ZyXEL Communications XGS4700 Series Manual Download Page 262 | Manualshive

Page: 262 / 485

background image

Chapter 26 IP Source Guard

XGS4700-48F User’s Guide

262

26.1.1 DHCP Snooping Overview

Use DHCP snooping to filter unauthorized DHCP packets on the network and to
build the binding table dynamically. This can prevent clients from getting IP
addresses from unauthorized DHCP servers.

26.1.1.1 Trusted vs. Untrusted Ports

Every port is either a trusted port or an untrusted port for DHCP snooping. This
setting is independent of the trusted/untrusted setting for ARP inspection. You can
also specify the maximum number for DHCP packets that each port (trusted or
untrusted) can receive each second.

Trusted ports are connected to DHCP servers or other switches. The Switch
discards DHCP packets from trusted ports only if the rate at which DHCP packets
arrive is too high. The Switch learns dynamic bindings from trusted ports.

Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there

are no trusted ports.

Untrusted ports are connected to subscribers. The Switch discards DHCP packets
from untrusted ports in the following situations:

• The packet is a DHCP server packet (for example, OFFER, ACK, or NACK).
• The source MAC address and source IP address in the packet do not match any

of the current bindings.

• The packet is a RELEASE or DECLINE packet, and the source MAC address and

source port do not match any of the current bindings.

• The rate at which DHCP packets arrive is too high.

26.1.1.2 DHCP Snooping Database

The Switch stores the binding table in volatile memory. If the Switch restarts, it
loads static bindings from permanent memory but loses the dynamic bindings, in
which case the devices in the network have to send DHCP requests again. As a
result, it is recommended you configure the DHCP snooping database.

The DHCP snooping database maintains the dynamic bindings for DHCP snooping
and ARP inspection in a file on an external TFTP server. If you set up the DHCP
snooping database, the Switch can reload the dynamic bindings from the DHCP
snooping database after the Switch restarts.

«
...
260
261
262
263
264
...
»

Summary of Contents for XGS4700 Series

Page 1: ...Stackable Gigabit Ethernet Switch Copyright 2011 ZyXEL Communications Corporation Firmware Version 4 00 Edition 1 04 2011 Default Login Details IP Address http 192 168 0 1 Out of band MGMT port http...

Page 2: ......

Page 3: ...ce Guide The Command Reference Guide explains how to use the Command Line Interface CLI and CLI commands to configure the Switch Note It is recommended you use the web configurator to configure the Sw...

Page 4: ...stions about ZyXEL products Forum This contains discussions on ZyXEL products Learn from others who use ZyXEL products and share your experiences as well Customer Support Should problems arise that ca...

Page 5: ...d field choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or m...

Page 6: ...Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Switch icon is not an exact representation of your device The Switch Computer Notebook computer Serve...

Page 7: ...device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe...

Page 8: ...Safety Warnings XGS4700 48F User s Guide 8...

Page 9: ...ing 105 VLAN 119 Static MAC Forward Setup 139 Static Multicast Forward Setup 143 Filtering 147 Spanning Tree Protocol 149 Bandwidth Control 171 Broadcast Storm Control 175 Mirroring 177 Link Aggregati...

Page 10: ...tiated Services 351 DHCP 359 VRRP 369 ARP Learning 379 Load Sharing 385 Maintenance 387 Access Control 395 Diagnostic 421 Syslog 423 Cluster Management 427 MAC Table 435 IP Table 439 ARP Table 443 Rou...

Page 11: ...VLAN Application Example 29 1 1 5 IPv6 Support 30 1 2 Ways to Manage the Switch 30 1 3 Good Habits for Managing the Switch 31 Chapter 2 Hardware Installation and Connection 33 2 1 Freestanding Install...

Page 12: ...r 4 The Web Configurator 55 4 1 Introduction 55 4 2 System Login 55 4 3 The Web Configurator Layout 56 4 3 1 Change Your Password 61 4 4 Saving Your Configuration 62 4 5 Switch Lockout 62 4 6 Resettin...

Page 13: ...nfigure Routing Policy 93 6 6 1 Create a Layer 3 Classifier 94 6 6 2 Create a Policy Routing Rule 95 Part II Technical Reference 97 Chapter 7 System Status and Port Statistics 99 7 1 Overview 99 7 2 P...

Page 14: ...view 139 10 2 Configuring Static MAC Forwarding 139 Chapter 11 Static Multicast Forward Setup 143 11 1 Static Multicast Forwarding Overview 143 11 2 Configuring Static Multicast Forwarding 144 Chapter...

Page 15: ...17 Link Aggregation 179 17 1 Link Aggregation Overview 179 17 2 Dynamic Link Aggregation 179 17 2 1 Link Aggregation ID 180 17 3 Link Aggregation Status 181 17 4 Link Aggregation Setting 183 17 5 Lin...

Page 16: ...2 Queuing Method 217 22 1 Queuing Method Overview 217 22 1 1 Strictly Priority 217 22 1 2 Weighted Fair Queuing 217 22 1 3 Weighted Round Robin Scheduling WRR 218 22 2 Configuring Queuing 219 Chapter...

Page 17: ...Setup 251 25 2 4 Vendor Specific Attribute 254 25 2 5 Tunnel Protocol Attribute 255 25 3 Supported RADIUS Attributes 256 25 3 1 Attributes Used for Authentication 256 25 3 2 Attributes Used for Accoun...

Page 18: ...5 Chapter 30 sFlow 297 30 1 sFlow Overview 297 30 2 sFlow Port Configuration 298 30 2 1 sFlow Collector Configuration 299 Chapter 31 PPPoE 301 31 1 PPPoE Intermediate Agent Overview 301 31 1 1 PPPoE I...

Page 19: ...trative Distance 325 35 2 Configuring RIP 326 Chapter 36 OSPF 329 36 1 OSPF Overview 329 36 1 1 OSPF Autonomous Systems and Areas 329 36 1 2 How OSPF Works 330 36 1 3 Interfaces and Virtual Links 330...

Page 20: ...3 39 3 Activating DiffServ 354 39 3 1 Configuring 2 Rate 3 Color Marker Settings 355 39 4 DSCP to IEEE 802 1p Priority Settings 357 39 4 1 Configuring DSCP Settings 358 Chapter 40 DHCP 359 40 1 DHCP O...

Page 21: ...pter 44 Maintenance 387 44 1 The Maintenance Screen 387 44 2 Load Factory Default 388 44 3 Save Configuration 388 44 4 Reboot System 389 44 5 Firmware Upgrade 389 44 6 Restore a Configuration File 390...

Page 22: ...15 45 10 Service Port Access Control 416 45 11 Remote Management 417 Chapter 46 Diagnostic 421 46 1 Diagnostic 421 Chapter 47 Syslog 423 47 1 Syslog Overview 423 47 2 Syslog Setup 424 47 3 Syslog Serv...

Page 23: ...Overview 445 52 2 Viewing the Routing Table Status 445 Chapter 53 Configure Clone 447 53 1 Configure Clone 447 Chapter 54 Troubleshooting 449 54 1 Power Hardware Connections and LEDs 449 54 2 Switch...

Page 24: ...Table of Contents XGS4700 48F User s Guide 24...

Page 25: ...25 PART I User s Guide...

Page 26: ...26...

Page 27: ...8F power modules and one slot for the FAN4700 48F fan module The DCP4700 48F power module requires DC power supply input of 36 VDC to 72 VDC 3 A Max no tolerance The ACP4700 48F power module requires...

Page 28: ...high bandwidth In the following example a company uses the optional 10 Gigabit uplink modules to connect the headquarters to a branch office network Within the headquarters network a company can use...

Page 29: ...net To expand the network simply add more networking devices such as switches routers computers print servers and so on Figure 3 Gigabit to the Desktop 1 1 4 IEEE 802 1Q VLAN Application Example A VLA...

Page 30: ...allows up to 3 4 x 1038 IP addresses At the time of writing the Switch supports the following features Static address assignment and stateless auto configuration Neighbor Discovery Protocol a protoco...

Page 31: ...page 396 1 3 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively Change the password Use a password that s no...

Page 32: ...Chapter 1 Getting to Know Your Switch XGS4700 48F User s Guide 32...

Page 33: ...weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and...

Page 34: ...g brackets Eight M3 flat head screws and a 2 Philips screwdriver Four M5 flat head screws and a 2 Philips screwdriver Failure to use the proper screws may damage the unit 2 2 1 1 Precautions Make sure...

Page 35: ...2 2 3 Mounting the Switch on a Rack 1 Position a mounting bracket that is already attached to the Switch on one side of the rack lining up the two screw holes on the bracket with the screw holes on t...

Page 36: ...2 4 Power Module Installation There is one power module installed in the first power slot of the Switch by default This section shows you how to install a second power module or remove the power modu...

Page 37: ...User s Guide 37 3 Insert the power module halfway into the slot and push the lever leftward 4 Slide the power module into the slot until it makes contact with the backplane 5 Push the lever rightward...

Page 38: ...one hand and place the other hand under the power module to support it 3 Slide the power module into the slot until it makes contact with the backplane 4 Tighten the screw 2 4 2 Removing a Power Modul...

Page 39: ...Guide 39 3 Push the lever leftward 4 Grab the handle and slide the power module out 2 4 2 2 DC Power Module 1 Refer to Section 3 3 4 on page 51 to disconnect the power before you begin 2 Use a screwd...

Page 40: ...Chapter 2 Hardware Installation and Connection XGS4700 48F User s Guide 40 3 Grab the handle and slide the power module out...

Page 41: ...t a fiber optic cable to the Switch The Switch does not come with transceivers You must use transceivers that comply with the Small Form Table 1 Panel Connections CONNECTO R DESCRIPTION 48 Mini GBIC S...

Page 42: ...oid possible eye injury do not look into an operating fiber optic module s connectors 3 1 1 1 Transceiver Installation Use the following steps to install a mini GBIC transceiver SFP or XFP module 1 In...

Page 43: ...No parity 8 data bits 1 stop bit No flow control Connect the male 9 pin end of the RS 232 console cable to the console port of the Switch Connect the female end to a serial port COM1 COM2 or other COM...

Page 44: ...shows you how to connect an external sensor device to the Switch 1 Use a connector to connect wires of the correct gauge to the sensor s signal output pins See Chapter 55 on page 455 for the wire spec...

Page 45: ...itch which supports the external alarm feature If daisy chaining to a ZyXEL switch that is a different model check your switch s documentation for the correct pin assignments 1 Use wires of the correc...

Page 46: ...lowing figures show the rear panels of the AC and DC power input model switches The rear panels contain A slot for a fan module A Two optional slot B and C for installing EM 422 or EM 412 uplink modul...

Page 47: ...the following procedure to remove the fan module in order to replace the entire fan module Return any malfunctioning fan modules to the manufacture 1 Loosen the thumbscrew on the front of the fan modu...

Page 48: ...ptional two XFP or CX4 Ports These ports are available when you install an EM 422 or EM 412 in the optional uplink module slot s B and or C in the figure above Both the EM 422 and EM 412 are not hot s...

Page 49: ...wer module ACP4700 48F and DC power module DCP4700 48F You can install one type depending on your power source or install both types simutaneously The power connections are on the front of each power...

Page 50: ...aining power supply Use two wires to connect to a single terminal pair one wire for the positive terminal and one wire for the negative terminal Note The current rating of the power wires must be grea...

Page 51: ...o the DC power input 3 3 4 Disconnecting the Power The power inputs are redundant so if one power input fails the system can operate on the remaining power input The power input connectors can be disc...

Page 52: ...n the second power slot fails to supply power or its fan is not functioning at a proper speed SYS System Green Blinking The system is rebooting and performing self diagnostic tests On The system is on...

Page 53: ...uccessful 100 Mbps connection Off This link is disconnected 10G 49 50 Blue On The Switch is connected to other switches through an uplink module in SLOT 1 Off The Switch is not connected to other swit...

Page 54: ...Chapter 3 Hardware Overview XGS4700 48F User s Guide 54...

Page 55: ...recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Wind...

Page 56: ...234 The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen Figure 24 Web Configurator Login 4 Click OK to view the...

Page 57: ...e currently working in B Click this link to save your configuration into the Switch s nonvolatile memory Nonvolatile memory is saved in the configuration file from which the Switch booted from and it...

Page 58: ...itoring information General Setup This link takes you to a screen where you can configure general identification information and time settings for the Switch Switch Setup This link takes you to a scre...

Page 59: ...ation This link takes you to a screen where you can configure IEEE 802 1x port authentication as well as MAC authentication for clients communicating via the Switch Port Security This link takes you t...

Page 60: ...view the OSPF status and configure OSPF settings IGMP This link takes you to a screen where you can configure the IGMP settings DVMRP This link takes you to a screen where you can configure the DVMRP...

Page 61: ...screen where you can view the MAC address and VLAN ID of a device attach to a port You can also view what kind of MAC address it is IP Table This link takes you to a screen where you can view the IP a...

Page 62: ...nagement managing through the data ports if you do one of the following 1 Delete the management VLAN default is VLAN 1 2 Delete all port based VLANs with the CPU port as a member The CPU port is the m...

Page 63: ...reconnect the Switch s power to begin a session When you reconnect the Switch s power you will see the initial screen 3 When you see the message Press any key to enter Debug Mode within 3 seconds pre...

Page 64: ...your password again after you log out This is recommended after you finish a management session for security reasons Figure 28 Web Configurator Logout Screen 4 8 Help The web configurator s online hel...

Page 65: ...rt VLAN ID Enable RIP 5 1 1 Configuring an IP Interface On a layer 3 switch an IP interface also known as an IP routing domain is not bound to a physical port The default IP address of the Switch is 1...

Page 66: ...management Make sure your computer is in the same subnet as the MGMT port 2 Open your web browser and enter 192 168 0 1 the default MGMT port IP address in the address bar to access the web configurat...

Page 67: ...the example network configure two DHCP client pools on the Switch for the DHCP clients in the RD and Sales networks 1 In the web configurator click IP Application and DHCP in the navigation panel and...

Page 68: ...ple VLAN 1 Click Advanced Application VLAN in the navigation panel and click the Static VLAN link 2 In the Static VLAN screen select ACTIVE enter a descriptive name in the Name field and enter 2 in th...

Page 69: ...en the Switch s power is turned off 5 1 4 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defin...

Page 70: ...the RIP screen 1 Click IP Application and RIP in the navigation panel 2 Select Both in the Direction field to set the Switch to broadcast and receive routing information 3 In the Version field select...

Page 71: ...Use Error Disable and Recovery on the Switch How to Set Up a Guest VLAN How to Configure Routing Policy 6 1 How to Use DHCP Snooping on the Switch You only want DHCP server A connected to port 5 to a...

Page 72: ...t 1234 2 Go to Advanced Application VLAN Static VLAN and create a VLAN with ID of 100 Add ports 5 6 and 7 in the VLAN by selecting Fixed in the Control field as shown Deselect Tx Tagging because you d...

Page 73: ...and set the PVID of the ports 5 6 and 7 to 100 This tags untagged incoming frames on ports 5 6 and 7 with the tag 100 4 Go to Advanced Application IP Source Guard DHCP snooping Configure activate and...

Page 74: ...rce Guard DHCP snooping Configure VLAN show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply Then select Yes in the Enabled field of the VLAN 100 entry shown at the bottom...

Page 75: ...he command show dhcp snooping binding to see the DHCP snooping binding table as shown next 6 2 How to Use DHCP Relay on the Switch This tutorial describes how to configure your Switch to forward DHCP...

Page 76: ...2 Figure 33 Tutorial DHCP Relay Scenario 6 2 2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 102 1 Access the web configurator through the Switch s management port 2 G...

Page 77: ...02 for example in the Name field and enter 102 in the VLAN Group ID field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to...

Page 78: ...screen 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to...

Page 79: ...P Server 1 field 4 Select the Option 82 and the Information check boxes 5 Click Apply to save your changes back to the run time memory 6 Click the Save link in the upper right corner of the web config...

Page 80: ...y PPPoE server S can identify subscriber C and may apply different settings to it Figure 34 Tutorial PPPoE Intermediate Agentt Tutorial Overview Note For related information about PPPoE IA see Section...

Page 81: ...Intermediate Agent Select Active then click Apply Click Port on the top of the screen 2 Select Untrusted for port 5 and enter userC as Circuit id and 00134900000A as Remote id Select Trusted for port...

Page 82: ...4700 48F User s Guide 82 3 The Intermediate Agent screen appears Click VLAN on the top of the screen 4 Enter 1 for both Start VID and End VID since both the Switch and PPPoE server are in VLAN 1 in th...

Page 83: ...d Remote id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server Click Apply 6 3 2 Configuring Switch B The example uses another XGS4700 48F as switch...

Page 84: ...s XGS4700 48F User s Guide 84 2 Select Trusted for ports 11 and 12 and then click Apply Then Click Intermediate Agent on the top of the screen 3 The Intermediate Agent screen appears Click VLAN on the...

Page 85: ...pass to the PPPoE server Click Apply The settings are completed now If you miss some settings above subscriber C could not successfully receive an IP address assigned by the PPPoE Server If this happ...

Page 86: ...atures are helpful for this demand Note Refer to Section 27 2 on page 287 and Section 32 3 on page 312 for more information about Loop Guard and Errdiable To configure the settings 1 First click Advan...

Page 87: ...Protection select ARP as the reason enter 100 as the rate limit packets per second for the first entry port to apply the setting to all ports Then click Apply 3 Click Advanced Application Errdisable E...

Page 88: ...le IEEE 802 1x authentication on ports 1 to 8 Clients that connect to these ports should provide the correct user name and password in order to access the ports You want to assign clients that connect...

Page 89: ...e VLAN type to 802 1Q Click Apply to save the settings to the run time memory 3 Click Advanced Application VLAN Static VLAN 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN 200...

Page 90: ...when the Switch s power is turned off 8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen 9 Enter 200 in the PVID field for ports 1 2 3...

Page 91: ...e upper right corner of the web configurator to save your configuration permanently 6 5 2 Enabling IEEE 802 1x Port Authentication Follow the steps below to enable port authentication to validate acce...

Page 92: ...he first Active checkbox to enable 802 1x authentication on the Switch Select the Active checkboxes for ports 1 to 8 to turn on 802 1x authentication on the selected ports Click Apply 6 5 3 Enabling G...

Page 93: ...ts that attach to port 1 2 or 3 and fail to authenticate with the RADIUS server now should be in VLAN 200 and can access the Internet but cannot communicate with devices in VLAN 1 6 6 How to Configure...

Page 94: ...sifier that sorts traffic with DSCP value 58 into a data flow 1 Access the web configurator through the Switch s management port 2 Go to Advanced Application Classifier and select Active Enter a descr...

Page 95: ...icy Routing Rule Follow the steps below to set up a policy routing profile first and then a rule to forward traffic of classifier DSCP58 to gateway R2 1 Click IP Application Policy Routing 2 Select Ac...

Page 96: ...number to 1 in the Sequence field Select Permit to have the Switch send matched traffic to the specified gateway Select the name of the layer 3 classifier to which the rule applies Enter the IP addre...

Page 97: ...97 PART II Technical Reference...

Page 98: ...98...

Page 99: ...ome page and port details screens 7 1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details 7 2 Port Status Summary T...

Page 100: ...r more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP This fields displays whether LACP Link Aggregation Control Protocol has been enab...

Page 101: ...labels in this screen Table 9 Status Port Details LABEL DESCRIPTION Port Info Port NO This field displays the port number you are viewing Name This field displays the name of the port Link This field...

Page 102: ...unicast packets received Multicast This field shows the number of good multicast packets received Broadcast This field shows the number of good broadcast packets received Pause This field shows the n...

Page 103: ...eceived that were between 128 and 255 octets in length 256 511 This field shows the number of packets including bad packets received that were between 256 and 511 octets in length 512 1023 This field...

Page 104: ...Chapter 7 System Status and Port Statistics XGS4700 48F User s Guide 104...

Page 105: ...on information The General Setup screen also allows you to set the system time manually or get the current time and date from an external server when you turn on your Switch The real time is then disp...

Page 106: ...and voltage in this screen Figure 37 Basic Setting System Info The following table describes the labels in this screen Table 10 Basic Setting System Info LABEL DESCRIPTION System Name This field disp...

Page 107: ...ature threshold Each fan has a sensor that is capable of detecting and reporting if the fan speed falls below the threshold shown Current This field displays this fan s current speed in Revolutions Pe...

Page 108: ...table describes the labels in this screen Table 11 Basic Setting General Setup LABEL DESCRIPTION System Name Type a descriptive name for identification purposes This name consists of up to 64 printab...

Page 109: ...plays the date you open this menu New Date yyyy mm dd Enter the new date in year month and day format The new date then appears in the Current Date field after you click Apply Time Zone Select the tim...

Page 110: ...e Chapter 9 on page 119 for information on port based and 802 1Q tagged VLANs End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Saving Time The time field use...

Page 111: ...r more information Bridge Control Protocol Transparency Select Active to allow the Switch to handle bridging control protocols STP for example You also need to define how to treat a BPDU in the Port S...

Page 112: ...ets through faster while traffic in lower index queues is dropped if the network is congested Priority Level The following descriptions are based on the traffic types defined in the IEEE 802 1d standa...

Page 113: ...255 0 On the Switch as a layer 3 device an IP address is not bound to any physical ports Since each IP address on the Switch must be in a separate subnet the configured IP address is also known as IP...

Page 114: ...Enter the IP subnet mask of your Switch in dotted decimal notation for example 255 255 255 0 Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation for example...

Page 115: ...etting Port Setup IP Subnet Mask This field displays the subnet mask of the Switch in the IP domain VID This field displays the VLAN identification number of the IP domain on the Switch Delete Click D...

Page 116: ...e port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support When auto negotiation is turned on a port on the Switch negotiates with the pee...

Page 117: ...Bridge Protocol Data Units received on this port Select Tunnel to forward BPDUs received on this port Select Discard to drop any BPDU received on this port Select Network to process a BPDU with no VLA...

Page 118: ...Chapter 8 Basic Setting XGS4700 48F User s Guide 118...

Page 119: ...ormation starting after the source address field of the Ethernet frame The CFI Canonical Format Indicator is a single bit flag always set to zero for Ethernet switches If a frame received at an Ethern...

Page 120: ...k switches to register and de register attribute values with other GARP participants within a bridged LAN GARP is a protocol that provides a generic mechanism for protocols that serve a more specific...

Page 121: ...es A and B C D and E automatically VLAN Administrative Control Registration Fixed Fixed registration ports are permanent VLAN members Registration Forbidden Ports with registration forbidden are forbi...

Page 122: ...LAN type in the Basic Setting Switch Setup screen Figure 43 Switch Setup Select VLAN Type 9 5 Static VLAN Use a static VLAN to decide whether an incoming frame on a port should be sent to a VLAN group...

Page 123: ...s is the number of VLANs configured on the Switch The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only when...

Page 124: ...on on static VLAN To configure a Table 17 Advanced Application VLAN VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that...

Page 125: ...r a descriptive name for the VLAN group for identification purposes This name consists of up to 64 printable characters spaces are allowed VLAN Group ID Enter the VLAN ID for this static entry the val...

Page 126: ...g frames transmitted with this VLAN Group ID Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link o...

Page 127: ...arded to the VLAN group that the tag defines Enter a number between 1 and 4094 as the port VLAN ID GVRP Select this check box to allow GVRP on this port Acceptable Frame Type Specify the type of frame...

Page 128: ...voice services is designated for IP subnet 172 16 1 0 24 video for 192 168 1 0 24 and data for 10 1 1 0 24 The Switch can then be configured to group incoming traffic based on the source IP subnet of...

Page 129: ...can renew their IP address through the DHCP VLAN or via another DHCP server on the subnet based VLAN Select this checkbox to force the DHCP clients in this IP subnet to obtain their IP addresses thro...

Page 130: ...VLAN are tagged This must be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch assigns to frames belonging to this VLAN A...

Page 131: ...d together and all upstream Apple Talk traffic from port 6 and 7 will be in another group and have higher priority than ARP traffic when they go through the uplink port to a backbone switch C Figure 5...

Page 132: ...ust be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch will assign to frames belonging to this VLAN Add Click Add to sav...

Page 133: ...Give this protocol based VLAN a descriptive name Type IP VLAN 4 Select the protocol Leave the default value IP 5 Type the VLAN ID of an existing VLAN In our example we already created a static VLAN wi...

Page 134: ...Note When you activate port based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that require a VID you must enter 1 as the VID The po...

Page 135: ...Chapter 9 VLAN XGS4700 48F User s Guide 135 The following screen shows users on a port based all connected VLAN configuration Figure 53 Advanced Application VLAN Port Based VLAN Setup All Connected...

Page 136: ...Chapter 9 VLAN XGS4700 48F User s Guide 136 The following screen shows users on a port based port isolated VLAN configuration Figure 54 Advanced Application VLAN Port Based VLAN Setup Port Isolation...

Page 137: ...t is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the inc...

Page 138: ...Chapter 9 VLAN XGS4700 48F User s Guide 138...

Page 139: ...AC Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting st...

Page 140: ...where the MAC address entered in the previous field will be automatically forwarded Add Click Add to save your rule to the Switch s run time memory The Switch loses this rule if it is turned off or l...

Page 141: ...splays the port where the MAC address shown in the next field will be forwarded Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete check bo...

Page 142: ...Chapter 10 Static MAC Forward Setup XGS4700 48F User s Guide 142...

Page 143: ...ge out Static multicast forwarding allows you the administrator to forward multicast frames to a member without the member having to join the group first If a multicast group has no members then the s...

Page 144: ...3 within VLAN group 4 Figure 56 No Static Multicast Forwarding Figure 57 Static Multicast Forwarding to A Single Port Figure 58 Static Multicast Forwarding to Multiple Ports 11 2 Configuring Static Mu...

Page 145: ...air 00000001 is 01 and 00000011 is 03 in hexadecimal so 01 00 5e 00 00 0A and 03 00 5e 00 00 27 are valid multicast MAC addresses VID You can forward frames with matching destination MAC address to po...

Page 146: ...This field displays the multicast MAC address that identifies a multicast group VID This field displays the ID number of a VLAN group to which frames containing the specified multicast MAC address wil...

Page 147: ...in the navigation panel to display the screen as shown next Figure 60 Advanced Application Filtering The following table describes the related labels in this screen Table 25 Advanced Application FIlte...

Page 148: ...Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to res...

Page 149: ...hes in your network to ensure that only one path exists between any two stations on the network The Switch uses IEEE 802 1w RSTP Rapid Spanning Tree Protocol that allows faster convergence of the span...

Page 150: ...nnected LANs and disables all other ports that participate in STP Network packets are therefore only forwarded between enabled ports eliminating any possible network loops STP aware switches exchange...

Page 151: ...its own bridge information In the following example there are two RSTP instances MRSTP 1 and MRSTP2 on switch A Figure 61 MRSTP Network Example To set up MRSTP activate MRSTP on the Switch and specif...

Page 152: ...le bridges or switching devices into regions that appear as one single bridge on the network A VLAN can be mapped to a specific Multiple Spanning Tree Instance MSTI MSTI allows multiple VLANs to use t...

Page 153: ...ion external path cost of paths outside this region is increased by one Internal path cost of paths within this region is increased by one when BPDUs traverse the region Devices that belong to the sam...

Page 154: ...ST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of an MST instan...

Page 155: ...Protocol This screen differs depending on which STP mode RSTP MRSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration section for eac...

Page 156: ...d Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree or M...

Page 157: ...e generations by the root switch The allowed range is 1 to 10 seconds Max Age This is the maximum time in seconds a switch can wait without receiving a BPDU before attempting to reconfigure All switch...

Page 158: ...tocol Data Unit BPDU Priority Configure the priority for each port here Priority decides which port should be disabled when more than one port forms a loop in a switch Ports with a higher priority num...

Page 159: ...Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This...

Page 160: ...The following table describes the labels in this screen Table 31 Advanced Application Spanning Tree Protocol MRSTP LABEL DESCRIPTION Status Click Status to display the MRSTP Status screen see Figure 6...

Page 161: ...to 40 seconds Forwarding Delay This is the maximum time in seconds a switch will wait before changing states This delay is required because every switch must receive information about topology change...

Page 162: ...e disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port It is recommended that you as...

Page 163: ...econd This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maxi...

Page 164: ...164 13 8 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Section 13 1 5 on page 152 for more information on MSTP F...

Page 165: ...rwarding Delay This is the maximum time in seconds a switch will wait before changing states This delay is required because every switch must receive information about topology changes before it start...

Page 166: ...ommon settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to add this port to the MST...

Page 167: ...e column and then click the Delete button Cancel Click Cancel to begin configuring this screen afresh Table 33 Advanced Application Spanning Tree Protocol MSTP continued LABEL DESCRIPTION Table 34 Adv...

Page 168: ...dge port changes its initial STP port state from blocking state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge port o...

Page 169: ...t from the root port on this Switch to the root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree C...

Page 170: ...st from the root port in this MST instance to the regional root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the...

Page 171: ...aranteed bandwidth for the incoming traffic flow on a port The Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion Th...

Page 172: ...want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports...

Page 173: ...g traffic flow on a port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top naviga...

Page 174: ...Chapter 14 Bandwidth Control XGS4700 48F User s Guide 174...

Page 175: ...ckets the Switch receives per second on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this fea...

Page 176: ...ort by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second M...

Page 177: ...w to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference Click Advanced Application Mirroring in the navigation panel t...

Page 178: ...row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied t...

Page 179: ...cal link containing multiple ports The beginning port of each trunk group must be physically connected to form a trunk group The Switch supports both static and dynamic link aggregation Note In a prop...

Page 180: ...full duplex links All ports in the same trunk group must have the same media type speed duplex mode and flow control settings Configure trunk groups or LACP before you connect the Ethernet switch to...

Page 181: ...unk group that is one logical link containing multiple ports Enabled Port These are the ports you have configured in the Link Aggregation screen to be in the trunk group The port number s displays onl...

Page 182: ...c based on a combination of the packet s source and destination MAC addresses src ip means the Switch distributes traffic based on the packet s source IP address dst ip means the Switch distributes tr...

Page 183: ...vanced Application Link Aggregation Link Aggregation Setting The following table describes the labels in this screen Table 42 Advanced Application Link Aggregation Link Aggregation Setting LABEL DESCR...

Page 184: ...MAC addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distrib...

Page 185: ...rol Protocol Click in the Advanced Application Link Aggregation Link Aggregation Setting LACP to display the screen shown next See Section 17 2 on page 179 for more information on dynamic link aggrega...

Page 186: ...ink containing multiple ports LACP Active Select this option to enable LACP for a trunk Port This field displays the port number Settings in this row apply to all ports Use this row only if you want t...

Page 187: ...igure 81 Trunking Example Physical Connections 2 Configure static trunking Click Advanced Application Link Aggregation Link Aggregation Setting In this screen activate trunk group T1 select the traffi...

Page 188: ...Chapter 17 Link Aggregation XGS4700 48F User s Guide 188...

Page 189: ...date users See Section 25 1 2 on page 246 for more information on configuring your RADIUS server settings Note If you enable IEEE 802 1x authentication and MAC authentication on the same port the Swit...

Page 190: ...8 1 2 MAC Authentication MAC authentication works in a very similar way to IEEE 802 1x authentication The main difference is that the Switch does not prompt the client for login credentials The login...

Page 191: ...first activate the port authentication method s you want to use both on the Switch and the port s then configure the RADIUS server settings in the AAA Radius Server Setup screen To activate a port aut...

Page 192: ...check box to permit 802 1x authentication on the Switch Note You must first enable 802 1x authentication on the Switch before configuring it on each port Port This field displays a port number Setting...

Page 193: ...he Switch sends the client to the Guest VLAN The client needs to send a new request to be authenticated by the Switch again Reauth Specify if a subscriber has to periodically re enter his or her usern...

Page 194: ...switches or routers with the guest network feature Figure 87 Guest VLAN Example Use this screen to enable and assign a guest VLAN to a port In the Port Authentication 802 1x screen click Guest Vlan t...

Page 195: ...guest VLAN Make sure this is a VLAN recognized in your network Host mode Specify how the Switch authenticates users when more than one user connect to the port using a hub Select Multi Host to authen...

Page 196: ...ication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch Note You must first enable MAC authentication on the Switch before configuring it on each port Name Pr...

Page 197: ...s this setting See Section 8 5 on page 111 Port This field displays a port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port...

Page 198: ...Chapter 18 Port Authentication XGS4700 48F User s Guide 198...

Page 199: ...Switch The Switch can learn up to 32K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 32K For maximum port security enable this feature disable MAC address le...

Page 200: ...ously learned MAC addresses on the specified port s will become static MAC addresses and display in the Static MAC Forwarding screen MAC freeze Click MAC freeze to have the Switch automatically select...

Page 201: ...ing to occur on a port the port itself must be active with address learning enabled Limited Number of Learned MAC Address Use this field to limit the number of dynamic MAC addresses that may be learne...

Page 202: ...this feature is disabled Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigatio...

Page 203: ...ing to specific criteria such as the source address destination address source port number destination port number or incoming port number For example you can configure a classifier to select traffic...

Page 204: ...rules To configure policy rules refer to Chapter 21 on page 209 Click Advanced Application Classifier in the navigation panel to display the configuration screen as shown Figure 92 Advanced Applicatio...

Page 205: ...ect the second choice and type a MAC address in valid MAC address format six hexadecimal character pairs Port Type the port number to which the rule should be applied You may choose one port only or a...

Page 206: ...ddress Address Prefix Enter a destination IP address in dotted decimal notation Specify the address prefix by entering the number of ones in the subnet mask Socket Number Note You must select either U...

Page 207: ...ctivated Name This field displays the descriptive name for this rule This is for identification purposes only Rule This field displays a summary of the classifier rule s settings Delete Click Delete t...

Page 208: ...figuring a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 Figure 94 Classifier Example After you have configured a classifier you can configure a policy to define...

Page 209: ...the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or reme...

Page 210: ...he DiffServ network Based on the marking rule different kinds of traffic can be marked for different kinds of forwarding Resources can then be allocated according to the DSCP values and the configured...

Page 211: ...tion panel to display the screen as shown Figure 95 Advanced Application Policy Rule The following table describes the labels in this screen Table 53 Advanced Application Policy Rule LABEL DESCRIPTION...

Page 212: ...f profile traffic Action Specify the action s the Switch takes on the associated classified traffic flow Forwarding Select No change to forward the packets Select Discard the packet to drop the packet...

Page 213: ...rofile traffic Select Drop the packet to discard the out of profile traffic Select Change the DSCP value to replace the DSCP field with the value specified in the Out of profile DSCP field Select Set...

Page 214: ...lick an index number to edit the policy Active This field displays Yes when policy is activated and No when is it deactivated Name This field displays the name you have assigned to this policy Classif...

Page 215: ...Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out of profile traffic on a traffic flow classified using the Example classifier ref...

Page 216: ...Chapter 21 Policy Rule XGS4700 48F User s Guide 216...

Page 217: ...raffic on the highest priority queue Q7 is transmitted first When that queue empties traffic on the next highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted on Q5...

Page 218: ...qual amount of bandwidth and then moves to the end of the list and so on depending on the number of queues being used This works in a looping fashion until a queue is empty Weighted Round Robin Schedu...

Page 219: ...labels in this screen Table 55 Advanced Application Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring Settings in this row apply to all ports Use this row only if yo...

Page 220: ...vice than queues with smaller weights Weight Q0 Q7 When you select WFQ or WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their weights Hybrid SPQ...

Page 221: ...4 customer VLANs This allows a service provider to provide different service based on specific VLANs for many different customers A service provider s customers may require a range of VLANs to handle...

Page 222: ...Select Access Port for ingress ports on the service provider s edge devices 1 and 2 in the VLAN stacking example figure The incoming frame is treated as untagged so a second VLAN tag outer VLAN tag ca...

Page 223: ...Port then the Switch only adds the SP TPID tag to all incoming frames on the service provider s edge devices 1 and 2 in the VLAN stacking example figure that have an SP TPID different to the one conf...

Page 224: ...d Double Tagged 802 11Q Frame Format DA SA Len Etype Dat a FCS Untagged Ethernet frame DA SA TPI D Priorit y VI D Len Etype Dat a FCS IEEE 802 1Q customer tagged frame D A SA SPTPI D Priori ty VI D TP...

Page 225: ...s ports at the edge of the service provider s network Select Tunnel Port available for Gigabit ports only for egress ports at the edge of the service provider s network Select Tunnel Port to have the...

Page 226: ...entifies the port you are configuring SPVID SPVID is the service provider s VLAN ID the outer VLAN tag Enter the service provider ID from 1 to 4094 for frames received on this port See Chapter 9 on pa...

Page 227: ...uring CVID Enter a customer VLAN ID the inner VLAN tag from 1 to 4094 This is the VLAN tag carried in the packets from the subscribers SPVID SPVID is the service provider s VLAN ID the outer VLAN tag...

Page 228: ...he service provider s VLAN ID that adds to the packets from the subscribers Priority This is the service provider s priority level in the packets Delete Check the rule s that you want to remove in the...

Page 229: ...ast address allows a device to send packets to a specific group of hosts multicast group in a different subnetwork A multicast IP address represents a traffic receiving group not individual receiving...

Page 230: ...p to 16 VLANs You can configure the Switch to automatically learn multicast group membership of any VLANs The Switch then performs IGMP snooping on the first 16 VLANs that send IGMP packets This is re...

Page 231: ...ettings to configure IGMP Snooping Active Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group Querier Select this option to allow the...

Page 232: ...ports Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common s...

Page 233: ...entry is aged out Select Replace to replace an existing entry in the multicast forwarding table with the new IGMP report s received on this port IGMP Filtering Profile Select the name of the IGMP filt...

Page 234: ...on of any VLANs automatically Select fixed to have the Switch only learn multicast group membership information of the VLAN s that you specify below In either auto or fixed mode the Switch can learn u...

Page 235: ...tic VLAN the valid range is between 1 and 4094 Note You cannot configure the same VLAN ID as in the MVR screen Add Click Add to insert the entry in the summary table below and save your changes to the...

Page 236: ...t IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile End Address Type the ending multicast IP address for a range of IP addresses that you want to belo...

Page 237: ...re managed by IGMP snooping The following figure shows a network example The subscriber VLAN 1 2 and 3 information is hidden from the streaming media server S In addition the multicast VLAN informatio...

Page 238: ...he streaming media server S via the Switch Multiple subscriber devices can connect through a port configured as the receiver on the Switch When the subscriber selects a television channel computer A s...

Page 239: ...utomatically creates a static VLAN with the same VID when you create a multicast VLAN in this screen Figure 109 Advanced Application Multicast Multicast Setting MVR The following table describes the r...

Page 240: ...multicast traffic None Select this option to set the port not to participate in MVR No MVR multicast traffic is sent or received on this port Tagging Select this checkbox if you want the port to tag...

Page 241: ...abels in this screen Table 67 Advanced Application Multicast Multicast Setting MVR Group Configuration LABEL DESCRIPTION Multicast VLAN ID Select a multicast VLAN ID that you configured in the MVR scr...

Page 242: ...on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh MVLAN This field displays the mult...

Page 243: ...he Switch create a multicast group in the MVR screen and set the receiver and source ports Figure 112 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscrib...

Page 244: ...er s Guide 244 following figure shows an example where two multicast groups News and Movie are configured for the multicast VLAN 200 Figure 113 MVR Group Configuration Example Figure 114 MVR Group Con...

Page 245: ...levels associated with them For example user A may have the right to create new login accounts on the Switch but user B cannot The Switch can authorize users based on user accounts configured on the...

Page 246: ...ted to the memory capacity of the device In essence RADIUS and TACACS authentication both allow you to validate an unlimited number of users from a central location The following table describes some...

Page 247: ...up Use this screen to configure your RADIUS server settings See Section 25 1 2 on page 246 for more information on RADIUS servers and Section 25 3 on page 256 for RADIUS attributes utilized by the aut...

Page 248: ...notation UDP Port The default port of a RADIUS server for authentication is 1812 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a passwor...

Page 249: ...server and the Switch This key is not sent over the network This key must be the same on the external RADIUS accounting server and the Switch Delete Check this box if you want to remove an existing RA...

Page 250: ...in dotted decimal notation TCP Port The default port of a TACACS server for authentication is 49 You need not change this value unless your network administrator instructs you to do so Shared Secret...

Page 251: ...ver the network This key must be the same on the external TACACS accounting server and the Switch Delete Check this box if you want to remove an existing TACACS accounting server entry from the Switch...

Page 252: ...Select local to have the Switch check the access privilege configured for local authentication Select radius or tacacs to have the Switch check the access privilege via the external servers Login Thes...

Page 253: ...begins a session authenticates via the Switch ends a session as well as interim updates of a session Commands Configure the Switch to send information when commands of specified privilege level and hi...

Page 254: ...s vendor ID is 890 Vendor Type A vendor specified attribute identifying the setting you want to modify Vendor data A value you want to assign to the setting Note Refer to the documentation that comes...

Page 255: ...in decimal format Privilege Assignment Vendor ID 890 Vendor Type 3 Vendor Data shell priv lvl N or Vendor ID 9 CISCO Vendor Type 1 CISCO AVPAIR Vendor Data shell priv lvl N where N is a privilege lev...

Page 256: ...used by authentication and accounting functions on the Switch In cases where the attribute has a specific format associated with it the format is specified 25 3 1 Attributes Used for Authentication Th...

Page 257: ...Id is date time 8 digit sequential number for example 2007041917210300000001 date 2007 04 19 time 17 21 03 serial number 00000001 Acct Delay Time 25 3 2 2 Attributes Used for Accounting Exec Events Th...

Page 258: ...IP Address Service Type Calling Station Id Acct Status Type Acct Delay Time Acct Session Id Acct Authentic Acct Session Time Acct Terminate Cause Table 76 RADIUS Attributes Exec Events via Console AT...

Page 259: ...Chapter 25 AAA XGS4700 48F User s Guide 259 Acct Input Gigawords Acct Output Gigawords Table 76 RADIUS Attributes Exec Events via Console ATTRIBUTE START INTERIM UPDATE STOP...

Page 260: ...Chapter 25 AAA XGS4700 48F User s Guide 260...

Page 261: ...is a binding the Switch forwards the packet If there is not a binding the Switch discards the packet The Switch builds the binding table by snooping DHCP packets dynamic bindings and from information...

Page 262: ...are no trusted ports Untrusted ports are connected to subscribers The Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER...

Page 263: ...e requests The Switch can add the following information Slot ID 1 byte port ID 1 byte and source VLAN ID 2 bytes System name up to 32 bytes This information is stored in an Agent Information field in...

Page 264: ...X does the following things It pretends to be computer A and responds to computer B It pretends to be computer B and sends a message to computer A As a result all the communication between computer A...

Page 265: ...itch can send syslog messages to the specified syslog server Chapter 47 on page 423 when it forwards or discards ARP packets The Switch can consolidate log messages and send log messages in batches to...

Page 266: ...rce Guard LABEL DESCRIPTION Index This field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding IP Address This field displays the IP a...

Page 267: ...ports select Any Add Click this to create the specified static binding or to update an existing one Cancel Click this to reset the values above based on the last selected static binding or if not app...

Page 268: ...out the DHCP snooping database To open this screen click Advanced Application IP Source Guard DHCP Snooping Figure 124 DHCP Snooping Delete Select this and click Delete to remove the specified entry C...

Page 269: ...field displays how much longer in seconds the Switch tries to complete the current update before it gives up It displays Not Running if the Switch is not updating the DHCP snooping database right now...

Page 270: ...ce Guide Binding collisions This field displays the number of bindings the Switch ignored because the Switch already had a binding with the same MAC address and VLAN ID Invalid interfaces This field d...

Page 271: ...rt To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Figure 125 DHCP Snooping Configure Parse failures This field displays the number of bindings the Switch has ig...

Page 272: ...tp domain name or IP address directory if applicable file name for example tftp 192 168 10 1 database txt Timeout interval Enter how long 10 65535 seconds the Switch tries to complete a specific updat...

Page 273: ...DHCP snooping Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports You can also specify the maximum number for DHCP packets that each port trusted or...

Page 274: ...ed ports are connected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source...

Page 275: ...witch and specify trusted ports Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports Option82 Select this to have the Switch add the slot number port...

Page 276: ...fied unauthorized ARP packets Index This field displays a sequential number for each MAC address filter MAC Address This field displays the source MAC address in the MAC address filter VID This field...

Page 277: ...the section below Then enter the lowest VLAN ID Start VID and the highest VLAN ID End VID you want to look at Apply Click this to display the specified range of VLANs in the section below VID This fi...

Page 278: ...re generated by ARP packets and that have not been sent to the syslog server yet If one or more log messages are dropped due to unavailable buffer there is an entry called overflow with the current nu...

Page 279: ...g with the same MAC address and VLAN ID static deny An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID deny An ARP packet was discarded because ther...

Page 280: ...the log and reset this counter See Section 26 6 2 on page 278 Syslog rate Type the maximum number of syslog messages the Switch can send to the syslog server in one batch This number is expressed as a...

Page 281: ...ure the port the settings are applied to all of the ports Trusted State Select whether this port is a trusted port Trusted or an untrusted port Untrusted The Switch does not discard ARP packets on tru...

Page 282: ...every five second interval Enter the length 1 15 seconds of the burst interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off...

Page 283: ...P packet from the VLAN Permit The Switch generates log messages when it forwards an ARP packet from the VLAN All The Switch generates log messages every time it receives an ARP packet from the VLAN Ap...

Page 284: ...Chapter 26 IP Source Guard XGS4700 48F User s Guide 284...

Page 285: ...e 134 Loop Guard vs STP Loop guard is designed to handle loop problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a re...

Page 286: ...port If this is the case the Switch will shut down the port connected to the switch in loop state The following figure shows a loop guard enabled port N on switch A sending a probe packet P to switch...

Page 287: ...k you can re activate the disabled port via the web configurator see Section 8 7 on page 115 or via commands see the Ethernet Switch CLI Reference Guide 27 2 Loop Guard Setup Click Advanced Applicatio...

Page 288: ...nges in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to check...

Page 289: ...Gigabit uplink port When VLAN mapping is enabled the Switch discards the tagged packets that do not match an entry in the VLAN mapping table If the incoming packets are untagged the Switch adds a PVID...

Page 290: ...setting the same for all ports Use this row first and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this check b...

Page 291: ...VID you specified in the Translated VID field Translated VID Enter a VLAN ID from 1 to 4094 into which the customer VID carried in the packets will be translated Priority Select a priority level from...

Page 292: ...is the VLAN ID that replaces the customer VLAN ID in the tagged packets Priority This is the priority level that replaces the customer priority level in the tagged packets Delete Check the rule s that...

Page 293: ...e provider s network The edge switch encapsulates layer 2 protocol packets with a specific MAC address before sending them across the service provider s network to other edge switches Figure 142 Layer...

Page 294: ...t on the service provider s edge device 1 or 2 in Figure 143 on page 294 and connected to a customer switch A or B Incoming layer 2 protocol packets received on an access port are encapsulated and for...

Page 295: ...lect this to enable layer 2 protocol tunneling on the Switch Destination MAC Address Specify an MAC address with which the Switch uses to encapsulate the layer 2 protocol packets by replacing the dest...

Page 296: ...nd detect a unidirectional link PAGP Select this option to have the Switch send PAgP packets to a peer to automatically negotiate and build a logical port aggregation LACP Select this option to have t...

Page 297: ...w agent then creates sFlow data and sends it to an sFlow collector The sFlow collector is a server that collects and analyzes sFlow datagram An sFlow datagram includes packet header input and output i...

Page 298: ...h Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your...

Page 299: ...tor Address Enter the IP address of the sFlow collector Note You must have the sFlow collector already configured in the sFlow Collector screen The sFlow collector does not need to be in the same subn...

Page 300: ...Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the...

Page 301: ...31 1 1 PPPoE Intermediate Agent Tag Format If the PPPoE Intermediate Agent is enabled the Switch adds a vendor specific tag to PADI PPPoE Active Discovery Initialization and PADR PPPoE Active Discove...

Page 302: ...ort the Switch adds the user defined identifier string and variables into the Agent Circuit ID Sub option The variables can be the slot ID of the PPPoE client the port number of the PPPoE client and o...

Page 303: ...cted to PPPoE servers If a PADO PPPoE Active Discovery Offer PADS PPPoE Active Discovery Session confirmation or PADT PPPoE Active Discovery Terminate packet is sent from a PPPoE server and received o...

Page 304: ...e Intermediate Agent screen Figure 148 Advanced Application PPPoE Intermediate Agent 31 3 PPPoE Intermediate Agent Use this screen to configure the Switch to give a PPPoE termination server additional...

Page 305: ...re circuit id and remote id in the Per Port or Per Port Per VLAN screen Active Select this option to have the Switch add the user defined identifier string and variables specified in the option field...

Page 306: ...n as shown Figure 150 Advanced Application PPPoE Intermediate Agent Port The following table describes the labels in this screen Table 101 Advanced Application PPPoE Intermediate Agent Port LABEL DESC...

Page 307: ...ntrusted port Circuit id Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Circuit ID sub option for PPPoE discovery packets received on this port Spaces are allowed The...

Page 308: ...n the section below End VID Enter the highest VLAN ID you want to configure in the section below Apply Click Apply to display the specified range of VLANs in the section below Port This field displays...

Page 309: ...Agent Remote ID sub option for this VLAN on the specified port Spaces are allowed If you do not specify a string here or in the Remote id field for a specific port the Switch automatically uses the P...

Page 310: ...ngs are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Note Changes in this row are copied to all the...

Page 311: ...ows you to limit the rate of ARP BPDU and IGMP packets to be delivered to the CPU on a port This enhances the CPU efficiency and protects against potential DoS attacks or errors from other network s Y...

Page 312: ...guration Use this screen to limit the maximum number of control packets ARP BPDU and or IGMP that the Switch can receive or transmit on a port Click the Click Here link next to CPU protection in the A...

Page 313: ...here Port This field displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Note Changes in this row a...

Page 314: ...ction that the Switch takes when the number of control packets exceed the rate limit on a port set in the Advanced Application Errdisable CPU protection screen inactive port The Switch disables the po...

Page 315: ...packets on a port according to the feature requirements and what action you configure Use this row to make the setting the same for all entries Use this row first and then make adjustments to each en...

Page 316: ...Chapter 32 Error Disable XGS4700 48F User s Guide 316...

Page 317: ...t reachable through the default gateway use static routes For example the next figure shows a computer A connected to the Switch The Switch routes most traffic from A to the Internet through the Switc...

Page 318: ...t ID IP Subnet Mask Enter the subnet mask for this destination Gateway IP Address Enter the IP address of the gateway The gateway is an immediate neighbor of your Switch that will forward the packet t...

Page 319: ...s This field displays the IP network address of the final destination Subnet Mask This field displays the subnet mask for this destination Gateway Address This field displays the IP address of the gat...

Page 320: ...Chapter 33 Static Route XGS4700 48F User s Guide 320...

Page 321: ...r to the normal routing Individual routing policies are used as part of the overall policy routing process A routing policy defines the action to take when a packet meets the criteria in a specified c...

Page 322: ...Click Add to insert a new policy routing profile to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to s...

Page 323: ...ward packets based on the classifier and action you specify A policy route rule defines the matching classifier and the action to take when a packet meets the criteria in the classifier The action is...

Page 324: ...of the gateway The gateway is an immediate neighbor of your Switch that will forward the packet to the destination Add Click Add to insert the entry in the summary table below and save your changes to...

Page 325: ...The Version field controls the format and the broadcasting method of the RIP packets that the Switch sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries mo...

Page 326: ...ion RIP The following table describes the labels in this screen Table 110 Default Distance Value ROUTE SOURCE ADMINISTRATIVE DISTANCE Local 0 Static 1 OSPF 110 RIP 120 Table 111 IP Application RIP LAB...

Page 327: ...oth and None Version Select the RIP version from the drop down list box Choices are RIP 1 RIP 2B and RIP 2M Apply Click Apply to save your changes to the Switch s run time memory The Switch loses thes...

Page 328: ...Chapter 35 RIP XGS4700 48F User s Guide 328...

Page 329: ...ting protocols such as RIP The following table summarizes some of the major differences between OSPF and RIP 36 1 1 OSPF Autonomous Systems and Areas An OSPF autonomous system AS can be divided into l...

Page 330: ...o network destinations Layer 3 devices build a synchronized link state database by exchanging Hello messages to confirm which neighbor layer 3 devices exist and then they exchange database description...

Page 331: ...n is fine but in some situations it must be controlled In the following figure only router A has direct connectivity with all the other routers on the network segment Routers B and C do not have a dir...

Page 332: ...y the screen as shown next See Section 36 1 on page 329 for more information on OSPF Figure 164 IP Application OSPF Status The following table describes the labels in this screen Table 114 IP Applicat...

Page 333: ...sed in the designated router election Designated Router This field displays the router ID of the designated router Backup Designated Router This field displays the router ID of a backup designated rou...

Page 334: ...displays the time in seconds since the last LSA was sent Seq This field displays the link sequence number of the LSA Checksum This field displays the checksum value of the LSA Link Count This field d...

Page 335: ...t is assigned to routes learned by OSPF The lower the administrative distance value is the more preferable the routing protocol is See Section 35 1 1 on page 325 for more information about administrat...

Page 336: ...enticati on Select an authentication method Simple or MD5 to activate authentication Select None default to disable authentication Usually interface s and virtual interface s should use the same authe...

Page 337: ...rned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this scr...

Page 338: ...otocol Type Select 1 for routing protocols such as RIP whose external metrics are directly comparable to the internal OSPF cost When selecting a path the internal OSPF cost is added to the AB boundary...

Page 339: ...you can use 192 168 8 0 22 instead of using 192 168 8 0 24 192 168 9 0 24 192 168 10 0 24 and 192 168 11 0 24 The third octet of these four network IP addresses is 00001000 00001001 00001010 00001011...

Page 340: ...want to use Key When you select Simple in the Authentication field enter a password eight character long Characters after the eighth character will be ignored When you select MD5 in the Authenticatio...

Page 341: ...is field displays the interface cost used for calculating the routing table Priority This field displays the priority for this OSPF interface Delete Click Delete to remove the selected entry from the...

Page 342: ...d eight character long When you select MD5 in the Authentication field enter a password 16 character long Add Click Add to save your changes to the Switch s run time memory The Switch loses these chan...

Page 343: ...tween a multicast server multicast routers and multicast hosts A multicast server transmits multicast packets and multicast routers forward multicast packets to multicast hosts Figure 171 IP Multicast...

Page 344: ...n 1 to version 3 IGMP version 1 defines how a multicast router checks to see if any multicast hosts are part of a multicast group It checks for group membership by sending out an IGMP Query packet Hos...

Page 345: ...multicast server Z IP address 13 2 2 2 both send multicast traffic to the same multicast group identified by the multicast IP address 225 1 1 1 In IGMP version 3 multicast host A can join multicast g...

Page 346: ...ot recorded any group members Select Drop to discard the frame s Select Flooding to send the frame s to all ports Index This field displays an index number of an entry Network This field displays the...

Page 347: ...e IGMP enabled when you enable DVMRP otherwise you see the screen as in Figure 178 on page 349 38 2 How DVMRP Works DVMRP uses the Reverse Path Multicasting RPM algorithm to generate an IP Multicast d...

Page 348: ...st routing table that is used to build source trees and also perform Reverse Path Forwarding RPF checks on incoming multicast packets RPF checks prevent duplicate packets being filtered when loops exi...

Page 349: ...This applies only to multicast traffic this Switch sends out Index Index is the DVMRP configuration for the IP routing domain defined under Network The maximum number of DVMRP configurations allowed i...

Page 350: ...Error Message 38 4 Default DVMRP Timer Values The following are some default DVMRP timer values Table 124 DVMRP Default Timer Values DVMRP FIELD DEFAULT VALUE Probe interval 10 sec Report interval 35...

Page 351: ...differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give...

Page 352: ...to give higher drop precedence to one traffic flow over others In our example packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Platinum...

Page 353: ...ork Green low loss priority level packets are forwarded TRTCM operates in one of two modes color blind or color aware In color blind mode packets are marked based on evaluating against the PIR and CIR...

Page 354: ...ed against the PIR Only the packets marked green are first evaluated against the PIR and then if they don t exceed the PIR level are they evaluated against the CIR Figure 184 TRTCM Color aware Mode 39...

Page 355: ...the Switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on...

Page 356: ...gh loss priority colored packets Mode Select color blind to have the Switch treat all incoming packets as uncolored All incoming packets are evaluated against the CIR and PIR Select color aware to tre...

Page 357: ...are marked via TRTCM green Specify the DSCP value to use for packets with low packet loss priority yellow Specify the DSCP value to use for packets with medium packet loss priority red Specify the DSC...

Page 358: ...28 IP Application DiffServ DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop dow...

Page 359: ...40 1 1 DHCP Modes The Switch can be configured as a DHCP server or DHCP relay agent If you configure the Switch as a DHCP server it will maintain the pool of IP addresses along with subnet masks DNS...

Page 360: ...view the screen as shown Use Table 129 IP Application DHCP Status LABEL DESCRIPTION Server Status This section displays configuration settings related to the Switch s DHCP server mode Index This is t...

Page 361: ...way value sent to clients from this DHCP server instance Primary DNS Server This field displays the primary DNS server value sent to clients from this DHCP server instance Secondary DNS Server This fi...

Page 362: ...sts that it relays to a DHCP server by adding Relay Agent Information This helps provide authentication about the source of the requests The DHCP server can then provide an IP address based on this in...

Page 363: ...n Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This...

Page 364: ...DHCP clients in both domains Figure 191 Global DHCP Relay Network Example Configure the DHCP Relay screen as shown Make sure you select the Option 82 check box to set the Switch to send additional in...

Page 365: ...VLAN that you want to configure DHCP settings for on the Switch See Section 8 6 on page 113 for information on how to do this Figure 193 IP Application DHCP VLAN The following table describes the labe...

Page 366: ...requests that it relays to a DHCP server Informati on This read only field displays the system name you configure in the General Setup screen Select the check box for the Switch to add the system name...

Page 367: ...vers are installed to serve each VLAN The system is set up to forward DHCP requests from the dormitory rooms VLAN 1 to the DHCP server with an IP address of 192 168 1 100 Requests from the academic bu...

Page 368: ...Chapter 40 DHCP XGS4700 48F User s Guide 368 For the example network configure the VLAN Setting screen as shown Figure 195 DHCP Relay for Two VLANs Configuration Example EXAMPLE...

Page 369: ...vailable In VRRP a virtual router VR represents a number of physical layer 3 devices An IP address is associated with the virtual router A layer 3 device having the same IP address is the preferred ma...

Page 370: ...k IP Application VRRP in the navigation panel to display the VRRP Status screen as shown next Figure 197 IP Application VRRP Status The following table describes the labels in this screen 172 21 1 100...

Page 371: ...unctions as the master router This field is Backup indicating that this Switch functions as a backup router This field displays Init when this Switch is initiating the VRRP protocol or when the Uplink...

Page 372: ...an IP domain Authenticati on Select None to disable authentication This is the default setting Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface Key When y...

Page 373: ...routers participating in the virtual router must use the same advertisement interval 41 3 2 2 Priority Configure the priority level 1 to 254 to set which backup router to take over in case the master...

Page 374: ...r number 1 to 7 for which this VRRP entry is created You can configure up to seven virtual routers for one network Advertisement Interval Specify the number of seconds between Hello message transmissi...

Page 375: ...ick Clear to set the above fields back to the factory defaults Table 136 IP Application VRRP Configuration VRRP Parameters continued LABEL DESCRIPTION Table 137 VRRP Configuring VRRP Parameters LABEL...

Page 376: ...e host computer X is set to use VR1 as the default gateway Figure 201 VRRP Configuration Example One Virtual Router Network You want to set switch A as the master router Configure the VRRP parameters...

Page 377: ...the two network groups use different default gateways Each switch is configured to backup a virtual router using VRRP You wish to configure switch A as the master router for virtual router VR1 and as...

Page 378: ...VRRP Example 2 VRRP Parameter Settings for VR2 on Switch A Figure 208 VRRP Example 2 VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration the VRRP Status sc...

Page 379: ...the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the kn...

Page 380: ...reply from host B it updates its ARP table and also forwards host A s ICMP request to host B After the Switch gets the ICMP reply from host B it sends out an ARP request to get host A s MAC address a...

Page 381: ...3 ARP Request When the Switch is in ARP Request learning mode it updates the ARP table with both ARP replies gratuitous ARP requests and ARP requests Therefore in the following example the Switch can...

Page 382: ...some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as yo...

Page 383: ...ry The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Canc...

Page 384: ...Chapter 42 ARP Learning XGS4700 48F User s Guide 384...

Page 385: ...ths 1 2 and 3 of equal path cost This allows you to balance or share traffic loads between multiple routing paths when the Switch is connected to more than one next hop ECMP works with static routes o...

Page 386: ...t s source and destination IP addresses into a hash value which acts as an index to a route path Aging Time Specify the time interval from 0 to 86400 in increments of 10 in seconds at which the Switch...

Page 387: ...Maintenance The following table describes the labels in this screen Table 140 Management Maintenance LABEL DESCRIPTION Current This field displays which configuration Configuration 1 or Configuration...

Page 388: ...change the IP address of your computer to be in the same subnet as that of the default Switch IP address 192 168 1 1 44 3 Save Configuration Click Config 1 to save the current configuration settings p...

Page 389: ...Config 1 or configuration two Config 2 when you reboot Follow the steps below to reboot the Switch 1 In the Maintenance screen click the Config 1 button next to Reboot System to reboot and load confi...

Page 390: ...re After the firmware upgrade process is complete see the System Info screen to verify your current firmware version number 44 6 Restore a Configuration File Restore a previously saved configuration f...

Page 391: ...the Save As screen 3 Choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the config...

Page 392: ...put firmware bin ras 0 This is a sample FTP session showing the transfer of the computer file firmware bin to the Switch ftp get config config cfg This is a sample FTP session saving the current conf...

Page 393: ...your computer and renames it to config cfg See Table 141 on page 392 for more information on filename conventions 7 Enter quit to exit the ftp prompt 44 8 3 GUI based FTP Clients The following table d...

Page 394: ...P Restrictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote Management screen does not match the client IP address If it does not...

Page 395: ...ns are allowed A console port access control session and Telnet access control session cannot coexist when multi login is disabled See the Ethernet Switch CLI Reference Guide for more information on d...

Page 396: ...twork consists of two main components agents and a manager An agent is a management software module that resides in a managed Switch the Switch An agent translates the local management information fro...

Page 397: ...s let administrators collect statistics and monitor status and performance The Switch supports the following MIBs SNMP MIB II RFC 1213 RFC 1157 SNMP v1 RFC 1493 Bridge MIBs RFC 1643 Ethernet MIBs RFC...

Page 398: ...3 1 2 2 This trap is sent when the fan speed returns to the normal operating range temperatur e TemperatureEventOn 1 3 6 1 4 1 890 1 5 8 54 3 1 2 1 This trap is sent when the temperature goes above or...

Page 399: ...s trap is sent when the Switch ceases the action taken on a port such as shutting down the port or discarding packets on the port after the specified recovery interval Table 145 SNMP System Traps cont...

Page 400: ...range DDMIRxPowerEventClear DDMITemperatureEventCl ear DDMITxBiasEventClear DDMITxPowerEventClear DDMIVoltageEventClear 1 3 6 1 4 1 890 1 5 8 54 31 2 2 This trap is sent when all device operating para...

Page 401: ...1 3 6 1 2 1 80 0 3 This trap is sent when a ping test is completed traceroute traceRouteTestFailed 1 3 6 1 2 1 81 0 2 This trap is sent when a traceroute test fails traceRouteTestCompleted 1 3 6 1 2 1...

Page 402: ...is used MacTableFullEventClear 1 3 6 1 4 1 890 1 5 8 54 3 1 2 2 This trap is sent when less than 95 of the MAC table is used rmon RmonRisingAlarm 1 3 6 1 4 1 890 1 5 1 1 16 0 1 This trap is sent when...

Page 403: ...only used by SNMP managers using SNMP version 2c or lower Trap Community Enter the Trap Community string which is the password sent with each trap to the SNMP manager The Trap Community string is onl...

Page 404: ...manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See Section 45...

Page 405: ...Security Level Select whether you want to implement authentication and or encryption for SNMP communication from this user Choose noauth to use the username as the password string to send to the SNMP...

Page 406: ...ead rights only meaning the user can collect information from the Switch Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch l...

Page 407: ...s something other than admin is someone who can view but not configure Switch settings Click Management Access Control Logins to view the screen as shown Figure 224 Management Access Control Logins Th...

Page 408: ...privileges via the CLI For more information on assigning privileges see the Ethernet Switch CLI Reference Guide User Name Set a user name up to 32 ASCII characters long Password Enter your new system...

Page 409: ...er The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client automatically s...

Page 410: ...ure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring c...

Page 411: ...in the Service Access Control screen then the Switch blocks all HTTP connection attempts 45 9 HTTPS Example If you haven t changed the default HTTPS port on the Switch then in your browser enter https...

Page 412: ...blocked Figure 228 Security Alert Dialog Box Internet Explorer 6 45 9 1 2 Internet Explorer 7 or 8 When you attempt to access the Switch HTTPS server a screen with the message There is a problem with...

Page 413: ...age Certificate Error Click on Certificate Error next to the address bar and click View certificates Figure 230 Certificate Error Internet Explorer 7 or 8 Click Install Certificate and follow the on s...

Page 414: ...Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server a This Connection is Unstructed screen may display If that is the case click I Understand the Risks and then the Ad...

Page 415: ...rm Security Exception to proceed to the web configurator login screen Figure 233 Security Alert Mozilla Firefox 45 9 3 The Main Screen After you accept the certificate and enter the login username and...

Page 416: ...address bar in Internet Explorer 7 or 8 denotes a secure connection Figure 234 Example Lock Denoting a Secure Connection 45 10 Service Port Access Control Service Access Control allows you to decide...

Page 417: ...Switch Service Port For Telnet SSH FTP HTTP or HTTPS services you may change the default service port by typing the new port number in the Server Port field If you change the default port number then...

Page 418: ...roup of one or more trusted computers from which an administrator may use a service to manage the Switch Active Select this check box to activate this secured client set Clear the check box if you wis...

Page 419: ...Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Clic...

Page 420: ...Chapter 45 Access Control XGS4700 48F User s Guide 420...

Page 421: ...n this screen Use this screen to check system logs ping IP addresses or perform port tests Figure 237 Management Diagnostic The following table describes the labels in this screen Table 156 Management...

Page 422: ...ice that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address in the field to the left Ethernet Port Test Enter a port number and click Port Test to perform...

Page 423: ...message has a facility and severity level The syslog facility identifies a file in the syslog server Refer to the documentation of your syslog program for details The following table describes the sys...

Page 424: ...tting Logging Type This column displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category Fac...

Page 425: ...ore critical the logs are Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigatio...

Page 426: ...Chapter 47 Syslog XGS4700 48F User s Guide 426...

Page 427: ...ted and be in the same VLAN group so as to be able to communicate with one another Table 160 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models Clust...

Page 428: ...er and the other switches on the upper floors of the building are cluster members Figure 240 Clustering Application Example 48 2 Cluster Management Status Click Management Cluster Management in the na...

Page 429: ...s the cluster manager switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches...

Page 430: ...nagement XGS4700 48F User s Guide 430 configurator home page and the home page that you d see if you accessed it directly are different Figure 242 Cluster Management Cluster Member Web Configurator Sc...

Page 431: ...c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 400BVG0b6 bin fw 00...

Page 432: ...switches that are set to be cluster managers will not be visible in the Clustering Candidates list If a switch that was previously a cluster member is later set to become a cluster manager then its St...

Page 433: ...terwards then it cannot be managed from the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen If multiple devices have the same password then hold SHIFT and clic...

Page 434: ...Chapter 48 Cluster Management XGS4700 48F User s Guide 434...

Page 435: ...ynamic learned by the Switch or static manually entered in the Static MAC Forwarding screen The Switch uses the MAC Table to determine how to forward frames See the following figure 1 The Switch exami...

Page 436: ...filters the frame Figure 245 MAC Table Flowchart 49 2 Viewing the MAC Table Click Management MAC Table in the navigation panel to display the following screen Use this screen to search specific MAC ad...

Page 437: ...t the criteria here into the static MAC forwarding table see Section 10 2 on page 139 The type of the MAC address es will be changed to static Select Dynamic to MAC filtering and click Transfer to add...

Page 438: ...Chapter 49 MAC Table XGS4700 48F User s Guide 438...

Page 439: ...ned by the Switch or static belonging to the Switch The Switch uses the IP Table to determine how to forward packets See the following figure 1 The Switch examines a received packet and learns the por...

Page 440: ...he labels in this screen Table 165 Management IP Table LABEL DESCRIPTION Sort by Click one of the following buttons to display and arrange the data according to that button type The information is the...

Page 441: ...Port This is the port from which the above IP address was learned This field displays CPU to indicate the IP address belongs to the Switch Type This shows whether the IP address is dynamic learned by...

Page 442: ...Chapter 50 IP Table XGS4700 48F User s Guide 442...

Page 443: ...h s ARP program looks in the ARP Table and if it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch...

Page 444: ...address Select Port and enter a port number to remove the dynamic entries learned on the specified port Flush Click Flush to remove the ARP entries according to the condition you specified Cancel Cli...

Page 445: ...navigation panel to display the screen as shown Figure 250 Management Routing Table The following table describes the labels in this screen Table 167 Management Routing Table LABEL DESCRIPTION Index T...

Page 446: ...Chapter 52 Routing Table XGS4700 48F User s Guide 446...

Page 447: ...ou can copy the settings of one port onto other ports 53 1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management...

Page 448: ...le 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings configured in the Basic Settin...

Page 449: ...ned on in DC models or if the DC power supply is connected in AC DC models 2 Make sure you are using the power adaptor or cord included with the Switch 3 Make sure the power adaptor or cord is connect...

Page 450: ...Inspect your cables for damage Contact the vendor to replace any damaged cables 4 Turn the Switch off and on in DC models or if the DC power supply is connected in AC DC models 5 Disconnect and re co...

Page 451: ...ardware connections and make sure the LEDs are behaving as expected See Section 3 4 on page 52 3 Make sure your Internet browser does not block pop up windows and has JavaScripts and Java enabled 4 Ma...

Page 452: ...avaScripts and Java Permissions In order to use the web configurator you need to allow Web browser pop up windows from your device JavaScripts enabled by default Java permissions enabled by default I...

Page 453: ...fter I restart the Switch Make sure you save your configuration into the Switch s nonvolatile memory each time you make changes Click Save at the top right corner of the web configurator to save the c...

Page 454: ...Chapter 54 Troubleshooting XGS4700 48F User s Guide 454...

Page 455: ...nterfaces 48 mini GBIC slots compatible with Small Form Factor Pluggable SFP Multi Source Agreement MSA transceivers Two slots for optional 10G uplink module sets One local management Ethernet 10 100B...

Page 456: ...k belong to one group A device can belong to more than one group With VLAN a device cannot directly talk to or hear from devices that are not in the same group s the traffic must first go through a ro...

Page 457: ...or applications such as Media on Demand MoD using multicast traffic across a network MVR allows one single multicast VLAN to be shared among different subscriber VLANs on the network This improves ban...

Page 458: ...ervices via RADIUS and TACACS AAA servers Device Management Use the web configurator or commands to easily configure the rich range of features on the Switch Port Cloning Use the port cloning feature...

Page 459: ...lso configure the Switch to automatically undo the action after the error is gone Policy Routing Policy routing lets you override the default routing behavior and alter the packet forwarding based on...

Page 460: ...le trees IEEE 802 1s Multiple Spanning Tree Protocol BPDU transparency QoS IEEE 802 1p Eight priority queues per port Port based egress traffic shaping Rule based traffic mirroring IEEE 802 3x flow co...

Page 461: ...ast RIP V1 V2 OSPF V2 Multicast DVMRP IGMP V1 V2 V3 ECMP Static Routing IP services DHCP relay VLAN based DHCP server relay DHCP Snooping Policy routing Load sharing 64 VRRP entries Filtering Support...

Page 462: ...on Guest VLAN PPPoE IA and option 82 Configurable ARP learning mode Management IEEE 802 3ah OAM IEEE 802 1AB LLDP IEEE 802 1ag CFM Loop guard Password encryption sFlow User access right Error disable...

Page 463: ...Protocol Version 3 RFC 3414 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMP v3 RFC 3580 RADIUS Tunnel Protocol Attribute IEEE 802 1ab Link Layer Discovery Pr...

Page 464: ...Chapter 55 Product Specifications XGS4700 48F User s Guide 464...

Page 465: ...r information about port numbers If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation of the...

Page 466: ...This is a popular Internet chat program IGMP MULTICAST User Defined 2 Internet Group Multicast Protocol is used when sending packets to a specific group of hosts IKE UDP 500 The Internet Key Exchange...

Page 467: ...ime Streaming media control Protocol RTSP is a remote control for multimedia on the Internet SFTP TCP 115 Simple File Transfer Protocol SMTP TCP 25 Simple Mail Transfer Protocol is the message exchang...

Page 468: ...P networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP User...

Page 469: ...sing out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the ri...

Page 470: ...ice in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense CE Mark Warning This is a class A product In a...

Page 471: ...ith damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of...

Page 472: ...IANO NEDERLANDS D claration de Produit Green Directive RoHS 2002 95 EC Dichiarazione Green Product Direttiva RoHS 2002 95 CE Productmilieuverklaring RoHS richtlijn 2002 95 EC Directive DEEE 2002 96 EC...

Page 473: ...Appendix B Legal Information XGS4700 48F User s Guide 473...

Page 474: ...Appendix B Legal Information XGS4700 48F User s Guide 474...

Page 475: ...onfiguring 265 syslog messages 265 trusted ports 265 AS Boundary Router 330 authentication 336 and OSPF 335 and RADIUS 246 setup 251 authorization privilege levels 253 setup 251 automatic VLAN registr...

Page 476: ...ing copyright 469 CPU management port 134 CPU protection configuration 312 overview 311 current date 109 current time 109 D Database Description DD 330 daylight saving time 109 default gateway 366 def...

Page 477: ...FCC interference statement 469 file transfer using FTP command example 392 filename convention configuration configuration file names 391 filtering 147 rules 147 filtering database MAC table 435 firm...

Page 478: ...stalling the Fan Module 47 interface 332 and OSPF 339 interface and OSPF 330 Internal Router IR 330 Internet Protocol version 6 see IPv6 introduction 27 IP capability 461 interface 113 371 routing dom...

Page 479: ...backup 391 firmware 389 restoring configuration 390 maintenance 387 current configuration 387 main screen 387 Management Information Base MIB 396 management port 49 137 default IP address 49 managing...

Page 480: ...C 1305 109 O OSPF 329 advantages 329 area 329 335 Area 0 329 area ID 336 authentication 335 336 autonomous system 329 backbone 329 configuration steps 331 general settings 334 how it works 330 interfa...

Page 481: ...current rating 50 disconnecting 51 power wire 50 power specification 455 power status 107 Power Wires 50 PPPoE IA 80 trusted ports 303 untrusted ports 303 priority level 112 priority and OSPF 331 prio...

Page 482: ...299 UDP port 300 sFlow agent 297 sFlow collector 297 Simple Network Management Protocol see SNMP SNMP 31 396 agent 396 and MIB 396 authentication 405 406 communities 403 management model 396 manager...

Page 483: ...423 server setup 425 settings 424 setup 424 severity levels 423 system information 106 system log 421 system reboot 389 T TACACS 246 setup 249 TACACS Terminal Access Controller Access Control System...

Page 484: ...VLAN 124 status 123 124 tagged 119 trunking 121 127 type 111 122 VLAN Virtual Local Area Network 110 VLAN mapping 289 activating 290 configuration 291 example 289 priority level 289 tagged 289 traffi...

Page 485: ...ator 31 55 getting help 64 layout 56 login 55 logout 64 navigation panel 58 weight queuing 218 Weighted Round Robin Scheduling WRR 218 WFQ Weighted Fair Queuing 218 WRR Weighted Round Robin Scheduling...

Reviews:

No comments

Related manuals for XGS4700 Series

Brand: ?omtime Pages: 62

Brand: Conceptronic Pages: 2

Brand: 4G Systems Pages: 2

Brand: Belkin Pages: 2

Sinus 154 data II

Brand: T-COM Pages: 12

Brand: Comway Pages: 20

Brand: Perle Pages: 491

Husky HMG-1648EP

Brand: Ethernet Direct Pages: 16

Brand: TP-Link Pages: 16

Monochrome Image Acquisition Device NI 1410

Brand: National Instruments Pages: 34

Brand: Extron electronics Pages: 19

Brand: ALIBI Pages: 232

Brand: Thecus Pages: 130

Brand: Perle Pages: 4

Brand: Extreme Networks Pages: 51

Brand: Transition Networks Pages: 5

Brand: Teltonika Pages: 12

Brand: Westermo Pages: 28

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands