manualshive.com logo in svg

ZyXEL Communications GS3700 Series, Handbook

The ZyXEL Communications GS3700 Series offers advanced networking solutions for businesses. Unlock the full potential of your device with the comprehensive handbook available for free download at manualshive.com. This manual provides detailed instructions and troubleshooting tips to ensure optimal performance and efficiency.

Share
Download
background image

 

 

1/215 

 

www.zyxel.com 

Switch Series

 

 

  

 

 

 

 

 

 

Firmware Version 4.50 
Edition 04/2018 

 

 

 

 

 

 

 

 

 

 

 

Handbook

 

 

 

 

 

 

 

 

 

Default Login Details

 

LAN Port IP Address

 

https://192.168.1.1

 

User Name

 

admin

 

Password

 

1234

 

 

 
 
 
 
 
 
 
 
 

Copyright ©  2018 ZyXEL 

Communications Corporation 

Summary of Contents for GS3700 Series

Page 1: ...zyxel com Switch Series Firmware Version 4 50 Edition 04 2018 Handbook Default Login Details LAN Port IP Address https 192 168 1 1 User Name admin Password 1234 Copyright 2018 ZyXEL Communications Co...

Page 2: ...2 215 www zyxel com Classifications of Zyxel switches L2 switches GS2210 XGS2210 GS1920 XGS1930 series L2 switches XGS3700 GS3700 series L3 switches XGS4600 series...

Page 3: ...device 25 1 4 1 Configuration in Switch 1 26 1 4 2 Test the Result 27 1 5 How to configure the switch to update the time from an NTP server28 1 5 1 Configuration in Switch 29 1 5 2 Test the Result 30...

Page 4: ...nts using VLAN 65 2 1 1 Configure Switch 1 66 2 1 2 Configure Switch 2 69 2 1 3 Test the Result 71 2 2 How to configure the switch to route traffic across VLANs 72 2 2 1 Configure VLAN 10 73 2 2 2 Con...

Page 5: ...3 5 How to configure ACL to rate limit IP traffic 118 3 5 1 Configure VLAN and Route Traffic 119 3 5 2 Configure the Classifier 120 3 5 3 Configure the ACL Policy Rule 122 3 5 4 Test the Result 124 3...

Page 6: ...er to Provide Network Access through 802 1x Port Authentication 151 5 4 1 Configuration in the Switch 152 5 4 2 Configuration in the RADIUS Server 154 5 4 3 Test the Result 155 5 4 4 What May Go Wrong...

Page 7: ...AN and Route Traffic 190 5 10 2 Configure the Classifier 191 5 10 3 Configure the Policy Rule 193 5 10 4 Test the Result 194 5 10 5 What Could Go Wrong 195 Implementing VOIP 196 6 1 How to configure a...

Page 8: ...8 215 www zyxel com 6 3 5 What Could Go Wrong 212 Implementing PoE 213 7 1 How does the PoE LED works 213 7 1 1 Meanings of PoE LED 214 7 1 2 Examples 215...

Page 9: ...rk management 1 1 How to use the Wizard function Wizard is a new function which provides an easier and faster way for users to set up switches The wizard includes four often used basic settings which...

Page 10: ...r configurations not supported in the Wizard to return to default settings 2 Original VLAN configurations set on Web GUI will NOT be merged into the Wizard Following example was tested using XGS1930 2...

Page 11: ...users can configure the switch management IP address Subnet Mask Gateway and DNS server 2 In Password users can change the administrator password as well as configure SNMP settings We can configure pa...

Page 12: ...12 215 www zyxel com 3 In Link Aggregation users can configure Link aggregation settings with a maximum of 5 trunks 4 In Summary users can confirm final settings on this page...

Page 13: ...13 215 www zyxel com 1 1 2 Protection 1 By using Loop Guard users can prevent loops from happening 2 In Broadcast Storm Control users can limit broadcast traffic by pkt s...

Page 14: ...14 215 www zyxel com 3 In Summary we can confirm setting of Loop Guard and Broadcast Storm Control...

Page 15: ...15 215 www zyxel com 1 1 3 VLAN 1 We can use the Wizard to setup VLAN with a faster and easier way Users can configure 5 VLANs...

Page 16: ...ww zyxel com 1 1 4 QoS Users can configure QoS as High Medium and Low to divide packets into different priorities Below are the meanings of High Medium and Low High Priority 5 Medium Priority 3 Low Pr...

Page 17: ...EL s customers who is an Internet Service Provider benefits a lot from it Before they provide services for their customers they will configure a last known good configuration that best matches the cus...

Page 18: ...network works fine Note All network IP addresses and subnet masks are used as examples in this article Please replace them with your actual network IP addresses and subnet masks This example was teste...

Page 19: ...Configuration on Switch 1 After making sure running configurations work fine Enter the web GUI and go to Menu Management Maintenance Save Configuration Custom Default The running configuration will b...

Page 20: ...1 Hardware button Press and hold down the RESTORE button on the panel for 3 6 seconds until Power LED turns blinking green Note 1 RESTORE Button behaviors No Action Press 3 seconds Return to custom d...

Page 21: ...21 215 www zyxel com 2 Web GUI Go to Menu Management Maintenance Reboot System Custom Default...

Page 22: ...Both default IP addresses of the two switches are 192 168 1 1 Two switches are using the same default IP address 1 3 1 Configuration in the Switch 2 1 Disconnect the link between Switch 1 and Switch 2...

Page 23: ...23 215 www zyxel com 3 Open a browser IE Chrome Safari Firefox etc Go to website http 192 168 1 1 default management IP address Key in username admin password 1234 and log in...

Page 24: ...ample 192 168 1 2 Then click Add 5 Log back in using the new IP address 192 168 1 2 After logging in again remember to click the Save icon to save the new configurations 1 3 2 Test the Result 1 Log in...

Page 25: ...ces As shown below the PC connects with Switch 1 in the environment In the default setting device name System Name will be the model name XGS4600 in this example Change the device name of the switch N...

Page 26: ...w zyxel com 1 4 1 Configuration in Switch 1 1 Enter the web GUI and go to Menu Basic Setting General Setup Change the System Name Switch 1 in this example and click Apply 2 Click Save to save the conf...

Page 27: ...27 215 www zyxel com 1 4 2 Test the Result Enter the web GUI and you will see the page of the switch information Check if the System Name is the name you configured Switch 1 in this example or not...

Page 28: ...to get time from NTP Server Note All network IP addresses and subnet masks are used as examples in this article Please replace them with your actual network IP addresses and subnet masks This example...

Page 29: ...P 192 168 1 1 Then click Apply 2 Go to Menu Basic Setting General Setup Select Use Time Server when Bootup to NTP RFC 1305 and set the Time Server IP Address In this scenario we use the google free pu...

Page 30: ...Current Time and Current Date should be the current time in your location If the current time is not updated as the correct time click Refresh 2 Try to select the User Time Server when Bootup as None...

Page 31: ...31 215 www zyxel com...

Page 32: ...ch may not be able to access the NTP Server successfully Follow the step to test if NTP Server is available Go to Menu Management Diagnostic Select IPv4 as in band and type the IP address of NTP Serve...

Page 33: ...p the switch to send system log events to a remote syslog server Upload the syslog automatically to the server Note All network IP addresses and subnet masks are used as examples in this article Pleas...

Page 34: ...1 200 Choose the Log Level you prefer Level 0 7 in this example The wider the range the more detailed log will be recorded Remember to click Add 2 In the same page activate the Syslog and activate th...

Page 35: ...35 215 www zyxel com 3 Click Save to save the configuration...

Page 36: ...Result 1 Unplug and re plug PC 1 from the switch 2 The Syslog Server should receive an event log from the switch 3 We can also check the directory C app Tftpd64 in this example to find out if a text f...

Page 37: ...are in different subnets remember to set default gateway so that Switch 1 and the Syslog Server can communicate with each other 2 Confirm the service port number of the Switch 1 and the Syslog Server...

Page 38: ...fy directly connected devices By doing this administrators and quickly identify which port connects to which device location or section of the network Configure the port name of the switch Note All ne...

Page 39: ...er the web GUI and go to Menu Basic Setting Port Setup Type the name of each directly connected devices on the corresponding port name For example you can type Switch 2 in port 2 and AP in port 3 Then...

Page 40: ...40 215 www zyxel com 1 7 2 Test the Result 1 Go to Menu Maintenance Port Status You will see the name you type in the column of name...

Page 41: ...cludes useful information such as System Information CPU utilization history system logs and debug reports for issue analysis Collect the Diagnostic Info from web GUI Note All network IP addresses and...

Page 42: ...Collect the Diagnostic Info from web GUI 1 Enter the web GUI and go to Menu Management Maintenance Tech Support Click Here Click the Download button for All You can also select the specific Diagnostic...

Page 43: ...43 215 www zyxel com 1 8 2 Test the Result 1 Open the file and you can view the Diagnostic Info In this example we use the Notepad to open the txt file...

Page 44: ...o change the default administrator password is a security risk that allows unauthorized user access to your device s management Change the default administrator password Note All network IP addresses...

Page 45: ...efault administrator password 1 Enter the web GUI and go to Menu Management Access Control Logins Click Here Enter the Old Password and New Password Then click Apply 2 After clicking the Apply the bro...

Page 46: ...yxel com 1 9 2 Test the Result 1 Close the web GUI and login again with the OLD password The Authentication Required window will pop up again 2 Use the new password to login Switch 1 web GUI should be...

Page 47: ...unauthorized devices or subnets The whitelist inspects the source IP addresses of hosts and the types of services accessing the switch Ex Telnet FTP HTTP Configure the whitelist for remote management...

Page 48: ...remote management 1 Enter the web GUI and go to Menu Management Access Control Remote Management Click Here using AdministratorPC Enter the range of IP addresses and the corresponding types of servic...

Page 49: ...168 10 100 to access the Switch by HTTP the Switch will refuse the connection If we try to access the web GUI by HTTPS Enter the https 192 168 10 1 PC 1 can connect to the Switch successfully 2 The PC...

Page 50: ...ces are ALLOWED for 192 168 10 120 2 If the administrator has forgotten or lost track of the whitelisted IP addresses the administrator will not be able to access the Switch To solve this problem use...

Page 51: ...configurations before handing over the switch to the customer However there is a possibility that the restored configuration was for a different site With DHCP auto configuration the SI do not need t...

Page 52: ...el com Note DHCP Auto configuration is only supported by L2 GS2210 series firmware version 4 50 Client server environment must correctly setup DHCPv4 and TFTP server for auto configuration feature to...

Page 53: ...Configure DHCP auto configuration 1 Install a TFTP server For example Tftpd software for commonly used and free server Configure the path where to get the configuration file in the Current Directory...

Page 54: ...54 215 www zyxel com 2 Enter Global field and check the TFTP server box...

Page 55: ...55 215 www zyxel com 3 Go to TFTP server tab and specify the path of the configuration file then click OK to save the configuration...

Page 56: ...or the DHCP server we ve used haneWIN software for the test to show the difference between with and without class ID First create a new profile Option Manage Profiles 5 Click Add and specify a profile...

Page 57: ...n download its configuration file a Fill up the TFTP server IP in the Next Server IP Address b Fill the filename config_GS2210_1 log for default configuration file c Check the Vendor Class id box then...

Page 58: ...ave the settings Note If the Vendor Class ID is not enabled the server will only send config_GS2210_1 log which is used as a default switch configuration The server will only send config_GS2210 log wh...

Page 59: ...uto Configuration 9 Check the Active box and choose DHCP then click Apply to save the settings 10 Go to Basic Setting IP Setup choose DHCP Client and check Option 60 For the Class ID specify an ID tha...

Page 60: ...ch 2 Input the command show running config via CLI to check the initial configuration 3 Reboot the switch It will automatically download the configuration from the TFTP server and update the switch s...

Page 61: ...www zyxel com configuration Enter web GUI Management System Log to verify the result 4 Enter web GUI and go to Management Maintenance Auto Configuration to verify the auto configuration status With Cl...

Page 62: ...62 215 www zyxel com Without Class ID 5 Enter web GUI Management Maintenance Backup Configuration to download and verify the config file With Class ID...

Page 63: ...63 215 www zyxel com Without Class ID...

Page 64: ...screenshot below Please check the following information a Please check the IP interface settings on the TFTP server and make sure that the server IP is correct b The TFTP server IP configured in the...

Page 65: ...ic between departments Using Static VLAN hosts accessing the same VLAN will only be able to communicate with hosts accessing the same VLAN Set up VLAN to separate the traffic between departments Note...

Page 66: ...ation VLAN VLAN Configuration Static VLAN Setup VID 1 Select port 1 2 as Normal Click Add 2 Use AdministratorPC to create VLAN 10 in Switch 1 Enter the web GUI and go to Menu Advanced Application VLAN...

Page 67: ...1 Enter the web GUI and go to Menu Advanced Application VLAN VLAN Configuration Static VLAN Setup Check the ACTIVE box Type the Name and VLAN Group ID 20 Select port 2 5 as Fixed and uncheck Tx Taggin...

Page 68: ...68 215 www zyxel com 4 Set the PVID on Switch 1 Go to Menu Advanced Application VLAN VLAN Configuration VLAN Port Setup Set port 1 as PVID 10 VLAN 10 and port 2 as PVID 20 VLAN 20...

Page 69: ...Application VLAN VLAN Configuration Static VLAN Setup VID 1 Select port 3 4 as Normal Click Add 2 Use AdministratorPC to create VLAN 10 in Switch 2 Enter the web GUI and go to Menu Advanced Applicati...

Page 70: ...tion Static VLAN Setup Check the ACTIVE box Type the Name and VLAN Group ID 20 Select port 4 5 as Fixed and uncheck Tx Tagging Untagged on port 4 and check Tx Tagging tagged on port 5 Click Apply 4 Se...

Page 71: ...215 www zyxel com 2 1 3 Test the Result 1 The PC in the same VLAN can ping each other PC 1 can ping PC 3 successfully but PC 1 cannot ping PC 2 2 PC 2 can ping PC 4 successfully but PC 2 cannot ping P...

Page 72: ...th each other we have to set the switch to route traffic The example shows how to configure the switch to route traffic across one VLAN to another Set up switch to route traffic across VLANs Note All...

Page 73: ...u Advanced Application VLAN VLAN Configuration Static VLAN Setup Check the ACTIVE box Type the Name and VLAN Group ID 10 Select port 1 as Fixed and uncheck Tx Tagging Untagged Click Apply 2 Go to Menu...

Page 74: ...om 3 Create a Static IP Address for Switch in VLAN 10 To be the gateway in VLAN 10 Go to Menu Basic Setting IP Setup IP Configuration IP Interface Set the Static IP Address 192 168 10 1 for Switch in...

Page 75: ...pplication VLAN VLAN Configuration Static VLAN Setup Check the ACTIVE box Type the Name and VLAN Group ID 20 Select port 2 as Fixed and uncheck Tx Tagging Untagged Click Apply 2 Go to Menu Advanced Ap...

Page 76: ...com 3 Create a Static IP Address for Switch in VLAN 20 To be the gateway in VLAN 20 Go to Menu Basic Setting IP Setup IP Configuration IP Interface Set a Static IP Address 192 168 20 1 for Switch in V...

Page 77: ...77 215 www zyxel com 2 2 3 Set the gateway on PC 1 and PC 2 1 Set the Gateway of PC 1 as 192 168 10 1 The Static IP Address of Switch in VLAN 10...

Page 78: ...78 215 www zyxel com 2 Set the Gateway of PC 2 as 192 168 20 1 The Static IP Address of Switch in VLAN 20...

Page 79: ...79 215 www zyxel com 2 2 4 Test the Result 1 PC 1 can ping PC 2 successfully...

Page 80: ...hat the subnet of PC 1 is not using the same subnet as that of PC 2 b Verify that the default gateways of PC 1 and PC 2 matches the Switch s IP interface on their respective VLANs c Make sure that the...

Page 81: ...ide dynamic IP addresses to hosts in each VLANs Perform DHCP service in different VLAN Note All network IP addresses and subnet masks are used as examples in this article Please replace them with your...

Page 82: ...u Advanced Application VLAN VLAN Configuration Static VLAN Setup Check the ACTIVE box Type the Name and VLAN Group ID 10 Select port 1 as Fixed and uncheck Tx Tagging Untagged Click Apply 2 Go to Menu...

Page 83: ...Create a Static IP Address for Switch in VLAN 10 IP Address to be DHCP Server in VLAN 10 Go to Menu Basic Setting IP Setup IP Configuration IP Interface Set the Static IP Address 192 168 10 1 for Swit...

Page 84: ...pplication VLAN VLAN Configuration Static VLAN Setup Check the ACTIVE box Type the Name and VLAN Group ID 20 Select port 2 as Fixed and uncheck Tx Tagging Untagged Click Apply 2 Go to Menu Advanced Ap...

Page 85: ...Create Static IP Address for Switch in VLAN 20 IP Address to be DHCP Server in VLAN 20 Go to Menu Basic Setting IP Setup IP Configuration IP Interface Set the Static IP Address 192 168 20 1 for Switc...

Page 86: ...ss refers to the first IP Address the Switch will assign to DHCP clients The Size of Client IP Pool refers to the maximum number of IP addresses the switch will provide Set the gateway as the IP of th...

Page 87: ...IP Address the Switch will assign to DHCP clients The Size of Client IP Pool refers to the maximum number of IP addresses the switch will provide Set the gateway as the IP of the Switch in VLAN 20 19...

Page 88: ...88 215 www zyxel com 3 Set PC 1 and PC 2 as DHCP clients by configuring IPv4 to Obtain an IP Address automatically...

Page 89: ...in command prompt PC 1 will get an IP address in the range of 192 168 10 11 192 168 10 20 and the gateway is 192 168 10 1 2 PC 2 can get the IP Address assigned by Switch successfully We can check thi...

Page 90: ...Go Wrong 1 If some devices are no longer receiving any dynamic IP address from the DHCP server consider increasing the Size of Client Pool 2 If you want to surf the Internet using a URL or domain name...

Page 91: ...l reach the server This ensures high availability for servers This example instructs administrators to disconnect all links before configuring the switches to avoid any network outages caused by broad...

Page 92: ...me a master and click Apply Check Active and click Apply Switch 1 will reboot 2 Set up Switch 2 Enter the web GUI and go to Menu Basic Setting Stacking Configuration Key in the system priority The hig...

Page 93: ...LED on the front panel of the switches should display 1 and 2 5 Remember to save the configuration Note The last two ports are usually reserved for stacking channels when the switch is in stacking mo...

Page 94: ...ggregation Link Aggregation Setting Active T1 and T2 Select SLOT 1 and set the Group of port 1 1 and 1 2 as T1 and T2 respectively Click Apply Select SLOT 2 and set the Group of port 2 1 and 2 2 as T1...

Page 95: ...to Menu Advanced Application Link Aggregation Link Aggregation Setting Check the Active box for T1 and select the port 1 and 2 as Group T1 Click Apply 2 Go to Menu Advanced Application Link Aggregatio...

Page 96: ...C and connect these ports to port 1 2 and 2 2 of the stacked switch 2 Use PC to ping the Server 192 168 1 40 After few times of ping try to shut down Switch 1 Master down The ping will display timed o...

Page 97: ...connect the two switches using a non stacking port you will find that the two switches will not form a stacking system 2 Remember to save the configuration before doing the test If you forget to save...

Page 98: ...ning Tree Protocol in the ring topology to implement network redundancy Configure RSTP in a ring topology Note All network IP addresses and subnet masks are used as examples in this article Please rep...

Page 99: ...2 Set up Switch 1 Enter the web GUI Go to Menu Advanced Application Spanning Tree Protocol Configuration Check if the Spanning Tree Configuration is Rapid Spanning Tree If not select it and click App...

Page 100: ...ion Spanning Tree Protocol RSTP Check the Active box Set the Bridge Priority 20480 Active port 1 2 Click Apply 6 Set up Switch 3 Enter the web GUI Go to Menu Advanced Application Spanning Tree Protoco...

Page 101: ...101 215 www zyxel com 8 Finally connect the link between Switch 2 and Switch 3...

Page 102: ...same This means that Switch 1 is the Root Bridge Both port 1 and 2 should be in FORWARDING state while both their Port Roles are Designated Ports 2 Verify the status of Switch 2 Go to Menu Advanced A...

Page 103: ...Verify the status of Switch 3 Go to Menu Advanced Application Spanning Tree Protocol Check the port status of Switch 3 Port 1 should be the Root Port in FORWARDING state while Port 2 is an Alternate P...

Page 104: ...ty will be the Root Bridge If the priority is the same the switch LOWEST MAC address will be the Root Bridge 2 If it is not possible to access the management of the switches and the switch s port LEDs...

Page 105: ...ateways Two gateways running VRRP on the same LAN Note All network IP addresses and subnet masks are used as examples in this article Please replace them with your actual network IP addresses and subn...

Page 106: ...GUI 2 Go to Advance Application VLAN VLAN Configuration Static VLAN Setup Create Edit VLAN 1 to make sure only Port 23 is a fixed port Click Add 3 Go to Advance Application VLAN VLAN Configuration St...

Page 107: ...Configuration VLAN Port Setup Configure port 24 with PVID 10 Click Apply 5 Go to Basic Setting IP Setup Configure the IP address for VLAN 1 Click Add and do the same for VLAN 10 6 Go to Basic Setting...

Page 108: ...108 215 www zyxel com 7 Go to IP Application VRRP Configuration Enable VRRP for network 192 168 1 252 24 Make sure that the priority is 200 Click Add...

Page 109: ...GUI 2 Go to Advance Application VLAN VLAN Configuration Static VLAN Setup Create Edit VLAN 1 to make sure only Port 23 is a fixed port Click Add 3 Go to Advance Application VLAN VLAN Configuration St...

Page 110: ...VLAN Configuration VLAN Port Setup Configure port 24 with PVID 20 Click Apply 5 Go to Basic Setting IP Setup Configure the IP address for VLAN 1 Click Add and do the same for VLAN 20 6 Go to Basic Set...

Page 111: ...111 215 www zyxel com 7 Go to IP Application VRRP Configuration Enable VRRP for network 192 168 1 252 24 Click Add...

Page 112: ...P Router Go to IP Application VRRP VR Status should display Master 2 Verify that Gateway B is the Backup VRRP Router Go to IP Application VRRP VR Status should display Backup 3 Verify that Gateway A a...

Page 113: ...Configure the Host with a Static IP The Host should be able to ping the virtual IP address 192 168 1 254 5 Disconnect port 23 or port 24 of Gateway A Hosts should still be able to ping the virtual IP...

Page 114: ...net when Gateway A has been disconnected from the network the following problems may have occurred a Verify that the hosts and Gateway B IP interface are in the same subnet and VLAN b Check for link f...

Page 115: ...traffic or both In this example we use two computers FTP Client PC and FTP Server FTPServer PC will either be uploading files or downloading files from the FTP Server Configure bandwidth control to li...

Page 116: ...ter the web GUI Go to Menu Advanced Application Bandwidth Control Check the Active box Key in the rate in Ingress Rate PC Upload rate 10240 kbps and Egress Rate PC Download rate 20480 kbps Remember to...

Page 117: ...Test the Result 1 Use PC to upload a file to the FTP Server Transfer rate should be more or less 1 2 MB s or 10240 Mb s 2 Use PC to download a file from the FTP Server Transfer rate should be more or...

Page 118: ...users in VLAN 10 This example shows administrators how to configure ACL to rate limit VLAN traffic Results are verified by observing and comparing the upload and download rate between VLAN 10 and VLA...

Page 119: ...g VLAN 10 and VLAN 20 on Switch 1 and Switch 2 Please refer to the topic 2 1 How to configure the switch to separate traffic between departments 2 Configure the route traffic on Switch 1 and Switch 2...

Page 120: ...d in VALN 10 and VLAN 20 Therefore there are total 4 Classifiers 2 The Classifier for download traffic in VLAN 10 Check the Active box and key in the Name Set Layer 3 Destination as 192 168 10 0 24 Me...

Page 121: ...Add 4 The Classifier of download in VLAN 20 Check the Active and key in the Name Set Layer 3 Destination as 192 168 20 0 24 Means the destination is in VLAN 20 and Source as 192 168 1 100 32 Means the...

Page 122: ...lication Policy Rule 2 The Policy Rule of download traffic in VLAN 10 Check the Active box and key in the Name Select the Classifier of download in VLAN 10 DL10 Set up the action to do if match this C...

Page 123: ...VLAN 20 Check the Active and key in the Name Select the Classifier of download in VLAN 20 DP20 Set up the action to do if match this Classifier Bandwidth Metering 20480 kbps Enable Metering and set t...

Page 124: ...ould be increasing every time the web page refreshes 2 Use PC 1 to download a file from the FTP Server Transfer rate should be more or less 5 MB s or 40960 Mb s 3 Use PC 1 to upload a file to the FTP...

Page 125: ...125 215 www zyxel com 5 Use PC 2 to upload a file to the FTP Server Transfer rate should be more or less 1 2 MB s or 10240 Mb s...

Page 126: ...the source and destination of the traffic In the example if we only set up the source as VLAN 10 192 168 10 0 24 during file upload the Server but didn t set up the destination Server IP 192 168 1 15...

Page 127: ...group message the querier will send this query message to learn if a particular group has any other active members on a downlink port 4 1 2 What are IGMP Snooping Querier Modes There are 3 Querier Mo...

Page 128: ...hen the Switch receives an IGMP leave message from a host on a port it forwards the message to the multicast router The multicast router then sends out an IGMP Group Specific Query GSQ message to dete...

Page 129: ...ts are in a different LAN or VLAN from the streaming server Configure IGMP routing for multicast clients in different VLAN Note All network IP addresses and subnet masks are used as examples in this a...

Page 130: ...topic 2 1 How to configure the switch to separate traffic between departments 2 Configure the IGMP Snooping Enter the web GUI and go to Menu Advanced Application Multicast IPv4 Multicast IGMP Snooping...

Page 131: ...onfigure the IP addresses for Switch on BOTH VLAN 10 and VLAN 20 as shown in the figure Please refer to the topic 1 1 How to change the switch management IP address to avoid accessing the wrong device...

Page 132: ...lt 1 Play the stream on MediaServer using Multicast IP address 239 1 1 2 2 Have PC send an IGMP join message for 239 1 1 2 3 Go to Menu Advanced Application Multicast IPv4 Multicast PC connected to po...

Page 133: ...Go Wrong 1 The Switch 2 IGMP Router must contain both VLAN of MediaServer VLAN 20 and PC Client VLAN 10 so that the IGMP stream can route successfully If the stream is not received by the Client try...

Page 134: ...to learn multicast groups without having the user to manually configure the each switch This prevents the switch from flooding multicast streams on ports that have no members for these multicast addre...

Page 135: ...the topic 2 1 How to configure the switch to separate traffic between departments 2 Configure the IGMP Snooping Enter the web GUI and go to Menu Advanced Application Multicast IPv4 Multicast IGMP Snoo...

Page 136: ...sult 1 Play the stream on MediaServer using Multicast IP address 239 1 1 1 2 Have PC send an IGMP join message for 239 1 1 1 3 Go to Menu Advanced Application Multicast IPv4 Multicast PC connected to...

Page 137: ...es In a real environment port security controls the number of users connecting to a server Configure the port security to limit the number of connected devices Note All network IP addresses and subnet...

Page 138: ...ecurity Check port 3 and set the Limited Number of Learned MAC Address to 2 Note The Zyxel switch sends Link Layer Discovery Protocol LLDP packets every period of time by default If Switch 2 does not...

Page 139: ...C 1 can ping Server successfully 2 Connect PC 2 to port 2 3 PC 2 cannot ping Server 4 Access Switch 1 web GUI Go to Menu Management MAC Table Search The MAC Address Table should show MAC address ofPC...

Page 140: ...1 3 What Could Go Wrong 1 The MAC address of Switch 2 will also be learned in Switch 1 MAC address table Therefore remember to consider Switch 2 s MAC address when setting the number of Limited Number...

Page 141: ...block traffic based on which device sends the packet or which device receives the packet Configure MAC filter to block unwanted traffic Note All network IP addresses and subnet masks are used as examp...

Page 142: ...eck the Active box and set the filter Name Choose the Action as Discard source Key in the MAC you want to block and the VID Click Add Note Use Discard source to drop traffic sent by the device with th...

Page 143: ...143 215 www zyxel com 5 2 2 Test the Result 1 PC 1 with MAC address 00 1E 33 27 04 93 fails to ping Server 2 PC 2 can ping Server successfully...

Page 144: ...144 215 www zyxel com 5 2 3 What Could Go Wrong 1 The MAC address set on Switch 1 should be identical to the MAC address of PC 1 so that the traffic can be blocked successfully...

Page 145: ...end multiple ARP request packets in a very short period of time to flood across the entire broadcast domain IP Scanning from Wired and Wireless Devices Note All network IP addresses and subnet masks a...

Page 146: ...ch s Web GUI 2 Go to Advance Application Anti Arpscan Configure Check the Active box and configure the uplink port port 24 as Trusted state Click Apply Optional 3 Go to Advance Application Errdisable...

Page 147: ...nload and install an IP Scanning software into Host A and Host C 2 Connect Host A and Host B via the Wireless Access Point 3 Host A should initiate a scan for IP address 192 168 1 1 to 192 168 1 20 4...

Page 148: ...Err Disable state 6 Host B should still be able to reach the USG 7 Connect Host C to the Switch 8 Host C should perform a quick scan for IP address 192 168 1 1 to 192 168 1 100 Note If Errdisable Rec...

Page 149: ...should change to forwarding after the Errdisable Recovery Interval Host C will be able to reach the USG afterwards 9 Host C should no longer be able to reach the USG 10 Access the Switch s Web GUI Go...

Page 150: ...eless Access Points are untrusted Ports to servers and the local gateway should be trusted 2 If all hosts connected through a Wireless Access Point can no longer reach the local gateway check whether...

Page 151: ...Authentication the organization can ensure that only authorized personnel can access core network resources 802 1x Port Authentication Providing Access to Authorized Users Note All network IP address...

Page 152: ...er s IP address and set the shared secret Click Apply 3 Go to Advance Application Port Authentication 802 1x Check the 802 1x Active box as well as for all ports connected to end devices Do not check...

Page 153: ...153 215 www zyxel com...

Page 154: ...ient profile in etc freeradius clients conf Save the file and exit 2 Add the following user profiles in etc freeradius users Save the file and exit 3 Restart FreeRADIUS service Note The client IP addr...

Page 155: ...d Guest device 2 If using Windows OS click the Start button and type services msc into the search box 3 In the Services window locate the service named Wired AutoConfig Make sure the service status is...

Page 156: ...thentication tab and check Enable IEEE 802 1X authentication Make sure that the network authentication method is Microsoft Protected EAP PEAP 6 Click on Additional Settings select Specify authenticati...

Page 157: ...age 8 Enter the username User A and password zyxeluserA which must be consistent with the RADIUS Server s user profile settings 9 Devices using User A and User B credentials can communicate with USG a...

Page 158: ...158 215 www zyxel com 11 Enter the username Guest and a random password 12 Device using Guest credentials cannot communicate with USG and Private Server...

Page 159: ...rnames and passwords are case sensitive Make sure that the user input the correct lower case or upper case characters b The RADIUS server is unreachable The Switch should be able to ping the RADIUS Se...

Page 160: ...guests to access the USG so that they can access the Internet but still isolated from Private Server On the contrary we have to allow the users with valid credentials to only access the Private Server...

Page 161: ...Authentication 5 5 2 Configure VLAN for Guest VLAN 1 Configure the VLAN for Guest VLAN VLAN 100 on Switch VLAN 100 Set fixed port 1 2 3 30 untagged port 1 2 3 30 forbidden port 31 32 port 30 pvid 100...

Page 162: ...profile in etc freeradius clients conf Save the file and exit 2 Add the following user profiles in etc freeradius users Save the file and exit 3 Restart FreeRADIUS service Note The client IP address...

Page 163: ...w locate the service named Wired AutoConfig Make sure the service status is Started 2 Right click on your network adapter and select Properties Click on the Authentication tab and check Enable IEEE 80...

Page 164: ...164 215 www zyxel com 3 Click on Additional Settings select Specify authentication mode and specify User authentication...

Page 165: ...h must be consistent with the RADIUS Server s user profile settings 3 Devices using User A and User B credentials can communicate with Private Server 4 Connect User A device to the Switch User A shoul...

Page 166: ...166 215 www zyxel com 7 Check the MAC table of the Switch The device of users with wrong credentials are assigned to VLAN 100 Menu Management MAC Table Search...

Page 167: ...us Server b Right click on your network adapter and select Properties Authentication Additional settings Uncheck the Validate server certificate 2 If the shared secret setting of Switch and PC does NO...

Page 168: ...5 www zyxel com 4 If devices sent to the Guest VLAN cannot reach the USG make sure that the switch has created and configured the Guest VLAN in Advance Application VLAN VLAN Configuration Static VLAN...

Page 169: ...ly devices provided by the organization can access internal resources 802 1x Port Authentication Providing Access to Authorized Devices 5 6 1 Configuration in the Switch 1 Access the Switch s Web GUI...

Page 170: ...s IP address and set the shared secret Click Apply 3 Go to Advance Application Port Authentication MAC Authentication Check the MAC Authentication Active box as well as for access ports Do not check...

Page 171: ...215 www zyxel com ports connected to either the USG RADIUS Server or Private Server 5 6 2 Configuration in the RADIUS Server 1 Edit the client profile in etc freeradius clients conf Save the file and...

Page 172: ...ername format should be Name Prefix MAC Address of your device Save the file and exit 3 Restart FreeRADIUS service 5 6 3 Test the Result 1 Connect PC A PC B and PC Guest to the Switch Note The client...

Page 173: ...be able to reach the USG and Private Server 3 PC Guest should not be able to reach the USG and Private Server 5 6 4 What Could Go Wrong 1 If the Switch does not allow access to authorized devices a T...

Page 174: ...reless etc Make sure that the correct MAC address is used in the RADIUS Server s user profile 2 If the Switch still does not allow access to authorized devices after correcting the Switch or RADIUS Se...

Page 175: ...er denial of services or an unwanted man in the middle receiving sensitive information IP Source Guard s ARP Inspection forces all clients connected to access ports to use the IP addresses provided by...

Page 176: ...ource Guard Setup ARP Inspection Configure Check the Active box to globally enable ARP Inspection 4 Go to Advance Application IP Source Guard IPv4 Source Guard Setup ARP Inspection Configure Port Set...

Page 177: ...ce Guard Setup ARP Inspection Configure VLAN Input the Start VID and End VID Make sure that the PVID of the access ports are included in this range Click Apply 6 After inputting the VID range a list o...

Page 178: ...fully received an IP address access the Switch s web GUI Go to Advance Application IP Source Guard IPv4 Source An entry should appear in the IP Source Guard Table 3 Connect another device using a stat...

Page 179: ...SG again ARP Inspection sends the device s MAC address into a filter table This device must wait until the entry expires indicated by the Expiry sec column 3 If some of the devices are not able to rea...

Page 180: ...CP Snooping blocks DHCP offers coming from an untrusted port Untrusted ports are usually ports connected to office workstations or publicly accessible jacks Fake DHCP Server Connected through Publicly...

Page 181: ...pplication VLAN VLAN Configuration Static VLAN Setup For this example all traffic entering access ports are sent to VLAN 1 VLAN 1 should be fixed and untagged for all access ports Click Add 3 Go to Ad...

Page 182: ...ooping Configure Check the Active box under DHCP Snooping Configure Click Apply 5 Go to Advance Application IP Source Guard IPv4 Source Guard Setup DHCP Snooping Configure Port Set all access ports as...

Page 183: ...ce Guard Setup DHCP Snooping Configure VLAN Input the Start VID and End VID Make sure that the PVID of the access ports are included in this range Click Apply 7 After inputting the VID range a list of...

Page 184: ...DHCP on one of the access ports Create the following DHCP Pool on the LAN interface Starting IP Address 172 16 1 10 End IP Address 172 16 1 20 2 Connect DHCP clients on the other access ports The cli...

Page 185: ...re that DHCP snooping is enabled for that VLAN in Advance Application IP Source Guard IPv4 Source Guard Setup DHCP Snooping Configure VLAN 2 If the DHCP clients in the publicly accessible ports are no...

Page 186: ...ministrator device more freedom and take advantage of IP specific policies configured on the network while non administrative devices must still use IP addresses offered by the real DHCP server Admini...

Page 187: ...5 7 1 3 Go to Advance Application IP Source Guard IPv4 Source Guard Setup Static Binding Create a Static Binding entry using your device s MAC address and IP address Input the VLAN and port that this...

Page 188: ...Infinity Lease in the IP Source Guard Table 2 Configure your Admin PC with the Static IP address In this example we use 192 168 1 10 Connect this to any access port This PC should be able to reach th...

Page 189: ...identify unwanted traffic The example will use ACL to prevent only a single host in VLAN 10 from accessing the Server Configure ACL to block unwanted traffic Note All network IP addresses and subnet m...

Page 190: ...e VLAN setting VLAN 10 and VLAN 20 on Switch Please refer to the topic 2 1 How to configure the switch to separate traffic between departments 2 Configure the VLAN IP interfaces on Switch Please refer...

Page 191: ...r Classifier Configuration Set up Classifier For VLAN 20 2 The Classifier of VLAN 20 Check the Active box and key in the classifier Name Set Layer 2 VLAN as 20 and Layer 3 Destination as 192 168 1 150...

Page 192: ...192 215 www zyxel com...

Page 193: ...Policy Rule Go to Menu Advanced Application Policy Rule The policy rule of VLAN 20 Check the Active and key in the Policy Rule Name Select the Classifier in VLAN 20 VLAN20 Set up the action to do if m...

Page 194: ...194 215 www zyxel com 5 10 4 Test the Result 1 PC 1 can ping Server successfully 2 Due to the ACL setting the PC 2 VLAN 20 cannot ping Server successfully...

Page 195: ...rule for source VLAN 20 but didn t create the policy rule for destination IP Server IP 192 168 1 150 the switch will block all the traffic from VLAN 20 no matter where the destination is 2 Go to Menu...

Page 196: ...introduce other ways to send VOIP traffic into a specific Voice VLAN Implementing VOIP allows administrators the option to prioritize Voice traffic during network congestions thus preventing poor voic...

Page 197: ...zyxel com 6 1 1 Configure VLAN for IP Phone 1 Configure VLAN 100 on Switch Please refer to the topic 2 1 How to configure the switch to separate traffic between departments VLAN 100 is created for th...

Page 198: ...ter web GUI and go to Menu Advanced Application LLDP LLDP MED Configuration Check the Network Policy on port 1 the port that connects to the IP Phone 3 Enter the web GUI and go to Menu Advanced Applic...

Page 199: ...199 215 www zyxel com...

Page 200: ...to Menu Management MAC Table Search Check the MAC table The IP Phone s MAC address should be in VLAN 100 2 Enter the web GUI and go to Menu Management Diagnostic Ping test Use Switch to ping the IP Ph...

Page 201: ...assigned a VLAN ID via the function of the Network Policy in LLDP MED The voice traffic from the switch must be tagged backed to the IP Phone Port 1 in VLAN 100 on the Switch should be tagged out Chec...

Page 202: ...e VLAN feature separates VOIP and data traffic as traffic reaches the switch This means that the VLAN architecture begins on the switch and not on the IP Phones themselves Configure Voice VLAN to sepa...

Page 203: ...6 2 1 Configure VLAN 100 for IP Phone 1 Configure VLAN 100 on Switch Please refer to the topic 2 1 How to configure the switch to separate traffic between departments VLAN 100 is created as the Voice...

Page 204: ...nfigure the OUI Setup Enter the web GUI and go to Menu Advanced Application VLAN VLAN Configuration Voice VLAN Setup Set the OUI address You can key in the MAC address In this example it is cc 5d 4e 6...

Page 205: ...sult 1 Go to Menu Management MAC Table Search Check the MAC address table The IP Phone is assigned to VLAN 100 2 Enter web GUI and go to Menu Management Diagnostic Ping test Use Switch to ping IP Phon...

Page 206: ...VLAN is the same as Voice VLAN The Switch will keep the Voice VLAN and assign the priority setting to the IP phone The IP phone will only recognize the tagged traffic In this case port 1 in VLAN 100 o...

Page 207: ...c a certain priority Administrators can use this priority to improve Voice traffic quality The Voice VLAN priority can be applied to both tagged and untagged voice traffic Configure Voice VLAN to sepa...

Page 208: ...Configure VLAN 100 on Switch 1 and Switch 2 Please refer to the topic 2 1 How to configure the switch to separate traffic between departments VLAN 100 is created for the Voice VLAN Make sure that dev...

Page 209: ...e priority 6 Click Add 2 Configure the OUI Setup Enter the web GUI and go to Menu Advanced Application VLAN VLAN Configuration Voice VLAN Setup Set the OUI address You can key in the MAC address In th...

Page 210: ...mirroring function to check if the priority of the packet is what we assigned Enter the web GUI and go to Menu Advanced Application Mirroring Check the Active box Key in the Monitor port which is used...

Page 211: ...nitor the packet Filter arp igmp 2 Use Switch 2 to ping IP Phone Enter web GUI and go to Menu Management Diagnostic Ping test Switch 2 can ping IP Phone successfully 3 Check the packet from IP Phone 1...

Page 212: ...ng to the IP phone The IP phone will only recognize the tagged traffic In this case port 1 in VLAN 100 on Switch should be set as tagged out check the TX tagging box b If the IP Phone is VLAN enabled...

Page 213: ...ional method to check power consumption from device panel to help users directly identify the switch s power consumption There are 5 LEDs representing PoE Usage on the front panel These 5 LEDs can sho...

Page 214: ...214 215 www zyxel com 7 1 1 Meanings of PoE LED 1 We can observe the behavior of the PoE LEDs below Each segment represents 20 of PoE Power consumption If all LEDs are OFF PD Power Consumption is 0...

Page 215: ...215 215 www zyxel com 7 1 2 Examples 2 Segment 1 Steady Green It means power consumption is 0 and 20 a PoE LED b Web GUI 3 Segment 5 Steady Red It means power consumption 80 a PoE LED b Web GUI...

Reviews:

No comments

Related manuals for GS3700 Series

D-Link DSL-500 Command Reference Manual preview
DSL-500
Brand: D-Link Pages: 15
D-Link DWL-G550 Product Data Sheet preview
DWL-G550
Brand: D-Link Pages: 2
Raidon SAFETank Series User Manual preview
SAFETank Series
Brand: Raidon Pages: 49
IBM 3101 Maintenance Information preview
3101
Brand: IBM Pages: 63
Gate NanoAAB User Manual preview
NanoAAB
Brand: Gate Pages: 8
HARTING HAIIC MICA Hardware Development Manual preview
HAIIC MICA
Brand: HARTING Pages: 13
Ubiquiti PowerBeam PBE-5AC-400-ISO Quick Start Manual preview
PowerBeam PBE-5AC-400-ISO
Brand: Ubiquiti Pages: 23
Cabletron Systems MMAC-Plus 9G536-04 User Manual preview
MMAC-Plus 9G536-04
Brand: Cabletron Systems Pages: 42
TDK HHM Series HHM2409 Specifications preview
HHM Series HHM2409
Brand: TDK Pages: 2
ZyXEL Communications GS1100-10HP User Manual preview
GS1100-10HP
Brand: ZyXEL Communications Pages: 30
Datum bc635VME Operation And Technical Manual preview
bc635VME
Brand: Datum Pages: 49
Kaya Instruments KY-FGK Reference Manual preview
KY-FGK
Brand: Kaya Instruments Pages: 48
Waveshare High-Precision AD/DA Board User Manual preview
High-Precision AD/DA Board
Brand: Waveshare Pages: 8
Airlink101 AR725W User Manual preview
AR725W
Brand: Airlink101 Pages: 64
ETAS ES1337.2 User Manual preview
ES1337.2
Brand: ETAS Pages: 29
B+B SmartWorx Airborne M2M ABDN-er-DP55 Series User Manual preview
Airborne M2M ABDN-er-DP55 Series
Brand: B+B SmartWorx Pages: 120
DigiTech RP 3 User Manual preview
RP 3
Brand: DigiTech Pages: 28
ExtraHop 72 TB ESU Quick Start Manual preview
72 TB ESU
Brand: ExtraHop Pages: 3

Brands by name

Popular brands

Load more brands