manualshive.com logo in svg

ZyXEL Communications XGS2220 Series, User Manual

Get the best out of your ZyXEL Communications XGS2220 Series with our comprehensive User Manual. Download it for free from manualshive.com and explore all the features and settings of this exceptional product. Maximize your device's potential and ensure a smooth operating experience with our detailed and easy-to-follow manual.

Share
Download
background image

Chapter 66 Access Control

XGS2220 Series User’s Guide

446

Note: Make sure to enable 

Password Encryption

 to avoid displaying passwords as plain text in 

the configuration file.

Note: Be careful who can access configuration files with plain text passwords!

Password Encryption

 encrypts all passwords in the configuration file. However, if you want to show some 

passwords as plain text in the configuration file, select them as below:

Authentication

 information configured for 

Authentication

 in the 

SECURITY

 > 

AAA

 > 

AAA Setup

 screen 

(

Method 1

/

2

/

3

 

setting in the 

Privilege Enable

 and 

Login

 fields).

Authorization

 information configured for 

Authorization

 in the 

SECURITY

 > 

AAA

 > 

AAA Setup

 screen 

(

Active

/

Console

/

Method

 setting in the 

Exec

 and 

Dot1x

 fields).

Server

 information configured for 

Authentication Server

 in the 

SECURITY

 > 

AAA

 > 

RADIUS Server Setup

 

screen, and for 

Authentication Server

 in the 

SECURITY

 > 

AAA

 > 

Server Setup

 screen (

Mode

/

Timeout

 fields).

System

 account information configured in the Switch (admin, user login name, and password).

SNMP

 user account information configured in the 

SYSTEM

 > 

SNMP

 > 

SNMP

 

User

 screen (password for 

SNMP user authentication in the 

Authentication

 field, and the password for the encryption method for 

SNMP communication in the 

Privacy

 field).

Note: The passwords will appear as encrypted text when 

Password Encryption

 is 

Active

.

Click 

SECURITY

 > 

Access Control 

Account Security 

to view the screen as shown next.

Figure 328   

SECURITY > Access Control > Account Security

Summary of Contents for XGS2220 Series

Page 1: ...s 30 54 port GbE SFP Smart Managed Layer 3 Switch Copyright 2022 Zyxel and or its affiliates All Rights Reserved LAN IP Address http setup zyxel or http DHCP assigned IP or http 192 168 1 1 User Name admin Password 1234 Version 4 80 Edition 1 07 2022 ...

Page 2: ...ocumentation Quick Start Guide The Quick Start Guide shows how to connect the Switch CLI Reference Guide This guide explains how to use the Command Line Interface CLI to configure the Switch Note It is recommended you use the Web Configurator to configure the Switch Web Configurator Online Help Click the help link for a description of the fields in the Switch menus Nebula Control Center NCC User s...

Page 3: ...ide Product labels screen names field labels and field choices are all in bold font A right angle bracket within a screen name denotes a mouse click For example SYSTEM IP Setup Network Proxy Configuration means you first click SYSTEM in the navigation panel then the IP Setup sub menu then Network Proxy Configuration to get to that screen Icons Used in Figures Figures in this user guide may use the...

Page 4: ...17 MONITOR 122 ARP Table 123 IP Table 125 IPv6 Neighbor Table 127 MAC Table 129 Neighbor 132 Path MTU Table 136 Port Status 137 Routing Table 145 System Information 147 System Log 150 SYSTEM 152 Cloud Management 153 General Setup 157 Interface Setup 161 IP Setup 163 IPv6 170 Logins 187 SNMP 189 Switch Setup 198 Syslog Setup 201 Time Range 204 PORT 207 Auto PD Recovery 208 Flex Link 213 Green Ether...

Page 5: ...ty Queue 330 Bandwidth Control 332 sFlow 334 Spanning Tree Protocol 338 Static MAC Filtering 362 Static MAC Forwarding 364 VLAN 366 VLAN Isolation 390 VLAN Mapping 393 VLAN Stacking 397 NETWORKING 404 ARP Setup 405 DHCP 411 Static Route 424 SECURITY 428 AAA 429 Access Control 443 Classifier 453 Policy Rule 462 Anti Arpscan 468 BPDU Guard 474 Storm Control 477 Error Disable 479 IP Source Guard 485 ...

Page 6: ...Contents Overview XGS2220 Series User s Guide 6 Networked AV Mode 556 Troubleshooting and Appendices 616 Troubleshooting 617 ...

Page 7: ...plication 35 1 2 2 Backbone Example Application 36 1 2 3 Bridging Example Application 36 1 2 4 High Performance Switching Example 37 1 2 5 IEEE 802 1Q VLAN Application Examples 37 1 2 6 IPv6 Support 38 1 3 Ways to Manage the Switch 38 1 4 Good Habits for Managing the Switch 39 Chapter 2 Hardware Installation and Connection 40 2 1 Installation Scenarios 40 2 2 Safety Precautions 40 2 3 Freestanding...

Page 8: ...3 Zyxel One Network ZON Utility 62 4 3 1 Requirements 62 4 3 2 Run the ZON Utility 62 4 4 Networked AV Mode Wizard 66 4 4 1 Basic Settings 66 4 4 2 Advanced Settings 71 4 5 Wizard 76 4 5 1 Basic 77 4 5 2 Protection 82 4 5 3 VLAN 84 4 5 4 QoS 85 4 6 Web Configurator Layout 86 4 6 1 Tables and Lists 95 4 6 2 Change Your Password 96 4 7 Save Your Configuration 97 4 8 Switch Lockout 97 4 9 Reset the S...

Page 9: ...4 Relay 112 6 3 4 Troubleshooting 113 6 4 How to Use Auto Configuration through a DHCP Server on the Switch 113 Chapter 7 DASHBOARD 117 7 1 New User Interface 117 7 2 DASHBOARD 117 7 2 1 Port Status 120 7 2 2 Quick Links to Use 120 Chapter 8 MONITOR 122 Chapter 9 ARP Table 123 9 1 ARP Table Overview 123 9 1 1 What You Can Do 123 9 1 2 What You Need to Know 123 9 2 Viewing the ARP Table 123 Chapter...

Page 10: ...ath MTU Table 136 14 1 Path MTU Overview 136 14 2 Viewing the Path MTU Table 136 Chapter 15 Port Status 137 15 0 1 What You Can Do 137 15 1 Port Status 137 15 1 1 Port Details 138 15 2 DDMI 141 15 2 1 DDMI Details 141 15 3 Port Utilization 143 Chapter 16 Routing Table 145 16 1 Routing Table Overview 145 16 1 1 What You Can Do 145 16 2 IPv4 Routing Table 145 16 3 IPv6 Routing Table 146 Chapter 17 S...

Page 11: ...terfaces 162 Chapter 23 IP Setup 163 23 1 IP Setup Overview 163 23 1 1 What You Can Do 163 23 1 2 IP Interfaces 163 23 2 IP Status 164 23 2 1 IP Status Details 164 23 3 IP Setup 166 23 3 1 Add Edit IP Interfaces 167 23 4 Network Proxy Configuration 168 Chapter 24 IPv6 170 24 1 IPv6 Overview 170 24 1 1 What You Can Do 170 24 2 IPv6 Status 170 24 2 1 IPv6 Interface Status Details 171 24 3 IPv6 Globa...

Page 12: ...185 Chapter 25 Logins 187 25 1 Set Up Login Accounts 187 Chapter 26 SNMP 189 26 1 SNMP Overview 189 26 1 1 What You Can Do 189 26 2 Configure SNMP 189 26 3 Configure SNMP User 191 26 3 1 Add Edit SNMP User 191 26 4 Configure SNMP Trap Group 193 26 5 Enable or Disable Sending of SNMP Traps on a Port 194 26 6 Technical Reference 194 26 6 1 About SNMP 195 Chapter 27 Switch Setup 198 27 1 Switch Setup...

Page 13: ...1 What You Can Do 213 32 2 Flex Link Status 213 32 3 Flex Link Setup 214 32 3 1 Add Edit Flex Link 215 Chapter 33 Green Ethernet 216 33 1 Green Ethernet Overview 216 33 2 Configuring Green Ethernet 216 Chapter 34 Link Aggregation 218 34 1 Link Aggregation Overview 218 34 1 1 What You Can Do 218 34 1 2 What You Need to Know 218 34 2 Link Aggregation Status 219 34 3 Link Aggregation Setting 221 34 4...

Page 14: ...licy 244 35 10 LLDP MED Location 245 35 10 1 Add Edit LLDP MED Location 245 Chapter 36 OAM 248 36 1 OAM Overview 248 36 1 1 What You Can Do 248 36 2 OAM Status 248 36 2 1 OAM Details 249 36 3 OAM Setup 253 36 4 OAM Remote Loopback 254 Chapter 37 PoE Setup 256 37 1 PoE Status for PoE models only 256 37 2 PoE Setup 258 37 3 PoE Time Range Setup 262 37 3 1 Add Edit PoE Time Range 262 Chapter 38 Port ...

Page 15: ...Chapter 44 Mirroring 280 44 1 Mirroring Overview 280 44 1 1 What You Need to Know 280 44 2 Local Port Mirroring 280 Chapter 45 Multicast 282 45 1 Multicast Overview 282 45 1 1 What You Can Do IPv4 Multicast 282 45 1 2 What You Can Do IPv6 Multicast 282 45 1 3 What You Can Do MVR 283 45 1 4 What You Need to Know 283 45 2 IPv4 Multicast Status 286 45 3 IGMP Snooping 287 45 4 IGMP Snooping VLAN 290 4...

Page 16: ... What You Need To Know 310 46 2 Static Multicast Forwarding By MAC 311 46 2 1 Add Edit Static Multicast Forwarding By MAC 312 46 3 Configure a Static Multicast IPv4 Address 312 46 3 1 Add Edit a Static Multicast Address By IP 313 Chapter 47 PPPoE 315 47 1 PPPoE Intermediate Agent Overview 315 47 1 1 What You Can Do 315 47 1 2 What You Need to Know 315 47 2 PPPoE Intermediate Agent 317 47 3 PPPoE I...

Page 17: ...Edit sFlow Collector 336 Chapter 53 Spanning Tree Protocol 338 53 1 Spanning Tree Protocol Overview 338 53 1 1 What You Can Do 338 53 1 2 What You Need to Know 338 53 2 Spanning Tree Protocol Status 341 53 3 Spanning Tree Setup 341 53 4 Rapid Spanning Tree Protocol Status 344 53 5 Configure Rapid Spanning Tree Protocol 346 53 6 Multiple Rapid Spanning Tree Protocol Status 348 53 7 Configure Multip...

Page 18: ...at You Can Do 366 56 1 2 What You Need to Know 366 56 2 Introduction to IEEE 802 1Q Tagged VLANs 367 56 3 VLAN Status 369 56 3 1 VLAN Details 370 56 4 Configure a Static VLAN 371 56 4 1 Add Edit a Static VLAN 372 56 5 VLAN Port Setup 373 56 6 Configure GVRP 375 56 7 Subnet Based VLANs 376 56 8 Configuring Subnet Based VLAN 377 56 8 1 Add Edit Subnet Based VLAN 377 56 9 Protocol Based VLANs 378 56 ...

Page 19: ...apping 395 Chapter 59 VLAN Stacking 397 59 1 VLAN Stacking Overview 397 59 1 1 VLAN Stacking Example 397 59 2 VLAN Stacking Port Roles 398 59 3 VLAN Tag Format 398 59 3 1 Frame Format 399 59 4 Configuring VLAN Stacking 399 59 5 Port Based Q in Q 401 59 6 Selective Q in Q 402 59 6 1 Add Edit Selective Q in Q 403 Chapter 60 NETWORKING 404 Chapter 61 ARP Setup 405 61 1 ARP Overview 405 61 1 1 What Yo...

Page 20: ... Static Route 424 63 1 Static Routing Overview 424 63 1 1 What You Can Do 424 63 2 IPv4 Static Route 425 63 2 1 Add Edit IPv4 Static Route 425 63 3 IPv6 Static Route 426 63 3 1 Add Edit IPv6 Static Route 427 Chapter 64 SECURITY 428 Chapter 65 AAA 429 65 1 Authentication Authorization and Accounting AAA 429 65 1 1 What You Can Do 429 65 1 2 What You Need to Know 429 65 2 RADIUS Server Setup 430 65 ...

Page 21: ...t a Classifier 456 67 4 Classifier Global Setting 459 67 5 Classifier Example 460 Chapter 68 Policy Rule 462 68 1 Policy Rules Overview 462 68 1 1 What You Can Do 462 68 1 2 DiffServ 462 68 1 3 DSCP and Per Hop Behavior 462 68 2 Policy Rules 463 68 2 1 Add Edit a Policy Rule 463 68 3 Policy Example 466 Chapter 69 Anti Arpscan 468 69 1 Anti Arpscan Overview 468 69 1 1 What You Can Do 468 69 1 2 Wha...

Page 22: ...82 72 5 Error Disable Recovery Setup 483 Chapter 73 IP Source Guard 485 73 1 IP Source Guard Overview 485 73 1 1 What You Can Do 485 73 1 2 What You Need to Know 485 73 2 IPv4 Source Guard 486 73 3 IPv4 Source Guard Static Binding 486 73 3 1 Add Edit IPv4 Source Guard Static Binding 488 Chapter 74 DHCP Snooping 489 74 1 DHCP Snooping Overview 489 74 1 1 What You Can Do 489 74 2 DHCP Snooping Statu...

Page 23: ...nooping Policy 512 75 13 IPv6 Snooping VLAN Setup 513 75 13 1 Add Edit an IPv6 Snooping VLAN 514 75 14 IPv6 DHCP Trust Setup 514 75 15 Technical Reference 516 75 15 1 ARP Inspection Overview 516 Chapter 76 Port Authentication 518 76 1 Port Authentication Overview 518 76 1 1 What You Can Do 518 76 1 2 What You Need to Know 519 76 1 3 MAC Authentication 519 76 2 Activate IEEE 802 1x Security 520 76 ...

Page 24: ...ring Management Setup 539 78 7 Technical Reference 541 78 7 1 Cluster Member Switch Management 541 78 8 Restore Configuration 543 78 9 Backup Configuration 543 78 10 Auto Configuration 544 78 11 Erase Running Configuration 545 78 12 Save Configuration 546 78 13 Configure Clone 547 78 14 Diagnostic 548 78 15 Firmware Upgrade 550 78 16 Reboot System 552 78 17 Tech Support 553 78 17 1 Tech Support Do...

Page 25: ...CHING 588 79 26 Port Mirroring 588 79 27 Multicast 589 79 27 1 What You Can Do 589 79 28 IPv4 Multicast Status 589 79 29 IGMP Snooping 590 79 30 IGMP Snooping VLAN 594 79 30 1 Add Edit IGMP Snooping VLANs 595 79 31 IGMP Filtering Profile 596 79 31 1 Add IGMP Filtering Profile 597 79 31 2 Add IGMP Filtering Rule 597 79 32 VLAN 598 79 32 1 What You Can Do 598 79 32 2 What You Need to Know 598 79 33 ...

Page 26: ...ot System 613 79 48 Tech Support 614 79 48 1 Tech Support Download 615 Part III Troubleshooting and Appendices 616 Chapter 80 Troubleshooting 617 80 1 Power Hardware Connections and LEDs 617 80 2 Switch Access and Login 618 80 3 Switch Configuration 620 Appendix A Customer Support 621 Appendix B Common Services 626 Appendix C IPv6 629 Appendix D Legal Information 638 Index 643 ...

Page 27: ...27 PART I User s Guide ...

Page 28: ...gh Telnet any terminal emulator program on the console port or third party SNMP management In addition Zyxel offers a proprietary software program called Zyxel One Network ZON Utility it is a utility tool that assists you to set up and maintain network devices in a more simple and efficient way You can download the ZON Utility at www zyxel com and install it on a computer All models are referred t...

Page 29: ...ccess Point AP only supports 2 5 Gigabit or 5 Gigabit connectivity then the maximum speed potential of these devices is never reached In addition at the time of writing most existing cabling is Cat 5e or Cat 6 further limiting maximum speed or distance potential Multi Gigabit IEEE 802 3bz solves these problems by additionally supporting 2 5 Gigabit and 5 Gigabit Ethernet connections over Cat 5e an...

Page 30: ... console port if available You can also use the domain name setup zyxel to access the Web Configurator when you are directly connected to the Switch Note Make sure your computer can connect to a DNS server through the Switch Use the Web Configurator to configure and manage the Switch directly in standalone mode or use Nebula Control Center NCC to configure and manage the Switch in cloud mode The N...

Page 31: ...andalone and Nebula cloud management modes You can find the Switch s datasheet at the Zyxel website See the NCC Nebula Control Center User s Guide for how to configure the Switch using Nebula Figure 2 NCC Example Network Topology 1 1 3 Mode Changing This section describes how to change the Switch s management mode Refer to the Switch s standalone mode User s Guide for LED descriptions including CL...

Page 32: ... Section on page 155 to download the app Click Start on the first page Click Create account to create a myZyxel account or enter your existing account information to log in 2 Create an organization and site or select an existing site using the Zyxel Nebula Mobile app 3 Select a site and scan the Switch s QR code or manually enter the information to add it to the site You can find the QR code On a ...

Page 33: ...n page 132 viewing managing and configuring the Switch and its neighboring devices is simplified In addition Zyxel offers a proprietary software program called Zyxel One Network ZON Utility it is a utility tool that assists you to set up and maintain network devices in a more simple and efficient way You can download the ZON Utility at www zyxel com and install it on a PC Windows operation system ...

Page 34: ...P Setups 1 1 6 PoE The Switch is a Power Sourcing Equipment PSE because it provides a source of power through its Ethernet ports Each device that receives power through an Ethernet port is a Powered Device PD The Switch can adjust the power supplied to each PD according to the PoE standard the PD supports PoE standards are IEEE 802 3af Power over Ethernet PoE IEEE 802 3at Power over Ethernet PoE I...

Page 35: ...ng PoE Power over Ethernet to Powered Devices PDs such as an IP camera a wireless router an IP telephone and a general outdoor router that are not within reach of a power outlet Figure 4 PoE Example Application Table 5 PoE Standards PoE FEATURES PoE PoE PoE IEEE Standard IEEE 802 3af IEEE 802 3at IEEE 802 3bt PoE Type Type 1 Type 2 Type 3 Switch Port Power Maximum Power Per Port 15 4 W 30 W 60 W P...

Page 36: ...rk simply add more networking devices such as switches routers computers print servers and so on Figure 5 Backbone Application 1 2 3 Bridging Example Application In this example the Switch connects different company departments RD and Sales to the corporate backbone It can alleviate bandwidth contention and eliminate server and network bottlenecks All users that need high bandwidth can connect to ...

Page 37: ...ng to group several physical ports into one logical higher capacity link Trunking can be used if for example it is cheaper to use multiple lower speed links than to under utilize a high speed but more costly single port link Figure 7 High Performance Switching 1 2 5 IEEE 802 1Q VLAN Application Examples A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple log...

Page 38: ...he time of writing the Switch supports the following features Static address assignment and stateless auto configuration Neighbor Discovery Protocol a protocol used to discover other IPv6 devices in a network Remote Management using ping SNMP SSH telnet HTTP and FTP services ICMPv6 to report errors encountered in packet processing and perform diagnostic functions such as ping IPv4 IPv6 dual stack ...

Page 39: ... Chapter 78 on page 537 ZON Utility ZON Utility is a program designed to help you deploy and perform initial setup on a network more efficiently See Section 4 3 on page 62 1 4 Good Habits for Managing the Switch Do the following regularly to make the Switch more secure and to manage the Switch more effectively Change the password Use a password that is not easy to guess and that consists of differ...

Page 40: ...ch and at least 5 cm of clearance on all four sides of the Switch This allows air circulation for cooling Do NOT block the ventilation holes nor store cables or power cords on the Switch Allow clearance for the ventilation holes to prevent your Switch from overheating This is especially crucial when your Switch does not have fans Overheating could affect the performance of your Switch or even dama...

Page 41: ...ace for air circulation 2 4 Mounting the Switch on a Rack The Switch can be mounted on an EIA standard size 19 inch rack or in a wiring closet with other equipment Follow the steps below to mount your Switch on a standard EIA rack using a rack mounting kit Note Make sure there is enough clearance between each equipment on the rack for air circulation 2 4 1 Installation Requirements Two mounting br...

Page 42: ...rews through the mounting bracket holes into the Switch 3 Repeat steps 1 and 2 to install the second mounting bracket on the other side of the Switch 4 You may now mount the Switch on a rack Proceed to the next section 2 4 4 Mounting the Switch on a Rack 1 Position a mounting bracket that is already attached to the Switch on one side of the rack lining up the two screw holes on the bracket with th...

Page 43: ...nd Connection XGS2220 Series User s Guide 43 the rack Note Make sure you tighten all the four screws to prevent the Switch from getting slanted 3 Repeat steps 1 and 2 to attach the second mounting bracket on the other side of the rack ...

Page 44: ...witch and shows you how to make the hardware connections 3 1 Front Panel Connections The following figures show the front panels of the Switch Figure 12 Front Panel XGS2220 30 Figure 13 Front Panel XGS2220 30HP Figure 14 Front Panel XGS2220 30F Figure 15 Front Panel XGS2220 54 Figure 16 Front Panel XGS2220 54HP Figure 17 Front Panel XGS2220 54FP ...

Page 45: ...er IEEE802 3at PoE 30 W ports Connect these ports to a PTZ pan tilt and zoom camera a WiFi 6 802 11ax router a WiFi 6 802 11ax AP or an Ethernet switch 8 1000Base T RJ 45 PoE Ports These are 10 100 1000Base T auto negotiating and auto crossover IEEE802 3bt PoE 60 W ports Connect these ports to a PTZ pan tilt and zoom camera a WiFi 6 802 11ax router a WiFi 6 802 11ax AP or an Ethernet switch 2 10GB...

Page 46: ...sion of the SFP and supports data rates of 10 Gbps A transceiver is a single unit that houses a transmitter and a receiver Use a transceiver to connect a fiber optic cable to the Switch The Switch does not come with transceivers You must use transceivers that comply with the Small Form Factor Pluggable SFP Transceiver MultiSource Agreement MSA See the SFF committee s INF 8074i specification Rev 1 ...

Page 47: ...fiber optic cables and the transceiver Insert the fiber optic cable into the transceiver Figure 18 Latch in the Lock Position Figure 19 Transceiver Installation Example Figure 20 Connecting the Fiber Optic Cables 3 1 2 2 Transceiver Removal Use the following steps to remove an SFP transceiver 1 Attach an ESD preventive wrist strap to your wrist and to a bare metal surface on the chassis 2 Remove t...

Page 48: ...ct Zyxel Support to prevent damage to your Switch and transceiver 5 Insert the dust plug into the ports on the transceiver and the cables Figure 21 Removing the Fiber Optic Cables Figure 22 Opening the Transceiver s Latch Example Figure 23 Transceiver Removal Example 3 1 3 Console Port This USB Type C connector is for troubleshooting only 3 2 Rear Panel The following figures show the rear panels o...

Page 49: ...minals Installation of Ethernet cables must be separate from AC power lines To avoid electric surge and electromagnetic interference use a different electrical conduit or raceway tube trough or enclosed conduit for protecting electric wiring that is 15 cm apart or as specified by your country s electrical regulations Any device that is located outdoors and connected to this product must be properl...

Page 50: ...The grounding terminal of the server rack or on site grounding terminal must also be grounded and connected to the building s main grounding electrode Make sure the grounding terminal is connected to the buildings grounding electrode and has an earth resistance of less than 10 ohms or according to your country s electrical regulations Figure 32 Connecting to the Building s Main Grounding Electrode...

Page 51: ...power outlet Power Cord Requirement XGS2220 54HP XGS2220 54FP Make sure to use the provided or designated power cord for your Switch The following table describes the power cord requirements for XGS2220 54HP XGS2220 54FP Note If you need to replace the power cord contact your local vendor Installing the Retainer Clip Install the retainer clip to prevent accidental removal of the power cord 1 Loose...

Page 52: ...Chapter 3 Hardware Panels XGS2220 Series User s Guide 52 3 Slide the clip up to the end of the power cord 4 Close the clip tightly around the power cord until secure ...

Page 53: ... connect to the NCC Please check the Internet connection of the Switch and register the Switch with NCC Off The Switch is operating in standalone mode Nebula Control Center NCC Discovery is disabled in SYSTEM Cloud Management in the Switch Web Configurator LOCATOR Blue On The Switch is uploading firmware While the Switch is doing this do not turn off the power Blinking Shows the actual location of...

Page 54: ...GS2220 54 XGS2220 54HP XGS2220 54FP Blue On The link to a 10G Ethernet network is up Blinking The Switch is transmitting receiving to from a 10G Ethernet network Green On The link to a 1G 2 5G 5G Ethernet network is up Blinking The Switch is transmitting receiving to from a 1G 2 5G 5G Ethernet network Off The link to an Ethernet network is down PoE Mode 1 16 XGS2220 30HP 1 40 XGS2220 54HP XGS2220 ...

Page 55: ...ction Blinking The port is transmitting or receiving data at 100M Off This link is disconnected LED COLOR STATUS DESCRIPTION 1G 10G SFP Slots Link ACT 27 30 XGS2220 30 XGS2220 30HP XGS2220 30F 51 54 XGS2220 54 XGS2220 54HP XGS2220 54FP Blue On The port has a successful 10G connection Blinking The port is transmitting or receiving data at 10G Green On The port has a successful 1000M connection Blin...

Page 56: ...56 PART II Technical Reference ...

Page 57: ... a DHCP client by default Type http DHCP assigned IP in the Location or Address field Press ENTER Note You can always use the domain name setup zyxel to access the Web Configurator whether the Switch is using a DHCP assigned IP or static IP address This requires your computer to be directly connected to the Switch Make sure your computer can connect to a DNS server through the Switch If the Switch...

Page 58: ...ow The NCC is a cloud based network management system that allows you to remotely manage and monitor the Switch See Section 1 1 3 on page 31 for information on changing your Switch to Nebula Cloud management Figure 34 Visit Nebula 5 Click Login to log into the Web Configurator to manage the Switch directly The default user name is admin and associated default password is 1234 6 The Select Mode scr...

Page 59: ...s basic or advanced settings see Section 4 4 on page 66 for details Use the Basic Settings to configure networked AV operation on management VLAN Such as the Switches IP address DNS server system password SNMP community accept or skip the default Networked AV mode settings and view a summary of the basic settings Use the Advanced Settings for networks that wants to separate networked AV VLAN from ...

Page 60: ...dard Mode Click Password SNMP to open a screen where you can change the administrator password and SNMP community string simultaneously Otherwise click Ignore to close it If you log into the Web Configurator and select Networked AV Mode open the screen in the Wizard Step 2 Password to change the administrator password and SNMP community string Click Finish on the last step of the Wizard to save yo...

Page 61: ... version on the Switch must match the version on the SNMP manager Choose SNMP version 2c v2c SNMP version 3 v3 or both v3v2c Note SNMP version 2c is backwards compatible with SNMP version 1 Get Community Enter the Get Community string which is the password for the incoming Get and GetNext requests from the management station The Get Community string is only used by SNMP managers using SNMP version...

Page 62: ... and install it in a computer Windows operating system 4 3 1 Requirements Before installing the ZON Utility in your computer please make sure it meets the requirements listed below Operating System At the time of writing the ZON Utility is compatible with Windows 7 both 32 bit 64 bit versions Windows 8 both 32 bit 64 bit versions Windows 8 1 both 32 bit 64 bit versions Windows 10 both 32 bit 64 bi...

Page 63: ...the Show information about ZON icon in the upper right of the screen Then select the Supported model and firmware version link If your device is not listed here see the device release notes for ZON Utility support The release notes are in the firmware zip file on the Zyxel web site Figure 40 ZON Utility Screen 3 Select a network adapter to which your supported devices are connected ...

Page 64: ...vices in your network Figure 42 Discovery 5 The ZON Utility screen shows the devices discovered Figure 43 ZON Utility Screen 6 Select a device and then use the icons to perform actions Some functions may not be available for your devices Note You must know the selected device admin password before taking actions on the device using the ZON Utility icons ...

Page 65: ...d unzipped it in advance 8 Change Password Use this icon to change the admin password of the selected device You must know the current admin password before changing to a new one 9 Configure NCC Discovery You must have Internet access to use this feature Use this icon to enable or disable the Nebula Control Center NCC discovery feature on the selected device If it is enabled the selected device wi...

Page 66: ...ress of an internal interface on the discovered device that first received a ZDP discovery request from the ZON Utility System Name This field displays the system name of the discovered device Location This field displays where the discovered device is Status This field displays whether changes to the discovered device have been done successfully As the Switch does not support IP Configuration Ren...

Page 67: ...atic IP Interface when the Switch is NOT connected to a router or you want to assign it a fixed IP address VID This field displays the VLAN ID IP Address The Switch needs an IP address for it to be managed over the network IP Subnet Mask The subnet mask specifies the network number portion of an IP address Default Gateway Type the IP address of the default outgoing gateway in dotted decimal notati...

Page 68: ...ect Enabled to let the Switch act as an SNMP agent which allows a manager station to manage and monitor the Switch through the network Select Disabled to turn this feature off Version Select the SNMP version for the Switch The SNMP version on the Switch must match the version on the SNMP manager Choose SNMP version 2c v2c SNMP version 3 v3 or both v3v2c Note SNMP version 2c is backwards compatible...

Page 69: ...le 14 Wizard Basic Settings Step 3 Networked AV LABEL DESCRIPTION Skip Networked AV Mode Settings Click this option to avoid using the basic default AVoIP settings The default AVoIP settings can be seen in Step 4 Summary under Networked AV Basic Settings Otherwise clear the check box and follow the diagram for connecting RJ45 ports to audio and video equipment The Inter switch Connection is for co...

Page 70: ... address Default Gateway This field displays the IP address of the default outgoing gateway in dotted decimal notation for example 192 168 1 254 DNS Server This field displays the DNS Domain Name System for mapping a domain name to its corresponding IP address and so forth Change administrator s password and activate SNMP New Password This field displays asterisks when a new password has been crea...

Page 71: ... IGMP Snooping Querier This field displays Active when the Switch is allowed to send IGMP General Query messages to the VLANs with the multicast hosts attached Otherwise it displays Inactive Unknown Multicast Frame This field displays the action to perform when the Switch receives an unknown multicast frame It displays Drop when the frames are discarded It displays Flooding when the frames are sen...

Page 72: ...ccess the Switch s Web Configurator again Select Static IP Interface when the Switch is NOT connected to a router or you want to assign it a fixed IP address VID This field displays the VLAN ID IP Address The Switch needs an IP address for it to be managed over the network IP Subnet Mask The subnet mask specifies the network number portion of an IP address Default Gateway Type the IP address of th...

Page 73: ...Select Enabled to let the Switch act as an SNMP agent which allows a manager station to manage and monitor the Switch through the network Select Disabled to turn this feature off Version Select the SNMP version for the Switch The SNMP version on the Switch must match the version on the SNMP manager Choose SNMP version 2c v2c SNMP version 3 v3 or both v3v2c Note SNMP version 2c is backwards compati...

Page 74: ...ing Table 18 Wizard Advanced Settings Step 3 Networked AV LABEL DESCRIPTION Allocate networked AV service to a VLAN Networked AV VLAN Enter a number between 1 and 4094 to create a VLAN for the AVoIP network see Figure 3 on page 34 for details on an AVoIP network IP Address Optional You must enter a different VLAN ID in the previous field Networked AV VLAN to be able to assign another IP address fo...

Page 75: ...lick Management to assign the ports for connecting to non Audio Video equipment for example computer and NAS Link aggregate Select this option to aggregate multiple port bandwidth if you are connecting to another switch Link aggregation trunking is the grouping of physical ports into one logical higher capacity link Previous Click Previous to show the previous screen Next Click Next to show the ne...

Page 76: ...plays the Trap Community string Networked AV Advanced Settings Networked AV VLAN This field displays the VLAN ID for the AVoIP network Networked AV VLAN IP This field displays the corresponding VLAN ID s IP address for the AVoIP network IGMP Snooping This field displays Active when IGMP Snooping is enabled to forward group multicast traffic only to ports that are members of that group Otherwise it...

Page 77: ...n ports to the VLAN and set the ports to tag or untag outgoing frames QoS to determine a port s IEEE 802 1p priority level for QoS Figure 54 Setup Wizard 4 5 1 Basic In Basic you can set up IP DNS set up your password SNMP community link aggregation and view finished results In order to set up your IP DNS please do the following Click Wizard Basic Step 1 IP to access this screen ...

Page 78: ...b Configurator again Select Static IP Address when the Switch is NOT connected to a router or you want to assign it a fixed IP address VID This field displays the VLAN ID IP Address The Switch needs an IP address for it to be managed over the network IP Subnet Mask The subnet mask specifies the network number portion of an IP address Default Gateway Type the IP address of the default outgoing gate...

Page 79: ...d to let the Switch act as an SNMP agent which allows a manager station to manage and monitor the Switch through the network Select Disabled to turn this feature off Version Select the SNMP version for the Switch The SNMP version on the Switch must match the version on the SNMP manager Choose SNMP version 2c v2c SNMP version 3 v3 or both v3v2c Note SNMP version 2c is backwards compatible with SNMP...

Page 80: ... Previous to show the previous screen Next Click Next to show the next screen Cancel Click Cancel to exit this screen without saving Table 22 Wizard Basic Step 3 Link Aggregation LABEL DESCRIPTION Link Aggregation T1 Tx Click the arrows to add or delete icons located on the left to desired preference Select Static if the ports are configured as static members of a trunk group Select LACP if the po...

Page 81: ...ample 192 168 1 254 DNS Server DNS Domain Name System is for mapping a domain name to its corresponding IP address and vice versa Enter a domain name server IP address in order to be able to use a domain name instead of an IP address Change administrator s password and activate SNMP New Password This field displays asterisks when a new password has been created SNMP This field displays whether the...

Page 82: ...Next the Broadcast Storm Control screen appears Previous Click Previous to show the previous screen Finish Review the information and click Finish to create the task Cancel Click Cancel to exit this screen without saving Table 23 Wizard Basic Step 4 Summary continued LABEL DESCRIPTION Table 24 Wizard Protection Step 1 Loop Guard LABEL DESCRIPTION Loop Guard Select all ports Select all ports to ena...

Page 83: ... Wizard Protection Step 2 Broadcast Storm Control LABEL DESCRIPTION Broadcast Storm Control Select all ports Select all ports to apply settings on all ports You can select a port by clicking it Broadcast pkt s Specify how many broadcast packets the port receives per second Previous Click Previous to show the previous screen Next Click Next to show the next screen Cancel Click Cancel to exit this s...

Page 84: ...Step 3 Summary LABEL DESCRIPTION Summary Loop Guard If the loop guard feature is enabled on a port the Switch will prevent loops on this port Broadcast Storm Control If the broadcast storm control feature is enabled on a port the number of broadcast packets the Switch receives per second will be limited on this port Previous Click Previous to show the previous screen Finish Review the information ...

Page 85: ...N Setting Default VLAN 1 Access Untagged port After you create a VLAN and select the VLAN ID from the drop down list box select ports and use the right arrow to add them as the untagged ports to a VLAN group VLAN member port VLAN Type a number between 2 and 4094 to create a VLAN Trunk Tagged port Select ports and use the downward arrow to add them as the tagged ports to the VLAN groups you created...

Page 86: ...utton so they will have high priority The port s IEEE 802 1p priority level will be set to 5 Use the Basic Setting Port Setup screen to adjust the value Medium Select ports and click the Medium button and so they will have medium priority The port s IEEE 802 1p priority level will be set to 3 Use the Basic Setting Port Setup screen to adjust the value Low Select ports and click the Low button so t...

Page 87: ...CC Nebula Control Center portal website E Click this icon to search for specific configurations or status you are looking for Enter the keywords and click the result link This will direct you to the specific configuration or status page F Click this icon to update the information in the screen you are currently viewing G Click this icon to save your configuration into the Switch s non volatile mem...

Page 88: ...e you can view neighbor devices including non Zyxel devices connected to the Switch Path MTU Table This link takes you to a screen where you can view the IPv6 path MTU information on the Switch Port Status This link takes you to a screen where you can view the port statistics Routing Table Click the link to unfold the following sub link menu IPv4 Routing Table This link takes you to a screen where...

Page 89: ...types of SNMP traps that should be sent to each SNMP manager and add edit user information Stacking This link takes you to screens where you can view the stacking status in the stacking system enable stacking on the Switch and configure stacking details Switch Setup This link takes you to a screen where you can set up global Switch parameters such as VLAN type Syslog Setup This link takes you to a...

Page 90: ... link takes you to screens where you can create multicast VLANs and select the receiver ports and a source port for each multicast VLAN Static Multicast Forwarding By MAC This link takes you to a screen where you can configure static multicast MAC addresses for port s These static multicast MAC addresses do not age out Static Multicast Forwarding By IP This link takes you to a screen where you can...

Page 91: ... can set up VLANs that allow you to group voice traffic with defined priority and enable the Switch port to carry the voice traffic separately from data traffic to ensure the sound quality does NOT deteriorate MACBased VLAN Setup This link takes you to a screen where you can set up VLANs that allow you to group untagged packets into logical VLANs based on the source MAC address of the packet This ...

Page 92: ...nfigure account security settings on the Switch ACL Click the link to unfold the following sub link menu Classifier This link takes you to screens where you can configure the Switch to group packets based on the specified criteria Policy Rule This link takes you to a screen where you can configure the Switch to perform special treatment on the grouped packets Anti Arpscan This link takes you to sc...

Page 93: ...dresses to learn on a port MAINTENANCE Certificates The link takes you to a screen where you can import the Switch s CA signed certificates Cluster Man agement This link takes you to a screen where you can configure clustering management and view its sta tus Configuration Click the link to unfold the following sub link menu Restore Configurati on This link takes you to a screen where you can uploa...

Page 94: ...oE Setup For PoE models This link takes you to a screen where you can set priorities PoE power up settings and schedule so that the Switch is able to reserve and allocate power to certain PDs Port Setup This screen allows you to configure settings for individual Switch ports SWITCHING Mirroring This link takes you to screens where you can copy traffic from one port or ports to another port in orde...

Page 95: ...ific configuration file on the Switch Firmware Upgrade This link takes you to a screen to upload firmware to your Switch Reboot System This link takes you to a screen to reboot the Switch without turning the power off Tech Support This link takes you to a screen where you can download related log reports for issue analysis Log reports include CPU history and utilization crash and memory Table 30 N...

Page 96: ...de 96 Figure 66 Working on a List 4 6 2 Change Your Password After you log in for the first time it is recommended you change the default administrator password Click SYSTEM Logins to display the next screen Figure 67 Change Administrator Login Password ...

Page 97: ...th the CPU port as a member The CPU port is the management port of the Switch 3 Filter all traffic to the CPU port 4 Disable all ports 5 Misconfigure the text configuration file 6 Forget the password and or IP address 7 Prevent all services from accessing the Switch 8 Change a service port number but forget it 9 You forgot to log out of the Switch from a computer before logging in again on another...

Page 98: ...ge Press any key to enter Debug Mode within 3 seconds press any key to enter debug mode 4 Enter atlc after the Enter Debug Mode message 5 Wait for the Starting XMODEM upload message before activating XMODEM upload on your terminal 6 After a configuration file upload type atgo to restart the Switch Figure 68 Resetting the Switch through the Console Port The Switch is now reinitialized with a defaul...

Page 99: ...ogout button 4 11 Help The Web Configurator s online help has descriptions of individual screens and some supplementary information Click the Help icon on a Web Configurator screen to view an online help description shown as below of that screen Figure 70 Online Web Help ...

Page 100: ...l setup Create a VLAN Set Port VID Configure Switch Management IP Address 5 1 1 Create a VLAN VLANs confine broadcast frames to the VLAN group in which the ports belongs You can do this with port based VLAN or tagged static VLAN with fixed port members In this example you want to configure port 1 as a member of VLAN 2 Figure 71 Initial Setup Network Example VLAN 1 Go to the SWITCHING VLAN VLAN Set...

Page 101: ...ixed to configure port 1 to be a permanent member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs can receive frames properly clear the Tx Tagging check box to set the Switch to remove VLAN tags before sending 5 Click Apply to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 2 Set Port VID ...

Page 102: ...rt 1 and click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 3 Configure Switch Management IP Address If the Switch fails to obtain an IP address from a DHCP server the Switch will use 192 168 1 1 as the management IP address You can configure another IP address in a different subnet for management purposes...

Page 103: ...er and enter setup zyxel or 192 168 1 1 the default IP address in the address bar to access the Web Configurator See Section 4 2 on page 57 for more information Note You can always use the domain name setup zyxel to access the Web Configurator whether the Switch is using a DHCP assigned IP or static IP address This requires your PC to be directly connected to the Switch 3 Go to the SYSTEM IP Setup...

Page 104: ... mask 5 In the VID field enter the ID of the VLAN group to which you want this management IP address to belong In this example enter VLAN ID 2 This is the same as the VLAN ID you configure in the Static VLAN screen 6 Click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off ...

Page 105: ...er A connected to port 5 to assign IP addresses to all devices in VLAN network V Create a VLAN containing ports 4 5 and 6 Connect a computer M to the Switch for management Figure 74 Tutorial DHCP Snooping Tutorial Overview The settings in this tutorial are as the following 1 Access the Switch through http 192 168 1 1 by default Log into the Switch by entering the user name default admin and passwo...

Page 106: ...TIVE Create a VLAN with ID of 100 Add ports 4 5 and 6 in the VLAN by selecting Fixed in the Control field as shown De select Tx Tagging because you do not want outgoing traffic to contain this VLAN tag Click Apply 4 Go to SWITCHING VLAN VLAN Setup VLAN Port Setup and set the PVID of the ports 4 5 and 6 to 100 This tags untagged incoming frames on ports 4 5 and 6 with the tag 100 Click Apply ...

Page 107: ... the SECURITY IPv4 Source Guard DHCP Snooping DHCP Snp VLAN Setup screen will be broadcast to the DHCP VLAN you set on this screen which is VLAN100 in this example Tutorial Specify DHCP VLAN 6 Go to SECURITY IPv4 Source Guard DHCP Snooping DHCP Snp Port Setup Select Trusted in the Server Trusted state field for port 4 because the DHCP server is connected to port 4 Keep ports 5 and 6 Untrusted beca...

Page 108: ...tem name you can select an Option82 Profile in the entry The Switch will add DHCP option 82 information to DHCP requests that the Switch relays to a DHCP server for the specified VLAN 8 Connect your DHCP server to port 4 and a DHCP client an AP for example to either port 5 or 6 The AP should be able to get an IP address from the DHCP server If you put the DHCP server on port 5 or 6 the computer wi...

Page 109: ... DHCP server 192 168 2 3 and want to have it assign a specific IP address say 172 16 1 18 to DHCP client A based on the system name VLAN ID and port number in the DHCP request Client A connects to the Switch s port 2 in VLAN 102 Figure 75 Tutorial DHCP Relay Scenario 6 3 2 Create a VLAN Follow the steps below to configure port 2 as a member of VLAN 102 1 Access the Web Configurator through the Swi...

Page 110: ...10 3 Go to SWITCHING VLAN VLAN Setup Static VLAN Click Add Edit 4 The following screen appears Enable the switch button to set this VLAN to Active Enter a descriptive name VLAN 102 for example in the Name field and enter 102 in the VLAN Group ID field ...

Page 111: ...itch to remove VLAN tags before sending 7 Click Apply to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 8 Go to VLAN VLAN Setup VLAN Port Setup Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines ...

Page 112: ...nt information such as the VLAN ID to DHCP requests 1 Click NETWORKING DHCP DHCPv4 Relay DHCP Smart Relay Enable the Active switch button 2 Enter the DHCP server s IP address 192 168 2 3 in this example in the Remote DHCP Server 1 field 3 Select default1 or default2 in the Option 82 Profile field 4 Click Apply to save your changes back to the run time memory 5 Click the Save link in the upper righ...

Page 113: ...ons on a DHCP server and TFTP server first to use auto configuration Setting up a DHCP Server 1 Set up a dynamic IP addresses pool so the DHCP server will assign an IP address to the Switch in that range 2 Set up a TFTP server IP address so the Switch will know where to load the auto configuration file 3 Set up the filename of the auto configuration file so the Switch will know which file to load ...

Page 114: ...e 77 Tutorial Enable Auto Configuration 3 Go to the SYSTEM IP Setup IP Setup screen Click the Add Edit button in the IP Interface table to open the configuration screen 4 Select DHCP Client 5 If you want to load the auto configuration file with DHCP option 60 enabled and a Vendor Class Identifier assigned when you reboot the Switch follow the instruction below Otherwise skip this step In the SYSTE...

Page 115: ... screen Click the Config 1 Config 2 or Custom Default button 7 Click the same button in the MAINTENANCE Reboot System screen to reboot the Switch and load the auto configuration setting as configured before For example if you save the auto configuration setting to Config 1 you need to click the Config 1 button in the Reboot System screen Figure 79 Tutorial Save Configuration Figure 80 Tutorial Sav...

Page 116: ...Tutorial Log 9 Check the screens to see if it is the configuration file you want to load If it is not go through the steps above to check your configurations If it is click Save at the top right corner of the Web Configurator to save the configuration permanently ...

Page 117: ...sections that directly link to the MONITOR System Information screen Editable Quick Link section which provides shortcuts to configuration screens that you might frequently use See Quick Links to Use A Search tool on the upper right of the screen that you can use to search for the configuration screens you want to access see Web Configurator Layout The left navigation panel is also restructured in...

Page 118: ...h on any network System Location This field displays the geographic location name you set for the Switch Boot Version This field displays the version number and date of the boot module that is currently on the Switch ZyNOS F W Version This field displays the version number and date of the firmware the Switch is currently running System Time This field displays the current date and time in the UAG ...

Page 119: ...the diagnostic message NCC Discovery This displays if NCC discovery is enabled on the Switch The Switch will connect to NCC and change to the NCC management mode if it is connected to the Internet has been registered on NCC CPU Usage This displays the current CPU usage percentage Click to go to the MONITOR System Information screen to check the detailed information Memory Usage This displays the c...

Page 120: ... switch button to enable disable the port 7 2 2 Quick Links to Use The quick links in the Quick Link section provide shortcuts to specific configuration screens You can use the quick links to directly access the screens that you would frequently use You can also decide which quick links to be put on the DASHBOARD screen using the Edit button Fan Each fan of the Switch has a sensor that is capable ...

Page 121: ...Links example PoE model The setup panel displays after you click the Edit button Figure 86 Quick Link Selection example PoE model Select the quick links you want and click Apply The selected quick links will be displayed in the Quick Link section on the DASHBOARD screen ...

Page 122: ...MONITOR The following chapters introduces the configurations of the links under the MONITOR navigation panel Quick links to chapters ARP Table IP Table IPv6 Neighbor Table MAC Table Neighbor Path MTU Table Port Status Routing Table System Information System Log ...

Page 123: ... ARP Table and if it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the E...

Page 124: ...k Flush to remove the ARP entries according to the condition you specified Cancel Click Cancel to return the fields to the factory defaults Index This is the ARP table entry number IP Address This is the IP address of a device connected to a Switch port with the corresponding MAC address below MAC Address This is the MAC address of the device with the corresponding IP address above VID This field ...

Page 125: ...igure 1 The Switch examines a received packet and learns the port from which this source IP address came 2 The Switch checks to see if the packet s destination IP address matches a source IP address already learned in the IP Table If the Switch has already learned the port for this IP address then it forwards the packet to that port If the Switch has not already learned the port for this IP addres...

Page 126: ...he packet belongs Port This is the port from which the above IP address was learned This field displays CPU to indicate the IP address belongs to the Switch Type This shows whether the IP address is Dynamic learned by the Switch or Static belonging to the Switch Sorting by Click one of the following buttons to display and arrange the data according to that button type The result is then displayed ...

Page 127: ...6 IPv6 Neighbor Setup screen When the Switch needs to send a packet it first consults other table to determine the next hop Once the next hop IPv6 address is known the Switch looks into the neighbor table to get the link layer address and sends the packet when the neighbor is reachable If the Switch cannot find an entry in the neighbor table or the state for the neighbor is not reachable it starts...

Page 128: ...e upper layer protocols a chance to determine reachability probe P The Switch is sending request packets and waiting for the neighbor s response invalid IV The neighbor address is with an invalid IPv6 address unknown The status of the neighboring interface cannot be determined for some reason incomplete I Address resolution is in progress and the link layer address of the neighbor has not yet been...

Page 129: ...d to Know The Switch uses the MAC Table to determine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the MAC Table If the Switch has already learned the port for this MAC address then it for...

Page 130: ...able Use this screen to search specific MAC addresses You can also directly add dynamic MAC addresses into the static MAC forwarding table or MAC filtering table from the MAC table using this screen Click MONITOR MAC Table in the navigation panel to display the following screen Figure 92 MONITOR MAC Table ...

Page 131: ...ng to VLAN group Select PORT to display and arrange the data according to port number Type Transfer Select Dynamic to MAC forwarding and click the Transfer button to change all dynamically learned MAC address entries in the summary table below into static entries They also display in the SWITCHING Static MAC Forwarding screen Select Dynamic to MAC filtering and click the Transfer button to change ...

Page 132: ... the power off and then back on again and reset to factory default settings This screen shows the neighboring device first recognized on an Ethernet port of the Switch Device information is displayed in gray when the neighboring device is offline 13 1 1 What You Can Do Use the Neighbor screen Section 13 2 on page 132 to view a summary and manage the Switch s neighbor devices Use the Neighbor Detai...

Page 133: ...for 100 Mbps 1G for 1 Gbps 2 5G for 2 5 Gbps 5G for 5 Gbps or 10G for 10 Gbps and the duplex F for full duplex or H for half This field displays Down if the port is not connected to any device PoE Draw mW For PoE models This shows the consumption that the neighboring device connected to this port draws from the Switch This allows you to plan and use within the power budget of the Switch System Nam...

Page 134: ...or ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 Port This shows the port of the Switch on which the neighboring device is discovered Desc This shows the port description of the Switch PD Health For PoE models This shows the status of auto PD recovery on this port Red The Switch failed to get information from the PD connected to the port using LLDP or the connected PD did not respond to the Swit...

Page 135: ...not support the ZON utility Desc This shows the description of the neighbor device s port which is connected to the Switch IPv4 This shows the IPv4 address of the neighbor device The IPv4 address is a hyper link that you can click to log into and manage the neighbor device through its Web Configurator IPv6 This shows the IPv6 address of the neighbor device The IPv6 address is a hyper link that you...

Page 136: ... Table Use this screen to view IPv6 path MTU information on the Switch Click MONITOR Path MTU Table in the navigation panel to display the screen as shown Figure 95 MONITOR Path MTU Table The following table describes the labels in this screen Table 40 MONITOR Path MTU Table LABEL DESCRIPTION Path MTU aging time This field displays how long an entry remains in the Path MTU table before it ages out...

Page 137: ...us of the SFP transceivers on the Switch Use the Port Utilization screen Section 15 3 on page 143 to view the current data rate and utilization percentage of each port on the Switch 15 1 Port Status This screen displays a port statistical summary with links to each port showing statistical details To view the port statistics click MONITOR Port Status to display the Port Status screen as shown next...

Page 138: ...splays the STP state of the port If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP When LACP Link Aggregation Control Protocol and STP are in blocking state it displays BLOCKING PD For PoE models only This field displays whether or not a powered device PD is allowed to receive power from the Switch on this port LACP This fields displays whether LACP Lin...

Page 139: ...r or Fiber for the combo ports This field displays Down if the port is not connected to any device State If STP Spanning Tree Protocol is enabled this field displays the STP state of the port If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP When LACP Link Aggregation Control Protocol STP and dot1x are in blocking state it displays BLOCKING LACP This fi...

Page 140: ... transmitted packets for which transmission is inhibited by exactly one collision Multiple This is a count of successfully transmitted packets for which transmission was inhibited by more than one collision Excessive This is a count of packets for which transmission failed due to excessive collisions Excessive collision is defined as the number of maximum collisions before the retransmission count...

Page 141: ...ters include for example transmitting and receiving power and module temperature 512 to 1023 This field shows the number of packets including bad packets received that were between 512 and 1023 octets in length 1024 to 1518 This field shows the number of packets including bad packets received that were between 1024 and 1518 octets in length Giant This field shows the number of packets including ba...

Page 142: ...his displays the serial number of the optical transceiver Revision This displays the revision number of the optical transceiver Date Code This displays the date when the optical transceiver was manufactured Transceiver This displays details about the type of transceiver installed in the SFP slot Calibration This field is available only when an SFP transceiver is inserted into the SFP slot Internal...

Page 143: ...s the high value alarm threshold for each monitored DDMI parameter An alarm signal is reported to the Switch if the monitored DDMI parameter reaches this value High Warn Threshold This displays the high value warning threshold for each monitored DDMI parameter A warning signal is reported to the Switch if the monitored DDMI parameter reaches this value Low Warn Threshold This displays the low valu...

Page 144: ...the percentage of actual transmitted frames on this port as a percentage of the Link speed Rx kB s This field shows the transmission speed of data received on this port in kilobytes per second Rx Utilization This field shows the percentage of actual received frames on this port as a percentage of the Link speed Table 45 MONITOR Port Status Port Utilization continued LABEL DESCRIPTION ...

Page 145: ...le information Use the IPv6 Routing Table screen Section 16 3 on page 146 to view the Switch s IPv6 routing table information 16 2 IPv4 Routing Table Use this screen to view IPv4 routing table information Click MONITOR Routing Table IPv4 Routing Table in the navigation panel to display the screen as shown Figure 101 MONITOR Routing Table IPv4 Routing Table The following table describes the labels ...

Page 146: ... the Switch learned the route and added an entry in the routing table Table 46 MONITOR Routing Table IPv4 Routing Table continued LABEL DESCRIPTION Table 47 MONITOR Routing Table IPv6 Routing Table LABEL DESCRIPTION Index This field displays the index number Route Destination Prefix Length This field displays the IPv6 subnet prefix and prefix length of the final destination Next Hop This field dis...

Page 147: ...e System Information screen Section 17 1 on page 147 to view general system information and hardware status of the Switch 17 1 System Information In the navigation panel click MONITOR System Information to display the screen as shown Use this screen to view general system information Figure 103 MONITOR System Information ...

Page 148: ...C F MAC BOARD and PHY refer to the location of the temperature sensor on the Switch printed circuit board Status This field displays Normal for temperatures below the threshold and Error for those above Current This shows the current temperature at this sensor MAX This field displays the maximum temperature measured at this sensor MIN This field displays the minimum temperature measured at this se...

Page 149: ...ng MAX This field displays the maximum voltage measured at this point MIN This field displays the minimum voltage measured at this point Threshold This field displays the percentage tolerance of the voltage with which the Switch still works Table 48 MONITOR System Information continued LABEL DESCRIPTION ...

Page 150: ...tion for viewing 18 2 System Log Click MONITOR System Log in the navigation panel to open this screen Use this screen to check current system logs Note When a log reaches the maximum number of log messages new log messages automatically overwrite existing log messages starting with the oldest existing log message first Figure 104 MONITOR System Log ...

Page 151: ...able shows the time the log message was recorded and the reason the log message was generated Click Refresh to update this screen Click Clear to clear the whole log regardless of what is currently displayed on the screen Click Download to save the log to your computer ...

Page 152: ...e following chapters introduces the configurations of the links under the SYSTEM navigation panel Quick links to chapters Cloud Management General Setup Hardware Monitor Setup Interface Setup IP Setup IPv6 Logins SNMP Switch Setup Syslog Setup Time Range ...

Page 153: ... allows you to remotely manage and monitor Zyxel Nebula APs Ethernet switches and security gateways The Switch is managed and provisioned automatically by the NCC Nebula Control Center when It is connected to the Internet The Nebula Control Center NCC Discovery feature is enabled It has been registered in the NCC 20 2 Nebula Center Control Discovery Click SYSTEM Cloud Management to display this sc...

Page 154: ...Chapter 20 Cloud Management XGS2220 Series User s Guide 154 Figure 105 SYSTEM Cloud Management ...

Page 155: ...obile app to scan the QR code to register the Switch on NCC and add the Switch into a site Table 49 SYSTEM Cloud Management LABEL DESCRIPTION Nebula Control Center NCC Discovery Enable the switch button to turn on Nebula Control Center NCC discovery on the Switch This field displays The Switch Internet connection status The connection status between the Switch and NCC The Switch registration statu...

Page 156: ...Chapter 20 Cloud Management XGS2220 Series User s Guide 156 If Nebula Control Center NCC Discovery is disabled the Switch will NOT discover the NCC and remain in Standalone mode ...

Page 157: ...creen should not contain or The following table describes the labels in this screen Table 50 SYSTEM General Setup LABEL DESCRIPTION System Name Choose a descriptive name for identification purposes This name consists of up to 64 printable ASCII characters spaces are allowed Location Enter the geographic location of your Switch You can use up to 128 printable ASCII characters spaces are allowed Con...

Page 158: ...ight saving is a period from late spring to early fall when many countries set their clocks ahead of normal local time by one hour to give more daytime light in the evening Enable the switch button if you use Daylight Saving Time Start Date Configure the day and time when Daylight Saving Time starts if you selected Daylight Saving Time The time is displayed in the 24 hour format Here are a couple ...

Page 159: ...ce See the transceiver documentation Figure 107 SYSTEM Hardware Monitor Setup The following table describes the labels in this screen Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Ca...

Page 160: ...tup XGS2220 Series User s Guide 160 You will see SFP warning icons next to the FANs in the MONITOR System Information screen when SFP Detect has triggered the fans Figure 108 Hardware Monitor SFP Module Temperature Warning ...

Page 161: ... Interface Setup in the navigation panel to display the configuration screen Figure 109 SYSTEM Interface Setup The following table describes the labels in this screen Table 52 SYSTEM Interface Setup LABEL DESCRIPTION Index This field displays the index number of an entry Interface Type This field displays the type of interface Interface ID This field displays the identification number of the inter...

Page 162: ...he VLAN interface type for IPv6 at the time of writing Interface ID Specify a unique identification number from 1 to 4094 for the interface To have IPv6 function properly you should configure a static VLAN with the same ID number in the SWITCHING VLAN screens Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so ...

Page 163: ...d and used as the Switch s management IP address The subnet mask specifies the network number portion of an IP address The factory default subnet mask is 255 255 255 0 On the Switch an IP address is not bound to any physical ports Since each IP address on the Switch must be in a separate subnet the configured IP address is also known as IP interface or routing domain In addition this allows routin...

Page 164: ...ld displays the IP address of the DNS server Source This field displays whether the DNS server address is configured manually Static or obtained automatically using DHCPv4 IP Interface Index This field displays the index number of an entry IP Address This field displays the IP address of the Switch in the IP domain IP Subnet Mask This field displays the subnet mask of the Switch in the IP domain V...

Page 165: ...P routing domain belongs IP Address This is the IP address of your Switch in dotted decimal notation for example 192 168 1 1 IP Subnet Mask This is the IP subnet mask of your Switch in dotted decimal notation for example 255 255 255 0 Table 56 SYSTEM IP Setup IP Status IP Status Details DHCP LABEL DESCRIPTION Type This shows the IP address is dynamically assigned from a DHCP server DHCP VID This i...

Page 166: ...tart that the Switch will request to get any dynamic IP address from the DHCP server Lease Time Start This displays the date and time that the current dynamic IP address assignment from the DHCP server began You should configure date and time in SYSTEM General Setup Lease Time End This displays the date and time that the current dynamic IP address assignment from the DHCP server will end You shoul...

Page 167: ...revious configuration IP Interface Use this section to view and configure IP routing domains on the Switch Index This field displays the index number of an entry IP Address This field displays the IP address of the Switch in the IP domain IP Subnet Mask This field displays the subnet mask of the Switch in the IP domain VID This field displays the VLAN identification number of the IP domain on the ...

Page 168: ... without the specific VCI Select this and enter the device identity you want the Switch to add in the DHCP discovery frames that go to the DHCP server This allows the Switch to identify itself to the DHCP server Class ID Enter a string of up to 32 printable ASCII characters to identify this Switch to the DHCP server For example Zyxel TW The string should not contain or Static IP Address Select thi...

Page 169: ... of the proxy server 1 65535 Authentication Enable the switch button to enable proxy server authentication using a Username and Password Username Enter a login user name from the proxy server administrator Up to 32 alphanumeric characters are allowed for the Username except or Password Enter a login password from the proxy server administrator Up to 32 alphanumeric characters are allowed for the P...

Page 170: ...to view and configure IPv6 global addresses Use the IPv6 Neighbor Discovery Setup screen Section 24 7 on page 178 to view and configure neighbor discovery settings on each interface Use the IPv6 Router Discovery Setup screen Section 24 8 on page 180 to view and configure router discovery settings on each interface Use the IPv6 Prefix Setup screen Section 24 9 on page 182 to configure the Switch s ...

Page 171: ...reen opens Table 60 SYSTEM IPv6 IPv6 Status LABEL DESCRIPTION Domain Name Server Domain Name Server This field displays the IP address of the DNS server Source This field displays whether the DNS server address is configured manually Static or obtained automatically using DHCPv6 IPv6 Table Index This field displays the index number of an IPv6 interface Click on an index number to view more interfa...

Page 172: ...e time period in milliseconds during which ICMPv6 error messages of up to the bucket size can be transmitted 0 means no limit ND DAD Active This field displays whether Neighbor Discovery ND Duplicate Address Detection DAD is enabled on the interface Number of DAD Attempts This field displays the number of consecutive neighbor solicitations the Switch sends for this interface NS Interval millisecon...

Page 173: ...r uses T1 and T2 to control the time at which the client contacts with the server to extend the lifetimes on any addresses in the IA_NA before the lifetimes expire T2 This field displays the DHCPv6 T2 timer If the time T2 is reached and the server does not respond the Switch sends a Rebind message to any available server State This field displays the state of the TA It shows Active when the Switch...

Page 174: ...by an IPv6 router which is similar to the TTL field in IPv4 ICMPv6 Rate Limit Bucket Size Specify the maximum number of ICMPv6 error messages from 1 to 200 which are allowed to transmit in a given time interval If the bucket is full subsequent error messages are suppressed ICMPv6 Rate Limit Error Interval Specify the time period from 0 to 2147483647 milliseconds during which ICMPv6 error messages ...

Page 175: ...IPv6 Link Local Address Setup to display the screen as shown next Note You should first create an IPv6 interface in the SYSTEM Interface Setup screen Table 63 SYSTEM IPv6 IPv6 Interface Setup LABEL DESCRIPTION Index This is the interface index number Interface This is the name of the IPv6 interface you created Active This field displays whether the IPv6 interface is activated or not Select an entr...

Page 176: ...terface you created IPv6 Link Local Address This is the static IPv6 link local address for the interface IPv6 Default Gateway This is the default gateway IPv6 address for the interface Select an entry s check box to select a specific entry Edit Click Edit to edit the selected entry Table 66 SYSTEM IPv6 IPv6 Addressing IPv6 Link Local Address Setup Edit LABEL DESCRIPTION Interface Select the IPv6 i...

Page 177: ...Enter a domain name server IPv6 address in order to be able to use a domain name instead of an IP address Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the...

Page 178: ...v6 IPv6 Addressing IPv6 Global Address Setup continued LABEL DESCRIPTION Table 68 SYSTEM IPv6 IPv6 Addressing IPv6 Global Address Setup Add Edit LABEL DESCRIPTION Interface Select the IPv6 interface you want to configure IPv6 Global Address Manually configure a static IPv6 global address for the interface Prefix Length Specify an IPv6 prefix length that specifies how many most significant bits sta...

Page 179: ... created DAD Attempts This field displays the number of consecutive neighbor solicitations the Switch sends for this interface NS Interval This field displays the time interval in milliseconds at which neighbor solicitations are re sent for this interface Reachable Time This field displays how long in milliseconds a neighbor is considered reachable for this interface Select an entry s check box to...

Page 180: ...y defaults Cancel Click Cancel to not save the configuration you make and return to the last screen Table 70 SYSTEM IPv6 IPv6 Neighbor Discovery IPv6 Neighbor Discovery Setup Edit continued LABEL DESCRIPTION Table 71 SYSTEM IPv6 IPv6 Neighbor Discovery IPv6 Router Discovery Setup LABEL DESCRIPTION Index This is the interface index number Interface This is the name of the IPv6 interface you created...

Page 181: ...v6 hosts use DHCPv6 to obtain additional configuration settings such as DNS information De select the option to set the flag to 0 and the host will not use DHCPv6 to obtain additional configuration settings Minimum Interval Specify the minimum time interval from 3 to 1350 seconds at which the Switch sends router advertisements for this interface Note The minimum time interval cannot be greater tha...

Page 182: ...een Figure 132 SYSTEM IPv6 IPv6 Neighbor Discovery IPv6 Prefix Setup Add Edit Table 73 SYSTEM IPv6 IPv6 Neighbor Discovery IPv6 Prefix Setup LABEL DESCRIPTION Index This is the interface index number Interface This is the name of the IPv6 interface you created Prefix This field displays the IPv6 prefix and prefix length that the Switch includes in router advertisements for this interface Valid Lif...

Page 183: ...the valid lifetime Flags Select No Autoconfig Flag to not allow IPv6 hosts to use this prefix Select No Onlink Flag to not allow the specified prefix to be used for on link determination Select No Advertise Flag to set the Switch to not include the specified IPv6 prefix prefix length in router advertisements for this interface Apply Click Apply to save your changes to the Switch s run time memory ...

Page 184: ...to configure The Switch supports the VLAN interface type for IPv6 at the time of writing Interface ID Specify a unique identification number from 1 to 4094 for the interface A static IPv6 neighbor entry displays in the MONITOR IPv6 Neighbor Table screen only when the interface ID is also created in the SYSTEM Interface Setup screen To have IPv6 function properly you should configure a static VLAN ...

Page 185: ...e name of the IPv6 interface you created IA NA This field displays whether the Switch obtains a non temporary IP address from the DHCPv6 server Rapid Commit This field displays whether the Switch obtains information from the DHCPv6 server by a rapid two message exchange DNS This field displays whether the Switch obtains DNS server IPv6 addresses from the DHCPv6 server Domain List This field displa...

Page 186: ...v6 server should also support the Rapid Commit option to have it work well Options Select DNS to have the Switch obtain DNS server IPv6 addresses and or select Domain List to have the Switch obtain a list of domain names from the DHCP server Information Refresh Minimum Specify the time interval from 600 to 4294967295 seconds at which the Switch exchanges other configuration information with a DHCP...

Page 187: ...tor is always admin The default administrator password is 1234 Note It is highly recommended that you change the default administrator password 1234 A non administrator user name is something other than admin is someone who can view and or configure Switch settings The configuration right varies depending on the user s privilege level Click SYSTEM Logins to view the screen as shown Figure 137 SYST...

Page 188: ...e Type the privilege level for this user At the time of writing users may have a privilege level of 0 3 13 or 14 representing different configuration rights as shown below 0 Display basic system information 3 Display configuration or status 13 Configure features except for login accounts SNMP user accounts the authentication method sequence and authorization settings multiple logins administrator ...

Page 189: ... SNMP User screen Section 26 3 on page 191 to create SNMP users for authentication with managers using SNMP v3 and associate them to SNMP groups Use the SNMP Trap Group screen Section 26 4 on page 193 to specify the types of SNMP traps that should be sent to each SNMP manager Use the SNMP Trap Port screen Section 26 5 on page 194 to enable disable sending SNMP traps on a port 26 2 Configure SNMP U...

Page 190: ...word for the incoming Get and GetNext requests from the management station The Get Community string is only used by SNMP managers using SNMP version 2c or lower Set Community Enter the Set Community string which is the password for incoming Set requests from the management station The Set Community string is only used by SNMP managers using SNMP version 2c or lower Trap Community Enter the Trap Co...

Page 191: ... s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 80 SYSTEM SNMP continued LABEL DESCRIPTION Table 81 SYSTEM SNMP SNMP User LABEL DESCRIPTION Index This is a read only numb...

Page 192: ...5 and SHA Secure Hash Algorithm are hash algorithms used to authenticate SNMP data SHA authentication is generally considered stronger than MD5 but is slower Password Enter the password of up to 32 printable ASCII characters except space or for SNMP user authentication Privacy Specify the encryption method for SNMP communication from this user You can choose one of the following DES Data Encryptio...

Page 193: ...ation IP Select one of your configured trap destination IP addresses These are the IP addresses of the SNMP managers You must first configure a trap destination IP address in the SYSTEM SNMP SNMP screen Use the rest of the screen to select which traps the Switch sends to that SNMP manager Select the individual SNMP traps that the Switch is to send to the SNMP station The traps are grouped by categ...

Page 194: ...n this row apply to all ports Use this row only if you want to make some of the settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the trap type of SNMP traps on this port The Switch sends the related traps rece...

Page 195: ...ged objects that define each piece of information to be collected about a Switch Examples of variables include number of packets received node port status and so on A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communicate for the purpose of accessing these objects SNMP itself is a simple request or response protocol based on the manager o...

Page 196: ...hen an event occurs The following tables outline the SNMP traps by category Table 86 SNMP System Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION coldstart coldStart 1 3 6 1 6 3 1 1 5 1 This trap is sent when the Switch is turned on warmstart warmStart 1 3 6 1 6 3 1 1 5 2 This trap is sent when the Switch restarts poe For PoE models only pethPsePortOnOffNotification 1 3 6 1 2 1 105 0 1 This trap is...

Page 197: ...2 1 80 0 3 This trap is sent when a ping test is completed traceroute traceRouteTestFailed 1 3 6 1 2 1 81 0 2 This trap is sent when a traceroute test fails traceRouteTestCompleted 1 3 6 1 2 1 81 0 3 This trap is sent when a traceroute test is completed Table 90 SNMP Switch Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION rmon RmonRisingAlarm 1 3 6 1 2 1 16 0 1 This trap is sent when a variable goe...

Page 198: ...nt Unit applications VLAN is vital in providing isolation and security among the subscribers When properly configured VLAN prevents one subscriber from accessing the network resources of another on the same LAN thus a user will NOT see the printers and hard disks of another user in the same building VLAN also increases network performance by limiting broadcasts to a smaller and more manageable log...

Page 199: ...in in the ARP table before they age out and must be relearned The setting here applies to ARP entries which are newly added in the ARP table after you click Apply GARP Timer Switches join VLANs by making a declaration A declaration is made by issuing a Join message using GARP Declarations are withdrawn by issuing a Leave message A Leave All message terminates all registrations GARP timers set decl...

Page 200: ...me memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 91 SYSTEM Switch Setup continued LABEL DESCRIPTION ...

Page 201: ...og severity levels 28 1 1 What You Can Do Use the Syslog Setup screen Section 28 2 on page 201 to configure the device s system logging settings and configure a list of external syslog servers 28 2 Syslog Setup The syslog feature sends logs to an external syslog server Use this screen to configure the device s system logging settings and configure a list of external syslog servers Click SYSTEM Sys...

Page 202: ...time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Syslog Server Setup Index This is the index number of a syslog server entry Active This field displays if the device is activated to se...

Page 203: ...it you can edit the entry later Server Address Enter the IPv4 or IPv6 address of the syslog server UDP Port The default syslog server port is 514 If your syslog server uses a different port configure the one it uses here Log Level Select the severity levels of the logs that you want the device to send to this syslog server The lower the number the more critical the logs are Apply Click Apply to sa...

Page 204: ...ange and does not have an end time 29 1 1 What You Can Do Use the Time Range screen Section 29 2 on page 204 to view or define a schedule on the Switch 29 2 Configuring Time Range Click SYSTEM Time Range in the navigation panel to display the screen as shown Figure 147 SYSTEM Time Range The following table describes the labels in this screen Table 95 SYSTEM Time Range LABEL DESCRIPTION Select an e...

Page 205: ...urday Recurring schedules are useful for defining the workday and off work hours Range This field displays the time periods to which this schedule applies Add Edit Click Add Edit to add a new schedule rule or edit a selected one Delete Click Delete to remove the selected rules Table 95 SYSTEM Time Range continued LABEL DESCRIPTION Table 96 SYSTEM Time Range Add Edit LABEL DESCRIPTION Name Enter a ...

Page 206: ... want to define a recurring schedule for multiple non consecutive time periods You need to select each day of the week the recurring schedule is effective You also need to specify the hour and minute when the schedule begins and ends each day The schedule begins and ends in the same day Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is t...

Page 207: ...ters introduces the configurations of the links under the PORT navigation panel Quick links to chapters Auto PD Recovery for PoE models only Flex Link Green Ethernet Link Aggregation Link Layer Discovery Protocol LLDP OAM PoE Setup for PoE models only Port Setup ZULD ...

Page 208: ...to enable and configure automatic PD recovery on the Switch 31 2 Auto PD Recovery This screen lets you turn on automatic PD recovery on the Switch and its Ethernet ports You can configure whether the Switch uses LLDP or ping to check the current status of a connected PD The ping is sent through the Switch s default management IP address to the designated port To ping the PD the port must share the...

Page 209: ...Auto PD Recovery on the ports Mode Select LLDP to have the Switch passively monitor current status of the connected PD by reading LLDP packets from the PD on the port The Switch also sends out LLDP packets to the PD to update the Switch Neighbor table on the PD Select Ping to have the Switch ping the IP address of the connected PD to test whether the PD is reachable or not Neighbor Name If Mode is...

Page 210: ...ppears from the Switch s LLDP table and the PD Health status LED will turn to yellow in the MONITOR Neighbor screen Select Alarm to have the Switch send an SNMP trap and generate a log message Resume Polling Interval sec Specify the number of seconds the Switch waits before monitoring the PD status again after it restarts the PD on the port PD Reboot Count Specify how many times the Switch attempt...

Page 211: ...ghbor IP field The default setting for Polling Interval sec 20 secs and Polling Count 3 times will cause the Switch to ping the PD status every 20 seconds If there is no ping reply from the PD Polling Count starts to count from 1 Once Polling Count reaches 3 the Switch will cause a Reboot Alarm on the PD as selected in Action When you select LLDP the Switch monitors the PD status by checking incom...

Page 212: ...Resume Polling Interval When the PD Reboot Count value is reached the Switch will no longer perform the PD recovery process The PD Health status LED will turn to red in the MONITOR Neighbor screen 5 Click Apply to save your changes back to the run time memory 6 Click the Save link in the upper right corner of the Web Configurator to save your configuration permanently Note In the event of a PD per...

Page 213: ...up link automatically goes up and is able to forward traffic Preemption Enable Preemption to have the Switch automatically return the primary port to FORWARDING state after the connection from the primary port resumes and the backup port return to BLOCKING The Switch will wait for the specified Preemption Delay Time before changing the primary port state to FORWARDING and backup port state to BLOC...

Page 214: ...ort This displays the port number of the primary link Backup Port This displays the port number of the backup link State This displays the link status of the Primary port and Backup port Down The link is down Up The link is up and the port state is FORWARDING Standby The link is up and the port state is BLOCKING Note Only one port can be up in a flex link pair Table 99 PORT Flex Link Flex Link Set...

Page 215: ... Flex Link Setup continued LABEL DESCRIPTION Table 100 PORT Flex Link Flex Link Setup Add Edit LABEL DESCRIPTION Primary Port Enter a port number to be the primary port Backup Port Enter a port number to be the backup port Preemption Select this to enable the Preemption mode on the flex link pair If Preemption is disabled if the primary port is down then comes back up it will remain in the BLOCKIN...

Page 216: ...to return the link to active mode Auto Power Down Auto Power Down turns off almost all functions of the port s physical layer functions when the link is down so the port only uses power to check for a link up pulse from the link partner After the link up pulse is detected the port wakes up from Auto Power Down and operates normally Short Reach Traditional Ethernet transmits all data with enough po...

Page 217: ...ng the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them EEE Select this to activate Energy Efficient Ethernet on this port Auto Power Down Select this to activate Auto Power Down on this port Short Reach Select this to activate Short Reach on this port Apply Click Apply to save your ch...

Page 218: ...y transmitting data as one logical link in the trunk group and so on Use the Link Aggregation Setting screen Section 34 3 on page 221 to configure static link aggregation Use the Link Aggregation Control Protocol screen Section 34 4 on page 222 to enable Link Aggregation Control Protocol LACP 34 1 2 What You Need to Know The Switch supports both static and dynamic link aggregation Note In a proper...

Page 219: ...gation Load sharing works by statically splitting the traffic based on source or destination IP MAC address and then distributing the load across multiple paths In link aggregation this allows the trunk group ports to transmit data as one logical link to a single or group of hosts on the network Unicast and non unicast traffic network load sharing over link aggregation trunking is enabled by defau...

Page 220: ...ging to this trunk group and LACP is also enabled for this group Criteria This shows the outgoing traffic distribution algorithm used in this trunk group Packets from the same source and or to the same destination are sent over the same link within the trunk src mac means the Switch distributes traffic based on the packet s source MAC address dst mac means the Switch distributes traffic based on t...

Page 221: ... aggregation Figure 158 PORT Link Aggregation Link Aggregation Setting The following table describes the labels in this screen Table 105 PORT Link Aggregation Link Aggregation Setting LABEL DESCRIPTION This is the only screen you need to configure to enable static link aggregation Group ID The field identifies the link aggregation group that is one logical link containing multiple ports Active Sel...

Page 222: ...te traffic based on the packet s destination MAC address Select src dst mac to distribute traffic based on a combination of the packet s source and destination MAC addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distribute traffic based on a combination of the...

Page 223: ... switch with the lowest system priority and lowest port number if system priority is the same becomes the LACP server The LACP server controls the operation of LACP setup Enter a number to set the priority of an active port using Link Aggregation Control Protocol LACP The smaller the number the higher the priority level Use this section to enable LACP on trunks Group ID The field identifies the li...

Page 224: ... only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them LACP Timeout Timeout is the time interval between the individual port exchanges of LACP packets in order to check that the peer port in the trunk group is still up...

Page 225: ...Chapter 34 Link Aggregation XGS2220 Series User s Guide 225 Figure 161 Trunking Example Configuration Screen Your trunk group 1 T1 configuration is now complete ...

Page 226: ...he form of TLV Type Length Value Device information carried in the received LLDPDUs is stored in the standard MIB The Switch supports these basic management TLVs End of LLDPDU mandatory Chassis ID mandatory Port ID mandatory Time to Live mandatory Port Description optional System Name optional System Description optional System Capabilities optional Management Address optional The Switch also supp...

Page 227: ...and easy trouble shooting for mis configured IP addresses There are three classes of endpoint devices that the LLDP MED supports Class I IP Communications Controllers or other communication related servers Class II Voice Gateways Conference Bridges or Media Servers Class III IP Phones PC based Softphones End user Communication Appliances supporting IP Media The following figure shows that with the...

Page 228: ...ting screen Section 35 7 on page 241 to configure organization specific TLV settings on each port 35 2 2 What You Can Do LLDP MED Use the LLDP MED Setup screen Section 35 8 on page 242 to configure LLDP MED Link Layer Discovery Protocol for Media Endpoint Devices parameters Use the LLDP MED Network Policy screen Section 35 9 on page 243 to configure LLDP MED Link Layer Discovery Protocol for Media...

Page 229: ... Description This shows the firmware version of the Switch System Capabilities TLV This shows the System Capabilities enabled and supported on the local Switch System Capabilities Supported Bridge System Capabilities Enabled Bridge Management Address TLV The Management Address TLV identifies an address associated with the local LLDP agent that may be used to reach higher layer entities to assist d...

Page 230: ...s the number of the Switch port which receives the LLDPDU from the remote device Click a port number to view the detailed LLDP status on this port in the LLDP Local Port Status Detail screen Port ID Subtype This indicates how the port ID field is identified Port ID This is an alpha numeric string that contains the specific identifier for the port from which this LLDPDU was transmitted Port Descrip...

Page 231: ...Chapter 35 Link Layer Discovery Protocol LLDP XGS2220 Series User s Guide 231 Figure 165 PORT LLDP LLDP LLDP Local Status LLDP Local Port Status Detail ...

Page 232: ...result of auto negotiation during link initiation or manual override AN Supported Displays if the port supports or does not support auto negotiation AN Enabled The current auto negotiation status of the port AN Advertised Capability The auto negotiation capabilities of the port Oper MAU Type The current Medium Attachment Unit MAU type of the port Link Aggregation TLV The Link Aggregation TLV indic...

Page 233: ...ress LCI Coordinate based LCI Latitude longitude and altitude coordinates of the location Configuration Information LCI Civic LCI IETF Geopriv Civic Address based Location Configuration Information ELIN Emergency Location Identifier Number Table 108 PORT LLDP LLDP LLDP Local Status LLDP Local Port Status Detail continued LABEL DESCRIPTION Table 109 PORT LLDP LLDP LLDP Remote Status LABEL DESCRIPTI...

Page 234: ...is displays a description for the port from which this LLDPDU was transmitted System Name This displays the system name of the remote device Management Address This displays the management address of the remote device It could be the MAC address or IP address Table 109 PORT LLDP LLDP LLDP Remote Status continued LABEL DESCRIPTION Table 110 PORT LLDP LLDP LLDP Remote Status LLDP Remote Port Status ...

Page 235: ...ng devices ages out and is discarded when its corresponding TTL expires The TTL value is to multiply the TTL multiplier by the LLDP frames transmitting interval Port Description TLV Port Description This displays the remote port description System Name TLV System Name This displays the system name of the remote device System Description TLV System Description This displays the system description o...

Page 236: ...ing 802 3 node It also advertises the current duplex and bit rating of the sending node Lastly it advertises whether these setting were the result of auto negotiation during link initiation or manual override AN Supported Displays if the port supports or does not support auto negotiation AN Enabled The current auto negotiation status of the port AN Advertised Capability The auto negotiation capabi...

Page 237: ... Discovery MED is an extension of LLDP that provides additional capabilities to support media endpoint devices MED enables advertisement and discovery of network policies device location discovery to allow creation of location databases and information for troubleshooting Capabilities TLV This displays the MED capabilities the remote port supports Network Policy Location Extend Power via MDI PSE E...

Page 238: ...at it should move to a power conservation mode Power Source Whether or not the Endpoint is currently operating from an external power source Power Priority The Endpoint Device s power priority which the Network Connectivity Device may use to prioritize which devices will remain in service during power shortages Power Value Power requirement in fractions of Watts in current configuration Network Po...

Page 239: ...mitting interval Transmit Delay Enter the delay in seconds between successive LLDPDU transmissions initiated by value or status changes in the Switch MIB Reinitialize Delay Enter the number of seconds for LLDP to wait before initializing on a port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save...

Page 240: ...e Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 113 PORT LLDP LLDP LLDP Setup continued LABEL DESCRIPTION Table 114 PORT LLDP LLDP Basic TLV Setting LABEL DESCRIPTION Port This displays the S...

Page 241: ...me Select the check boxes to enable or to disable the sending of System Name TLVs on the ports Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring ...

Page 242: ...enable or disable the sending of IEEE 802 3 Link Aggregation TLVs on the ports MAC PHY Select the check boxes to enable or disable the sending of IEEE 802 3 MAC PHY Configuration Status TLVs on the ports All check boxes in this column are enabled by default Max Frame Size Select the check boxes to enable or disable the sending of IEEE 802 3 Max Frame Size TLVs on the ports Apply Click Apply to sav...

Page 243: ... Select to enable transmitting LLDP MED Network Policy TLV Apply Click Apply to save the changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 117 PORT LLD...

Page 244: ...twork Policy Add Edit LABEL DESCRIPTION Port Enter the port number to set up the LLDP MED network policy You can enter multiple ports separated by no space comma or hyphen for a range For example enter 3 5 for ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 Application Type Select the type of application used in the network policy voice voice signaling guest voice guest voice signaling softphone v...

Page 245: ... Add Edit continued LABEL DESCRIPTION Table 119 PORT LLDP LLDP MED LLDP MED Location LABEL DESCRIPTION Index This lists the index number of the location configuration Click an index number to view or edit the location Port This lists the port number of the location configuration Location Coordinates This field displays the location configuration information based on geographical coordinates that i...

Page 246: ...t Enter the port number you want to set up the location within the LLDP MED network Location Coordinates The LLDP MED uses geographical coordinates and Civic Address to set the location information of the remote device Geographical based coordinates includes latitude longitude altitude and datum Civic Address includes Country State County City Street and other related information Latitude Enter th...

Page 247: ...eading Street Direction Street Suffix Trailing Street Suffix House Number House Number Suffix Landmark Additional Location Name Zip Code Building Unit Floor Room Number Place Type Postal Community Name Post Office Box Additional Code ELIN Number Enter a numerical digit string corresponding to the ELIN identifier which is used during emergency call setup to a traditional CAMA or ISDN trunk based PS...

Page 248: ...ubleshoot network connection problems The Switch supports the following IEEE 802 3ah features Discovery this identifies the devices on each end of the Ethernet link and their OAM configuration Remote Loopback this can initiate a loopback test between Ethernet devices 36 1 1 What You Can Do Use the OAM Status screen Section 36 2 on page 248 to view the configuration of ports on which Ethernet OAM i...

Page 249: ...field displays the operational state of the port when OAM is enabled on the port Active Allows the port to issue and respond to Ethernet OAM commands Passive Allows the port to respond to Ethernet OAM commands Remote This section displays information about the remote device Mac Address This field displays the MAC address of the remote device OUI This field displays the OUI first 3 bytes of the MAC...

Page 250: ...e following table describes the fields in the above screen Table 122 PORT OAM OAM Status OAM Details LABEL DESCRIPTION Port No This field displays the port number Discovery This section displays OAM configuration details and operational status of the port on the Switch and or the remote device ...

Page 251: ...and dying gasp Link events are sent in event notification PDUs and indicate when the number of errors in a given interval time number of frames number of symbols or number of error frame seconds exceeds a specified threshold Organizations may create organization specific link event TLVs as well Variable retrieval This field indicates whether or not the port can respond to requests for more informa...

Page 252: ...rnet device that is connected to the Switch Vendor oui This field displays the Organizationally Unique Identifiers OUI representing the vendor of the IEEE 802 3ah enabled remote Ethernet device that is connected to the Switch Statistics This section displays the number of OAM packets transferred on the port of the Switch Information OAMPDU Tx This field displays the number of OAM PDUs sent on the ...

Page 253: ...t Unsupported OAMPDU Rx This field displays the number of unsupported OAM PDUs received on the port Table 122 PORT OAM OAM Status OAM Details continued LABEL DESCRIPTION Table 123 PORT OAM OAM Setup LABEL DESCRIPTION Active Enable the switch button to enable Ethernet OAM on the Switch Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to ...

Page 254: ...s Remote Loopback Supported Select this check box to enable the remote loopback feature on the port Otherwise clear the check box to disable it Remote Loopback Ignore Rx Select this check box to set the Switch to process loopback commands received on the port Otherwise clear the check box to have the Switch ignore loopback commands received on the port Apply Click Apply to save your changes to the...

Page 255: ...st frames Packet Size Define the allowable packet size of the loopback test frames Test Click Test to begin the test Remote Loopback Mode Port Enter the number of the port from which the Switch sends loopback control PDUs to initiate or terminate a remote loopback test Start Click Start to initiate a remote loopback test from the specified port by sending Enable Loopback Control PDUs to the remote...

Page 256: ...at it can receive power from another device through an Ethernet port In the figure below the IP camera and IP phone get their power directly from the Switch Aside from minimizing the need for cables and wires PoE removes the hassle of trying to find a nearby electric outlet to power up devices Figure 182 Powered Device Examples You can also set priorities so that the Switch is able to reserve and ...

Page 257: ... in PORT PoE Setup PoE Setup PoE Usage Threshold This field displays the percentage of PoE usage The Switch will generate a trap and or a log when the usage exceeds the specified threshold Consuming Power W This field displays the amount of power the Switch is currently supplying to the connected PoE enabled devices Allocated Power W This field displays the total amount of power the Switch in clas...

Page 258: ...ds the total PoE power budget on the Switch you can set the priority to allow the Switch to provide power to ports with higher priority first Critical has the highest priority High has the Switch assign power to the port after all critical priority ports are served Low has the Switch assign power to the port after all critical and high priority ports are served Power Up This field displays the PoE...

Page 259: ...what you configure in Max Power or the standard power limit for each class Consumption Select this if you want the Switch to supply the actual power that the PD needs The Switch also allocates power based on a port s Max Power and the PD s power class and priority level The Switch puts a limit on the maximum amount of power the PD can request and use In this mode the default maximum power that can...

Page 260: ...e 189 for more information on configuring SNMP PoE Usage Threshold Enter a number ranging from 1 to 99 to set the threshold The Switch will generate a trap and or log when the actual PoE usage is higher than the specified threshold Port This is the port index number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first...

Page 261: ...rd and requests power higher than a standard power limit Pre 802 3bt the Switch offers power on the port according to the IEEE 802 3bt standard Select this option if the connected PD was developed before the IEEE 802 3bt standard is implemented but requires power between 33 W and 60 W IEEE 802 3bt is also known as PoE or PoE Plus Plus 802 3bt the Switch supports the IEEE 802 3bt standard and can s...

Page 262: ...button Figure 186 PORT PoE Setup PoE Time Range Setup Add Edit Table 127 PORT PoE Setup PoE Time Range Setup LABEL DESCRIPTION Port This field displays the index number of the port Click a port number to change the schedule settings Time Range Profiles This field displays the name of the schedule which is applied to the port PoE is enabled at the specified time or date Select an entry s check box ...

Page 263: ...efined schedule to control when the Switch enables PoE to provide power on the port To select more than one schedule press SHIFT and select the choices at the same time Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memo...

Page 264: ...o all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable a port The factory default for all ports is enabled A port must be enabled for data transmission to ...

Page 265: ...s fill Back Pressure flow control is typically used in half duplex mode to send a collision signal to the sending port mimicking a state of packet collision causing the sending port to temporarily stop sending signals and resend later Select Tx Rx to allow the Switch port to send pause signal to the connected device and for the connected device to send a pause signal to the Switch The Switch will ...

Page 266: ...ectional as B cannot send packets to S1 although the S1 B link is up Similarly S2 S1 is unidirectional as S1 cannot send packets to S2 although the S1 S2 link is up Figure 188 ZULD Overview 39 1 1 What You Can Do Use the ZULD Status screen Section 39 2 on page 267 to see details on ZULD Use the ZULD Setup screen Section 39 3 on page 268 to enable ZULD on a port configure a mode and set the probe t...

Page 267: ...disable Errdisable Recovery and set the interval for ZULD After the interval expires the closed ports will become active and start receiving packets again Use the command port no inactive Refer to the ZULD logs to see when a unidirectional link is detected and when it is recovered to a bidirectional link 39 2 ZULD Status Use this screen to see details of unidirectional and bidirectional links disc...

Page 268: ...e the port is not yet up Probe This indicates that ZULD is discovering the connected device on this link Bidirectional Traffic sent by the Switch is received by the connected device on this link and traffic from the connected device on this link is received by the Switch Unidirectional The state of the link between the port and its connected port cannot be determined either because no ZULD message...

Page 269: ...Normal or Aggressive In Normal mode ZULD only sends a syslog and trap when it detects a unidirectional link In Aggressive mode ZULD shuts down the port puts it into an ErrDisable state as well as sends a syslog and trap when it detects a unidirectional link Probe Time Type the length of time that ZULD waits before declaring that a link is unidirectional When the probe time expires and one port eit...

Page 270: ...NG navigation panel Quick links to chapters Layer 2 Protocol Tunneling Loop Guard MAC Pinning Mirroring Multicast Static Multicast Forwarding PPPoE Differentiated Services Queuing Method Priority Queue Bandwidth Control sFlow Spanning Tree Protocol Static MAC Filtering Static MAC Forwarding VLAN VLAN Isolation VLAN Mapping VLAN Stacking ...

Page 271: ...he packets 41 1 2 What You Need to Know Layer 2 protocol tunneling L2PT is used on the service provider s edge devices L2PT allows edge switches 1 and 2 in the following figure to tunnel layer 2 STP Spanning Tree Protocol CDP Cisco Discovery Protocol and VTP VLAN Trunking Protocol packets between customer switches A B and C in the following figure connected through the service provider s network T...

Page 272: ... Tunneling Mode Each port can have two layer 2 protocol tunneling modes Access and Tunnel The Access port is an ingress port on the service provider s edge device 1 or 2 in Figure 192 on page 272 and connected to a customer switch A or B Incoming layer 2 protocol packets received on an access port are encapsulated and forwarded to the tunnel ports The Tunnel port is an egress port at the edge of t...

Page 273: ...ervice provider s network should be set to use the same MAC address for encapsulation Port This field displays the port number means all ports Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them CDP Select this option to have the Switch tunnel CDP C...

Page 274: ...this option to have the Switch send UDLD packets to a peer s port it connected to monitor the physical status of a link Mode Select Access to have the Switch encapsulate the incoming layer 2 protocol packets and forward them to the tunnel ports Select Access for ingress ports at the edge of the service provider s network Note You can enable L2PT services for STP LACP VTP CDP UDLD PAgP and LLDP on ...

Page 275: ...n the Switch and in specific ports 42 1 2 What You Need to Know Loop guard is designed to handle loop problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a switch are connected with the same cable When a switch in loop state sends out broadcast messages the message...

Page 276: ...on switch A sending a probe packet P to switch B Since switch B is in loop state the probe packet P returns to port N on A The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state Figure 196 Loop Guard Probe Packet The Switch also shuts down port N if the probe packet returns to switch A on any other port In other words loop guard also pr...

Page 277: ...w only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends broadcast and multicast probe packets from this port to check if the s...

Page 278: ...ows you to set a port or multiple ports to have priority over other ports in MAC address learning That means when a MAC address and VLAN ID is learned on a MAC pinning enabled port the MAC address will not be learned on any other port until the aging time for the dynamically learned MAC address in the table expires This helps enhance security For example when an attacker A sends packets to all con...

Page 279: ...o set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable MAC pinning on this port The port then has priority over other ports in MAC address learning Clear this check box to disable MAC pinning Apply Click Apply to save your changes to the Switch s run time memory...

Page 280: ...44 1 1 What You Need to Know Read on for concepts on Mirroring that can help you configure the screens in this chapter The Switch supports both local port mirroring and remote port mirroring In local port mirroring the mirroring ports through which traffic you copy passes and the monitor port are on the same device 44 2 Local Port Mirroring Click SWITCHING Mirroring Mirroring in the navigation pan...

Page 281: ...is row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify the direction of the traffic to mirror by selec...

Page 282: ...addresses of multicast groups the hosts want to join on its network MLD snooping and MLD proxy are analogous to IGMP snooping and IGMP proxy in IPv4 MLD filtering controls which multicast groups a port can join 45 1 1 What You Can Do IPv4 Multicast Use the IPv4 Multicast Status screen Section 45 2 on page 286 to view IPv4 multicast group information Use the IGMP Snooping screen Section 45 3 on pag...

Page 283: ...me functionality as IPv4 broadcast addresses Broadcasting is not supported in IPv6 A multicast address allows a host to send packets to all hosts in a multicast group Multicast scope allows you to determine the size of the multicast group A multicast address has a predefined prefix of ff00 8 IGMP Filtering With the IGMP filtering feature you can control which IGMP groups a subscriber on a port can...

Page 284: ...e upstream port in MLD snooping proxy can report group changes to a connected multicast router and forward MLD messages to other upstream ports This helps especially when you want to have a network that uses STP to provide backup links between switches and also performs MLD snooping and proxy functions MLD snooping proxy like MLD proxy can minimize MLD control messages and allow better network per...

Page 285: ...n the multicast VLAN This improves bandwidth utilization with reduced multicast traffic in the subscriber VLANs and simplifies multicast group management MVR only responds to IGMP join and leave control messages from multicast groups that are configured under MVR Join and leave reports from other multicast groups are managed by IGMP snooping The following figure shows a network example The subscri...

Page 286: ...forwarding table on the Switch This maps the subscriber VLAN to the list of forwarding destinations for the specified multicast traffic When the subscriber changes the channel or turns off the computer an IGMP leave message is sent to the Switch to leave the multicast group The Switch sends a query to VLAN 1 on the receiver port in this case an uplink port on the Switch If there is another subscri...

Page 287: ...5 1 on page 282 for more information on multicasting Figure 204 SWITCHING Multicast IPv4 Multicast IGMP Snooping Table 136 SWITCHING Multicast IPv4 Multicast IPv4 Multicast Status LABEL DESCRIPTION Index This is the index number of the entry VID This field displays the multicast VLAN ID Port This field displays the port number that belongs to the multicast group Multicast Group This field displays...

Page 288: ... elapses before the Switch removes an IGMP group membership entry if it does not receive report messages from the port 802 1p Priority Select a priority level 0 7 to which the Switch changes the priority in outgoing IGMP control packets Otherwise select No Change to not replace the priority IGMP Filtering Active Enable the switch button to enable IGMP filtering to control which IGMP groups a subsc...

Page 289: ...ch use this timeout to update the forwarding table for the port In normal leave mode when the Switch receives an IGMP leave message from a host on a port it forwards the message to the multicast router The multicast router then sends out an IGMP Group Specific Query GSQ message to determine whether other hosts connected to the port should remain in the specific multicast group The Switch forwards ...

Page 290: ... IGMP filtering profiles in the SWITCHING Multicast IPv4 Multicast IGMP Filtering Profile screen IGMP Querier Mode The Switch treats an IGMP query port as being connected to an IGMP multicast router or server The Switch forwards IGMP join or leave packets to an IGMP query port Select Auto to have the Switch use the port as an IGMP query port if the port receives IGMP query packets Select Fixed to ...

Page 291: ... Multicast MVR screen you can only specify up to 15 VLANs in this screen The Switch drops any IGMP control messages which do not belong to these 16 VLANs You must also enable IGMP snooping in the SWITCHING Multicast IPv4 Multicast IGMP Snooping screen first Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so us...

Page 292: ...ive name of the VLAN for identification purposes You can enter up to 32 printable ASCII characters except or VID Enter the ID of a static VLAN the valid range is between 1 and 4094 Note You cannot configure the same VLAN ID as in the SWITCHING Multicast MVR screen Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses powe...

Page 293: ...t IPv4 Multicast IGMP Filtering Profile continued LABEL DESCRIPTION Table 141 SWITCHING Multicast IPv4 Multicast IGMP Filtering Profile Add Profile LABEL DESCRIPTION Profile Name Enter a descriptive name for the profile for identification purposes You can enter up to 32 printable ASCII characters except or Start Address Type the starting multicast IP address for a range of multicast IP addresses t...

Page 294: ...IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile End Address Type the ending multicast IP address for a range of IP addresses that you want to belong to the IGMP filter profile If you want to add a single multicast IP address enter it in both the Start Address and End Address fields Apply Click Apply to save your changes to the Switch s run time m...

Page 295: ...D group membership entry if it does not receive report messages from the port Table 143 SWITCHING Multicast IPv6 Multicast IPv6 Multicast Status continued LABEL DESCRIPTION Table 144 SWITCHING Multicast IPv6 Multicast MLD Snooping proxy LABEL DESCRIPTION MLD Snooping proxy Use these settings to configure MLD snooping proxy Active Enable the switch button to enable MLD snooping proxy on the Switch ...

Page 296: ...screen to display this screen Figure 213 SWITCHING Multicast IPv6 Multicast VLAN Add Edit Table 145 SWITCHING Multicast IPv6 Multicast VLAN MLD Snooping proxy VLAN LABEL DESCRIPTION MLD Snooping proxy VLAN Index This is the index number of the MLD snooping proxy VLAN entry in the table VID This field displays the ID number of the VLAN group Select an entry s check box to select a specific entry Ot...

Page 297: ...bustness Variable Robustness Variable Enter the number of queries A multicast address entry learned only on an upstream port by snooping is removed from the forwarding table when there is no response to the configured number of queries sent by the router connected to the upstream port This value should be exactly the same as what s configured in the connected multicast router This value is used to...

Page 298: ...ngs Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Port Role A port on the Switch can be either a Downstream port or Upstr...

Page 299: ...he forwarding table for the specified downstream ports This defines how many seconds the Switch waits for an MLD report before removing an MLD snooping membership entry learned on a downstream port when an MLD Done message is received on this port from a host Fast Leave Timeout Enter the fast leave timeout in milliseconds for the specified downstream ports This defines how many seconds the Switch ...

Page 300: ...on to limit the number of multicast groups this port is allowed to join Max Group Number Enter the number of multicast groups this port is allowed to join Once a port is registered in the specified number of multicast groups any new MLD Report message is dropped on this port MLD Snooping proxy Filtering Profile Select the name of the MLD filtering profile to use for this port Otherwise select Defa...

Page 301: ...g Profile LABEL DESCRIPTION MLD Snooping proxy Filtering Profile Profile Name This field displays the descriptive name of the profile Start Address This field displays the start of the multicast IPv6 address range End Address This field displays the end of the multicast IPv6 address range Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row...

Page 302: ...ional rules for a profile that you have already added enter the profile name and specify a different IP multicast address range Start Address Type the starting multicast IPv6 address for a range of multicast IPv6 addresses that you want to belong to the MLD filtering profile End Address Type the ending multicast IPv6 address for a range of IPv6 addresses that you want to belong to the MLD filterin...

Page 303: ...rofile End Address Type the ending multicast IPv6 address for a range of IPv6 addresses that you want to belong to the MLD filtering profile If you want to add a single multicast IPv6 address enter it in both the Start Address and End Address fields Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Sa...

Page 304: ...erwise select the check box in the table heading row to select all entries Add Edit Click Add Edit to add a new multicast VLAN or edit a selected one Delete Select the entries that you want to remove then click Delete to delete multicast VLANs Table 152 SWITCHING Multicast MVR continued LABEL DESCRIPTION Table 153 SWITCHING Multicast MVR Add Edit LABEL DESCRIPTION Active Enable the switch button t...

Page 305: ...se this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Source Port Select this option to set this port as the MVR source port that sends and receives multicast traffic All source ports must belong to a single mul...

Page 306: ...AN This field displays the multicast VLAN ID Group Name This field displays the descriptive name for this setting Start Address This field displays the starting IP address of the multicast group End Address This field displays the ending IP address of the multicast group Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all ent...

Page 307: ... ID Select a multicast VLAN ID that you configured in the MVR screen from the drop down list box Group Name Enter a descriptive name for identification purposes You can enter up to 32 printable ASCII characters except or Start Address Enter the starting IP multicast address of the multicast group in dotted decimal notation End Address Enter the ending IP multicast address of the multicast group in...

Page 308: ...e multicast group traffic to the subscribers click Add Edit in the SWITCHING Multicast MVR Group Setup screen and configure multicast group settings The following figure shows an example where two IPv4 multicast groups News and Movie are configured for the multicast VLAN 200 Figure 225 MVR Group Configuration Example Add ...

Page 309: ...Chapter 45 Multicast XGS2220 Series User s Guide 309 Figure 226 MVR Group Configuration Example View ...

Page 310: ...ving device A static multicast address is a multicast MAC address or multicast IPv4 address that has been manually entered in the multicast table This identifies the destination of the multicast content Multicast IPv4 addresses uses the Class D IP addresses range 224 0 0 0 to 239 255 255 255 Multicast MAC addresses have a 1 as the last binary bit of the first octet pair for example 01 00 5e 00 00 ...

Page 311: ...a static multicast MAC address forwarding rule is active or not You may temporarily deactivate a rule without deleting it Name This field displays the descriptive name for identification purposes for a static multicast MAC address forwarding rule MAC Address This field displays the multicast MAC address that identifies a multicast group VID This field displays the ID number of a VLAN group to whic...

Page 312: ... static multicast MAC address forwarding rule This is for identification only MAC Address Enter a multicast MAC address which identifies the multicast group The last binary bit of the first octet pair in a multicast MAC address must be 1 For example the first octet pair 00000001 is 01 in hexadecimal so 01 00 5e 00 00 0A and 01 00 5e 00 00 27 are valid multicast MAC addresses VID You can forward fr...

Page 313: ... static multicast IP address forwarding rule IP Address This field displays the multicast IP address that identifies a multicast group VID This field displays the ID number of a VLAN group to which frames containing the specified multicast IP address will be forwarded Port This field displays the ports within an identified VLAN group to which frames containing the specified multicast IP address wi...

Page 314: ...ts separated by no space comma or hyphen For example enter 3 5 for ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to ...

Page 315: ...ntermediate Agent screen Section 47 2 on page 317 to enable the PPPoE Intermediate Agent on the Switch Use the PPPoE IA Port screen Section 47 3 on page 319 to set the port state and configure PPPoE intermediate agent sub options on a per port basis Use the PPPoE IA Port VLAN screen Section 47 4 on page 320 to configure PPPoE IA settings that apply to a specific VLAN on a port Use the PPPoE IA VLA...

Page 316: ...ircuit ID Syntax with Identifier String and Variables If you do not configure a Circuit ID string for a VLAN on a specific port or for a specific port the Switch adds the user defined identifier string and variables into the Agent Circuit ID Sub option The variables can be the slot ID of the PPPoE client the port number of the PPPoE client and or the VLAN ID on the PPPoE packet The identifier stri...

Page 317: ...ry Terminate packet is sent from a PPPoE server and received on a trusted port the Switch forwards it to all other ports If a PADI or PADR packet is sent from a PPPoE client but received on a trusted port the Switch forwards it to other trusted ports Note The Switch will drop all PPPoE discovery packets if you enable the PPPoE intermediate agent and there are no trusted ports Untrusted ports are c...

Page 318: ... user defined identifier string and variables specified in the Option field to PADI or PADR packets from PPPoE clients If you leave this option unselected and do not configure any Circuit ID string using CLI commands on the Switch the Switch will use the string specified in the Access Node Identifier field Identifier String Specify a string that the Switch adds in the Agent Circuit ID sub option Y...

Page 319: ...re are no trusted ports Click the SWITCHING PPPoE Intermediate Agent PPPoE IA Port screen to display the screen as shown Figure 233 SWITCHING PPPoE Intermediate Agent PPPoE IA Port The following table describes the labels in this screen Table 166 SWITCHING PPPoE Intermediate Agent PPPoE IA Port LABEL DESCRIPTION Port This field displays the port number means all ports Use this row to make the sett...

Page 320: ...a PPPoE server but received on an untrusted port Circuit ID Enter a string of up to 63 ASCII characters except or that the Switch adds into the Agent Circuit ID sub option for PPPoE discovery packets received on this port Spaces are allowed The Circuit ID you configure for a specific VLAN on a port in the SWITCHING PPPoE Intermediate Agent PPPoE IA Port VLAN screen has the highest priority Remote ...

Page 321: ... the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Changes in this row are copied to all the VLANs as soon as you make them Circuit ID Enter a string of up to 63 ASCII characters except or that the Switch adds into the Agent Circuit ID sub option for this VLAN on the specified port Spaces are allowed The Circuit ID you configure here has the hi...

Page 322: ...ck Apply to display the specified range of VLANs in the section below VID This field displays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Changes in this row are copied to all the VLANs as soon as you ...

Page 323: ... give advanced notice of where the traffic is going 48 1 1 What You Can Do Use the Diffserv screen Section 48 2 on page 324 to activate DiffServ to apply marking rules or IEEE 802 1p priority mapping on the Switch Use the DSCP Setting screen Section 48 3 1 on page 326 to change the DSCP IEEE 802 1p mapping 48 1 2 What You Need to Know Read on for concepts on Differentiated Services that can help y...

Page 324: ...ent traffic flows Platinum Gold Silver Bronze based on the configured marking rules A network administrator can then apply various traffic policies to the traffic flows An example traffic policy is to give higher drop precedence to one traffic flow over others In our example packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Platinum tra...

Page 325: ...f a port on the Switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select Active to enable Diffserv on the port Apply Click Apply to save your changes to...

Page 326: ... SWITCHING QoS Diffserv DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to sav...

Page 327: ...o the Switch traffic on the highest priority queue Q7 is transmitted first When that queue empties traffic on the next highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent SPQ does not automatically adapt to changing network requirements Weighted Fair Que...

Page 328: ...r weights This queuing mechanism is highly efficient in that it divides any available bandwidth across the different traffic queues and returns to queues that have not yet emptied 49 2 Configuring Queuing Use this screen to set priorities for the queues of the Switch This distributes bandwidth across the different traffic queues Click SWITCHING QoS Queuing Method to display the screen as shown bel...

Page 329: ...s with larger weights get more service than queues with smaller weights Weight When you select WFQ or WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their weights Hybrid SPQ Lowest Queue This field is applicable only when you select WFQ or WRR Select a queue Q0 to Q7 to have the Switch use SPQ to service the subsequent queues after and includi...

Page 330: ...iority level to physical queue mapping The Switch has eight physical queues that you can map to the eight priority levels On the Switch traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested 50 1 1 What You Can Do Use the Priority Queue screen Section 50 2 on page 330 to configure the priority level to physical queue m...

Page 331: ... consumes high bandwidth and is sensitive to jitter Priority 4 Typically used for controlled load latency sensitive traffic such as SNA Systems Network Architecture transactions Priority 3 Typically used for excellent effort or better than best effort and would include important business traffic that can tolerate some delay Priority 2 This is for spare bandwidth Priority 1 This is typically used f...

Page 332: ...ation Rate CIR is the guaranteed bandwidth for the incoming traffic flow on a port The Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion The CIR and PIR should be set for all ports that use the same uplink bandwidth If the CIR is reached packets are sent at the rate up to the PIR When network congestion occurs pac...

Page 333: ...all the ports as soon as you make them Active Select this check box to activate ingress rate limits on this port Ingress Rate Specify the maximum bandwidth allowed in kilobits per second Kbps for the incoming traffic flow on a port Note Ingress rate bandwidth control applies to layer 2 traffic only Active Select this check box to activate egress rate limits on this port Egress Rate Specify the max...

Page 334: ...ta and sends it to an sFlow collector The sFlow collector is a server that collects and analyzes sFlow datagram An sFlow datagram includes packet header input and output interface sampling process parameters and forwarding information sFlow minimizes impact on CPU load of the Switch as it analyzes sample data only sFlow can continuously monitor network traffic and create reports for network perfor...

Page 335: ...d send sFlow datagram to the specified collector Sample rate Enter a number N from 256 to 65535 The Switch captures every one out of N packets for this port and creates sFlow datagram Poll interval Specify a time interval from 20 to 120 in seconds the Switch waits before sending the sFlow datagram and packet counters for this port to the collector Collector Address Enter the IP address of the sFlo...

Page 336: ... the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 175 SWITCHING sFlow continued LABEL DESCRIPTION Table 176 SWITHCING sFlow Collector LABEL DESCRIPTION Index Thi...

Page 337: ...tor If you change the port here make sure you change it on the collector too The default port is 6343 Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to clear the fie...

Page 338: ... the Rapid Spanning Tree Protocol screen Section 53 5 on page 346 to configure RSTP settings Use the Multiple Rapid Spanning Tree Protocol Status screen Section 53 6 on page 348 to view the MRSTP status Use the Multiple Rapid Spanning Tree Protocol screen Section 53 7 on page 350 to configure MRSTP Use the Multiple Spanning Tree Protocol Status screen Section 53 8 on page 353 to view the MSTP stat...

Page 339: ...ge is selected This bridge has the lowest cost to the root among the bridges connected to the LAN How STP Works After a bridge determines the lowest cost spanning tree with STP it enables the root port and the ports that are the designated ports for connected LANs and disables all other ports that participate in STP Network packets are therefore only forwarded between enabled ports eliminating any...

Page 340: ...ns of existing spanning tree protocols STP and RSTP in networks to include the following features One Common and Internal Spanning Tree CIST that represents the entire network s connectivity Grouping of multiple bridges or switching devices into regions that appear as one single bridge on the network A VLAN can be mapped to a specific Multiple Spanning Tree Instance MSTI MSTI allows multiple VLANs...

Page 341: ...ITCHING Spanning Tree Protocol Spanning Tree Setup screen to activate one of the STP standards on the Switch 53 3 Spanning Tree Setup There are three Auto path cost Modes see Table 183 on page 343 Choose the Auto Path cost Mode according to the device average link speeds in the STP network If most of your devices support high link speed you should select Long or User defined mode The path cost of ...

Page 342: ...display the screen as shown Table 180 Auto Path Cost Mode Short LINK SPEED AUTO PATH COST VALUE Up to 4 Mbps 250 Up to 10 Mbps 100 Up to 16 Mbps 62 Up to 100 Mbps 19 Up to 1 Gbps 4 Up to 10 Gbps 2 More than 10 Gbps 1 Table 181 Auto Path Cost Mode Long LINK SPEED AUTO PATH COST VALUE Up to 10 Mbps 2000000 Up to 100 Mbps 200000 Up to 1 Gbps 20000 Up to 2 5 Gbps 8000 Up to 5 Gbps 4000 Up to 10 Gbps 2...

Page 343: ... User defined 32 bit The auto path cost values of each mode are described in Section 53 3 on page 341 Note It is recommended to use the same Auto Path cost Mode on all switches within the spanning tree network system To use the auto path cost feature select the Auto Path cost mode Short Long User defined set a port s Path Cost in the SWITCHING Spanning Tree Protocol RSTP MRSTP and MSTP screens to ...

Page 344: ... more information on RSTP Note This screen is only available after you activate RSTP on the Switch Figure 250 SWITCHING Spanning Tree Protocol Spanning Tree Protocol Status RSTP Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non vola...

Page 345: ...This field displays the port state in STP DISCARDING The port does not forward or process received frames or learn MAC addresses but still listens for BPDUs LEARNING The port learns MAC addresses and processes BPDUs but does NOT forward frames yet FORWARDING The port is operating normally It learns MAC addresses processes BPDUs and forwards received frames Port Role This field displays the role of...

Page 346: ...lays the path cost to the LAN segment to which the port is connected when the port is a designated port Otherwise it displays the path cost to the root bridge from the designated port for the LAN segment to which this port is connected Root Guard State This field displays the state of the port on which root guard is enabled Root inconsistent the Switch receives superior BPDUs on the port and block...

Page 347: ...ached to the network The allowed range is 6 to 40 seconds Forwarding Delay This is the maximum time in seconds the Switch will wait before changing states This delay is required because every Switch must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state o...

Page 348: ...range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port It is recommended to assign this value according to the speed of the bridge The slower the media the higher the cost Note Set the value to 0 to use the auto path cost you set in the SWITCHING Spanning Tree Protocol Spanning Tree Setup screen see Auto Path co...

Page 349: ... is the root switch Hello Time seconds This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age seconds This is the maximum time in seconds the Switch can wait without receiving a configuration message before attempting to reconfigure Forwarding Delay seconds This is the time in second...

Page 350: ...s a best alternate path to the root bridge This path is different from using the root port The port moves to the forwarding state when the designated port for the LAN segment fails Backup A blocked port which has a backup or redundant path to a LAN segment where a designated port is already connected when a switch has two links to the same LAN segment Disabled Not strictly part of STP The port can...

Page 351: ...MRSTP on the Switch Bridge Priority Bridge priority is used in determining the root switch root port and designated port The switch with the highest priority lowest numeric value becomes the STP root switch If all switches have the same priority the switch with the lowest MAC address will then become the root switch Select a value from the drop down list box The lower the numeric value you assign ...

Page 352: ...rom blocking state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge port or when its link status changes Note An edge port becomes a non edge port as soon as it receives a Bridge Protocol Data Unit BPDU Root Guard Select this check box to enable root guard on this port in order to prevent the switch es attached to the...

Page 353: ...ocol Status Click SWITCHING Spanning Tree Protocol Spanning Tree Protocol Status in the navigation panel to display the status screen as shown next Note This screen is only available after you activate MSTP on the Switch Figure 254 SWITCHING Spanning Tree Protocol Spanning Tree Protocol Status MSTP ...

Page 354: ...f the Spanning Tree Configuration Name This field displays the configuration name for this MST region Revision Number This field displays the revision number for this MST region Configuration Digest A configuration digest is generated from the VLAN MSTI mapping information This field displays the 16 octet signature that is included in an MSTP BPDU This field displays the digest when MSTP is activa...

Page 355: ...he root port The port moves to the forwarding state when the designated port for the LAN segment fails Backup A blocked port which has a backup or redundant path to a LAN segment where a designated port is already connected when a switch has two links to the same LAN segment Disabled Not strictly part of STP The port can be disabled manually Designated Bridge ID This field displays the identifier ...

Page 356: ...esignated ports should receive BPDUs at regular intervals Any port that ages out STP information provided in the last BPDU becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the Switch ports attached to the network The allowed range is 6 to 40 seconds Forwarding Delay This is the maximum time in seconds a switch will wait before changing st...

Page 357: ...op navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Instance Use this section to configure MSTI Multiple Spanning Tree Instance settings Instance This field displays the ID of an MST instance VLAN This field displays the VID or VID ranges to which the MST instance is mapped Active Port This fi...

Page 358: ...f you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to add this port to the MST instance Priority Configure the priority for each port here Priority decides which port should be disabled when m...

Page 359: ...a computer An edge port changes its initial STP port state from blocking state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge port or when its link status changes Note An edge port becomes a non edge port as soon as it receives a Bridge Protocol Data Unit BPDU Root Guard Select this check box to enable root guard on...

Page 360: ...figure shows the network example using MSTP Figure 259 MSTP Network Example 53 11 2 MST Region An MST region is a logical grouping of multiple network devices that appears as a single device to the rest of the network Each MSTP enabled device can only belong to one MST region When BPDUs enter an MST region external path cost of paths outside this region is increased by one Internal path cost of pa...

Page 361: ...Regions 1 and 2 have two spanning tree instances Figure 260 MSTIs in Different Regions 53 11 4 Common and Internal Spanning Tree CIST A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of an MST instance are members of the CIST In an MSTP enabled network there is...

Page 362: ...NG Static MAC Filtering in the navigation panel to display the screen as shown next Figure 262 SWITCHING Static MAC Filtering The following table describes the related labels in this screen Table 192 SWITCHING Static MAC Filtering LABEL DESCRIPTION Index This field displays the index number of the rule Active This field displays whether the rule is activated or not Name This field displays the des...

Page 363: ...his check box Name Enter a descriptive name up to 32 printable ASCII characters excluding or for this rule This is for identification only Action Select Discard source to drop the frames from the source MAC address specified in the MAC field The Switch can still send frames to the MAC address Select Discard destination to drop the frames to the destination MAC address specified in the MAC address ...

Page 364: ...le Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Click SWITCHING Static MAC Forwarding in the navigation panel to display the configuration screen as shown Figure 264 SWITCHING Static MAC Forwarding The following table describes the labels in this screen Table 194 SWITCHING Stat...

Page 365: ...C Forwarding continued LABEL DESCRIPTION Table 195 SWITCHING Static MAC Forwarding Add Edit LABEL DESCRIPTION Active Enable the switch button to activate your rule You may temporarily deactivate a rule without deleting it by disabling the switch Name Enter a descriptive name for identification purposes for this static MAC address forwarding rule You can enter up to 32 printable ASCII characters ex...

Page 366: ... the source IP subnet you specify Use the Protocol Based VLAN Setup screen Section 56 9 on page 378 to set up VLANs that allow you to group traffic into logical VLANs based on the protocol you specify Use the Voice VLAN Setup screen Section 56 11 on page 381 to set up VLANs that allow you to group voice traffic with defined priority and enable the Switch port to carry the voice traffic separately ...

Page 367: ...ames and value 4095 FFF is reserved so the maximum possible VLAN configurations are 4094 Forwarding Tagged and Untagged Frames Each port on the Switch is capable of passing tagged or untagged frames To forward a frame from an 802 1Q VLAN aware switch to an 802 1Q VLAN unaware switch the Switch first decides where to forward the frame and then strips off the VLAN tag To forward a frame from an 802 ...

Page 368: ...A and B C D and E automatically allow frames with VLAN group tags 1 and 2 VLAN groups that are unknown to those switches to pass through their VLAN trunking ports Figure 266 Port VLAN Trunking Table 196 IEEE 802 1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually Dynamic VLAN This is a VLAN configured by a GVRP registration or de regi...

Page 369: ...decide whether an incoming frame on a port should be sent to a VLAN group as normal depending on its VLAN tag sent to a group whether it has a VLAN tag or not blocked from a VLAN group regardless of its VLAN tag You can also tag all outgoing frames that were previously untagged from a port with the specified VID 56 3 VLAN Status Use this screen to view and search all static VLAN groups Click SWITC...

Page 370: ...LAN This is the number of VLANs configured on the Switch The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only when you use the Search button to look for certain VLANs Index This is the VLAN index number Click an index number to view more VLAN details VID This is the VLAN identification number that was conf...

Page 371: ...98 SWITCHING VLAN VLAN Status VLAN Status Details LABEL DESCRIPTION VID This is the VLAN identification number that was configured in the corresponding VLAN configuration screen Elapsed Time This field shows how long it has been since a normal VLAN was registered or a static VLAN was set up Status This field shows how this VLAN was added to the Switch Dynamic using GVRP Static added as a permanent...

Page 372: ... the ID number of the VLAN group Active This field indicates whether the VLAN settings are enabled or disabled Name This field displays the descriptive name for this VLAN group Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Add Edit Click Add Edit to add a new static VLAN or edit a selected one Delete Click Delet...

Page 373: ...o all the ports as soon as you make them Control Select Normal for the port to dynamically join this VLAN group using GVRP This is the default selection Select Fixed for the port to be a permanent member of this VLAN group Select Forbidden if you want to prohibit the port from joining this VLAN group Tagging Select Tx Tagging if you want the port to tag all outgoing frames transmitted with this VL...

Page 374: ... VLAN ID is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines Enter a number between 1and 4094 as the port VLAN ID Acceptable Frame Type Specify the type of frames allowed on a port Choices are All Tag Only and Untag Only Select All from the drop down list box to accept all untagged or tagged frames on this port T...

Page 375: ...figuring this screen afresh Table 201 SWITCHING VLAN VLAN Setup VLAN Port Setup continued LABEL DESCRIPTION Table 202 SWITCHING VLAN VLAN Setup GVRP LABEL DESCRIPTION GVRP GVRP GARP VLAN Registration Protocol is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network Enable the switch button to permit VLAN groups beyond the local Switc...

Page 376: ...figured to group incoming traffic based on the source IP subnet of incoming frames You configure a subnet based VLAN with priority 6 and VID of 100 for traffic received from IP subnet 172 16 1 0 24 voice services You also have a subnet based VLAN with priority 5 and VID of 200 for traffic received from IP subnet 192 168 1 0 24 video services Lastly you configure VLAN with priority 3 and VID of 300...

Page 377: ...ply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Index This is the index number identifying this subnet based VLAN Active This ...

Page 378: ...TION Active Enable the switch button to activate the IP subnet VLAN you are creating or editing Name Enter up to 32 alphanumeric characters to identify this subnet based VLAN The string should not contain or IP Enter the IP address of the subnet for which you want to configure this subnet based VLAN Mask Bits Enter the bit number of the subnet mask To find the bit number convert the subnet mask to...

Page 379: ...ed VLAN Setup LABEL DESCRIPTION Index This is the index number identifying this protocol based VLAN Click any of these numbers to edit an existing protocol based VLAN Active This field shows whether the protocol based VLAN is active or not Port This field shows which port belongs to this protocol based VLAN Name This field shows the name of the protocol based VLAN Ethernet type This field shows wh...

Page 380: ...numeric characters to identify this protocol based VLAN The string should not contain or Ethernet type Use the drop down list box to select a predefined protocol to be included in this protocol based VLAN or select Other and type the protocol number in hexadecimal notation For example the IP protocol in hexadecimal notation is 0800 and Novell IPX protocol is 8137 Note Protocols in the hexadecimal ...

Page 381: ... the sound quality of an IP phone is preserved from deteriorating when the data traffic on the Switch ports is high It groups the voice traffic with defined priority into an assigned VLAN which enables the separation of voice and data traffic coming onto the Switch port The Switch can determine whether a received packet is an untagged voice packet when the incoming port is a fixed port for voice V...

Page 382: ... VLAN feature Priority Select the priority level of the voice traffic from 0 to 7 Default setting is 5 The higher the numeric value you assign the higher the priority for this voice traffic Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to ...

Page 383: ...AC Based VLAN Setup Table 208 SWITCHING VLAN Voice VLAN Setup Add Edit LABEL DESCRIPTION OUI Address Enter the IP phone manufacturer s OUI MAC address The first 3 bytes is the manufacturer identifier the last 3 bytes is a unique station ID OUI Mask Enter the mask for the specified IP phone manufacturer s OUI MAC address to determine which bits a packet s MAC address should match Enter f for each b...

Page 384: ...elect all entries Add Edit Click Add Edit to add a new entry or edit a selected one Delete Click Delete to remove the selected entry Table 210 SWITCHING VLAN MAC Based VLAN Setup Add Edit LABEL DESCRIPTION Name Enter a name up to 32 alphanumeric characters except or for the MAC based VLAN entry MAC Address Enter a MAC address that is bind to the MAC based VLAN entry This is the source MAC address ...

Page 385: ...h rule has to be applied first and which second Click the SWITCHING VLAN Vendor ID Based VLAN Setup to see the following screen Figure 285 SWITCHING VLAN Vendor ID Based VLAN Setup The following table describes the fields in the above screen 56 13 1 Add Edit a Vendor ID Based VLAN Click Add Edit or select an entry and click Add Edit in the SWITCHING VLAN Vendor ID Based VLAN Setup to see this scre...

Page 386: ...ch bits a packet s MAC address should match Enter f for each bit of the specified MAC address that the traffic s MAC address should match Enter 0 for the bits of the matched traffic s MAC address which can be of any hexadecimal characters For example if you set the MAC address to 00 13 49 00 00 00 and the mask to ff ff ff 00 00 00 a packet with a MAC address of 00 13 49 12 34 56 matches this crite...

Page 387: ... Port Based as the VLAN Type in the SYSTEM Switch Setup screen and then click SWITCHING VLAN from the navigation panel to display the next screen Select either All Connected or Port Isolated from the drop down list depending on your VLAN and VLAN security requirements If VLAN members need to communicate directly with each other then select All Connected Select Port Isolated if you want to restrict...

Page 388: ... you can customize the port settings Click on the ports to add or delete incoming or outgoing ports The configuration will be saved only after you click Apply at the bottom of the screen Incoming These are the ingress ports an ingress port is an incoming port that is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingres...

Page 389: ... Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 213 SWITCHING VLAN Port Based VLAN Setup continued LABEL DESCRIPTION ...

Page 390: ...adds other ports in this VLAN to the isolated port list and blocks traffic between the isolated ports A promiscuous port can communicate with any port in the same VLAN An isolated port can communicate with the promiscuous ports only Note You can have up to one VLAN Isolation rule for each VLAN Figure 289 VLAN Isolation Example Note Make sure you keep at least one port in the promiscuous port list ...

Page 391: ...his shows the ports that can communicate with any ports in the same VLAN Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Add Edit Click Add Edit to add a new entry or edit a selected one Delete Click Delete to remove the selected entries Table 215 SWITCHING VLAN Isolation Add Edit LABEL DESCRIPTION Active Enable t...

Page 392: ...rned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to clear the fields to the factory defaults Cancel Click Cancel to not save the configuration you make and return to the last screen Table 215 SWITCHING VLAN Isolation Add Edit continued LABEL DESCRIPTION ...

Page 393: ...hen VLAN mapping is enabled the Switch discards the tagged packets that do not match an entry in the VLAN mapping table If the incoming packets are untagged the Switch adds a PVID based on the VLAN setting Note You cannot enable VLAN mapping and VLAN stacking at the same time 58 1 1 VLAN Mapping Example In the following example figure packets that carry VLAN ID 12 and are received on port 3 match ...

Page 394: ...r Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the VLAN mapping feature on this port Clear this check box to disable ...

Page 395: ... Edit Table 217 SWITCHING VLAN Mapping VLAN Mapping Setup LABEL DESCRIPTION Index This is the number of the VLAN mapping entry in the table Active This shows whether this entry is activated or not Name This is the descriptive name for this rule Port This is the port number to which this rule is applied VID This is the customer VLAN ID in the incoming packets Translated VID This is the VLAN ID that...

Page 396: ...n the Translated VID field Translated VID Enter a VLAN ID from 1 to 4094 into which the customer VID carried in the packets will be translated Priority Select a priority level from 0 to 7 This is the priority level that replaces the customer priority level in the tagged packets or adds to the untagged packets Apply Click Apply to save your changes to the Switch s run time memory The Switch loses t...

Page 397: ...erent service based on specific VLANs for many different customers A service provider s customers may require a range of VLANs to handle multiple applications A service provider s customers can assign their own inner VLAN tags on ports for these applications The service provider can assign an outer VLAN tag for each customer Therefore there is no VLAN tag overlap among customers so traffic from di...

Page 398: ...o a second VLAN tag outer VLAN tag can be added Note Static VLAN Tx Tagging MUST be disabled on a port where you choose Normal or Access Select Tunnel available for Gigabit ports only for egress ports at the edge of the service provider s network All VLANs belonging to a customer can be aggregated into a single service provider s VLAN using the outer VLAN tag defined by the Service Provider s SP V...

Page 399: ...rd that allows the service provider to prioritize traffic based on the class of service CoS the customer has paid for On the Switch configure priority level of the inner IEEE 802 1Q tag in the PORT Port Setup screen 0 is the lowest priority level and 7 is the highest VID is the VLAN ID SPVID is the VID for the second service provider s VLAN tag 59 3 1 Frame Format The frame format for an untagged ...

Page 400: ...he ports as soon as you make them Role Select Normal to have the Switch ignore frames received or transmitted on this port with VLAN stacking tags Anything you configure in SPVID and Priority of the Port based QinQ or the Selective QinQ screen are ignored Select Access to have the Switch add the SP TPID tag to all incoming frames received on this port Select Access for ingress ports at the edge of...

Page 401: ...VLAN tag of the frames sent on the tunnel ports The Switch also uses this to check if the received frames are double tagged The value of this field is 0x8100 as defined in IEEE 802 1Q It is used to identify the customer tag of an incoming frame If the Switch needs to communicate with other vendors devices they should use the same TPID Note You can define up to four different tunnel TPIDs including...

Page 402: ...rts Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them SPVID SPVID is the service provider s VLAN ID the outer VLAN tag Enter the service provider ID from 1 to 4094 for frames received on this port Priority Select a priority level from 0 to 7 This is the service provider s pri...

Page 403: ...ON Active Enable the switch button to activate this rule Name Enter a descriptive name up to 32 printable ASCII characters except or for identification purposes Port The port number identifies the port you are configuring CVID Enter a customer VLAN ID the inner VLAN tag from 1 to 4094 This is the VLAN tag carried in the packets from the subscribers SPVID SPVID is the service provider s VLAN ID the...

Page 404: ...220 Series User s Guide 404 CHAPTER 60 NETWORKING The following chapters introduces the configurations of the links under the NETWORKING navigation panel Quick links to chapters ARP Setup DHCP Static Route ...

Page 405: ...ket destined for a host device on a local area network arrives at the Switch the Switch looks in the ARP Table and if it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP a...

Page 406: ... A s MAC address and updates the ARP table with host A s ARP reply The Switch then can forward host B s ICMP reply to host A Gratuitous ARP A gratuitous ARP is an ARP request in which both the source and destination IP address fields are set to the IP address of the device that sends this request and the destination MAC address field is set to the broadcast address There will be no reply to a grat...

Page 407: ...ess from the ARP request sent by host A The Switch then forwards host B s ICMP reply to host A right after getting host B s MAC address and ICMP reply 61 2 ARP Learning Use this screen to configure each port s ARP learning mode Click NETWORKING ARP Setup ARP Learning in the navigation panel to display the screen as shown next ...

Page 408: ...t by port basis Changes in this row are copied to all the ports as soon as you make them ARP Learning Mode Select the ARP learning mode the Switch uses on the port Select ARP Reply to have the Switch update the ARP table only with the ARP replies to the ARP requests sent by the Switch Select Gratuitous ARP to have the Switch update its ARP table with either an ARP reply or a gratuitous ARP request...

Page 409: ...s field displays whether the entry is activated Name This field displays the descriptive name for this entry This is for identification purposes only IP Address This is the IP address of a device connected to a Switch port with the corresponding MAC address below MAC Address This is the MAC address of the device with the corresponding IP address above VID This field displays the VLAN to which the ...

Page 410: ...ed to a Switch port with the corresponding MAC address below MAC Address Enter the MAC address of the device with the corresponding IP address above VID Enter the ID number of VLAN to which the device belongs Port Enter the number of port to which the device connects Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses p...

Page 411: ...62 3 on page 412 to create DHCPv4 option 82 profiles Use the DHCPv4 Smart Relay screen Section 62 4 on page 414 to configure global DHCPv4 relay You can also use this screen to apply different DHCP option 82 profile to certain ports on the Switch Use the DHCPv4 Relay VLAN Setting screen Section 62 5 on page 418 to configure your DHCPv4 settings based on the VLAN domain of the DHCPv4 clients You ca...

Page 412: ...ay Status screen displays Figure 304 NETWORKING DHCP DHCPv4 Relay DHCP Relay Status The following table describes the labels in this screen 62 3 DHCPv4 Option 82 Profile Use this screen to view and configure DHCPv4 option 82 profiles Click NETWORKING DHCP DHCPv4 Relay DHCP Option 82 Profile link to display the screen as shown Table 229 NETWORKING DHCP DHCPv4 Relay DHCP Relay Status LABEL DESCRIPTI...

Page 413: ...of the profile Circuit ID This section displays the Circuit ID sub option including information that is specific to the relay agent the Switch Enable This field displays whether the Circuit ID sub option is added to client DHCP requests Field This field displays the information that is included in the Circuit ID sub option Remote ID This section displays the Remote ID sub option including informat...

Page 414: ...m name you configure in the SYSTEM General Setup screen Select this option for the Switch to add the system name to the client DHCP requests that it relays to a DHCP server string Enter a string of up to 64 printable ASCII characters that the Switch adds into the client DHCP requests Remote ID Use this section to configure the Remote ID sub option to include information that identifies the relay a...

Page 415: ...hanges to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Port Use this section to apply a different DHCP option 82 profile to certain ports on the Switch Index This ...

Page 416: ...f ports to which you want to apply the specified DHCP option 82 profile You can enter multiple ports separated by no space comma or hyphen For example enter 3 5 for ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 Option 82 Profile Select a pre defined DHCP option 82 profile that the Switch applies to the specified ports The Switch adds the Circuit ID sub option and or Remote ID sub option specifie...

Page 417: ...ake sure you select a DHCP option 82 profile default1 in this example to set the Switch to send additional information such as the VLAN ID together with the DHCP requests to the DHCP server This allows the DHCP server to assign the appropriate IP address according to the VLAN ID Click Apply after you finish the configuration Figure 310 DHCP Relay Configuration Example ...

Page 418: ...ents on this VLAN Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Add Edit Click Add Edit to add a new entry or edit a selected one Delete Click Delete to remove the selected entries Port Use this section to apply a different DHCP option 82 profile to certain ports in a VLAN Index This field displays a sequential ...

Page 419: ...ese DHCP settings apply Remote DHCP Server 1 3 Enter the IP address of a DHCP server in dotted decimal notation Source Address Enter the source IP address that the Switch adds to DHCP requests from clients on this VLAN before forwarding them If you leave this field set to 0 0 0 0 the Switch automatically sets the source IP address of the DHCP requests to the IP address of the interface on which th...

Page 420: ... navigation panel to display the screen as shown Figure 314 NETWORKING DHCP DHCPv6 Relay Table 236 NETWORKING DHCP DHCPv4 Relay DHCP Relay VLAN Setting Add Edit Port LABEL DESCRIPTION VID Enter the ID number of the VLAN you want to configure here Port Enter the number of ports to which you want to apply the specified DHCP option 82 profile You can enter multiple ports separated by no space comma o...

Page 421: ... Click Add Edit to add a new entry or edit a selected one Delete Click Delete to remove the selected entries Table 238 NETWORKING DHCP DHCPv6 Relay Add Edit LABEL DESCRIPTION VID Enter the ID number of the VLAN to which the DHCPv6 server that will assign IP information belongs here Helper Address Enter the IPv6 address of the DHCPv6 server that will assign IP information here An 128 bit IPv6 addre...

Page 422: ...om the clients in the specified VLAN before the Switch forwards them to a DHCPv6 server Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to clear the fields to the fac...

Page 423: ...ted port Trusted or an untrusted port Untrusted The Switch does not discard DHCP packets on trusted ports for any reason The Switch discards DHCP packets from untrusted ports when the packet is a DHCP server packet for example OFFER ACK or NACK Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save li...

Page 424: ...fault gateway to route outbound traffic from computers on the LAN to the Internet To have the Switch send data to devices not reachable through the default gateway use static routes For example the next figure shows a computer A connected to the Switch The Switch routes most traffic from A to the Internet through the Switch s default gateway R1 You create one static route to connect to services of...

Page 425: ...number of the route Active This field displays whether the static route is activated or not Name This field displays the descriptive name for this route This is for identification purposes only Destination Address This field displays the IP network address of the final destination Subnet Mask This field displays the subnet mask for this destination Gateway Address This field displays the IP addres...

Page 426: ...he packet to the destination The gateway must be a router on the same segment as your Switch Metric The metric represents the cost of transmission for routing purposes IP routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks Enter a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In pract...

Page 427: ...g IPv6 Static Route Add Edit LABEL DESCRIPTION Interface Type Select the type of the IPv6 interface through which the IPv6 packets are forwarded The Switch supports only the VLAN interface type at the time of writing Interface ID Enter the ID number of the IPv6 interface through which the IPv6 packets are forwarded Route Destination Enter the IPv6 address of the final destination Prefix Length Ent...

Page 428: ...es the configurations of the links under the SECURITY navigation panel Quick links to chapters AAA Access Control Classifier Policy Rule Anti Arpscan BPDU Guard Storm Control Error Disable IP Source Guard DHCP Snooping ARP Inspection IPv6 Source Guard Port Authentication Port Security ...

Page 429: ...page 434 to configure authentication authorization and accounting settings such as the methods used to authenticate users accessing the Switch and which database the Switch should use first 65 1 2 What You Need to Know Authentication is the process of determining who a user is and validating access to the Switch The Switch can authenticate users who try to log in based on user accounts configured ...

Page 430: ...u to validate an unlimited number of users from a central location RADIUS and TACACS RADIUS and TACACS are security protocols used to authenticate users by means of an external server instead of or in addition to an internal device user database that is limited to the memory capacity of the device In essence RADIUS and TACACS authentication both allow you to validate an unlimited number of users f...

Page 431: ...S server If you are using two RADIUS servers then the timeout value is divided between the two RADIUS servers For example if you set the timeout value to 30 seconds then the Switch waits for a response from the first RADIUS server for 15 seconds and then tries the second RADIUS server Delete Check this box if you want to remove an existing RADIUS server entry from the Switch This entry is deleted ...

Page 432: ...rt of a RADIUS accounting server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters except or as the key to be shared between the external RADIUS accounting server and the Switch This key is not sent over the network This key must be the same on the external RADIUS accounti...

Page 433: ... amount of time in seconds that the Switch waits for an authentication request response from the TACACS server If you are using index priority for your authentication and you are using two TACACS servers then the timeout value is divided between the two TACACS servers For example if you set the timeout value to 30 seconds then the Switch waits for a response from the first TACACS server for 15 sec...

Page 434: ...click Apply Index This is a read only number representing a TACACS accounting server entry IP Address Enter the IP address of an external TACACS accounting server in dotted decimal notation TCP Port The default port of a TACACS accounting server is 49 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric chara...

Page 435: ...rver Key Encryption Use this section to configure server key encryption settings Active Enable the switch button to enable server key shared secret encryption for RADIUS server and TACACS server for security enhancement The shared secret will be stored on the Switch in an encrypted format and displayed as in the SECURITY AAA RADIUS Server Setup and SECURITY AAA TACACS Server Setup screens ...

Page 436: ...ave set up the corresponding database correctly first You can specify up to three methods for the Switch to authenticate administrator accounts The Switch checks the methods in the order you configure them first Method 1 then Method 2 and finally Method 3 You must configure the settings in the Method 1 field If you want the Switch to check other sources for administrator accounts specify them in M...

Page 437: ...he Switch Active Enable the switch button to activate accounting for a specified event type Broadcast Select this to have the Switch send accounting information to all configured accounting servers at the same time If you do not select this and you have two accounting servers set up then the Switch sends information to the first accounting server and if it does not get a response from the accounti...

Page 438: ... 434 65 5 1 1 Tunnel Protocol Attribute You can configure tunnel protocol attributes on the RADIUS server refer to your RADIUS server documentation to assign a port on the Switch to a VLAN based on IEEE 802 1x authentication The port VLAN settings are fixed and untagged This will also set the port s VID The following table describes the values you need to configure Note that these attributes only ...

Page 439: ...ic format associated with it the format is specified 65 5 3 Attributes Used for Authentication The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication 65 5 3 1 Attributes Used for Authenticating Privilege Access User Name The format of the User Name attribute is enab where is the privilege level 1 14 User Password NAS Identifier NAS IP Ad...

Page 440: ...dress NAS Identifier Acct Status Type Acct Session ID The format of Acct Session Id is date time 8 digit sequential number for example 2007041917210300000001 date 2007 04 19 time 17 21 03 serial number 00000001 Acct Delay Time 65 5 4 2 Attributes Used for Accounting Exec Events The attributes are listed in the following table along with the time that they are sent the difference between Console an...

Page 441: ...ess Service Type Calling Station Id Acct Status Type Acct Delay Time Acct Session Id Acct Authentic Acct Session Time Acct Terminate Cause Table 250 RADIUS Attributes Exec Events through Console continued ATTRIBUTE START INTERIM UPDATE STOP Table 252 RADIUS Attributes Exec Events through Console ATTRIBUTE START INTERIM UPDATE STOP User Name NAS IP Address NAS Port Class Called Station Id Calling S...

Page 442: ...Series User s Guide 442 Acct Output Packets Acct Terminate Cause Acct Input Gigawords Acct Output Gigawords Table 252 RADIUS Attributes Exec Events through Console continued ATTRIBUTE START INTERIM UPDATE STOP ...

Page 443: ...ection 66 3 on page 444 to specify a group of one or more trusted computers from which an administrator may use a service to manage the Switch Use the Account Security screen Section 66 4 on page 445 to encrypt all passwords configured in the Switch You can also display the authentication authorization external authentication server information RADIUS or TACACS system and SNMP user account informa...

Page 444: ...t number for that service Timeout Enter how many minutes from 1 to 255 a management session can be left idle before the session times out After it times out you have to log in with your password again Very long idle timeouts may have security risks Login Timeout The Telnet or SSH server do not allow multiple user logins at the same time Enter how many seconds from 30 to 300 seconds a login session...

Page 445: ...button to activate this secured client set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here The Switch immediately disconnects the se...

Page 446: ...ion in the SECURITY AAA AAA Setup screen Active Console Method setting in the Exec and Dot1x fields Server information configured for Authentication Server in the SECURITY AAA RADIUS Server Setup screen and for Authentication Server in the SECURITY AAA TACACS Server Setup screen Mode Timeout fields System account information configured in the Switch admin user login name and password SNMP user acc...

Page 447: ... encrypted text in a saved configuration file Otherwise the passwords configured on the Switch are displayed in plain text Apply Click Apply to save your changes for Account Security to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done conf...

Page 448: ...cryption Method Once the identification is verified both the client and server must agree on the type of encryption method to use 3 Authentication and Data Transmission After the identification is verified and data encryption activated a secure tunnel is established between the client and the server The client then sends its authentication information user name and password to the server to log in...

Page 449: ...o that you may securely access the Switch using the Web Configurator The SSL protocol specifies that the SSL server the Switch must always authenticate itself to the SSL client the computer which requests the HTTPS connection with the Switch whereas the SSL client only should authenticate itself when the SSL server requires it to do so Authenticating client certificates is optional and if selected...

Page 450: ...is the IP address or domain name of the Switch you wish to access Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server a Your connection is not secure screen may display If that is the case click I Understand the Risks and then the Add Exception button Figure 332 Security Alert Mozilla Firefox Confirm the HTTPS server URL matches Click Confirm Security Exception to p...

Page 451: ...3 Google Chrome Warning Messages When you attempt to access the Switch HTTPS server a Your connection is not private screen may display If that is the case click Advanced and then Proceed to x x x x unsafe to proceed to the Web Configurator login screen Figure 334 Security Alert Google Chrome 99 0 4844 82 ...

Page 452: ...After you accept the certificate and enter the login user name and password the Switch main screen appears The lock displayed in the bottom right of the browser status bar or next to the website address denotes a secure connection Figure 335 Example Lock Denoting a Secure Connection ...

Page 453: ...y to deliver data with minimum delay and the networking methods used to control the use of bandwidth Without QoS all traffic data is equally likely to be dropped when the network is congested This can cause a reduction in network performance and make the network inadequate for time critical application such as video on demand A classifier groups traffic into data flows according to specific criter...

Page 454: ...he rule Active This field displays whether the rule is activated or not Weight This field displays the rule s weight This is to indicate a rule s priority when the match order is set to manual in the SECURITY ACL Classifier Classifier Global Setting screen The higher the number the higher the rule s priority Name This field displays the descriptive name for this rule This is for identification pur...

Page 455: ...ated Weight The field displays the priority of the rule when the match order is in manual mode A higher weight means a higher priority Name This field displays the descriptive name for this rule This is for identification purpose only Rule This field displays a summary of the classifier rule s settings Select an entry s check box to select a specific entry Otherwise select the check box in the tab...

Page 456: ...u can specify actions or policy to act upon the traffic that matches the rules Click Add Edit or select an entry and click Add Edit in the SECURITY ACL Classifier Setup screen to display this screen Figure 338 SECURITY ACL Classifier Classifier Setup Add Edit EGP 8 L2TP 115 Table 260 Common IP Protocol Types and Protocol Numbers PROTOCOL TYPE PROTOCOL NUMBER ...

Page 457: ...s 3 5 and 7 Trunk Select Any to apply the rule to all trunk groups Alternatively to specify multiple trunks enter the trunk group ID to apply the rule to multiple trunks You can enter multiple trunks with t or T then the trunk group ID separated by no space comma or hyphen For example enter t3 t5 for trunks 3 4 and 5 Enter T3 T5 T7 for trunks 3 5 and 7 Layer 2 Specify the fields below to configure...

Page 458: ...to establish TCP connections IPv6 Next Header Select an IPv6 protocol type or select Other and enter an 8 bit next header in the IPv6 packet The Next Header field is similar to the IPv4 Protocol field The IPv6 protocol number ranges from 1 to 255 You may select Establish Only for TCP protocol type This means that the Switch will identify packets that initiate or acknowledge establish TCP connectio...

Page 459: ...ier Setup If they have the same weight the Switch will classify the traffic to the classifier with a higher name priority see Classifier Name Priority Alternatively select auto to have classifier rules applied according to the layer of the item configured in the rule Layer 4 items have the highest priority and layer 2 items has the lowest priority For example you configure a layer 2 item VLAN ID i...

Page 460: ...ets for a classifier rule Enter an integer from 0 65535 0 means that no logging is done Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this sc...

Page 461: ...ier XGS2220 Series User s Guide 461 Figure 340 Classifier Example After you have configured a classifier you can configure a policy in the SECURITY ACL Policy Rule screen to define actions on the classified traffic flow ...

Page 462: ... DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 68 1 3 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to repla...

Page 463: ... the SECURITY ACL Policy Rule screen to display this screen Table 263 SECURITY ACL Policy Rule LABEL DESCRIPTION Index This field displays the policy index number Active This field displays whether policy is activated or not Name This field displays the name you have assigned to this policy Classifier s This field displays the names of the classifier to which this policy applies Select an entry s ...

Page 464: ...Active Enable the switch button to enable the policy Name Enter a descriptive name for identification purposes You can enter up to 32 printable ASCII characters except or Classifier s This field displays the active classifiers you configure in the SECURITY ACL Classifier Classifier Setup screen Select the classifiers to which this policy rule applies To select more than one classifier press SHIFT ...

Page 465: ... the policy rule with which the classifier is associated You can set the classifier Match Order rule manual or auto in the ACL Classfier Classifier Global settings screen see Section 67 4 on page 459 for more information Let s say you set two classifiers Class 1 and Class 2 and both identify all traffic from MAC address 11 22 33 44 55 66 on port 3 If Policy 1 applies to Class 1 and the action is t...

Page 466: ... the egress port Select Set the packet s VLAN ID to set the packet s VLAN ID Metering Enable the switch button to activate bandwidth limitation on the traffic flows then set the actions to be taken on out of profile packets Out of profile action Select the actions to be performed for out of profile traffic Select Drop the packet to discard the out of profile traffic Select Change the DSCP value to...

Page 467: ...Chapter 68 Policy Rule XGS2220 Series User s Guide 467 Figure 343 Policy Example ...

Page 468: ...d automatically after the MAC aging time expires Note A port based threshold must be larger than the host based threshold or the host based threshold will not work 69 1 1 What You Can Do Use the Anti Arpscan Status screen Section 69 2 on page 469 to see what ports are trusted and are forwarding traffic or are disabled Use the Anti Arpscan Host Status screen Section 69 3 on page 469 to view blocked...

Page 469: ... Anti Arpscan Anti Arpscan Status Figure 344 SECURITY Anti Arpscan Anti Arpscan Status The following table describes the fields in this screen 69 3 Anti Arpscan Host Status Use this screen to view blocked hosts and unblock ones connected to certain ports To open this screen click SECURITY Anti Arpscan Anti Arpscan Host Status Table 265 SECURITY Anti Arpscan Anti Arpscan Status LABEL DESCRIPTION An...

Page 470: ...cked IP address Port List Enter a port number or a series of port numbers separated by commas and spaces and then click Clear to unblock all hosts connected to these ports Filtered host This table lists information on blocked hosts Index This displays the index number of an IP address a host that has been blocked Host IP This displays the IP address of the blocked host MAC Address This displays th...

Page 471: ...determined by the number of ARP request packets received per second This is the global threshold rate for all hosts If the rate of a host is over the threshold then that host is blocked by using a MAC address filter A blocked host is released automatically after the MAC aging time expires Type the maximum number of ARP request packets allowed by a host before it is blocked Note The allowed range i...

Page 472: ...y Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last saved values Table 267 SECURITY Anti Arpscan Anti Arpscan Setup continued...

Page 473: ...IP Type the IP address of the host Mask A trusted host may consist of a subnet of IP addresses Type a subnet mask to create a single host or a subnet of hosts Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when yo...

Page 474: ...the network If there is any BPDU detected on the ports on which BPDU guard is enabled the Switch disables the ports automatically You can then enable the ports manually in the PORT Port Setup screen or use the SECURITY Errdisable Errdisable Recovery screen see Section 72 5 on page 483 to have the ports become active after a certain time interval 70 2 BPDU Guard Status Use this screen to view wheth...

Page 475: ...escribes the fields in the above screen Table 270 SECURITY BPDU Guard BPDU Guard Status LABEL DESCRIPTION BPDU guard global setup This field displays whether BPDU guard is activated on the Switch Port This field displays the port number Active This shows whether BPDU guard is activated on the port Status This shows whether the port is shut down Err disable or able to transmit packets Forwarding Ta...

Page 476: ...to enable the BPDU guard feature on this port The Switch shuts down this port if there is any BPDU received on the port Clear this check box to disable the BPDU guard feature Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatil...

Page 477: ...wable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port 71 1 1 What You Can Do Use the Storm Control screen Section 71 2 on page 477 to limit the number of broadcast multicast and destination lookup failure DLF...

Page 478: ...kt s Select this option to enable and specify how many broadcast packets the Switch accepts per second on the port The Switch will generate a trap and or log when the actual rate is higher than the specified threshold Multicast pkt s Select this option to enable and specify how many multicast packets the Switch accepts per second on the port The Switch will generate a trap and or log when the actu...

Page 479: ...es such as loop guard or CPU protection allow the Switch to shut down a port or discard specific packets on a port when an error is detected on the port For example if the Switch detects that packets sent out the ports loop back to the Switch the Switch can shut down the ports automatically After that you need to enable the ports or allow the packets on a port manually through the Web Configurator...

Page 480: ...re requirements and what action you configure and related information Click SECURITY Errdisable Errdisable Status to display the screen as shown Figure 352 SECURITY Errdisable Errdisable Status The following table describes the labels in this screen Table 273 SECURITY Errdisable Errdisable Status LABEL DESCRIPTION Inactive reason mode reset Port Enter the number of the ports separated by a comma o...

Page 481: ...ng detected or not It also shows whether loop guard anti arp scanning BPDU guard or ZULD is enabled on the port Mode This field shows the action that the Switch takes for the cause inactive port The Switch disables the port inactive reason The Switch drops all the specified control packets such as BPDU on the port rate limitation The Switch drops the additional control packets the ports has to han...

Page 482: ... field displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Changes in this row are copied to all the ports as soon as you make them Rate Limit pkt s Enter a number from 0 to 256 to specify how many control packets this port can receive or transmit per second 0 means no rate limit You can configure t...

Page 483: ...ve Select this option to have the Switch detect if the configured rate limit for a specific control packet is exceeded and take the action selected below Mode Select the action that the Switch takes when the number of control packets exceed the rate limit on a port set in the SECURITY Errdisable CPU Protection screen inactive port The Switch disables the port on which the control packets are recei...

Page 484: ...ies Use this row first and then make adjustments to each entry if necessary Changes in this row are copied to all the entries as soon as you make them Timer Status Select this check box to allow the Switch to wait for the specified time interval to activate a port or allow specific packets on a port after the error was gone Clear the check box to turn off this rule Interval Enter the number of sec...

Page 485: ... following features Static bindings Use this to create static bindings in the binding table DHCP snooping Use this to filter unauthorized DHCP packets on the network and to build the binding table dynamically ARP inspection Use this to filter unauthorized ARP packets on the network If you want to use dynamic bindings to filter unauthorized ARP packets typical implementation you have to enable DHCP...

Page 486: ...g and ARP inspection Static bindings are uniquely identified by the MAC address and VLAN ID Each MAC address and VLAN ID can only be in one static binding If you try to create a static binding with the same MAC address and VLAN ID as an existing static binding the new static binding replaces the original one To open this screen click SECURITY IPv4 Source Guard IP Source Guard Static Binding Table ...

Page 487: ... ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 ARP entries learned on the specified ports are added to the static bindings table after you click ARP Freeze VLAN List Select this and enter the ID number of the VLANs separated by a comma ARP entries for the specified VLANs are added to the static bindings table after you click ARP Freeze Static Binding Index This field displays a sequential number...

Page 488: ...his screen Table 279 SECURITY IPv4 Source Guard IP Source Guard Static Binding Add Edit LABEL DESCRIPTION IP Address Enter the IP address assigned to the MAC address in the binding VLAN Enter the source VLAN ID in the binding MAC Address Enter the source MAC address in the binding If this binding applies to all MAC addresses select Any Port Specify the ports in the binding If this binding has one ...

Page 489: ...n your network 74 1 1 What You Can Do Use the DHCP Snooping Status screen Section 74 2 on page 489 to look at various statistics about the DHCP snooping database Use this DHCP Snooping Setup screen Section 74 3 on page 492 to enable DHCP snooping on the Switch not on specific VLAN specify the VLAN where the default DHCP server is located and configure the DHCP snooping database Use the DHCP Snoopi...

Page 490: ...r This field displays how long in seconds the Switch waits to update the DHCP snooping database after the current bindings change Agent Running This field displays the status of the current update or access of the DHCP snooping database None The Switch is not accessing the DHCP snooping database Read The Switch is loading dynamic bindings from the DHCP snooping database Write The Switch is updatin...

Page 491: ...e Detail First Successful Access This field displays the first time the Switch accessed the DHCP snooping database for any reason Last Ignored Bindings Counters This section displays the number of times and the reasons the Switch ignored bindings the last time it read bindings from the DHCP binding database You can clear these counters by restarting the Switch or using CLI commands See the Etherne...

Page 492: ...in or Figure 360 SECURITY IPv4 Source Guard DHCP Snooping DHCP Snp Setup Invalid Interfaces This field displays the number of bindings the Switch has ignored because the port number was a trusted interface or does not exist anymore Parse Failures This field displays the number of bindings the Switch has ignored because the Switch was unable to understand the binding in the DHCP binding database Ex...

Page 493: ...ping database The location should be expressed like this tftp domain name or IP address directory if applicable file name for example tftp 192 168 10 1 database txt You can enter up to 256 printable ASCII characters except or Timeout Interval Enter how long 10 65535 seconds the Switch tries to complete a specific update in the DHCP snooping database before it gives up Write Delay Interval Enter ho...

Page 494: ...nly if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Server Trusted state Select whether this port is a trusted port Trusted or an untrusted port Untrusted Trusted ports are connected to DHCP servers or other switches ...

Page 495: ... save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last saved values Table 282 SECURITY IPv4 Source Guard DHCP Snooping DHCP Snp Port Setup conti...

Page 496: ...VLANs The Switch adds the information such as slot number port number VLAN ID and or system name specified in the profile to DHCP requests that it broadcasts to the DHCP VLAN if specified or VLAN You can specify the DHCP VLAN in the SECURITY IPv4 Source Guard DHCP Snooping DHCP Snp Setup screen Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if...

Page 497: ... Port Enter the number of ports to which you want to apply the specified DHCP option 82 profile You can enter multiple ports separated by no space comma or hyphen for a range For example enter 3 5 for ports 3 4 and 5 Enter 3 5 7 for ports 3 5 and 7 Option 82 Profile Select a pre defined DHCP option 82 profile that the Switch applies to the specified ports in this VLAN The Switch adds the informati...

Page 498: ...a result it is recommended you configure the DHCP snooping database The DHCP snooping database maintains the dynamic bindings for DHCP snooping and ARP inspection in a file on an external TFTP server If you set up the DHCP snooping database the Switch can reload the dynamic bindings from the DHCP snooping database after the Switch restarts You can configure the name and location of the file on the...

Page 499: ...g the response to the original source You can configure this setting for each source VLAN This setting is independent of the DHCP relay settings 74 7 1 4 Configuring DHCP Snooping Follow these steps to configure DHCP snooping on the Switch 1 Enable DHCP snooping on the Switch 2 Enable DHCP snooping on each VLAN and configure DHCP relay option 82 3 Configure trusted and untrusted ports and specify ...

Page 500: ... Guard ARP Inspection ARP Insp Status LABEL DESCRIPTION Total Number of Bindings This field displays the current number of MAC address filters that were created because the Switch identified unauthorized ARP packets Index This field displays a sequential number for each MAC address filter MAC Address This field displays the source MAC address in the MAC address filter VID This field displays the s...

Page 501: ... a hyphen to indicates a range of VLANs For example 3 4 or 3 9 Search Click this to display the specified range of VLANs in the section below The Number of VLANs This is the number of VLANs that match the searching criteria and display in the list below The number displays when you use the Search button to look for certain VLANs The default value is 0 VID This field displays the VLAN ID of each VL...

Page 502: ...cket VID This field displays the source VLAN ID of the ARP packet Sender MAC This field displays the source MAC address of the ARP packet Sender IP This field displays the source IP address of the ARP packet Packet Number This field displays the number of ARP packets that were consolidated into this log message The Switch consolidates identical log messages generated by ARP packets in the log cons...

Page 503: ...syslog server yet Make sure this number is appropriate for the specified Syslog Rate and Log Interval If the number of log messages in the Switch exceeds this number the Switch stops recording log messages and simply starts counting the number of entries that were dropped due to unavailable buffer Click Clearing Log Status Table in the SECURITY IPv4 Source Guard ARP Inspection ARP Insp Log Status ...

Page 504: ...he relationship between Syslog Rate and Log Interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last saved values Tab...

Page 505: ... no effect on trusted ports Rate pps Specify the maximum rate 1 2048 packets per second at which the Switch receives ARP packets from each port The Switch discards any additional ARP packets Enter 0 to disable this limit Burst Interval seconds The burst interval is the length of time over which the rate of ARP packets is monitored for each port For example if the Rate is 15 pps and the burst inter...

Page 506: ...Ns you want to manage in the section below Use a comma to separate individual VLANs or a hyphen to indicates a range of VLANs For example 3 4 or 3 9 Search Click this to display the specified range of VLANs in the section below The Number of VLANs This display the number of ARP inspection VLAN search results VID This field displays the VLAN ID of each VLAN in the range specified above If you confi...

Page 507: ... enter a Prefix address to remove the dynamic entries snooped with the specified Prefix address Flush Click this to remove dynamic IPv6 source binding entries according to your selections Cancel Click this to reset the values above based or if not applicable to clear the fields above Index This field displays a sequential number for each binding Source Address This field displays the source IP add...

Page 508: ...c bindings Click Add Edit or select an entry and click Add Edit in the SECURITY IPv6 Source Guard IPv6 Static Binding IPv6 Static Binding screen to display this screen Table 293 SECURITY IPv6 Source Guard IPv6 Static Binding IPv6 Static Binding LABEL DESCRIPTION Index This field displays a sequential number for each binding Source Address This field displays the IPv6 address or IPv6 prefix and pre...

Page 509: ...d If you select both Validate Prefix and Validate Address then traffic matching either IPv6 address or prefix will be forwarded Table 294 SECURITY IPv6 Source Guard IPv6 Static Binding IPv6 Static Binding Add Edit LABEL DESCRIPTION Source Address Enter the IPv6 Address or IPv6 Prefix and prefix length in the binding MAC Address Enter the source MAC address in the binding If this binding does not c...

Page 510: ...his field displays the Validate Address status for this IPv6 source guard policy Validate Prefix This field displays the Validate Prefix status for this IPv6 source guard policy Link Local This field displays the Link Local traffic status for this IPv6 source guard policy Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all en...

Page 511: ...ges to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to clear the fields to the factory defaults Cancel Click Cancel to not save the configuration you make and return to the last screen Table 296 SECURITY I...

Page 512: ...ay this screen Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last saved values Table 297 SECURITY IPv6 Source Guard IPv6...

Page 513: ... packets sent from a DHCPv6 server to a DHCPv6 client Prefix Glean Enable the switch button to learn the IPv6 prefix and length from DHCPv6 sniffed packets Limit Address Count This is the number of IPv6 addresses and prefixes learned using the IPv6 snooping policy Note The maximum limit address count is the maximum size of the IPv6 source guard binding table See the product data sheet for the late...

Page 514: ...s field displays the DHCPv6 snooping policy Select an entry s check box to select a specific entry Otherwise select the check box in the table heading row to select all entries Add Edit Click Add Edit to add a new entry or edit a selected one Delete Click Delete to remove the selected entries Table 300 SECURITY IPv6 Source Guard IPv6 Snooping IPv6 Snp VLAN Setup continued LABEL DESCRIPTION Table 3...

Page 515: ...apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Trusted State Select whether this port is a trusted port Trusted or an untrusted port Untrusted Trusted ports are connected to DHCPv...

Page 516: ...B passes through computer X Computer X can read and alter the information passed between them 75 15 1 1 ARP Inspection and MAC Address Filters When the Switch identifies an unauthorized ARP packet it automatically creates a MAC address filter to block traffic from the source MAC address and source VLAN ID of the unauthorized ARP packet You can configure how long the MAC address filter remains in t...

Page 517: ...The sender s information in the ARP packet does not match any of the current bindings The rate at which ARP packets arrive is too high 75 15 1 3 Syslog The Switch can send syslog messages to the specified syslog server when it forwards or discards ARP packets The Switch can consolidate log messages and send log messages in batches to make this mechanism more efficient 75 15 1 4 Configuring ARP Ins...

Page 518: ...and MAC Authentication Note All types of authentication use the RADIUS Remote Authentication Dial In User Service RFC 2138 2139 protocol to validate users You must configure a RADIUS server before enabling port authentication Note If you enable IEEE 802 1x authentication and MAC authentication on the same port the Switch performs IEEE 802 1x authentication and MAC authentication If a user fails to...

Page 519: ...ogin information in the form of a user name and password after the client responds to its identity request When the client provides the login credentials the Switch sends an authentication request to a RADIUS server The RADIUS server validates whether this client is allowed access to the port Figure 384 IEEE 802 1x Authentication Process 76 1 3 MAC Authentication MAC authentication works in a very...

Page 520: ...authentication methods both on the Switch and the ports then configure the RADIUS server settings in the SECURITY AAA RADIUS Server Setup screen 76 2 Activate IEEE 802 1x Security Use this screen to activate IEEE 802 1x security Click SECURITY Port Authentication 802 1x to display the configuration screen as shown Figure 386 SECURITY Port Authentication 802 1x ...

Page 521: ...ication on the Switch before configuring it on each port Max Req Specify the number of times the Switch tries to authenticate clients before sending unresponsive ports to the Guest VLAN This is set to 2 by default That is the Switch attempts to authenticate a client twice If the client does not respond to the first authentication request the Switch tries again If the client still does not respond ...

Page 522: ...o the RADIUS server for authentication You can enter up to 32 printable ASCII characters except or If you leave this field blank then only the MAC address of the client is forwarded to the RADIUS server Delimiter Select the delimiter the RADIUS server uses to separate the pairs in MAC addresses used as the account user name and password You can select Dash Colon or None to use no delimiters at all...

Page 523: ...is learned by the MAC address table with a status of denied The timeout period you specify here is the time the MAC address entry stays in the MAC address table until it is cleared If you specify 0 for the timeout value the Switch uses the Aging Time configured in the SYSTEM Switch Setup screen Note If the Aging Time in the SYSTEM Switch Setup screen is set to a lower value then it supersedes this...

Page 524: ...CURITY Port Authentication Guest VLAN LABEL DESCRIPTION Port This field displays a port number means all ports Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Activ...

Page 525: ...t also enable IEEE 802 1x authentication on the Switch and the associated ports Enter the number that identifies the guest VLAN Make sure this is a VLAN recognized in your network Host mode Specify how the Switch authenticates users when more than one user connect to the port using a hub Select Multi Host to authenticate only the first user that connects to this port If the first user enters the c...

Page 526: ...n this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Compound Authentication Mode Specify how the Switch authenticates clients for network access Select Strict to allow network ac...

Page 527: ...ected to the network Accounting Keeps track of the actions that are perform on the switch such as login events RADIUS is a simple package exchange in which your switch acts as a message relay between the wired client and the network RADIUS server 76 6 2 1 Types of RADIUS Messages The following types of RADIUS messages are exchanged between the switch and the RADIUS server for user authentication A...

Page 528: ...to authenticate users and a CA issues certificates and guarantees the identity of each certificate owner EAP MD5 Message Digest Algorithm 5 MD5 authentication is the simplest one way authentication method The authentication server sends a challenge to the wired client The wired client proves that it knows the password by encrypting the password with the challenge and sends back the information Pas...

Page 529: ...Token Card for client authentication EAP GTC is implemented only by Cisco LEAP LEAP Lightweight Extensible Authentication Protocol is a Cisco implementation of IEEE 802 1x 76 6 4 EAPOL EAP over LAN EAPOL is a port authentication protocol used in IEEE 802 1x It encapsulates and sends EAP packets from the LAN EAPOL exchanges the following messages between a wired client and switch EAPOL Start A wire...

Page 530: ...learn up to 8k MAC addresses in total with no limit on individual ports other than the sum cannot exceed For maximum port security enable this feature disable MAC address learning and configure static MAC addresses for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address learning is still enabled eve...

Page 531: ...ses and display in the SWITCHING Static MAC Forwarding screen MAC freeze Click MAC Freeze to have the Switch automatically select the Active check boxes and clear the Address Learning check boxes only for the ports specified in the Port List Port Security Active Enable the switch button to enable port security on the Switch Port This field displays the port number Settings in this row apply to all...

Page 532: ...imit the number of dynamic MAC addresses that may be learned on a port For example if you set this field to 5 on port 2 then only the devices with these five learned MAC addresses may access port 2 at any one time A sixth device must wait until one of the five learned MAC addresses ages out MAC address aging out time can be set in the SYSTEM Switch Setup screen The valid range is from 0 to 32K 0 m...

Page 533: ...ettings to a specific configuration file on the Switch Use the Configure Clone screen Section 78 13 on page 547 to copy the basic and advanced settings from a source port to a destination port or ports Use the Diagnostic screen Section 78 14 on page 548 to ping IP addresses run a traceroute perform port tests or show the Switch s location between devices Use the Firmware Upgrade screen Section 78 ...

Page 534: ...o save the certificate that you have enrolled from a certification authority from your computer to the Switch Service This field displays the service type that this certificate is for Subject This field displays identifying information about the certificate s owner such as CN Common Name OU Organizational Unit or department O Organization or company and C Country It is recommended that each certif...

Page 535: ...files from the Switch using FTP commands First understand the filename conventions 78 3 2 Filename Conventions The configuration file also known as the romfile or ROM contains the Zyxel factory default configuration settings in the screens such as password Switch setup IP Setup and so on Once you have customized the Switch s settings they can be saved back to your computer under a filename of your...

Page 536: ...et config1 config1 cfg This is a sample FTP session saving the Switch s configuration file 1 Config1 to a file called config1 cfg on your computer If your T FTP client does not allow you to have a destination filename different than the source you will need to rename them as the Switch only recognizes config and ras Be sure you keep unaltered copies of both files for later use Be sure to upload th...

Page 537: ... the Switch will disconnect the FTP session immediately 78 4 Cluster Management Overview Cluster Management allows you to manage switches through one Switch called the cluster manager The switches must be directly connected and be in the same VLAN group so as to be able to communicate with one another Table 310 General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host Address Enter the a...

Page 538: ... Switch s Web Configurator Use the Cluster Management Setup screen Section 78 6 on page 539 to configure clustering management 78 5 Cluster Management Status Use this screen to view the role of the Switch within the cluster and to access a cluster member Switch s Web Configurator Click MAINTENANCE Cluster Management in the navigation panel to display the following screen Note A cluster can only ha...

Page 539: ...d displays the cluster manager Switch s hardware MAC address The Number Of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage cluster member switches through the cluster manager Switch Each number in the Index column is a hyperlink leading to the cluster member Switch s Web Configurator MAC Addr...

Page 540: ... switches must be directly connected and in the same VLAN group to belong to the same cluster Switches that are not in the same VLAN group are not visible in the Clustering Candidates list This field is ignored if the Clustering Manager is using Port based VLAN Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power s...

Page 541: ...t be directly connected Directly connected switches that are set to be cluster managers will not be visible in the Clustering Candidate list Switches that are not in the same management VLAN group will not be visible in the Clustering Candidate list Password Each cluster member s password is its Web Configurator password Select a member in the Clustering Candidate list and then enter its Web Confi...

Page 542: ...n 1 00 58 46 1970 User 192 168 0 1 none admin 331 Enter PASS command Password 230 Logged in ftp ls 200 Port command okay 150 Opening data connection for LIST w w w 1 owner group 3042210 Jul 01 12 00 ras rw rw rw 1 owner group 393216 Jul 01 12 00 config w w w 1 owner group 0 Jul 01 12 00 fw 00 a0 c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 byt...

Page 543: ... Figure 401 Configuration Restoring 78 9 Backup Configuration Backing up your Switch configurations allows you to create various snap shots of your device from which you may restore at a later date Use this screen to back up your current Switch configuration to a computer Table 315 FTP Upload to Cluster Member Example FTP PARAMETER DESCRIPTION User Enter admin Password The Web Configurator passwor...

Page 544: ...en or save the file click Save or Save File to download it to the default downloads folder on your computer If a Save As screen displays after you click Save or Save File choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the configuration file to your computer 78 10 Auto Configurat...

Page 545: ... was not enabled or not executed successfully Use this section to enable auto configuration and select the mode that you want to use for auto configuration Active Enable the switch button to enable auto configuration Mode Select DHCP to have the Switch use the TFTP server IP address and auto configuration file name assigned by a DHCP server to download a pre saved configuration file when the Switc...

Page 546: ...vigation panel Click Config 1 to save the current configuration settings permanently to Configuration 1 on the Switch These configurations are set up according to your network environment Click Config 2 to save the current configuration settings permanently to Configuration 2 on the Switch These configurations are set up according to your network environment Click Custom Default to save the curren...

Page 547: ...nges permanently All unsaved changes are erased after you reboot the Switch 78 13 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click MAINTENANCE Configuration Configure Clone to open the following screen Figure 407 MAINTENANCE Configuration Configure Clone ...

Page 548: ...lect the system feature you configured in the SYSTEM menus to be copied to the destination ports Otherwise select the SYSTEM check box in the table heading row to select all features for a category PORT Select which port features you configured in the PORT menus should be copied to the destination ports Otherwise select the PORT check box in the table heading row to select all features for a categ...

Page 549: ...You can also select vlan and specify the ID number of the VLAN to which the Switch is to send ping requests Otherwise select to send ping requests to all VLANs on the Switch IP Address Host Name Type the IP address or host name of a device that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address Source IP Address Type the source IP address that you want...

Page 550: ...ant to perform a traceroute Click Trace Route to have the Switch perform the traceroute function This determines the path a packet takes to the specified device TTL Enter the Time To Live TTL value for the ICMP Echo Request packets This is to set the maximum number of the hops routers a packet can travel through Each router along the path will decrement the TTL value by one and forward the packets...

Page 551: ...NTENANCE Firmware Upgrade to view the screen as shown next Figure 409 MAINTENANCE Firmware Upgrade The top of the screen shows which firmware version is currently Running on the Switch Click Choose File or Browse to locate the firmware file you wish to upload to the Switch in the File Path field Click Upgrade to load the new firmware The Switch does not apply the uploaded firmware immediately Firm...

Page 552: ...ystem Information in Basic Setting Firmware 1 shows its version number and model code and MM DD YYYY creation date Firmware 2 shows its version number and model code and MM DD YYYY creation date Boot Image Current Boot Image This displays which firmware is currently in use on the Switch Firmware 1 or Firmware 2 Config Boot Image Select which firmware Firmware 1 or Firmware 2 should load click Appl...

Page 553: ...m default configuration settings to both Configuration 1 and Configuration 2 Note If a customized default file was not saved clicking Custom Default loads the factory default configuration on the Switch 78 17 Tech Support The Tech Support feature is a log enhancement tool that logs useful information such as CPU utilization history memory and Mbuf Memory Buffer log and crash reports for issue anal...

Page 554: ...ion is over 50 The higher the Mbuf threshold number the fewer logs will be created and the less data technical support will have to analyze and vice versa All Click Download to see all the log report and system status This log report is stored in flash memory If the All log report is too large you can download the log reports separately below Crash Click Download to see the crash log report The lo...

Page 555: ...Chapter 78 MAINTENANCE XGS2220 Series User s Guide 555 Figure 413 MAINTENANCE Tech Support Download ...

Page 556: ...unctions of the Web Configurator In Networked AV mode Click Networked AV at the top left of the Web Configurator to switch between the Web Configurator s Standard or Networked AV mode Figure 414 Web Configurator Networked AV Mode Switch 79 2 Help The Web Configurator s online help has descriptions of individual Networked AV mode screens and some supplementary information Click the Help link from a...

Page 557: ...tch is to perform IGMP snooping IGMP Snooping This displays Active when IGMP snooping is enabled to forward group multicast traffic only to ports that are members of that group Otherwise it is Inactive IGMP Querier This displays Active when the Switch is allowed to send IGMP General Query messages to the VLANs with the multicast hosts attached Otherwise it is Inactive IP Interface This displays th...

Page 558: ... duplex or H for half It also shows the cable type Copper or Fiber for the combo ports This field displays Down if the port is not connected to any device Bandwidth Usage Tx Bandwidth Usage Rx These display the percentage of bandwidth usage on this port as a percentage of the Link Speed IGMP Leave Mode This displays Immediate when the Switch receives IGMP leave packets the Switch will close the mu...

Page 559: ...ber of the Switch s current firmware including the creation date Ethernet Address This field refers to the Ethernet MAC Media Access Control address of the Switch CPU Utilization Current CPU utilization quantifies how busy the system is Current displays the current percentage of CPU utilization Memory Utilization Memory utilization shows how much DRAM memory is available and in use It also display...

Page 560: ...omponent along with a sufficiently ventilated cool operating environment in order for the device to stay within the temperature threshold Each fan has a sensor that is capable of detecting and reporting if the fan speed falls below the threshold shown Status Normal indicates that this fan is functioning above the minimum speed Error indicates that this fan is functioning below the minimum speed Cu...

Page 561: ...each SNMP manager Use the SNMP Trap Port screen Section 79 16 on page 574 to set whether a trap received on the ports would be sent to the SNMP manager 79 9 Cloud Management The Zyxel Nebula Control Center NCC is a cloud based network management system that allows you to remotely manage and monitor Zyxel Nebula APs Ethernet switches and security gateways The Switch is managed and provisioned autom...

Page 562: ...Chapter 79 Networked AV Mode XGS2220 Series User s Guide 562 Figure 418 SYSTEM Cloud Management ...

Page 563: ...as the system name and time Click SYSTEM General Setup in the navigation panel to display the screen as shown Table 323 SYSTEM Cloud Management LABEL DESCRIPTION Nebula Control Center NCC Discovery Enable the switch button to turn on Nebula Control Center NCC discovery on the Switch This field displays The Switch Internet connection status The connection status between the Switch and NCC The Switc...

Page 564: ...ay have to use trial and error to find a protocol that works The main differences between them are the time format When you select the Daytime RFC 867 format the Switch displays the day month year and time with no time zone adjustment When you use this format it is recommended that you use a Daytime timeserver within your geographical time zone Time RFC 868 format displays a 4 byte integer giving ...

Page 565: ... Saving Time at 2 A M local time So in the United States you would select Second Sunday March and 2 00 Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Last Sunday March and the last field depends on your time zone I...

Page 566: ...turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration IP Interface Use this section to view and configure IP routing domains on the Switch Index This field displays the index number of an entry IP Address This field displays the I...

Page 567: ...an assign the Switch an IP address subnet mask a default gateway IP address and a domain name server IP address automatically Static IP Address Select this option if you do not have a DHCP server or if you wish to assign static IP address information to the Switch You need to fill in the following fields when you select this option IP Address Enter the IP address of your Switch in dotted decimal n...

Page 568: ...password 1234 is the default password when shipped New Password Enter your new system password Retype to confirm Re enter your new system password for confirmation Edit Logins You may configure passwords for up to four users These users can have read only or read write access You can give users higher privileges through the Web Configurator or the CLI For more information on assigning privileges t...

Page 569: ...user At the time of writing users may have a privilege level of 0 3 13 or 14 representing different configuration rights as shown below 0 Display basic system information 3 Display configuration or status 13 Configure features except for login accounts SNMP user accounts the authentication method sequence and authorization settings multiple logins administrator and enable passwords and configurati...

Page 570: ...icate with agents before conducting SNMP management sessions Security can be further enhanced by encrypting the SNMP messages sent from the managers Encryption protects the contents of the SNMP messages When the contents of the SNMP messages are encrypted only the intended recipients can read them Click SYSTEM SNMP SNMP to view the screen as shown Figure 424 SYSTEM SNMP Note The string of any fiel...

Page 571: ... password for incoming Set requests from the management station The Set Community string is only used by SNMP managers using SNMP version 2c or lower Trap Community Enter the Trap Community string which is the password sent with each trap to the SNMP manager The Trap Community string is only used by SNMP managers using SNMP version 2c or lower Trap Destination Use this section to configure where t...

Page 572: ... contain or Table 330 SYSTEM SNMP SNMP User LABEL DESCRIPTION Index This is a read only number identifying a login account on the Switch Username This field displays the user name of a login account on the Switch Security Level This field displays whether you want to implement authentication and or encryption for SNMP communication with this user Authentication This field displays the authenticati...

Page 573: ...ntable ASCII characters except space or for SNMP user authentication Privacy Specify the encryption method for SNMP communication from this user You can choose one of the following DES Data Encryption Standard is a widely used but breakable method of data encryption It applies a 56 bit key to each 64 bit block of data AES Advanced Encryption Standard is another method for data encryption that also...

Page 574: ... screen to select which traps the Switch sends to that SNMP manager Select the individual SNMP traps that the Switch is to send to the SNMP station The traps are grouped by category Selecting a category in the heading row automatically selects all of the SNMP traps under that category Clear the check boxes for individual traps that you do not want the Switch to send to the SNMP station Clearing a ...

Page 575: ...rst to set the common settings and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the trap type of SNMP traps on this port The Switch sends the related traps received on this port to the SNMP manager Clear this check box to disable the sending of SNMP traps on this port Apply Click Apply ...

Page 576: ... to form a trunk group Figure 429 Link Aggregation 79 18 1 What You Can Do Use the Link Aggregation Status screen Section 79 19 on page 576 to view ports you have configured to be in the trunk group ports that are currently transmitting data as one logical link in the trunk group and so on Use the Link Aggregation Setting screen Section 79 20 on page 578 to configure to enable static link aggregat...

Page 577: ...nging to this trunk group and LACP is also enabled for this group Criteria This shows the outgoing traffic distribution algorithm used in this trunk group Packets from the same source and or to the same destination are sent over the same link within the trunk src mac means the Switch distributes traffic based on the packet s source MAC address dst mac means the Switch distributes traffic based on ...

Page 578: ... ports you aggregate then the fewer available ports you have A trunk group is one logical link containing multiple ports Click PORT Link Aggregation Link Aggregation Setting to display the screen shown next Figure 431 PORT Link Aggregation Link Aggregation Setting The following table describes the labels in this screen Table 335 PORT Link Aggregation Link Aggregation Setting LABEL DESCRIPTION This...

Page 579: ...y Select src mac to distribute traffic based on the packet s source MAC address Select dst mac to distribute traffic based on the packet s destination MAC address Select src dst mac to distribute traffic based on a combination of the packet s source and destination MAC addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on...

Page 580: ... switch with the lowest system priority and lowest port number if system priority is the same becomes the LACP server The LACP server controls the operation of LACP setup Enter a number to set the priority of an active port using Link Aggregation Control Protocol LACP The smaller the number the higher the priority level Use this section to enable LACP on trunks Group ID The field identifies the li...

Page 581: ...ttings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them LACP Timeout Timeout is the time interval between the individual port exchanges of LACP packets in order to check that the peer port in the trunk group is still up If a port does not respond after three tries then it is deemed to be down and is removed from the tru...

Page 582: ...E Setup PoE Setup Consuming Power W This field displays the amount of power the Switch is currently supplying to the connected PoE enabled devices Allocated Power W This field displays the total amount of power the Switch in classification mode has reserved for PoE after negotiating with the connected PoE devices It shows NA when the Switch is in consumption mode Consuming Power W can be less than...

Page 583: ... W Class 3 default 0 44 W to 15 4 W Class 4 default 0 44 W to 30 W Class 5 default 0 44 W to 45 W Class 6 default 0 44 W to 60 W Priority When the total power requested by the PDs exceeds the total PoE power budget on the Switch you can set the PD priority to allow the Switch to provide power to ports with higher priority first Critical has the highest priority High has the Switch assign power to ...

Page 584: ... the PD s power class and priority level The Switch puts a limit on the maximum amount of power the PD can request and use In this mode the default maximum power that can be delivered to the PD is 33 W IEEE 802 3at Class 4 or 22 W IEEE 802 3af Classes 0 to 3 Continuous PoE Select ON to guarantee continuous power supply to the connected PDs while the Switch is restarting after a warm reboot The Swi...

Page 585: ...e 2 devices If the connected PD requires a Class 4 current when it is turned on it will be powered up in this mode Force 802 3at the Switch offers power of up to 33 W on the port without performing PoE hardware classification Select this option if the connected PD does not comply with any PoE standard and requests power higher than a standard power limit Pre 802 3bt the Switch offers power on the ...

Page 586: ...orts Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable a port The factory default for all ports is enabled A port must be enabled for data transmission to occur N...

Page 587: ... causing it to temporarily stop sending signals when the receiving port memory buffers fill Back Pressure flow control is typically used in half duplex mode to send a collision signal to the sending port mimicking a state of packet collision causing the sending port to temporarily stop sending signals and resend later Select Tx Rx to allow the Switch port to send pause signal to the connected devi...

Page 588: ...he following table describes the labels in this screen Table 340 SWITCHING Mirroring LABEL DESCRIPTION Active Enable the switch button to activate port mirroring on the Switch Disable the switch to disable the feature Monitor Port The monitor port is the port you copy the traffic to in order to examine it in more detail without interfering with the traffic flow on the original ports Enter the port...

Page 589: ... members of that group Use the IGMP Snooping VLAN screen Section 79 30 on page 594 to perform IGMP snooping on up to 16 VLANs Use the IGMP Filtering Profile screen Section 79 31 on page 596 to specify a range of multicast groups that clients connected to the Switch are able to join 79 28 IPv4 Multicast Status Click SWITCHING Multicast IPv4 Multicast Status to display the screen as shown This scree...

Page 590: ...ally configure them The Switch forwards multicast traffic destined for multicast groups that it has learned from IGMP snooping or that you have manually configured to ports that are members of that group IGMP snooping generates no additional network traffic allowing you to significantly reduce multicast traffic passing through your Switch Click SWITCHING Multicast IGMP Snooping to display the scre...

Page 591: ...utton to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group Querier Select this to allow the Switch to send IGMP General Query messages to the VLANs with the multicast hosts attached Querier Version IGMP snooping query works only when both host and Switch support the same IGMP version Select v2 to allow the Switch to send IGMPv2 queries only Select...

Page 592: ...s a join report and it belongs to the IGMP group Unknown Multicast Frame Specify the action to perform when the Switch receives an unknown multicast frame Select Flooding to send the frames to all ports Select Drop to discard the frames Select Drop on VLAN and enter the VLAN ID numbers to discard the frames on the specified VLANs Use a dash to specify consecutive VLANs and a comma no spaces to spe...

Page 593: ...200 to 6348800 in miliseconds Select this option to have the Switch use this timeout to update the forwarding table for the port In fast leave mode right after receiving an IGMP leave message from a host on a port the Switch itself sends out an IGMP Group Specific Query GSQ message to determine whether other hosts connected to the port should remain in the specific multicast group This helps speed...

Page 594: ...being connected to an IGMP multicast router or server The Switch forwards IGMP join or leave packets to an IGMP query port Select Auto to have the Switch use the port as an IGMP query port if the port receives IGMP query packets Select Fixed to have the Switch always use the port as an IGMP query port Select this when you connect an IGMP multicast server to the port Select Edge to stop the Switch ...

Page 595: ...ol messages which do not belong to these 16 VLANs You must also enable IGMP snooping in the SWITCHING Multicast IGMP Snooping screen first Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuri...

Page 596: ...RIPTION Name Enter the descriptive name up to 32 printable ASCII characters except or of the VLAN for identification purposes VID Enter the ID of a static VLAN the valid range is between 1 and 4094 Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your cha...

Page 597: ...GMP Filtering Profile continued LABEL DESCRIPTION Table 346 SWITCHING Multicast IGMP Filtering Profile Add Profile LABEL DESCRIPTION Profile Name Enter a descriptive name for the profile for identification purposes You can enter up to 32 printable ASCII characters except or Start Address Type the starting multicast IP address for a range of multicast IP addresses that you want to belong to the IGM...

Page 598: ...to configure the screens Table 347 SWITCHING Multicast IGMP Filtering Profile Add Rule LABEL DESCRIPTION Profile Name Select a profile from the drop down list to add a additional rule for the existing profile Start Address Type the starting multicast IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile End Address Type the ending multicast IP address ...

Page 599: ...ld not be forwarded as it is to an untagged port The remaining twelve bits define the VLAN ID giving a possible maximum number of 4 096 VLANs Note that user priority and VLAN ID are independent of each other A frame with VID VLAN Identifier of null 0 is called a priority frame meaning that only the priority level is significant and the default VID of the ingress port is given as the VID of the fra...

Page 600: ...tion A declaration is made by issuing a Join message using GARP Declarations are withdrawn by issuing a Leave message A Leave All message terminates all registrations GARP timers set declaration timeout values GVRP GVRP GARP VLAN Registration Protocol is a registration protocol that defines a way for switches to register necessary VLAN members on ports across the network Enable this function to pe...

Page 601: ...allow frames with VLAN group tags 1 and 2 VLAN groups that are unknown to those switches to pass through their VLAN trunking ports Figure 447 Port VLAN Trunking 79 33 VLAN Status Use this screen to view and search all static VLAN groups Click SWITCHING VLAN VLAN Status from the navigation panel to display the screen as shown next VLAN Tag Control Tagged Ports belonging to the specified VLAN tag al...

Page 602: ...er of VLAN This is the number of VLANs configured on the Switch The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only when you use the Search button to look for certain VLANs Index This is the VLAN index number Click an index number to view more VLAN details VID This is the VLAN identification number that w...

Page 603: ... Use this screen to view and configure a static VLAN for the Switch Click SWITCHING VLAN Static VLAN to display the screen as shown next Table 350 SWITCHING VLAN VLAN Status VLAN Status Details LABEL DESCRIPTION VID This is the VLAN identification number that was configured in the corresponding VLAN configuration screen Elapsed Time This field shows how long it has been since a normal VLAN was reg...

Page 604: ...reen Figure 451 SWITHCING VLAN Static VLAN Add Edit Table 351 SWITCHING VLAN Static VLAN LABEL DESCRIPTION VID This field displays the ID number of the VLAN group Active This field indicates whether the VLAN settings are enabled or disabled Name This field displays the descriptive name for this VLAN group Select an entry s check box to select a specific entry Otherwise select the check box in the ...

Page 605: ...is row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Control Select Normal for the port to dynamically join this VLAN group using GVRP This is the default selection Select Fixed for the port to be a permanent m...

Page 606: ... the VLAN group that the tag defines Enter a number between 1and 4094 as the port VLAN ID Acceptable Frame Type Specify the type of frames allowed on a port Choices are All Tag Only and Untag Only Select All from the drop down list box to accept all untagged or tagged frames on this port This is the default setting Select Tag Only to accept only tagged frames on this port All untagged frames will ...

Page 607: ...m which an administrator may use a service to manage the Switch 79 38 Service Access Control Service Access Control allows you to decide what services you may use to access the Switch You may also change the default service port and configure trusted computers for each service in the Remote Management screen discussed earlier Click SECURITY Access Control Service Access Control to view the screen ...

Page 608: ...ur password again Very long idle timeouts may have security risks Login Timeout The Telnet or SSH server do not allow multiple user logins at the same time Enter how many seconds from 30 to 300 seconds a login session times out After it times out you have to start the login session again Very long login session timeouts may have security risks For example if User A attempts to connect to the Switc...

Page 609: ...ore trusted computers from which an administrator may use a service to manage the Switch Active Enable the switch button to activate this secured client set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address o...

Page 610: ... ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second Multicast pkt s Select this option and specify how many multicast packets the port receives per second DLF pkt s Sel...

Page 611: ...ion file Use the Tech Support screen Section 79 48 on page 614 to create reports for customer support if there are problems with the Switch 79 43 Restore Configuration Use this screen to restore a previously saved configuration file from your computer to the Switch Click MAINTENANCE Configuration Restore Configuration to access this screen Figure 456 MAINTENANCE Configuration Restore Configuration...

Page 612: ... file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the configuration file to your computer 79 45 Save Configuration To access this screen click MAINTENANCE Configuration Save Configuration in the navigation panel Click Current Configuration to save the current configuration settings permanently to the Switch Th...

Page 613: ...rning the power off It also allows you to load the Current Configuration a Custom Default or the Factory Default configuration when you reboot Follow the steps below to reboot the Switch Click MAINTENANCE Reboot System to view the screen as shown next Table 358 MAINTENANCE Firmware Upgrade LABEL DESCRIPTION Name This is the name of the Switch that you are configuring Version This is the version nu...

Page 614: ...el factory default configuration settings on the Switch Click Custom Default and follow steps 1 to 2 to reboot and load a customized default file on the Switch 79 48 Tech Support The Tech Support feature is a log enhancement tool that logs useful information such as CPU utilization history memory and Mbuf Memory Buffer log and crash reports for issue analysis by customer support should you have di...

Page 615: ...loaded successfully click Back to return to the previous screen Figure 464 MAINTENANCE Tech Support Download Table 359 MAINTENANCE Tech Support LABEL DESCRIPTION Tech Support Click Download to see all the log report and system status This log report is stored in flash memory If the All log report is too large you can download the log reports separately below ROM Click Download to see the Read Only...

Page 616: ...616 PART III Troubleshooting and Appendices ...

Page 617: ...h 2 Make sure the power adapter or cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adapter or cord to the Switch 4 If the problem continues contact the vendor One of the LEDs does not behave as expected 1 Make sure you understand the normal behavior of the LED See Section 3 3 on page 53 2 Ch...

Page 618: ...ils 4 If this does not work or you are not sure what the Switch s management mode is you have to reset the device to its factory defaults standalone management mode first See Section 4 9 on page 97 for more information on resetting the Switch Temporarily disconnect the Internet connection to the Switch after the reset process to prevent the Switch from being managed by NCC again Note After perform...

Page 619: ... when connecting to a DHCP server or 192 168 1 1 If you changed the IP address use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the Switch 2 Check the hardware connections and make sure the LEDs are behaving as expected See Section 3 3 on page 53 3 Make sure your Internet browser does not block pop up win...

Page 620: ... cannot get permission to access the Switch 80 3 Switch Configuration I lost my configuration settings after I restart the Switch Make sure you save your configuration into the Switch s non volatile memory each time you make changes Click Save at the top right of the Web Configurator to save the configuration permanently See also Section 78 12 on page 546 for more information about how to save you...

Page 621: ...com index shtml for the latest information Please have the following information ready when you contact an office Required Information Product model and serial number Warranty Information Date that you received your device Brief description of the problem and the steps you took to solve it Corporate Headquarters Worldwide Taiwan Zyxel Communications Corporation https www zyxel com Asia China Zyxel...

Page 622: ...pk Philippines Zyxel Philippines http www zyxel com ph Singapore Zyxel Singapore Pte Ltd http www zyxel com sg Taiwan Zyxel Communications Corporation https www zyxel com tw zh Thailand Zyxel Thailand Co Ltd https www zyxel com th th Vietnam Zyxel Communications Corporation Vietnam Office https www zyxel com vn vi Europe Belarus Zyxel BY https www zyxel by Bulgaria Zyxel България https www zyxel c...

Page 623: ... https www zyxel com fi fi France Zyxel France https www zyxel fr Germany Zyxel Deutschland GmbH https www zyxel com de de Hungary Zyxel Hungary SEE https www zyxel com hu hu Italy Zyxel Communications Italy https www zyxel com it it Netherlands Zyxel Benelux https www zyxel com nl nl Norway Zyxel Communications https www zyxel com no no Poland Zyxel Communications Poland https www zyxel com pl pl...

Page 624: ...sk Spain Zyxel Communications ES Ltd https www zyxel com es es Sweden Zyxel Communications https www zyxel com se sv Switzerland Studerus AG https www zyxel ch de https www zyxel ch fr Turkey Zyxel Turkey A S https www zyxel com tr tr UK Zyxel Communications UK Ltd https www zyxel com uk en Ukraine Zyxel Ukraine http www ua zyxel com South America Argentina Zyxel Communications Corporation https w...

Page 625: ...ations Corporation https www zyxel com co es Ecuador Zyxel Communications Corporation https www zyxel com co es South America Zyxel Communications Corporation https www zyxel com co es Middle East Israel Zyxel Communications Corporation http il zyxel com North America USA Zyxel Communications Inc North America Headquarters https www zyxel com us en ...

Page 626: ...ions in which this service is used Table 360 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is also used as a listening port by ICQ AUTH TCP 113 Authentication protocol used by some servers BGP TCP 179 Border Gateway Protocol BOOT...

Page 627: ...that sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary connection TCP IP or other PPTP TCP 1723 Point to Point Tunneling Protocol enables secure transfer of data over public networks This is the control channel PPTP_TUNNEL GRE User Defined 47 PPTP Point ...

Page 628: ...CS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments It operates over TCP IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FT...

Page 629: ... 1a2f 0015 2001 db8 1a2f 0 0 15 or 2001 db8 0 0 1a2f 15 Prefix and Prefix Length Similar to an IPv4 subnet mask IPv6 uses an address prefix to represent the network address An IPv6 prefix length specifies how many most significant bits start from the left in the address compose the network address The prefix length is written as x where x is a number For example 2001 db8 1a2b 15 1a2f 0 32 means th...

Page 630: ...owing table describes some of the predefined multicast addresses The following table describes the multicast addresses which are reserved and cannot be assigned to a multicast group Table 362 Predefined Multicast Address MULTICAST ADDRESS DESCRIPTION FF01 0 0 0 0 0 0 1 All hosts on a local node FF01 0 0 0 0 0 0 2 All routers on a local node FF02 0 0 0 0 0 0 1 All hosts on a local connected link FF...

Page 631: ...sing UDP Each DHCP client and server has a unique DHCP Unique IDentifier DUID which is used for identification when they are exchanging DHCPv6 messages The DUID is generated from the MAC address time vendor assigned ID and or the vendor s private enterprise number registered with the IANA It should not change over time even after you reboot the device Identity Association An Identity Association I...

Page 632: ...d uplink router for its LAN The Switch uses the received IPv6 prefix for example 2001 db2 48 to generate its LAN IP address Through sending Router Advertisements RAs regularly by multicast the Switch passes the IPv6 prefix information to its LAN hosts The hosts then can use the prefix to generate their IPv6 addresses ICMPv6 Internet Control Message Protocol for IPv6 ICMPv6 or ICMP for IPv6 is defi...

Page 633: ...d as the next hop Otherwise the Switch determines the next hop from the default router list or routing table Once the next hop IP address is known the Switch looks into the neighbor cache to get the link layer address and sends the packet when the neighbor is reachable If the Switch cannot find an entry in the neighbor cache or the state for the neighbor is not reachable it starts the address reso...

Page 634: ... DHCPv6 for IP address assignment you have to additionally install a DHCPv6 client software on your Windows XP Note If you use static IP addresses or Router Advertisement for IPv6 address assignment in your network ignore this section This example uses Dibbler as the DHCPv6 client To enable DHCPv6 client on your computer 1 Install Dibbler and select the DHCPv6 client option on your computer 2 Afte...

Page 635: ... Example Enabling IPv6 on Windows 7 Windows 7 supports IPv6 by default DHCPv6 is also enabled when you enable IPv6 on a Windows 7 computer To enable IPv6 in Windows 7 1 Select Control Panel Network and Sharing Center Local Area Connection 2 Select the Internet Protocol Version 6 TCP IPv6 check box to enable it 3 Click OK to save the change ...

Page 636: ... DHCPv6 is enabled when you enable IPv6 on a Windows 10 PC To enable IPv6 in Windows 10 1 Select Control Panel Network and Sharing Center 2 On the left side of the Network and Sharing Center select Change adapter settings 3 Right click your network connection and select Properties C ipconfig Windows IP Configuration Ethernet adapter Local Area Connection Connection specific DNS Suffix IPv6 Address...

Page 637: ...your computer 1 Select Start Settings Network Internet 2 On the left side of the Network Internet select Ethernet Then select the Ethernet network you are connected to 3 Under IP assignment select Edit 4 Under Edit IP settings select Automatic DHCP or Manual Then click Save When you select Automatic DHCP the IP address settings and DNS server address setting are set automatically by your router Wh...

Page 638: ...ject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operations Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This equipment has been tested and found to comply with th...

Page 639: ...l and electronic device For detailed information about recycling of this product please contact your local city office your household waste disposal service or the store where you purchased the product Use ONLY power wires of the appropriate wire gauge for your device Connect it to a power supply of the correct voltage Fuse Warning Replace a fuse only with a fuse of the same type and rating The PO...

Page 640: ...itpunkt der Entsorgung wird die getrennte Sammlung von Produkt und oder seiner Batterie dazu beitragen natürliche Ressourcen zu sparen und die Umwelt und die menschliche Gesundheit zu schützen El símbolo de abajo indica que según las regulaciones locales su producto y o su batería deberán depositarse como basura separada de la doméstica Cuando este producto alcance el final de su vida útil llévelo...

Page 641: ...損壞 請從插座拔除 若您還繼續插電使用 會有觸電死亡的風險 請勿試圖修理電源變壓器或電源變壓器的纜線 若有毀損 請直接聯絡您購買的店家 購買 個新的電源變壓器 請勿將此設備安裝於室外 此設備僅適合放置於室內 請勿隨 般垃圾丟棄 請參閱產品背貼上的設備額定功率 請參考產品型錄或是彩盒上的作業溫度 設備必須接地 接地導線不允許被破壞或沒有適當安裝接地導線 如果不確定接地方式是否符合要求可聯繫相應的電氣檢驗機構檢驗 如果您提供的系統中有提供熱插拔電源 連接或斷開電源請遵循以下指導原則 先連接電源線至設備連 再連接電源 先斷開電源再拔除連接至設備的電源線 如果系統有多個電源 需拔除所有連接至電源的電源線再關閉設備電源 產品沒有斷電裝置或者採用電源線的插頭視為斷電裝置的 部分 以下警語將適用 對永久連接之設備 在設備外部須安裝可觸及之斷電裝置 對插接式之設備 插座必須接近安裝之地點而且是易於觸及的 ...

Page 642: ... with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose Zyxel shall in no event be held liable for indirect or consequen...

Page 643: ... connected Setting Wizard 388 anti arpscan 468 blocked hosts 469 host threshold 470 status 469 trusted hosts 472 applications backbone 36 bridging 36 IEEE 802 1Q VLAN 37 PoE 35 switched workgroup 37 ARP how it works 405 learning mode 405 overview 405 ARP Address Resolution Protocol 123 ARP inspection 485 516 and MAC filter 516 configuring 517 syslog messages 517 trusted ports 517 ARP Learning scre...

Page 644: ...covery Protocol see CDP CIST 361 Class of Service 323 classifier 453 and QoS 453 example 460 logging 459 match order 459 overview 453 setup 454 456 status 454 clearance Switch installation 40 cloning a port see port cloning Cloud Connection Status 119 cluster management 537 and switch passwords 541 cluster manager 538 540 cluster member 538 cluster member firmware upgrade 542 network example 538 s...

Page 645: ... profiles 412 413 DHCPv6 enable in Windows 10 637 enable in Windows XP 634 DHCPv6 client 38 DHCPv6 Client Setup screen 185 DHCPv6 relay 38 interface ID 420 remote ID 420 DHCPv6 Relay screen 420 421 diagnostics ping 549 Differentiated Service DiffServ 323 DiffServ 323 activate 324 DS field 323 DSCP 323 network example 324 PHB 323 service level 323 DiffServ Code Points 323 Digital Diagnostics Monito...

Page 646: ...rol 265 587 back pressure 265 587 IEEE802 3x 265 587 forwarding delay 356 frames tagged 374 606 untagged 374 606 freestanding installation precautions 41 front panel 44 FTP 535 file transfer procedure 536 restrictions over WAN 537 full duplex Ethernet port 45 G GARP Generic Attribute Registration Protocol 367 600 GARP timer 199 367 600 general setup 157 General Setup screen 157 563 getting help 99...

Page 647: ...reen 163 IP source guard 485 ARP inspection 485 516 DHCP snooping 485 static bindings 485 IP Status Detail screen 164 IP subnet mask 165 IP table 125 how it works 125 IPv4 IPv6 dual stack 38 IPv6 38 629 addressing 629 enable in Windows 10 636 enable in Windows 2003 634 enable in Windows 7 635 enable in Windows Vista 634 enable in Windows XP 634 EUI 64 631 global address 629 interface ID 631 link l...

Page 648: ... Wizard 80 Link Aggregation Setting screen 578 Link Aggregation Status screen 576 Link Layer Discovery Protocol 226 LLDP 226 basic TLV 240 global settings 238 local port status 230 organization specific TLV 241 status of remote device 234 TLV 226 LLDP Link Layer Discovery Protocol 226 LLDP MED 227 classes of endpoint devices 227 example 227 LLDP MED Location screen 245 LLDP MED Setup screen 242 lo...

Page 649: ... Media Dependent Interface Crossover 46 Media Access Control 148 559 Memory Buffer 554 MIB and SNMP 195 570 supported MIBs 196 MIB Management Information Base 195 570 mirroring ports 280 MLD filtering profile 301 302 MLD proxy 38 MLD snooping 38 MLD snooping proxy 295 filtering 299 filtering profile 301 302 port role 298 VLAN ID 297 models XS1930 28 monitor port 280 588 mounting brackets attaching...

Page 650: ...0 P PAgP 274 password 96 administrator 61 188 568 change 39 change through Wizard 68 73 79 display 446 write down 39 password change through Password SNMP link 60 password encryption activate 447 Path MTU Discovery 136 Path MTU Table screen 136 Per Hop Behavior 323 PHB 323 ping test connection 549 PoE PD priority 260 585 power management mode 259 584 power up mode 258 583 PoE Power over Ethernet 2...

Page 651: ... XGS2220 54FP 51 Power Sourcing Equipment PSE 34 power status 148 560 powered device PD 34 256 PPPoE IA 315 agent sub options 317 drop PPPoE packets 319 port state 317 sub option format 316 tag format 315 trusted ports 317 untrusted ports 317 VLAN 322 PPPoE Intermediate Agent 315 prefix delegation 632 product registration 642 protocol based VLAN example 380 PVID 367 599 Q QoS 323 and classifier 45...

Page 652: ...34 configuration 334 datagram 334 overview 334 poll interval 335 sample rate 335 UDP port 337 sFlow agent 334 sFlow collector 334 SFP SFP slot 46 Simple Network Management Protocol SNMP 569 Simple Network Management Protocol see SNMP site create 32 SNMP 195 agent 195 569 and MIB 195 570 authentication 191 192 572 573 communities 61 190 571 management model 195 569 manager 195 569 MIB 196 network c...

Page 653: ...39 vs loop guard 275 STP Path Cost 339 straight through Ethernet cable 45 subnet based VLANs 376 subnet masking 631 Summary screen 556 supply voltage 51 Switch DHCP client 57 fanless type usage precaution 40 fan type usage precaution 40 switch lockout 97 Switch reset 97 syslog 201 517 protocol 201 settings 201 setup 201 severity levels 201 Syslog Setup screen 201 System Info screen 147 558 system ...

Page 654: ...ceptable frame type 374 606 and IGMP snooping 284 automatic registration 367 600 creation 100 109 ID 367 599 ingress filtering 374 606 introduction 198 367 599 number of VLANs 370 602 port number 371 603 port settings 373 375 605 port based 388 port based VLAN 386 port based isolation 388 port based wizard 388 PVID 374 606 static VLAN 371 603 status 369 370 371 601 602 603 subnet based 376 tagged ...

Page 655: ...hted Round Robin Scheduling 327 Z ZDP 62 ZON Utility 62 compatible OS 62 fields description 65 icon description 65 installation requirements 62 introduction 33 minimum hardware requirements 62 network adapter select 63 password prompt 65 run 62 supported firmware version 63 supported models 63 Switch IP address 57 ZON utility use for troubleshooting 618 ZULD example 266 probe time 268 status 267 Z...

Reviews:

No comments

Related manuals for XGS2220 Series

H3C S5500-SI Series Configuration Manual preview
S5500-SI Series
Brand: H3C Pages: 130
H3C S5500-EI series Irf Command Reference preview
S5500-EI series
Brand: H3C Pages: 19
H3C S5500-EI series Quick Start Manual preview
S5500-EI series
Brand: H3C Pages: 91
H3C S5500-EI series Operation Manual – Port Security preview
S5500-EI series
Brand: H3C Pages: 24
H3C S5500-EI series Installation Manual preview
S5500-EI series
Brand: H3C Pages: 69
H3C S5120-SI Series Quick Start Manual preview
S5120-SI Series
Brand: H3C Pages: 4
H3C S5120-SI Series Command Reference Manual preview
S5120-SI Series
Brand: H3C Pages: 209
H3C S5120-SI Series Installation Manual preview
S5120-SI Series
Brand: H3C Pages: 70
H3C S5120-EI Series Irf Command Reference preview
S5120-EI Series
Brand: H3C Pages: 32
H3C S1526 User Manual preview
S1526
Brand: H3C Pages: 83
H3C S10500 Series Configuration Manual preview
S10500 Series
Brand: H3C Pages: 26
H3C S5500-SI Series Command Manual preview
S5500-SI Series
Brand: H3C Pages: 6
Jabra LINK 14201-20 - DATASHEET FOR TOSHIBA PHONES How To Connect preview
LINK 14201-20 - DATASHEET FOR TOSHIBA PHONES
Brand: Jabra Pages: 4
D-Link DXS-5000-54S Quick Installation Manual preview
DXS-5000-54S
Brand: D-Link Pages: 17
Ribimex 124216 User And Maintenance Manual preview
124216
Brand: Ribimex Pages: 15
Western Telematic IPS-800CE-D16, IPS-1600CE-D16 User Manual preview
IPS-800CE-D16, IPS-1600CE-D16
Brand: Western Telematic Pages: 58
Vega VEGAWAVE S 61 Operating Instructions Manual preview
VEGAWAVE S 61
Brand: Vega Pages: 44
Videosec PS04PGE+1PD User Manual preview
PS04PGE+1PD
Brand: Videosec Pages: 5

Brands by name

Popular brands

Load more brands