 ARP inspection 259 262 DHC...

Page 485: ...reen 389 Management Information Base MIB 398 management port 135 managing the device good habits 31 using FTP See FTP using SNMP See SNMP using Telnet See command interface using the command interface...

Page 486: ...teps 333 general settings 336 how it works 332 interface 332 334 341 link state database 332 335 network example 332 priority 333 redistribute route 340 route cost 338 router elections 333 router ID 3...

Page 487: ...priority queue assignment 109 private VLAN 315 configuration 316 isolated port 315 overview 315 promiscuous port 315 product registration 479 protocol based VLAN 128 and IEEE 802 1Q tagging 128 exampl...

Page 488: ...ation 410 411 communities 408 management model 398 manager 398 MIB 399 network components 398 object variables 398 protocol operations 399 security 410 411 setup 407 traps 409 users 410 version 3 and...

Page 489: ...log 423 system reboot 391 T TACACS 244 setup 247 TACACS Terminal Access Controller Access Control System Plus 243 tagged VLAN 117 temperature 464 temperature indicator 102 time current 105 time zone...

Page 490: ...6 VLAN mapping 287 activating 288 configuration 289 example 287 priority level 287 tagged 287 traffic flow 287 untagged 287 VLAN ID 287 VLAN number 112 VLAN stacking 219 221 configuration 222 example...

Page 491: ...Index XGS 4526 4528F 4728F User s Guide 491 Weighted Round Robin Scheduling WRR 216 WFQ Weighted Fair Queuing 216 WRR Weighted Round Robin Scheduling 216 Z ZyNOS ZyXEL Network Operating System 394...

Reviews:

No comments