ZyXEL Communications GS-2724 Скачать руководство пользователя страница 199 | Manualshive

Страница: 199 / 348

ZyXEL Communications GS-2724 Скачать руководство пользователя страница 199

Chapter 29 Access Control

GS-2724 User’s Guide

199

The client automatically saves any new server public keys. In subsequent connections,
the server public key is checked against the saved version on the client computer.

2

Encryption Method
Once the identification is verified, both the client and server must agree on the type of
encryption method to use.

3

Authentication and Data Transmission
After the identification is verified and data encryption activated, a secure tunnel is
established between the client and the server. The client then sends its authentication
information (user name and password) to the server to log in to the server.

29.6 SSH Implementation on the Switch

Your Switch supports SSH version 2 using RSA authentication and three encryption methods
(DES, 3DES and Blowfish). The SSH server is implemented on the Switch for remote
management and file transfer on port 22. Only one SSH connection is allowed at a time.

29.6.1 Requirements for Using SSH

You must install an SSH client program on a client computer (Windows or Linux operating
system) that is used to connect to the Switch over SSH.

29.7 Introduction to HTTPS

HTTPS (HyperText Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web
protocol that encrypts and decrypts web pages. Secure Socket Layer (SSL) is an application-
level protocol that enables secure transactions of data by ensuring confidentiality (an
unauthorized party cannot read the transferred data), authentication (one party can identify the
other party) and data integrity (you know if data has been changed).
It relies upon certificates, public keys, and private keys.
HTTPS on the Switch is used so that you may securely access the Switch using the web
configurator. The SSL protocol specifies that the SSL server (the Switch) must always
authenticate itself to the SSL client (the computer which requests the HTTPS connection with
the Switch), whereas the SSL client only should authenticate itself when the SSL server
requires it to do so. Authenticating client certificates is optional and if selected means the SSL-
client must send the Switch a certificate. You must apply for a certificate for the browser from
a CA that is a trusted CA on the Switch.
Please refer to the following figure.

1

HTTPS connection requests from an SSL-aware web browser go to port 443 (by default)
on the Switch’s WS (web server).

2

HTTP connection requests from a web browser go to port 80 (by default) on the Switch’s
WS (web server).

«
...
197
198
199
200
201
...
»

Содержание GS-2724

Страница 1: ...www zyxel com GS 2724 Ethernet Switch User s Guide Version 3 70 4 2007 Edition 1 ...

Страница 2: ......

Страница 3: ...ss Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information It is recommended you use the web configurator to configure the Switch Supporting Disk Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications User Guide Feedback Help us help you S...

Страница 4: ...stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance Log Log Setting means you first click Main...

Страница 5: ... Guide 5 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Switch icon is not an exact representation of your device Switch Computer Notebook computer Server DSLAM Firewall Telephone Switch Router ...

Страница 6: ...t no one will step on them or stumble over them Always disconnect all cables from this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place the product where anyone can walk on ...

Страница 7: ...Safety Warnings GS 2724 User s Guide 7 ...

Страница 8: ...Safety Warnings GS 2724 User s Guide 8 ...

Страница 9: ...atus and Port Statistics 65 Basic Setting 71 Advanced 83 VLAN 85 Static MAC Forward Setup 97 Filtering 99 Spanning Tree Protocol 101 Bandwidth Control 111 Broadcast Storm Control 113 Mirroring 115 Link Aggregation 117 Port Authentication 121 Port Security 127 Classifier 131 Policy Rule 137 Queuing Method 143 VLAN Stacking 147 Multicast 153 IP Application 165 Static Route 167 RIP 169 IGMP 171 Diffe...

Страница 10: ...le 221 Routing Table 223 Configure Clone 225 CLI and Troubleshooting 227 Introducing Commands 229 User and Enable Mode Commands 263 Configuration Mode Commands 269 Interface Commands 281 IEEE 802 1Q Tagged VLAN Commands 289 Multicast VLAN Registration Commands 297 Routing Domain Command Examples 299 Troubleshooting 301 Appendices and Index 303 ...

Страница 11: ...3 1 1 2 Bridging Example 34 1 1 3 High Performance Switching Example 34 1 1 4 IEEE 802 1Q VLAN Application Examples 35 Chapter 2 Hardware Installation and Connection 37 2 1 Freestanding Installation 37 2 2 Mounting the Switch on a Rack 38 2 2 1 Rack mounted Installation Requirements 38 2 2 2 Attaching the Mounting Brackets to the Switch 38 2 2 3 Mounting the Switch on a Rack 39 Chapter 3 Hardware ...

Страница 12: ...h 55 4 6 1 Reload the Configuration File 55 4 7 Logging Out of the Web Configurator 57 4 8 Help 57 Chapter 5 Initial Setup Example 59 5 1 Overview 59 5 1 1 Configuring an IP Interface 59 5 1 2 Configuring DHCP Server Settings 60 5 1 3 Creating a VLAN 61 5 1 4 Setting Port VID 62 5 1 5 Enabling RIP 62 Chapter 6 System Status and Port Statistics 65 6 1 Overview 65 6 2 Port Status Summary 65 6 2 1 St...

Страница 13: ...tatus 88 8 5 2 Static VLAN Details 89 8 5 3 Configure a Static VLAN 89 8 5 4 Configure VLAN Port Settings 91 8 6 Port based VLAN Setup 92 8 6 1 Configure a Port based VLAN 93 Chapter 9 Static MAC Forward Setup 97 9 1 Overview 97 9 2 Configuring Static MAC Forwarding 97 Chapter 10 Filtering 99 10 1 Configure a Filtering Rule 99 Chapter 11 Spanning Tree Protocol 101 11 1 STP RSTP Overview 101 11 1 1...

Страница 14: ...rroring Setup 115 Chapter 15 Link Aggregation 117 15 1 Link Aggregation Overview 117 15 2 Dynamic Link Aggregation 117 15 2 1 Link Aggregation ID 118 15 3 Link Aggregation Control Protocol Status 118 15 4 Link Aggregation Setup 119 Chapter 16 Port Authentication 121 16 1 Port Authentication Overview 121 16 1 1 RADIUS 121 16 2 Port Authentication Configuration 123 16 2 1 Configuring RADIUS Server S...

Страница 15: ...d Round Robin Scheduling WRR 143 20 2 Configuring Queuing 144 Chapter 21 VLAN Stacking 147 21 1 VLAN Stacking Overview 147 21 1 1 VLAN Stacking Example 147 21 2 VLAN Stacking Port Roles 148 21 3 VLAN Tag Format 149 21 3 1 Frame Format 149 21 4 Configuring VLAN Stacking 150 Chapter 22 Multicast 153 22 1 Multicast Overview 153 22 1 1 IP Multicast Addresses 153 22 1 2 IGMP Filtering 153 22 1 3 IGMP S...

Страница 16: ... 26 1 DiffServ Overview 173 26 1 1 DSCP and Per Hop Behavior 173 26 1 2 DiffServ Network Example 173 26 2 Activating DiffServ 174 26 3 DSCP to IEEE 802 1p Priority Settings 175 26 3 1 Configuring DSCP Settings 175 Chapter 27 DHCP 177 27 1 DHCP Overview 177 27 1 1 DHCP modes 177 27 2 DHCP Server Status 177 27 3 Configuring DHCP Server 178 27 3 1 DHCP Server Configuration Example 180 27 4 DHCP Relay...

Страница 17: ... 193 29 1 Access Control Overview 193 29 2 The Access Control Main Screen 193 29 3 About SNMP 194 29 3 1 Supported MIBs 195 29 3 2 SNMP Traps 195 29 3 3 Configuring SNMP 195 29 3 4 Setting Up Login Accounts 196 29 4 SSH Overview 198 29 5 How SSH works 198 29 6 SSH Implementation on the Switch 199 29 6 1 Requirements for Using SSH 199 29 7 Introduction to HTTPS 199 29 8 HTTPS Example 200 29 8 1 Int...

Страница 18: ...able 217 33 1 MAC Table Overview 217 33 2 Viewing the MAC Table 218 Chapter 34 IP Table 219 34 1 IP Table Overview 219 34 2 Viewing the IP Table 220 Chapter 35 ARP Table 221 35 1 ARP Table Overview 221 35 1 1 How ARP Works 221 35 2 Viewing the ARP Table 221 Chapter 36 Routing Table 223 36 1 Overview 223 36 2 Viewing the Routing Table 223 Chapter 37 Configure Clone 225 37 1 Configure Clone 225 Part...

Страница 19: ...ort channel Commands 255 38 11 5 interface route domain Commands 258 38 11 6 config vlan Commands 259 38 12 mvr Commands 260 Chapter 39 User and Enable Mode Commands 263 39 1 Overview 263 39 2 show Commands 263 39 2 1 show system information 263 39 2 2 show ip 264 39 2 3 show logging 264 39 2 4 show interface 264 39 2 5 show mac address table 265 39 3 ping 266 39 4 traceroute 266 39 5 Copy Port At...

Страница 20: ...xamples 281 41 2 1 interface port channel 281 41 2 2 bpdu control 281 41 2 3 broadcast limit 282 41 2 4 bandwidth limit 282 41 2 5 mirror 283 41 2 6 gvrp 284 41 2 7 ingress check 284 41 2 8 frame type 284 41 2 9 weight 285 41 2 10 egress set 285 41 2 11 qos priority 286 41 2 12 name 286 41 2 13 speed duplex 286 41 2 14 test 287 41 3 Interface no Command Examples 287 41 3 1 no bandwidth limit 287 C...

Страница 21: ...icast VLAN 297 Chapter 44 Routing Domain Command Examples 299 44 1 interface route domain 299 Chapter 45 Troubleshooting 301 45 1 Problems Starting up the Switch 301 45 2 Problems Accessing the Switch 301 45 3 Problems with the Password 302 Part VII Appendices and Index 303 Appendix A Product Specifications 305 Appendix B Changing a Fuse 311 Appendix C Pop up Windows JavaScripts and Java Permissio...

Страница 22: ...Table of Contents GS 2724 User s Guide 22 ...

Страница 23: ...50 Figure 16 Web Configurator Home Screen Status 50 Figure 17 Change Administrator Login Password 54 Figure 18 Resetting the Switch Via the Console Port 56 Figure 19 Web Configurator Logout Screen 57 Figure 20 Initial Setup Network Example IP Interface 59 Figure 21 Initial Setup Network Example VLAN 61 Figure 22 Initial Setup Network Example Port VID 62 Figure 23 Port Status 65 Figure 24 Port Deta...

Страница 24: ...ure 56 Classifier 132 Figure 57 Classifier Summary Table 134 Figure 58 Classifier Example 136 Figure 59 Policy 139 Figure 60 Policy Summary Table 141 Figure 61 Policy Example 142 Figure 62 Queuing Method 144 Figure 63 VLAN Stacking Example 148 Figure 64 VLAN Stacking 150 Figure 65 Multicast Status 154 Figure 66 Multicast Setting 155 Figure 67 IGMP Filtering Profile 157 Figure 68 MVR Network Exampl...

Страница 25: ...on 200 Figure 103 Security Alert Dialog Box Internet Explorer 200 Figure 104 Security Certificate 1 Netscape 201 Figure 105 Security Certificate 2 Netscape 201 Figure 106 Example Lock Denoting a Secure Connection 202 Figure 107 Service Access Control 202 Figure 108 Remote Management 203 Figure 109 Diagnostic 205 Figure 110 Syslog Setup 208 Figure 111 Syslog Server Setup 209 Figure 112 Clustering A...

Страница 26: ...rity Settings Java Scripting 317 Figure 131 Security Settings Java 317 Figure 132 Java Sun 318 Figure 133 Network Number and Host ID 320 Figure 134 Subnetting Example Before Subnetting 322 Figure 135 Subnetting Example After Subnetting 323 Figure 136 Conflicting Computer IP Addresses Example 327 Figure 137 Conflicting Computer IP Addresses Example 327 Figure 138 Conflicting Computer and Router IP ...

Страница 27: ...Based VLAN Setup 95 Table 19 Static MAC Forwarding 98 Table 20 Filtering 99 Table 21 STP Path Costs 102 Table 22 STP Port States 103 Table 23 Spanning Tree Protocol 104 Table 24 Rapid Spanning Tree Protocol 105 Table 25 Rapid Spanning Tree Protocol Status 107 Table 26 Multiple Rapid Spanning Tree Protocol 108 Table 27 Multiple Rapid Spanning Tree Protocol Status 110 Table 28 Bandwidth Control 112 ...

Страница 28: ...Static Routing 167 Table 57 RIP 170 Table 58 IGMP 172 Table 59 DiffServ 174 Table 60 Default DSCP IEEE 802 1p Mapping 175 Table 61 DSCP Setting 176 Table 62 DHCP Server Status 178 Table 63 DHCP Server 179 Table 64 DHCP Relay 182 Table 65 Maintenance 187 Table 66 Filename Conventions 191 Table 67 Access Control Overview 193 Table 68 SNMP Commands 194 Table 69 SNMP Traps 195 Table 70 SNMP 196 Table ...

Страница 29: ... Start Up of Your Switch 301 Table 96 Troubleshooting Accessing the Switch 301 Table 97 Troubleshooting the Password 302 Table 98 Firmware Features 305 Table 99 General Product Specifications 307 Table 100 Management Specifications 309 Table 101 Physical and Environmental Specifications 310 Table 102 Power Specifications 310 Table 103 IP Address Network Number and Host ID Example 320 Table 104 Sub...

Страница 30: ...List of Tables GS 2724 User s Guide 30 ...

Страница 31: ...31 PART I Introduction and Hardware Getting to Know Your Switch 33 Hardware Installation and Connection 37 Hardware Overview 41 ...

Страница 32: ...32 ...

Страница 33: ...aging and configuring the Switch is easy In addition the Switch can also be managed via Telnet any terminal emulator program on the console port or third party SNMP management See Appendix A on page 305 for a full list of software features available on the Switch 1 1 1 Backbone Application The Switch is an ideal solution for small networks where rapid growth can be expected in the near future The ...

Страница 34: ...ize multiple servers at a single location Figure 2 Bridging Application 1 1 3 High Performance Switching Example The Switch is ideal for connecting two networks that need high bandwidth In the following example use trunking to connect these two networks Switching to higher speed LANs such as ATM Asynchronous Transmission Mode is not feasible for most people due to the expense of replacing all exis...

Страница 35: ...affic first goes through a router For more information on VLANs refer to Chapter 8 on page 85 1 1 4 1 Tag based VLAN Example Ports in the same VLAN group share the same frame broadcast domain thus increase network performance through reduced broadcast traffic VLAN groups can be modified at any time by adding moving or changing ports without any re cabling Shared resources such as a server can be u...

Страница 36: ...Chapter 1 Getting to Know Your Switch GS 2724 User s Guide 36 ...

Страница 37: ...ough to support the weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and the power cord 4 Remove the adhesive backing from the rubber feet 5 Attach the rubber feet to each corner on the bottom of the Switch These rubber feet help protect the Switch fro...

Страница 38: ... Installation Requirements Two mounting brackets Eight M3 flat head screws and a 2 Philips screwdriver Four M5 flat head screws and a 2 Philips screwdriver 1 Failure to use the proper screws may damage the unit 2 2 1 1 Precautions Make sure the rack will safely support the combined weight of all the equipment it contains Make sure the position of the Switch does not make the rack unstable or top h...

Страница 39: ...u may now mount the Switch on a rack Proceed to the next section 2 2 3 Mounting the Switch on a Rack 1 Position a mounting bracket that is already attached to the Switch on one side of the rack lining up the two screw holes on the bracket with the screw holes on the side of the rack Figure 7 Mounting the Switch on a Rack 2 Using a 2 Philips screwdriver install the M5 flat head screws through the m...

Страница 40: ...Chapter 2 Hardware Installation and Connection GS 2724 User s Guide 40 ...

Страница 41: ...er using an RJ 45 Ethernet cable for local configuration of the Switch CONSOLE Only connect this port if you want to configure the Switch using the command line interface CLI via the console port 20 100 1000 Mbps RJ 45 Gigabit Ethernet Ports Connect these ports to a computer a hub an Ethernet switch or router Four Dual Personality Interfaces Each interface has one 1000 Base T copper RJ 45 port and...

Страница 42: ... comes with SFP Small Form factor Pluggable slots for mini GBIC Gigabit Interface Converter transceivers A transceiver is a single unit that houses a transmitter and a receiver The Switch does not come with transceivers You must use transceivers that comply with the SFP transceiver MultiSource Agreement MSA See the SFF committee s INF 8074i specification Rev 1 0 for details SFP transceivers can be...

Страница 43: ...ple 2 Press the transceiver firmly until it clicks into place 3 The Switch automatically detects the installed transceiver Check the LEDs to verify that it is functioning properly Figure 10 Installed Transceiver 3 1 3 2 Transceiver Removal Use the following steps to remove a mini GBIC transceiver SFP module 1 Open the transceiver s latch latch styles vary Figure 11 Opening the Transceiver s Latch ...

Страница 44: ...ax no tolerance To connect the power to the DC model insert one end of the supplied power cord to the power receptacle on the rear panel and the other end to a power outlet Make sure that no objects obstruct the airflow of the fans 3 2 2 External Backup Power Supply Connector The backup power supply constantly monitors the status of the internal power supply The backup power supply automatically p...

Страница 45: ...ful connection Off No Ethernet device is connected to this port ACT Green Blinking The port is sending or receiving data Off The port is not sending or receiving data or there is no connection MGMT Port 10 Green On The link to a 10 Mbps Ethernet network is up Blinking The port is sending or receiving data at 10 Mbps Off The link to a 10 Mbps Ethernet network is down 100 Amber On The link to a 100 ...

Страница 46: ...Chapter 3 Hardware Overview GS 2724 User s Guide 46 ...

Страница 47: ...47 PART II Basic Configuration The Web Configurator 49 Initial Setup Example 59 System Status and Port Statistics 65 Basic Setting 71 ...

Страница 48: ...48 ...

Страница 49: ...the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 4 2 System Login 1 Start your web browser 2 Type http and the IP address of the Switch for example the default is 192 168 1 1 in the Location or Address field Press ENTER 3 The ...

Страница 50: ...s when you access the web configurator The following figure shows the navigating components of a web configurator screen Figure 16 Web Configurator Home Screen Status A Click the menu items to open submenu links and then click on a submenu link to open the screen in the main window B C D E These are quick links which allow you to perform certain tasks no matter which screen you are currently worki...

Страница 51: ...h s power is turned off C Click this link to go to the status page of the Switch D Click this link to logout of the web configurator E Click this link to display web help pages The help pages provide descriptions for all of the configuration screens In the navigation panel click a main link to reveal a list of submenu links Table 3 Navigation Panel Sub links Overview BASIC SETTING ADVANCED APPLICA...

Страница 52: ...ade Restore Configuration Backup Configuration Load Factory Default Save Configuration Reboot System Access Control SNMP Logins Service Access Control Remote Management Diagnostic Syslog Syslog Setup Syslog Server Setup Cluster Management Status Configuration MAC Table IP Table ARP Table Routing Table Configure Clone Table 5 Navigation Panel Links LINK DESCRIPTION Basic Settings System Info This l...

Страница 53: ... MAC addresses to learn on a port Classifier This link takes you to a screen where you can configure the Switch to group packets based on the specified criteria Policy Rule This link takes you to a screen where you can configure the Switch to perform special treatment on the grouped packets Queuing Method This link takes you to a screen where you can configure queuing with associated queue weights...

Страница 54: ... system logs and a system log server Cluster Management This link takes you to a screen where you can configure clustering management and view its status MAC Table This link takes you to a screen where you can view the MAC addresses and types of devices attached to what ports and VLAN IDs IP Table This link takes you to a screen where you can view the IP addresses and types of devices attached to ...

Страница 55: ... address 7 Prevent all services from accessing the Switch 8 Change a service port number but forget it Be careful not to lock yourself and others out of the Switch If you do lock yourself out try using out of band management via the management port to configure the Switch 4 6 Resetting the Switch If you lock yourself and others from the Switch or forget the administrator password you will need to ...

Страница 56: ...ng the Switch Via the Console Port The Switch is now reinitialized with a default configuration file including the default password of 1234 Bootbase Version V3 1 03 08 2007 18 22 24 RAM Size 64 Mbytes DRAM POST Testing 65536K OK DRAM Test SUCCESS FLASH Intel 64M ZyNOS Version V3 70 AYC 0 b0 03 08 2007 14 39 15 Press any key to enter debug mode within 3 seconds Compressed Version GS 2724 start 500e...

Страница 57: ...our password again after you log out This is recommended after you finish a management session for security reasons Figure 19 Web Configurator Logout Screen 4 8 Help The web configurator s online help has descriptions of individual screens and some supplementary information Click the Help link from a web configurator screen to view an online help description of that screen ...

Страница 58: ...Chapter 4 The Web Configurator GS 2724 User s Guide 58 ...

Страница 59: ... a physical port The default IP address of the Switch is 192 168 1 1 with a subnet mask of 255 255 255 0 In the example network since the RD network is already in the same IP interface as the Switch you don t need to create an IP interface for it However if you want to have the Sales network on a different routing domain you need to create a new IP interface This allows the Switch to route traffic...

Страница 60: ... save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 2 Configuring DHCP Server Settings You can set the Switch to assign network information such as the IP address DNS server etc to DHCP clients on the network For the example network configure two DHCP client pools on the Switch for the DHCP clients in the RD and Sales network...

Страница 61: ...r tagged static VLAN with fixed port members In this example you want to configure port 1 as a member of VLAN 2 Figure 21 Initial Setup Network Example VLAN 1 Click Advanced Application and VLAN in the navigation panel and click the Static VLAN link 2 In the Static VLAN screen select ACTIVE enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network ...

Страница 62: ...ned off 5 1 4 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines In the example network configure 2 as the port VID on port 1 so that any untagged frames received on that port get sent to VLAN 2 Figure 22 Initial Setup Network Example Port VID 1 Click Advanced Applications and VLAN in the ...

Страница 63: ...oth in the Direction field to set the Switch to broadcast and receive routing information 3 In the Version field select RIP 1 for the RIP packet format that is universally supported 4 Click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off ...

Страница 64: ...Chapter 5 Initial Setup Example GS 2724 User s Guide 64 ...

Страница 65: ...tatistical details 6 2 Port Status Summary To view the port statistics click Status in any web configurator screen to display the Status screen as shown next Figure 23 Port Status The following table describes the labels in this screen Table 6 Port Status LABEL DESCRIPTION Port This identifies the Ethernet port Click a port number to display the Port Details screen refer to Figure 24 on page 67 Na...

Страница 66: ... field displays FORWARDING if the link is up otherwise it displays STOP LACP This fields displays whether LACP Link Aggregation Control Protocol has been enabled on the port TxPkts This field shows the number of transmitted frames on this port RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port Tx KB s This field sho...

Страница 67: ...Copper or Fiber Status If STP Spanning Tree Protocol is enabled this field displays the STP state of the port see Section 11 1 on page 101 for more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP This field shows if LACP is enabled on this port or not TxPkts This field shows the number of transmitted frames on this port RxPkts This fi...

Страница 68: ...itted packets for which transmission is inhibited by exactly one collision Multiple This is a count of successfully transmitted packets for which transmission was inhibited by more than one collision Excessive This is a count of packets for which transmission failed due to excessive collisions Excessive collision is defined as the number of maximum collisions before the retransmission count is res...

Страница 69: ...received that were between 512 and 1023 octets in length 1024 1518 This field shows the number of packets including bad packets received that were between 1024 and 1518 octets in length Giant This field shows the number of packets dropped because they were bigger than the maximum frame size Table 7 Port Details continued LABEL DESCRIPTION ...

Страница 70: ...Chapter 6 System Status and Port Statistics GS 2724 User s Guide 70 ...

Страница 71: ...s you to set the system time manually or get the current time and date from an external server when you turn on your Switch The real time is then displayed in the logs The Switch Setup screen allows you to set up and configure global switch features The IP Setup screen allows you to configure the Switch s IP address in each routing domain subnet mask s and DNS domain name server for management pur...

Страница 72: ... unit Centigrade or Fahrenheit in this field Temperature MAC CPU and PHY refer to the location of the temperature sensors on the Switch s printed circuit board Current This shows the current temperature in degrees centigrade at this sensor MAX This field displays the maximum temperature measured at this sensor MIN This field displays the minimum temperature measured at this sensor Threshold This f...

Страница 73: ...nimum speed at which a normal fan should work Status Normal indicates that this fan is functioning above the minimum speed Error indicates that this fan is functioning below the minimum speed Voltage V The power supply for each voltage has a sensor that is capable of detecting and reporting if the voltage falls out of the tolerance range Current This is the current voltage reading MAX This field d...

Страница 74: ... Switch should use first to authenticate an administrator user for Switch management Configure the local user accounts in the Access Control Logins screen The RADIUS is an external server Before you specify the priority make sure you have set up the corresponding database correctly first Select Local Only to have the Switch just check the administrator accounts configured in the Access Control Log...

Страница 75: ...e and date settings from the time server in the following circumstances When the Switch starts up In 24 hour intervals after starting up When you click Apply in this screen None is the default value Enter the time manually When you enter the time settings manually the Switch uses the new settings when you click Apply Each time you turn on the Switch the time and date will be reset to the default v...

Страница 76: ...ll broadcasts are confined to a specific broadcast domain VLAN is unidirectional it only governs outgoing traffic See Chapter 8 on page 85 for information on port based and 802 1Q tagged VLANs 7 5 Switch Setup Screen Click Basic Setting Switch Setup in the navigation panel to display the screen as shown The VLAN setup screens change depending on whether you choose 802 1Q or Port Based in the VLAN ...

Страница 77: ...er Leave Time must be two times larger than Join Timer the default is 600 milliseconds Leave All Timer Leave All Timer sets the duration of the Leave All Period timer for GVRP in milliseconds Each port has a single Leave All Period timer Leave All Timer must be larger than Leave Timer Priority Queue Assignment IEEE 802 1p defines up to eight separate traffic types by inserting a tag into a MAC lay...

Страница 78: ... separate subnet the configured IP address is also known as IP interface or routing domain In addition this allows routing between subnets based on the IP address without additional routers You can configure multiple routing domains on the same VLAN as long as the IP address ranges for the domains do not overlap To change the IP address of the Switch in a routing domain simply add a new routing do...

Страница 79: ...ble to use a domain name instead of an IP address Default Management Specify which traffic flow In Band or Out of band the Switch is to send packets originating from itself such as SNMP traps or packets with unknown source Select Out of band to have the Switch send the packets to the management port labelled MGMT This means that device s connected to the other port s do not receive these packets S...

Страница 80: ...er the IP address of your Switch in dotted decimal notation for example 192 168 1 1 This is the IP address of the Switch in an IP routing domain IP Subnet Mask Enter the IP subnet mask of an IP routing domain in dotted decimal notation For example 255 255 255 0 VID Enter the VLAN identification number to which an IP routing domain belongs Add Click Add to save your changes to the Switch s run time...

Страница 81: ...ome web configurator screens Type This field displays 10 100 1000M for Gigabit connections Speed Duplex Select the speed and the duplex mode of the Ethernet connection on this port Choices are Auto 10M Half Duplex 10M Full Duplex 100M Half Duplex 100M Full Duplex and 1000M Full Duplex Selecting Auto auto negotiation allows one port to negotiate with a peer port automatically to obtain the connecti...

Страница 82: ...ls and resend later Select Flow Control to enable it 802 1p Priority This priority value is added to incoming frames without a 802 1p priority queue tag See Priority Queue Assignment in Table 10 on page 77 for more information BPDU Control Configure the way to treat BPDUs received on this port You must activate bridging control protocol transparency in the Switch Setup screen first Select Peer to ...

Страница 83: ...p 97 Filtering 99 Spanning Tree Protocol 101 Bandwidth Control 111 Broadcast Storm Control 113 Mirroring 115 Link Aggregation 117 Port Authentication 121 Port Security 127 Classifier 131 Policy Rule 137 Queuing Method 143 VLAN Stacking 147 Multicast 153 ...

Страница 84: ...84 ...

Страница 85: ...The remaining twelve bits define the VLAN ID giving a possible maximum number of 4 096 VLANs Note that user priority and VLAN ID are independent of each other A frame with VID VLAN Identifier of null 0 is called a priority frame meaning that only the priority level is significant and the default VID of the ingress port is given as the VID of the frame Of the 4096 possible VIDs a VID of 0 is used t...

Страница 86: ...VLANs groups beyond the local switch Please refer to the following table for common IEEE 802 1Q VLAN terminology Table 13 IEEE 802 1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually Dynamic VLAN This is a VLAN configured by a GVRP registration deregistration process VLAN Administrative Control Registration Fixed Fixed registration po...

Страница 87: ... A and B Without VLAN Trunking you must configure VLAN groups 1 and 2 on all intermediary switches C D and E otherwise they will drop frames with unknown VLAN group tags However with VLAN Trunking enabled on a port s in each intermediary switch you only need to create VLAN groups in the end devices A and B C D and E automatically allow frames with VLAN group tags 1 and 2 VLAN groups that are unkno...

Страница 88: ...igure 32 VLAN Status The following table describes the labels in this screen Table 14 VLAN Status LABEL DESCRIPTION The Number of VLAN This is the number of VLANs configured on the Switch Index This is the VLAN index number Click on an index number to view more VLAN details VID This is the VLAN identification number that was configured in the Static VLAN screen Elapsed Time This field shows how lo...

Страница 89: ...N click Static VLAN in the VLAN Status screen to display the screen as shown next Table 15 VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that was configured in the Static VLAN screen Port Number This column displays the ports that are participating in a VLAN A tagged port is marked as T an untagged port is marked as ...

Страница 90: ...ttings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Control Select Normal for the port to dynamically join this VLAN group using GVRP This is the default selection S...

Страница 91: ...er so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields Clear Click Clear to start configuring the screen again VID This field displays the ID number of the VLAN group Click the number to edit the VLAN settings Active This field indicates whether the VLAN settings are enabled Yes or di...

Страница 92: ...u want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Ingress Check If this check box is selected for a port the Switch discards incoming frames for VLANs that do not include this port in its member set Clear this check box to d...

Страница 93: ...p and Filtering that require a VID you must enter 1 as the VID The port based VLAN setup screen is shown next The CPU management port forms a VLAN with all Ethernet ports 8 6 1 Configure a Port based VLAN Select Port Based as the VLAN Type in the Switch Setup screen and then click Advanced Application VLAN from the navigation panel to display the next screen ...

Страница 94: ...Chapter 8 VLAN GS 2724 User s Guide 94 Figure 36 Port Based VLAN Setup All connected ...

Страница 95: ... This option is the most limiting but also the most secure After you make your selection click Apply top right of screen to display the screens as mentioned above You can still customize these settings by adding deleting incoming or outgoing ports but you must also click Apply at the bottom of the screen Incoming These are the ingress ports an ingress port is an incoming port that is a port throug...

Страница 96: ... By default it forms a VLAN with all Ethernet ports If it does not form a VLAN with a particular port then the Switch cannot be managed from that port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are do...

Страница 97: ...d in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the Switch See Chapter 17 on page 127 for more information on port security Click ...

Страница 98: ... loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields Clear Click Clear to begin configuring this screen afresh Index Click an index number to modify a static MAC address rule for a port Active This field displays whether this static MAC address forwarding rule is active Ye...

Страница 99: ...ed Application Filtering in the navigation panel to display the screen as shown next Figure 39 Filtering The following table describes the related labels in this screen Table 20 Filtering LABEL DESCRIPTION Active Make sure to select this check box to activate your rule You may temporarily deactivate a rule without deleting it by deselecting this check box Name Type a descriptive name up to 32 prin...

Страница 100: ...he Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to clear the fields to the factory defaults Index This field displays the index number of the rule Click an index number to change the settings Active This field displays Yes when the rule is ...

Страница 101: ...at only one path exists between any two stations on the network The Switch uses IEEE 802 1w RSTP Rapid Spanning Tree Protocol that allows faster convergence of the spanning tree than STP while also being backwards compatible with STP only aware bridges In RSTP topology change information is directly propagated throughout the network from the device that generates the topology change In STP a longe...

Страница 102: ...d LANs and disables all other ports that participate in STP Network packets are therefore only forwarded between enabled ports eliminating any possible network loops STP aware switches exchange Bridge Protocol Data Units BPDUs periodically When the bridged LAN topology changes a new spanning tree is constructed Once a stable network topology has been established all bridges listen for Hello BPDUs ...

Страница 103: ...th its own bridge information In the following example there are two RSTP instances MRSTP 1 and MRSTP2 on switch A To set up MRSTP activate MRSTP on the Switch and specify which port s belong to which spanning tree Each port can belong to one STP tree only Figure 40 MRSTP Network Example Table 22 STP Port States PORT STATE DESCRIPTION Disabled STP is disabled default Blocking Only configuration an...

Страница 104: ...r MRSTP is active Once you select RSTP or MRSTP this screen displays the status of your configuration Figure 41 Spanning Tree Protocol The following table describes the labels in this screen 11 3 Configure Rapid Spanning Tree Protocol Use this screen to configure RSTP settings see Section 11 1 on page 101 for more information on RSTP Click RSTP in the Advanced Application Spanning Tree Protocol sc...

Страница 105: ...ch Select a value from the drop down list box The lower the numeric value you assign the higher the priority for this bridge Bridge Priority determines the root bridge which in turn determines Hello Time Max Age and Forwarding Delay Hello Time This is the time interval in seconds between BPDU Bridge Protocol Data Units configuration message generations by the root switch The allowed range is 1 to ...

Страница 106: ... you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to activate RSTP on this port Priority Configure the priority for each port here Priority decides which port should be disabled when more than...

Страница 107: ... This ID is the same for Root and Our Bridge if the Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds a switch can wait without receiving a configuration message before attempting to reconfigu...

Страница 108: ...t MAC address will then become the root switch Select a value from the drop down list box The lower the numeric value you assign the higher the priority for this bridge Bridge Priority determines the root bridge which in turn determines Hello Time Max Age and Forwarding Delay Hello Time This is the time interval in seconds between BPDU Bridge Protocol Data Units configuration message generations b...

Страница 109: ... same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to activate STP on this port Priority Configure the priority for each port here Priority decides which port should be disabled when more than one port forms a loop in a switch P...

Страница 110: ...the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds a switch can wait without receiving a configuration message before attempting to reconfigure Forwarding Delay second This is the time in seconds the roo...

Страница 111: ...Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion The CIR and PIR should be set for all ports that use the same uplink bandwidth If the CIR is reached packets are sent at the rate up to the PIR When network congestion occurs packets through the ingress port exceeding the CIR will be marked for drop The CIR should ...

Страница 112: ...ranteed bandwidth allowed in kilobits per second Kbps for the incoming traffic flow on a port The commit rate should be less than the peak rate The sum of commit rates cannot be greater than or equal to the uplink bandwidth Active Select this check box to activate peak rate limits on this port Peak Rate Specify the maximum bandwidth allowed in kilobits per second Kbps for the incoming traffic flow...

Страница 113: ...re DLF packets the Switch receives per second on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port Click Advanced Application Broadcast Storm Control in the naviga...

Страница 114: ...rt by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second Multicast pkt s Select this option and specify how many multicast packets the port receives per second DLF pkt s Select this option and specify how many destination lookup failure DLF packets the port r...

Страница 115: ...raffic flow to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference Click Advanced Application Mirroring in the navigation panel to display the Mirroring screen Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port Figure 48 Mirroring ...

Страница 116: ...row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify the direction of the traffic to mirror by selecting from the drop down list box Ch...

Страница 117: ...802 3ad standard for static and dynamic LACP port trunking The Switch supports the link aggregation IEEE802 3ad standard This standard describes the Link Aggregate Control Protocol LACP which is a protocol that dynamically creates and manages trunk groups When you enable LACP link aggregation on a port the port can automatically negotiate with the ports at the remote end of a link to establish tru...

Страница 118: ...l Switch SYSTEM PRIORITY MAC ADDRESS KEY PORT PRIORITY PORT NUMBER 0000 00 00 00 00 00 0000 00 0000 Table 32 Link Aggregation ID Peer Switch SYSTEM PRIORITY MAC ADDRESS KEY PORT PRIORITY PORT NUMBER 0000 00 00 00 00 00 0000 00 0000 1 Port Priority and Port Number are 0 as it is the aggregator ID for the trunk group not the individual port Table 33 Link Aggregation Control Protocol Status LABEL DES...

Страница 119: ...Section 15 1 on page 117 for more information on link aggregation Figure 50 Link Aggregation Enabled Port These are the ports you have configured in the Link Aggregation screen to be in the trunk group Synchronized Ports These are the ports that are currently transmitting data as one logical link in this trunk group Table 33 Link Aggregation Control Protocol Status continued LABEL DESCRIPTION ...

Страница 120: ... the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Group Select the trunk group to which a port belongs LACP Timeout Timeout is the time interval...

Страница 121: ...al server instead of or in addition to an internal device user database that is limited to the memory capacity of the device In essence RADIUS authentication allows you to validate an unlimited number of users from a central location Figure 51 RADIUS Server 16 1 1 1 Vendor Specific Attribute A Vendor Specific Attribute VSA is an attribute value pair that is sent between a RADIUS server and the Swi...

Страница 122: ...s rate decimal Egress Bandwidth Assignment Vendor Id 890 ZyXEL Vendor Type 2 Vendor data egress rate decimal Privilege Assignment Vendor ID 890 ZyXEL Vendor Type 3 Vendor Data shell priv lvl N or Vendor ID 9 CISCO Vendor Type 1 CISCO AVPAIR Vendor Data shell priv lvl N where N is a privilege level from 0 to 14 Note If you set the privilege level of a login account differently on the RADIUS server ...

Страница 123: ... labels in this screen Table 37 RADIUS LABEL DESCRIPTION Authentication Server IP Address Enter the IP address of the external RADIUS server in dotted decimal notation UDP Port The default port of the RADIUS server for authentication is 1812 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as t...

Страница 124: ...lays a port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to permit 802 1x authentication on this port You must first all...

Страница 125: ... Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields Table 38 802 1x continued LABEL DESCRIPTION ...

Страница 126: ...Chapter 16 Port Authentication GS 2724 User s Guide 126 ...

Страница 127: ...umber of MAC addresses per port the Switch can learn as long as the number of MAC addresses does not exceed the value in Appendix A on page 305 For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default M...

Страница 128: ...AC address es is in the MAC address table on this port Packets with no matching MAC address es are dropped Clear this check box to disable the port security feature The Switch forwards all packets on this port Address Learning MAC address learning reduces outgoing broadcast traffic For MAC address learning to occur on a port the port itself must be active with address learning enabled Limited Numb...

Страница 129: ...h s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields Table 39 Port Security continued LABEL DESCRIPTION ...

Страница 130: ...Chapter 17 Port Security GS 2724 User s Guide 130 ...

Страница 131: ...number destination port number or incoming port number For example you can configure a classifier to select traffic from the same protocol port such as Telnet to form a flow Configure QoS on the Switch to group and prioritize application traffic and fine tune network performance Setting up QoS involves two separate steps 1 Configure classifiers to sort traffic into different flows 2 Configure poli...

Страница 132: ... tagged and Ethernet II untagged A value of 802 3 indicates that the packets are formatted according to the IEEE 802 3 standards A value of Ethernet II indicates that the packets are formatted according to RFC 894 Ethernet II encapsulation Layer 2 Specify the fields below to configure a layer 2 classifier VLAN Select Any to classify traffic from any VLAN or select the second option and specify the...

Страница 133: ... packets that are sent to establish TCP connections Source IP Address Address Prefix Enter a source IP address in dotted decimal notation Specify the address prefix by entering the number of ones in the subnet mask Socket Number Note You must select either UDP or TCP in the IP Protocol field before you configure the socket numbers Select Any to apply the rule to all TCP UDP protocol port numbers o...

Страница 134: ...ssifier Summary Table LABEL DESCRIPTION Index This field displays the index number of the rule Click an index number to edit the rule Active This field displays Yes when the rule is activated and No when it is deactivated Name This field displays the descriptive name for this rule This is for identification purpose only Rule This field displays a summary of the classifier rule s settings Delete Cl...

Страница 135: ...mple where you configure a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 After you have configured a classifier you can configure a policy in the Policy screen to define action s on the classified traffic flow Table 43 Common IP Ports PORT NUMBER PORT NAME 21 FTP 23 Telnet 25 SMTP 53 DNS 80 HTTP 110 POP3 ...

Страница 136: ...Chapter 18 Classifier GS 2724 User s Guide 136 Figure 58 Classifier Example ...

Страница 137: ...ithout the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 19 1 2 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field and a 6...

Страница 138: ...138 19 2 Configuring Policy Rules You must first configure a classifier in the Classifier screen Refer to Section 18 2 on page 131 for more information Click Advanced Applications Policy Rule in the navigation panel to display the screen as shown ...

Страница 139: ...Chapter 19 Policy Rule GS 2724 User s Guide 139 Figure 59 Policy ...

Страница 140: ...fic Bandwidth Specify the bandwidth in kilobit per second Kbps Enter a number between 1 and 1000000 Out of Profile DSCP Specify a new DSCP number between 0 and 63 if you want to replace or remark the DSCP number for out of profile traffic Action Specify the action s the Switch takes on the associated classified traffic flow Forwarding Select No change to forward the packets Select Discard the pack...

Страница 141: ...ic Select Change the DSCP value to replace the DSCP field with the value specified in the Out of profile DSCP field Select Set Out Drop Precedence to mark out of profile traffic and drop it when network is congested Select Do not drop the matching frame previously marked for dropping to queue the frames that are marked to be dropped Add Click Add to inset the entry to the summary table below and s...

Страница 142: ...cy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out of profile traffic on a traffic flow classified using the Example classifier refer to Section 18 4 on page 135 Figure 61 Policy Example ...

Страница 143: ...c on lower priority queues never gets sent SP does not automatically adapt to changing network requirements 20 1 2 Weighted Round Robin Scheduling WRR Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle A queue is a given an amount of bandwidth irrespective of the incoming traffic on that port This queue then moves to the...

Страница 144: ...ues on a rotating basis based on their queue weight the number you configure in the queue Weight field Queues with larger weights get more service than queues with smaller weights Q0 Q7 Weight When you select WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their weights Queues with larger weights get more service than queues with smaller weight...

Страница 145: ...Chapter 20 Queuing Method GS 2724 User s Guide 145 ...

Страница 146: ...Chapter 20 Queuing Method GS 2724 User s Guide 146 ...

Страница 147: ... on specific VLANs for many different customers A service provider s customers may require a range of VLANs to handle multiple applications A service provider s customers can assign their own inner VLAN tags on ports for these applications The service provider can assign an outer VLAN tag for each customer Therefore there is no VLAN tag overlap among customers so traffic from different customers i...

Страница 148: ...dge devices 1 and 2 in the VLAN stacking example figure The incoming frame is treated as untagged so a second VLAN tag outer VLAN tag can be added Static VLAN Tx Tagging MUST be disabled on a port where you choose Normal or Access Port Select Tunnel Port available for Gigabit ports only for egress ports at the edge of the service provider s network All VLANs belonging to a customer can be aggregat...

Страница 149: ...d on the Switch then the Switch will not add the tag Priority refers to the IEEE 802 1p standard that allows the service provider to prioritize traffic based on the class of service CoS the customer has paid for On the Switch configure priority level of inner IEEE 802 1Q tag in the Port Setup screen 0 is the lowest priority level and 7 is the highest VID is the VLAN ID SP VID is the VID for the se...

Страница 150: ... whether the frame carries IEEE 802 1Q tag information Choose 0x8100 or 0x9100 from the drop down list box or select Others and then enter a four digit hexadecimal number from 0x0000 to 0xFFFF 0x denotes a hexadecimal number It does not have to be typed in the Others text field Port The port number identifies the port you are configuring Settings in this row apply to all ports Use this row only if...

Страница 151: ...f 1526 Bytes 1522 Bytes 4 Bytes for the second tag to pass through it SPVID SPVID is the service provider s VLAN ID the outer VLAN tag Enter the service provider ID from 1 to 4094 for frames received on this port See Chapter 8 on page 85 for more background information on VLAN ID Priority On the Switch configure priority level of inner IEEE 802 1Q tag in the Port Setup screen 0 is the lowest prior...

Страница 152: ...Chapter 21 VLAN Stacking GS 2724 User s Guide 152 ...

Страница 153: ...s D range 224 0 0 0 to 239 255 255 255 are used for IP multicasting Certain IP multicast numbers are reserved by IANA for special purposes see the IANA web site for more information 22 1 2 IGMP Filtering With the IGMP filtering feature you can control which IGMP groups a subscriber on a port can join This allows you to control the distribution of multicast services such as content information dist...

Страница 154: ...n This screen shows the multicast group information See Section 22 1 on page 153 for more information on multicasting Figure 65 Multicast Status The following table describes the labels in this screen 22 3 Multicast Setting Click Advanced Applications Multicast Multicast Setting link to display the screen as shown See Section 22 1 on page 153 for more information on multicasting Table 51 Multicast...

Страница 155: ...m the port Leave Timeout Enter an IGMP leave timeout value from 1 to 16 711 450 in seconds This defines how many seconds the Switch waits for an IGMP report before removing an IGMP snooping membership entry when an IGMP leave message is received from a host 802 1p Priority Select a priority level 0 7 to which the Switch changes the priority in outgoing IGMP control packets Otherwise select No Chan...

Страница 156: ... to set the Switch to remove this port from the multicast tree when an IGMP version 2 leave message is received on this port Select this option if there is only one host connected to this port Group Limited Select this option to limit the number of multicast groups this port is allowed to join Max Group Num Enter the number of multicast groups this port is allowed to join Once a port is registered...

Страница 157: ...want to add a single multicast IP address enter it in both the Start Address and End Address fields Add Click Add to save the profile to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to clear the fields to ...

Страница 158: ...visible to the Switch and S Figure 68 MVR Network Example 22 5 1 Types of MVR Ports In MVR a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic Once configured the Switch maintains a forwarding table that matches the multicast stream to the associated multicast group 22 5 2 MVR Modes You can s...

Страница 159: ... 1 on the receiver port in this case a DSL port on the Switch If there is another subscriber device connected to this port in the same subscriber VLAN the receiving port will still be on the list of forwarding destination for the multicast traffic Otherwise the Switch removes the receiver port from the forwarding table Figure 69 MVR Multicast Television Example 22 6 General MVR Configuration Use t...

Страница 160: ...le ASCII characters for identification purposes Multicast VLAN ID Enter the VLAN ID 1 to 4094 of the multicast VLAN 802 1p Priority Select a priority level 0 7 with which the Switch replaces the priority in outgoing IGMP control packets belonging to this multicast VLAN Mode Specify the MVR mode on the Switch Choices are Dynamic and Compatible Select Dynamic to send IGMP reports to all MVR source p...

Страница 161: ...port that only receives multicast traffic None Select this option to set the port not to participate in MVR No MVR multicast traffic is sent or received on this port Tagging Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses pow...

Страница 162: ...mation on IP multicast addresses End Address Enter the ending IP multicast address of the multicast group in dotted decimal notation Enter the same IP address as the Start Address field if you want to configure only one IP address for a multicast group Refer to Section 22 1 1 on page 153 for more information on IP multicast addresses Add Click Add to save your changes to the Switch s run time memo...

Страница 163: ...the MVR screen and set the receiver and source ports Figure 73 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers configure multicast group settings in the Group Configuration screen The following figure shows an example where two multicast groups News and Movie are configured for the multicast VLAN 200 ...

Страница 164: ...Chapter 22 Multicast GS 2724 User s Guide 164 Figure 74 MVR Group Configuration Example Figure 75 MVR Group Configuration Example ...

Страница 165: ...165 PART IV IP Application Static Route 167 RIP 169 IGMP 171 Differentiated Services 173 DHCP 177 ...

Страница 166: ...166 ...

Страница 167: ...e describes the related labels you use to create a static route Table 56 Static Routing LABEL DESCRIPTION Active This field allows you to activate deactivate this static route Name Enter a descriptive name up to 32 printable ASCII characters for identification purposes Destination IP Address This parameter specifies the IP network address of the final destination Routing is always based on network...

Страница 168: ...es to the non volatile memory when you are done configuring Cancel Click Cancel to reset the above fields to your previous configuration Clear Click Clear to set the above fields back to the factory defaults Index This field displays the index number of the route Click a number to edit the static route entry Active This field displays Yes when the static route is activated and NO when it is deacti...

Страница 169: ...one the Switch will not send any RIP packets and will ignore any RIP packets received The Version field controls the format and the broadcasting method of the RIP packets that the Switch sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networks unless you have an unusual network topology Both RIP 2...

Страница 170: ... more information on configuring IP domains Direction Select the RIP direction from the drop down list box Choices are Outgoing Incoming Both and None Version Select the RIP version from the drop down list box Choices are RIP 1 RIP 2B and RIP 2M Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save l...

Страница 171: ...ons 1 and 2 respectively The Switch supports IGMP version 1 IGMP v1 version 2 IGMP v2 and version 3 IGMP v3 At start up the Switch queries all directly connected networks to gather group membership After that the Switch periodically updates this information 25 2 Configuring IGMP Click IP Application IGMP in the navigation panel to display the screen as shown next Each entry in the table is automat...

Страница 172: ...s field displays the IP domain configured on the Switch Refer to Section 7 6 on page 78 for more information on configuring IP domains Version Select an IGMP version from the drop down list box Choices are IGMP v1 IGMP v2 IGMP v3 and None Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on ...

Страница 173: ...ons do not have to request a particular service or give advanced notice of where the traffic is going 26 1 1 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service ToS field in the IP header The DS field contains a 2 bit unused field and a 6 bit DSCP field which can define up to 64 service levels The following figure illustrates the DS fiel...

Страница 174: ...SCP values and the associated policies 26 2 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802 1p priority mapping on the selected port s Click IP Application DiffServ in the navigation panel to display the screen as shown Figure 81 DiffServ The following table describes the labels in this screen Table 59 DiffServ LABEL DESCRIPTION Active Select this option to enable DiffServ...

Страница 175: ...ow only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select Active to enable DiffServ on the port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it i...

Страница 176: ...To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring t...

Страница 177: ...puter must be manually configured 27 1 1 DHCP modes The Switch can be configured as a DHCP server or DHCP relay agent If you configure the Switch as a DHCP server it will maintain the pool of addresses and distribute them to your LAN computers If there is an Ethernet device that performs the DHCP server function for your network then you can configure the Switch as a DHCP relay agent When the Swit...

Страница 178: ...s LABEL DESCRIPTION Index This is the index number VID This field displays the ID number of the VLAN group to which this DHCP settings apply Server Status This field displays the starting DHCP client IP address IP Pool Size This field displays the size of the DHCP client IP address pool Poll Interval s The text box displays how often in seconds this screen refreshes You may change the refresh inte...

Страница 179: ...ver Enter the IP addresses of the DNS servers The DNS servers are passed to the DHCP clients along with the IP address and the subnet mask Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring C...

Страница 180: ...P clients in the RD and Sales network Figure 85 DHCP Server Network Example In the DHCP Server screen configure two DHCP client IP address pools for the two networks The following shows an example Figure 86 DHCP Server Configuration Example Delete Click Delete to remove the selected entry Cancel Click Cancel to clear the Delete check boxes Table 63 DHCP Server continued LABEL DESCRIPTION ...

Страница 181: ... it relays to a DHCP server This helps provide authentication about the source of the requests You can also specify additional information for the Switch to add to the client DHCP requests that it relays to the DHCP server Please refer to RFC 3046 for more details The DHCP relay agent information feature adds an Agent Information field to the option 82 field of the DHCP headers of client DHCP requ...

Страница 182: ...ESCRIPTION Active Select this check box to enable DHCP relay Remote DHCP Server 1 3 Enter the IP address of a DHCP server in dotted decimal notation Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This read only field displays the system name you configu...

Страница 183: ...Chapter 27 DHCP GS 2724 User s Guide 183 Figure 89 DHCP Relay Configuration Example ...

Страница 184: ...Chapter 27 DHCP GS 2724 User s Guide 184 ...

Страница 185: ...185 PART V Management Maintenance 187 Access Control 193 Diagnostic 205 Syslog 207 Cluster Management 211 MAC Table 217 IP Table 219 ARP Table 221 Routing Table 223 Configure Clone 225 ...

Страница 186: ...186 ...

Страница 187: ...Maintenance The following table describes the labels in this screen Table 65 Maintenance LABEL DESCRIPTION Current This field displays which configuration Configuration 1 or Configuration 2 is currently operating on the Switch Firmware Upgrade Click Click Here to go to the Firmware Upgrade screen Restore Configuratio n Click Click Here to go to the Restore Configuration screen Backup Configuratio ...

Страница 188: ...fter the firmware upgrade process is complete see the System Info screen to verify your current firmware version number 28 3 Restore a Configuration File Restore a previously saved configuration from your computer to the Switch using the Restore Configuration screen Save Configuratio n Click Config 1 to save the current configuration settings to Configuration 1 on the Switch Click Config 2 to save...

Страница 189: ... you may restore at a later date Back up your current Switch configuration to a computer using the Backup Configuration screen Figure 93 Backup Configuration Follow the steps below to back up the current Switch configuration to your computer in this screen 1 Click Backup 2 Click Save to display the Save As screen 3 Choose a location to save the file on your computer from the Save in drop down list...

Страница 190: ... top right hand corner in any screen to save the configuration changes to the current configuration Clicking the Apply or Add button does NOT save the changes permanently All unsaved changes are erased after you reboot the Switch 28 7 Reboot System Reboot System allows you to restart the Switch without physically turning the power off It also allows you to load configuration one Config 1 or config...

Страница 191: ...ent configuration to a file called config cfg on your computer If your T FTP client does not allow you to have a destination filename different than the source you will need to rename them as the Switch only recognizes config and ras Be sure you keep unaltered copies of both files for later use 1 Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your dev...

Страница 192: ...ients 28 8 4 FTP Restrictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote Management screen does not match the client IP address If it does not match the Switch will disconnect the Telnet session immediately General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server Login T...

Страница 193: ...ntrol sessions are allowed A console port access control session and Telnet access control session cannot coexist when multi login is disabled See Section 38 11 2 on page 237 for more information on disabling multi login 29 2 The Access Control Main Screen Click Management Access Control in the navigation panel to display the main screen as shown Figure 96 Access Control Table 67 Access Control Ov...

Страница 194: ...tions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a switch Examples of variables include such as number of packets received node port status etc A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents to communi...

Страница 195: ...nfiguring SNMP From the Access Control screen display the SNMP screen You can click Access Control to go back to the Access Control screen Table 69 SNMP Traps OBJECT LABEL OBJECT ID DESCRIPTION SNMPv2 Traps Cold Start 1 3 6 1 6 3 1 1 5 1 This trap is sent when the Switch is turned on WarmStart 1 3 6 1 6 3 1 1 5 2 This trap is sent when the Switch restarts linkDown 1 3 6 1 6 3 1 1 5 3 This trap is ...

Страница 196: ...iew but not configure settings Table 70 SNMP LABEL DESCRIPTION Get Community Enter the get community which is the password for the incoming Get and GetNext requests from the management station Set Community Enter the set community which is the password for incoming Set requests from the management station Trap Community Enter the trap community which is the password sent with each trap to the SNMP...

Страница 197: ...our new system password Retype to confirm Retype your new system password for confirmation Edit Logins You may configure passwords for up to four users These users have read only access You can give users higher privileges via the CLI For more information on assigning privileges see Chapter 38 on page 229 User Name Set a user name up to 32 ASCII characters long Password Enter your new system passw...

Страница 198: ...tween two hosts over an unsecured network Figure 100 SSH Communication Example 29 5 How SSH works The following table summarizes how a secure connection is established between two remote hosts Figure 101 How SSH Works 1 Host Identification The SSH client sends a connection request to the SSH server The server identifies itself with a host key The client encrypts a randomly generated session key wi...

Страница 199: ...n to HTTPS HTTPS HyperText Transfer Protocol over Secure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring confidentiality an unauthorized party cannot read the transferred data authentication one party can identify the other party and data integrity you ...

Страница 200: ... Address is the IP address or domain name of the Switch you wish to access 29 8 1 Internet Explorer Warning Messages When you attempt to access the Switch s HTTPS server a Windows dialog box pops up asking if you trust the server certificate Click View Certificate if you want to verify that the certificate is from the Switch You see the following Security Alert screen in Internet Explorer Select Y...

Страница 201: ...om the Switch If Accept this certificate temporarily for this session is selected then click OK to continue in Netscape Select Accept this certificate permanently to import the Switch s certificate into the SSL client Figure 104 Security Certificate 1 Netscape Figure 105 Security Certificate 2 Netscape 29 8 3 The Main Screen After you accept the certificate and enter the login username and passwor...

Страница 202: ...o decide what services you may use to access the Switch You may also change the default service port and configure trusted computer s for each service in the Remote Management screen discussed later From the Access Control screen display the Service Access Control screen You can click Access Control to go back to the Access Control screen Figure 107 Service Access Control ...

Страница 203: ...t field If you change the default port number then you will have to let people who wish to use the service know the new port number for that service Timeout Type how many minutes a management session via the web configurator can be left idle before the session times out After it times out you have to log in with your password again Very long idle timeouts may have security risks Apply Click Apply ...

Страница 204: ...the session if it does not match Telnet FTP HTTP ICMP SNMP SSH HTTPS Select services that may be used for managing the Switch from the specified trusted computers Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory whe...

Страница 205: ...nel to open this screen Use this screen to check system logs ping IP addresses or perform port tests Figure 109 Diagnostic The following table describes the labels in this screen Table 74 Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi line text box Click Clear to empty the text box and reset the syslog entry ...

Страница 206: ...a device that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address in the field to the left Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test Table 74 Diagnostic continued LABEL DESCRIPTION ...

Страница 207: ...o the documentation of your syslog program for details The following table describes the syslog severity levels 31 2 Syslog Setup Click Management Syslog in the navigation panel to display this screen The syslog feature sends logs to an external syslog server Use this screen to configure the device s system logging settings Table 75 Syslog Severity Levels CODE SEVERITY 0 Emergency The system is un...

Страница 208: ... column displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category Facility The log facility allows you to send logs to different files in the syslog server Refer to the documentation of your syslog program for more details Apply Click Apply to save your changes to the Switch s run time memor...

Страница 209: ...h s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields Clear Click Clear to return the fields to the factory defaults Index This is the index number of a syslog server entry Click this number to edit th...

Страница 210: ...Chapter 31 Syslog GS 2724 User s Guide 210 ...

Страница 211: ...able to communicate with one another In the following example switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members Table 78 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models Must be compatible with ZyXEL cluster management implementation Cluster Manager The switch through w...

Страница 212: ...Guide 212 Figure 112 Clustering Application Example 32 2 Cluster Management Status Click Management Cluster Management in the navigation panel to display the following screen A cluster can only have one manager Figure 113 Cluster Management Status ...

Страница 213: ...s if you access this screen in the cluster member switch directly and not via the cluster manager None neither a manager nor a member of a cluster Manager This field displays the cluster manager switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage cluste...

Страница 214: ...1 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 370lt0 bin fw 00 a0 c5 01 23 46 200 Port command okay 150 Opening data connection for STOR fw 00 a0 c5 01 23 46 226 File received OK ftp 262144 bytes sent in 0 63Seconds 415 44Kbytes sec ftp Table 80 FTP Upload to Cluster Me...

Страница 215: ...witch that was previously a cluster member is later set to become a cluster manager then its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below Name Type a name to identify the Clustering Manager You may use up to 32 printable characters spaces are allowed VID This is the VLAN ID and is only applicable if the Switch is s...

Страница 216: ...t cannot be managed from the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below If multiple devices have the same password then hold SHIFT and click those switches to select them Then enter their common web configurator password Add Click Add to save your changes to the Switch s run time memory The Sw...

Страница 217: ...e how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the MAC table If the Switch has already learned the port for this MAC address then it forwards the frame to that port If the Switch has not ...

Страница 218: ...below MAC Click this button to display and arrange the data according to MAC address VID Click this button to display and arrange the data according to VLAN group Port Click this button to display and arrange the data according to port number Index This is the incoming frame index number MAC Address This is the MAC address of the device from which this incoming frame came VID This is the VLAN grou...

Страница 219: ...gure 1 The Switch examines a received packet and learns the port on which this source IP address came 2 The Switch checks to see if the packet s destination IP address matches a source IP address already learned in the IP table If the Switch has already learned the port for this IP address then it forwards the packet to that port If the Switch has not already learned the port for this IP address t...

Страница 220: ...utton to display and arrange the data according to IP address VID Click this button to display and arrange the data according to VLAN group Port Click this button to display and arrange the data according to port number Index This field displays the index number IP Address This is the IP address of the device from which the incoming packets came VID This is the VLAN group to which the packet belon...

Страница 221: ...he device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast address The replying device which is ...

Страница 222: ...s is the ARP Table entry number IP Address This is the learned IP address of a device connected to a Switch port with corresponding MAC address below MAC Address This is the MAC address of the device with corresponding IP address above Type This shows whether the MAC address is dynamic learned by the Switch or static manually entered in the Static MAC Forwarding screen ...

Страница 223: ...e information Click Management Routing Table in the navigation panel to display the screen as shown Figure 122 Routing Table Status The following table describes the labels in this screen Table 85 Routing Table Status LABEL DESCRIPTION Index This field displays the index number Destination This field displays the destination IP routing domain Gateway This field displays the IP address of the gatew...

Страница 224: ...Chapter 36 Routing Table GS 2724 User s Guide 224 ...

Страница 225: ...how you can copy the settings of one port onto other ports 37 1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management Configure Clone to open the following screen Figure 123 Configure Clone ...

Страница 226: ...e 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings you configured in the Basic Setting menus should be copied to the destination port s Advanced Application Select which port settings you configured in the Advanced Application menus should be copied to the destination ports Apply C...

Страница 227: ...ducing Commands 229 User and Enable Mode Commands 263 Configuration Mode Commands 269 Interface Commands 281 IEEE 802 1Q Tagged VLAN Commands 289 Multicast VLAN Registration Commands 297 Routing Domain Command Examples 299 Troubleshooting 301 ...

Страница 228: ...228 ...

Страница 229: ...he web configurator 38 2 Accessing the CLI You can use a direct console connection or Telnet to access the command interpreter on the Switch The Switch automatically logs you out of the management interface after five minutes of inactivity If this happens to you simply log back in again By default multiple command interpreter management session are allowed via either the console port or Telnet How...

Страница 230: ...d then type telnet 192 168 0 1 the default management IP address and click OK 3 A login screen displays refer to Section 38 3 on page 230 38 3 The Login Screen After you have successfully established a connection to the Switch using a direct console connection or Telnet a login screen displays as shown below For your first login enter the default administrator login username admin and password 123...

Страница 231: ...mmands configured after the interface command correspond to those ports Type multiple ports or port ranges separated by a comma Ranges of port numbers are typed separated by a dash 38 5 Changing the Password This command is used to change the password for Enable mode By default the same password is used to enter the command line interface CLI and Enable and Config modes of the CLI The password you...

Страница 232: ...es and how to access them username username Specifies a new user up to 32 alphanumeric characters Enter a user name to change the settings of an existing account password password Specifies the new password up to 32 alphanumeric characters for this user privilege 0 14 Assigns a privilege level for the user Table 87 Command Interpreter Mode Summary MODE DESCRIPTION HOW TO LOGIN ACCESS PROMPT User C...

Страница 233: ... VLAN settings Type vlan followed by a number between 1 to 4094 For example vlan 10 to configure settings for VLAN 10 sysname config vlan Config interface This is a sub mode of the config mode and allows you to configure port related settings Type interface port channel followed by a port number For example interface port channel 8 to configure port 8 on the Switch sysname config interface Config ...

Страница 234: ...information ping ip host name cr ping ip host name vlan vlan id ping help traceroute ip host name cr traceroute ip host name vlan vlan id traceroute help ssh 1 2 user dest ip cr ssh 1 2 user dest ip command sysname sysname enable Turn on privileged commands exit Exit from the EXEC help Description of the interactive help system history Show a list of previously run commands logout Exit from the EX...

Страница 235: ...commands and press ENTER Use the history command to display the list of commands 38 10 Saving Your Configuration After you set the Switch s settings with the configuration commands use the write memory command to save the changes permanently The write memory command is not available in User mode You must save your changes after each CLI session All unsaved configuration changes are lost once you r...

Страница 236: ...38 10 2 Logging Out In User or Enable mode enter the exit or logout command to log out of the CLI In Config mode entering exit takes you out of the Config mode and into Enable mode and entering logout logs you out of the CLI 38 11 Command Summary The following sections summarize the commands available in the Switch together with a brief description of each command Commands listed in the tables are...

Страница 237: ...ath a packet takes to a device 0 ip host name vlan vlan id ttl 1 255 wait 1 60 queries 1 10 Determines the path a packet takes to a device in a VLAN 0 help Displays command help information 0 ssh 1 2 user dest ip Connects to an SSH server with the specified SSH version 0 Table 88 Command Summary User Mode continued COMMAND DESCRIPTION PRIVILEG E Table 89 Command Summary Enable Mode COMMAND DESCRIP...

Страница 238: ... 13 exit Exits Enable or privileged mode 13 help Displays help information 13 history Displays a list of command s that you have previously executed 13 igmp flush Removes all IGMP information 13 kick tcp Session ID Disconnects the specified TCP session 13 logout Exits Enable or privileged mode 13 mac flush Clears the MAC address table 13 port num Removes all learned MAC address on the specified po...

Страница 239: ...ps Displays the HTTPS information 13 certificate Displays the HTTPS certificates 13 key rsa dsa Displays the HTTPS key 13 session Displays current HTTPS session s 13 timeout Displays the HTTPS session timeout 13 igmp filtering profile name Displays IGMP filtering profile settings 13 igmp snooping Displays global IGMP snooping settings 13 interface port number Displays current interface status 13 i...

Страница 240: ...3 udp Displays IP UDP information 13 lacp Displays LACP Link Aggregation Control Protocol settings 13 logging Displays system logs 13 loginPrecedence Displays login precedence settings 13 logins Displays login account information 13 mac address table all mac vid port Displays MAC address table You can sort by MAC address VID or port 13 address table static Displays static MAC address table 13 addr...

Страница 241: ... settings 13 running config Displays current operating configuration 13 interface port channel port list bandwidth limit Displays current operating configuration on a port by port basis Optionally specifies which settings are displayed 13 service control Displays service control settings 13 snmp server Displays SNMP settings 13 spanning tree config Displays Spanning Tree Protocol STP settings 13 s...

Страница 242: ... the server 13 traceroute ip host name in band out of band vlan vlan id ttl 1 255 wait 1 60 queries 1 10 Determines the path a packet takes to a device 13 help Displays help information for this command 13 write memory Saves current configuration to the configuration file the Switch is currently using 13 index Saves current configuration to the specified configuration file on the Switch 13 Table 8...

Страница 243: ...igures a classifier A classifier groups traffic into data flows according to specific criteria such as the source address destination address source port number destination port number or incoming port number 13 help Displays help information for this command 13 cluster vlan id Enables clustering in the specified VLAN group 13 member mac address password password str Sets the cluster member 13 nam...

Страница 244: ...erv 13 dscp 0 63 priority 0 7 Sets the DSCP to IEEE 802 1q mappings 13 exit Exits from the CLI 13 garp join 100 65535 leave msec leaveall msec Configures GARP time settings 13 help Displays help information 13 history Displays a list of previous command s that you have executed 13 hostname name_string Sets the Switch s name for identification purposes 13 https cert regeneration rsa dsa Re generate...

Страница 245: ...nt port 13 default gateway ip Sets the default gateway s IP address for the out of band management port 13 name server ip Sets the IP address of a domain name server 13 route ip mask next hop ip Creates a static route 13 ip mask next hop ip metric metric name name inactive Sets the metric of a static route or deactivates a static route 13 lacp Enables Link Aggregation Control Protocol LACP 13 syst...

Страница 246: ...ity 0 61440 Sets the priority for the specified tree 13 hello time 1 10 maximum age 6 40 forward delay 4 30 Sets hello time maximum age and forward delay for the specified tree 13 interface port list Activates STP on the specified ports 13 path cost 1 65535 Sets a path cost to the specified ports 13 priority 0 255 Sets the priority value to the specified ports for STP 13 tree index 1 4 Assigns a s...

Страница 247: ... server settings 13 secondary dns Disables DHCP server secondary DNS settings 13 diffserv Disables the DiffServ settings 13 https timeout Resets the session timeout to the default of 300 seconds 13 igmp filtering Disables IGMP filtering on the Switch 13 profile name Disables the specified IGMP filtering profile 13 profile name start address ip end address ip Clears the settings of the specified IG...

Страница 248: ...nfiguration 13 mrstp interface port list Disables the STP assignment from the specified port s 13 multi login Disables another administrator from logging into Telnet or the CLI 14 mvr vlan id Disables MVR on the Switch 13 policy name Deletes the policy A policy sets actions for the classified traffic 13 inactive Enables a policy 13 port access authenticator Disables port authentication on the Swit...

Страница 249: ...es SSH Secure Shell server access to the Switch 13 telnet Disables telnet access to the Switch 13 snmp server trap destination ip Disables sending of SNMP traps to a station 13 spanning tree Disables STP 13 port list Disables STP on listed ports 13 ssh key rsa1 rsa dsa Disables the secure shell server encryption key Your Switch supports SSH versions 1 and 2 using RSA and DSA authentication 13 know...

Страница 250: ... T6 Disables the specified trunk group 13 T1 T2 T3 T4 T5 T6 interface port list Removes ports from the specified trunk group 13 T1 T2 T3 T4 T5 T6 lacp Disables LACP in the specified trunk group 13 vlan vlan id Deletes the static VLAN entry 13 vlan1q gvrp Disables GVRP on the Switch 13 port isolation Disables port isolation 13 vlan stacking Disables VLAN stacking 13 password Change the password for...

Страница 251: ...utgoing set vlan metering out of profile action change dscp drop forwar d set drop precedence inactive Configures a policy A classifier distinguishes traffic into flows based on the configured criteria A policy rule ensures that a traffic flow gets the requested treatment in the network 13 port access authenticat or Enables 802 1x authentication on the Switch 13 port list Enables 802 1x authentica...

Страница 252: ...of RADIUS server 1 or RADIUS server 2 index 1 or index 2 13 auth port socket number key key string Sets the port number and key of the external RADIUS server 13 timeout 1 1000 Specifies the RADIUS server timeout value 13 mode priority round robin Specifies the mode for RADIUS server selection 13 remote management index start addr ip end addr ip service telnet ftp http icmp snmp Specifies a group o...

Страница 253: ...ts the get community 13 set community property Sets the set community 13 trap community property Sets the trap community 13 trap destination ip Sets the IP addresses of up to four stations to send your SNMP traps to 13 spanning tree Enables STP on the Switch 13 port list Enables STP on a specified port 13 port list path cost 1 65535 Sets the STP path cost for a specified port 13 port list priority...

Страница 254: ...nc daytime time ntp Sets the time server protocol 13 server ip Sets the IP address of your time server 13 trunk T1 T2 T3 T4 T5 T6 Activates a trunk group 13 T1 T2 T3 T4 T5 T6 lacp Enables LACP for a trunk group 13 T1 T2 T3 T4 T5 T6 interface port list Adds a port s to the specified trunk group 13 interface port list timeout lacp timeout Defines the port number and LACP timeout period 13 vlan vlan ...

Страница 255: ...bandwidth allowed for incoming traffic on the port s 13 egress Enables bandwidth limits allowed for outgoing traffic on the port s 13 egress Kbps Sets the maximum bandwidth allowed for outgoing traffic on the port s 13 bpdu control peer tunnel disc ard network Sets how Bridge Protocol Data Units BPDUs are used in STP port states 13 broadcast limit Enables broadcast storm control limit on the port ...

Страница 256: ...nction 13 igmp querier mode auto fixed edge Sets the IGMP query mode for the port 13 inactive Disables the specified port s on the Switch 13 ingress check Enables the device to discard incoming frames for VLANs that are not included in a port member set 13 intrusion lock Enables intrusion lock on the port s and a port cannot be connected again after you disconnected the cable 13 mirror Enables por...

Страница 257: ... ports 13 gvrp Disable GVRP on the port s 13 igmp filtering profile Disables IGMP filtering 13 igmp group limit Disables IGMP group limitation 13 igmp immediate leave Disables the IGMP immidiate leave function 13 inactive Enables the port s on the Switch 13 ingress check Disables ingress checking on the port s 13 intrusion lock Disables intrusion lock on a port so that a port can be connected agai...

Страница 258: ...specified port s 13 SPVID vlan id Sets the service provider VID of the specified port s 13 vlan trunking Enables VLAN Trunking on ports connected to other switches or routers but not ports directly connected to end users to allow frames belonging to unknown VLAN groups to pass through the Switch 13 weight wt1 wt2 wt8 A weight value of one to eight is given to each variable from wt 1 to wt 8 13 wrr...

Страница 259: ...sion number 13 no ip igmp Disables IP IGMP in this routing domain 13 Table 92 interface route domain Commands continued COMMAND DESCRIPTION PRIVILEG E Table 93 Command Summary config vlan Commands COMMAND DESCRIPTION PRIVILEG E vlan vlan id Creates a new VLAN group 13 exit Leaves the VLAN configuration mode 13 fixed port list Specifies the port s to be a permanent member of this VLAN group 13 forb...

Страница 260: ...lly join this VLAN group using GVRP 13 untagged port list Specifies the port s you don t want to tag all outgoing frames transmitted with this VLAN Group ID 13 Table 93 Command Summary config vlan Commands continued COMMAND DESCRIPTION PRIVILEG E Table 94 Command Summary mvr Commands COMMAND DESCRIPTION PRIVILEG E mvr vlan id Enters the MVR Multicast VLAN Registration configuration mode 13 exit Ex...

Страница 261: ...ed port list Sets the port s to untag VLAN tags 13 receiver port port list Sets the receiver port s An MVR receiver port can only receive multicast traffic in a multicast VLAN 13 source port port list Sets the source port s An MVR source port can send and receive multicast traffic in a multicast VLAN 13 tagged port list Sets the port s to tag VLAN tags 13 8021p priority Sets the 802 1p priority fo...

Страница 262: ...Chapter 38 Introducing Commands GS 2724 User s Guide 262 ...

Страница 263: ...ommonly used show commands 39 2 1 show system information Syntax show system information This command shows the general system information such as the firmware version and system up time An example is shown next sysname show system info System Name GS 2724 System Contact System Location Ethernet Address 00 19 cb 00 11 fa ZyNOS F W Version V3 70 AYC 0 b0 03 08 2007 RomRasSize 2721784 System up Time...

Страница 264: ...tmask 255 255 255 0 VID 0 IP Interface IP 192 168 1 1 Netmask 255 255 255 0 VID 1 sysname sysname show logging 1 Thu Jan 1 00 02 08 1970 PP05 WARN SNMP TRAP 3 link up 2 Thu Jan 1 00 03 14 1970 INFO adjtime task pause 1 day 3 Thu Jan 1 00 03 16 1970 PP0f WARN SNMP TRAP 26 Event On Trap 4 Thu Jan 1 00 03 16 1970 PINI WARN SNMP TRAP 1 warm start 5 Thu Jan 1 00 03 16 1970 PINI WARN SNMP TRAP 3 link up...

Страница 265: ...static MAC address table sysname show interface 2 Port Info Port NO 2 Link 100M F Status FORWARDING LACP Disabled TxPkts 0 RxPkts 63 Errors 0 Tx KBs s 0 0 Rx KBs s 0 0 Up Time 0 02 33 TX Packet Tx Packets 0 Multicast 0 Broadcast 0 Pause 0 Tagged 0 RX Packet Rx Packets 63 Multicast 0 Broadcast 63 Pause 0 Control 0 TX Collison Single 0 Multiple 0 Excessive 0 Late 0 Error Packet RX CRC 0 Length 0 Run...

Страница 266: ... which the Ethernet device belongs out of band refers to the management port while in band means the other ports on the Switch size 0 1472 Specifies the packet size to send t Sends Ping packets to the Ethernet device indefinitely Press CTRL C to terminate the Ping process sysname ping 192 168 1 100 sent rcvd rate rtt avg mdev max min reply from 1 1 100 0 0 0 0 0 192 168 1 100 2 2 100 0 0 0 0 0 192...

Страница 267: ...g method igmp filtering spanning tree mrstp port based vlan where An example is shown next Copy all attributes of port 1 to port 2 Copy selected attributes active bandwidth limit and STP settings to ports 5 8 39 6 Configuration File Maintenance The following sections show how to manage the configuration files sysname traceroute 192 168 1 100 traceroute to 192 168 1 100 30 hops max 40 byte packet 1...

Страница 268: ...ommand to restart the system and use a different configuration file if specified The following example restarts the system to use the second configuration file When you use the write memory command without specifying a configuration file index number the Switch saves the changes to the configuration file the Switch is currently using 39 6 2 Resetting to the Factory Default Follow the steps below t...

Страница 269: ...ample is shown next Change the out of band Management IP address to 192 168 1 10 View updated settings See example in Section 41 2 on page 281 for information on how to change the in band management IP address for the Switch 40 2 Enabling IGMP Snooping To enable IGMP snooping on the Switch Enter igmp snooping and press ENTER You can also set how to treat traffic from an unknown multicast group by ...

Страница 270: ...g IGMP control packets host timeout 1 16711450 Specifies the time out period of the Switch with respect to IGMP report queries If an IGMP report for a multicast group was not received for a host timeout period from a specific port this port is deleted from the member list of that multicast group leave timeout 1 16711450 Specifies the time that the Switch will wait for multicast members to respond ...

Страница 271: ...10 maximum age 6 40 forward delay 4 30 mrstp interface port list cr mrstp interface port list path cost 1 65535 mrstp interface port list priority 0 255 mrstp interface port list treeIndex 1 4 igmp filtering Enables IGMP filtering on the Switch profile name Specifies a name up to 32 alphanumeric characters for this IGMP profile If you want to edit an existing IGMP profile enter the existing profil...

Страница 272: ... seconds a switch can wait without receiving a BPDU before attempting to reconfigure All switch ports except for designated ports should receive BPDUs at regular intervals Any port that ages out STP information provided in the last BPDU becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the Switch ports attached to the network forward delay...

Страница 273: ...nds Use the no command to disable features on the Switch Syntax no spanning tree no mirror port Disables STP on the Switch Disables port mirroring on the Switch 40 5 2 Resetting Commands Use the no command to reset settings to their default values Syntax no https timeout Resets the https session timeout to default An example is shown next The session timeout is reset to 300 seconds 40 5 3 Re enabl...

Страница 274: ...T4 T5 T6 interface port list where An example is shown next Disable trunk one T1 Disable LAPC on trunk three T3 Remove ports one three four and five from trunk two T2 40 5 4 2 no port access authenticator Syntax no port access authenticator no port access authenticator port list reauthenticate no port access authenticator port list ip mask inactive Re enables an ip route with the specified IP addr...

Страница 275: ... key from the list of known hosts Disables port authentication on the Switch port list reauthenticate Disables the re authentication mechanism on the listed port s port list Disables authentication on the listed ports sysname config no port access authenticator sysname config no port access authenticator 1 3 5 reauthenticate sysname config no port access authenticator 1 6 7 key rsa1 rsa dsa Disabl...

Страница 276: ...e final destination mask Specifies the subnet mask of this destination next hop ip Specifies the IP address of the gateway The gateway is an immediate neighbor of your Switch that will forward the packet to the destination The gateway must be a router on the same segment as your Switch metric metric The metric represents the cost of transmission for routing purposes IP routing uses hop count as th...

Страница 277: ... 1 on the Switch Place ports 5 8 in trunk 1 name name Names the filtering rule mac mac addr Specifies the MAC address you want to filter vlan vlan id Specifies which VLAN this rule applies to drop src dst both Selects the behavior of the rule src drop packets coming from the specified MAC address dst drop packets going to the specified MAC address both drop packets coming from or going to the spec...

Страница 278: ...ble via the command interpreter mode Use the radius server command to set up your RADIUS server settings Syntax radius server host index ip radius server host index ip acct port socket number key key string radius server timeout 1 1000 radius server mode priority round robin where sysname config trunk t1 sysname config trunk t1 interface 5 8 sysname config trunk t1 lacp radius server host index ip...

Страница 279: ...obin Specifies the way the Switch will process requests from the clients to the RADIUS server Only applicable with multiple RADIUS servers configured priority When a client sends an authentication request through the Switch to the RADIUS server The Switch will forward the request to the RADIUS server If no response within half the timeout period it will forward the request to the second RADIUS ser...

Страница 280: ... reauthentication on the ports Specify 1800 seconds as the interval for client reauthentication sysname config radius server host 1 10 10 10 1 acct port 1890 key secretKey sysname config radius server timeout 30 sysname config port access authenticator sysname config port access authenticator 4 8 sysname config port access authenticator 4 8 reauthenticate sysname config port access authenticator 4...

Страница 281: ...ed interface commands 41 2 1 interface port channel Use this command to enable the specified ports for configuration Indicate multiple non sequential ports separated by a comma Use a dash to specify a port range Syntax interface port channel port list An example is shown next Enter the configuration mode Enable ports 1 3 4 and 5 for configuration Begin configuring for those ports 41 2 2 bpdu contr...

Страница 282: ...ch Syntax bandwidth limit bandwidth limit pir Kbps bandwidth limit cir Kbps bandwidth limit egress Kbps peer tunnel discard network Type peer to process any BPDUs received on these ports Type tunnel to forward BPDUs received on these ports Type discard to drop any BPDUs received on these ports Type network to process a BPDU with no VLAN tag and forward a tagged BPDU sysname config interface port c...

Страница 283: ...able ports 1 4 5 and 6 for configuration Enable port mirroring on the ports pir Kbps Sets the maximum bandwidth allowed for incoming traffic cir Kbps Sets the guaranteed bandwidth allowed for incoming traffic egress Kbps Sets the maximum bandwidth allowed for outgoing traffic egress on the Switch sysname config interface port channel 1 sysname config interface bandwidth limit sysname config interf...

Страница 284: ...d VLAN for the Switch Enable ports one three four and five for configuration Enable GVRP on the interface 41 2 7 ingress check The ingress check command enables the device to discard incoming frames for VLANs that do not have this port as a member Syntax ingress check An example is shown next Enable ports 1 3 4 and 5 for configuration Enable ingress checking on the interface 41 2 8 frame type Synt...

Страница 285: ...able port based VLAN tagging on the Switch Enable ports one three four and five for configuration all tagged untagged Choose to accept both tagged and untagged incoming frames just tagged incoming frames or just untagged incoming frames on a port sysname config interface port channel 1 3 5 sysname config interface ingress check sysname config interface frame type tagged wt1 wt2 wt8 Sets the interf...

Страница 286: ...An example is shown next Enable port one for configuration Set a name for the port 41 2 13 speed duplex Syntax speed duplex auto 10 half 10 full 100 half 100 full 1000 full sysname config vlan type port based sysname config interface port channel 1 3 5 sysname config interface egress set 0 7 8 0 7 Sets the quality of service priority for a port sysname config interface port channel 1 3 5 sysname c...

Страница 287: ...imit You can disable bandwidth limit on port 1 simply by placing the no command in front of the bandwidth limit command auto 10 half 10 full 100 half 100 full 1000 full Sets the duplex mode half or full and speed 10 100 or 1000 Mbps of the connection on the port Selecting auto auto negotiation makes one port able to negotiate with a peer automatically to obtain the connection speed and duplex mode...

Страница 288: ... Interface Commands GS 2724 User s Guide 288 Syntax no bandwidth limit An example is shown next Disable bandwidth limit on port1 sysname config interface port channel 1 sysname config interface no bandwidth limit ...

Страница 289: ...ace mode to set the VLAN settings on a port then use the pvid vlan id command to set the VLAN ID you created for the port list to that specific port in the PVID table Use the exit command when you are finished configuring the VLAN 2 Configure your management VLAN Use the vlan vlan id command to create a VLAN VID 3 in this example for managing the Switch and the Switch will activate the new managem...

Страница 290: ...awn by issuing a Leave message A Leave All message terminates all registrations GARP timers set declaration timeout values sysname show garp GARP Timer Join Timer 200 Leave Timer 600 Leave All Timer 10000 sysname join msec This sets the duration of the Join Period timer for GVRP in milliseconds Each port has a Join Period timer The allowed Join Time range is between 100 and 32767 milliseconds the ...

Страница 291: ...and turns on GVRP in order to propagate VLAN information beyond the Switch 42 2 5 Disable GVRP Syntax no vlan1q gvrp This command turns off GVRP so that the Switch does not propagate VLAN information to other switches 42 3 Port VLAN Commands You must configure the Switch s port VLAN settings in config interface mode 42 3 1 Set Port VID Syntax pvid VID where This command sets the default VLAN ID on...

Страница 292: ...le GVRP The following example turns off GVRP for ports 1 to 5 42 3 4 Modify Static VLAN Use the following commands in the config vlan mode to configure the static VLAN table Syntax vlan vlan id fixed port list forbidden port list name name str normal port list untagged port list no fixed port list no forbidden port list no untagged port list sysname config interface port channel 1 5 sysname config...

Страница 293: ...tes what the SVLAN table says that is the SVLAN tells the Switch whether or not to forward a frame and if the forwarded frames should have tags 4 Then the Switch applies the port filter to finish the forwarding decision This means that frames may be dropped even if the SVLAN says to forward them Frames might also be dropped if they are sent to a CPE customer premises equipment DSL device that does...

Страница 294: ...bles the specified VLAN ID in the SVLAN Static VLAN table 42 5 Disable VLAN Syntax vlan vlan id inactive This command disables the specified VLAN ID in the SVLAN Static VLAN table 42 6 Show VLAN Setting Syntax show vlan This command shows the IEEE 802 1Q Tagged SVLAN Static VLAN table An example is shown next VID is the VLAN identification number Status shows whether the VLAN is static or active E...

Страница 295: ...Ctl section of the last column shows which ports are tagged and which are untagged sysname show vlan The Number of VLAN 3 Idx VID Status Elap Time TagCtl 1 1 Static 0 12 13 Untagged 1 2 Tagged 1 100 Static 0 00 17 Untagged Tagged 1 4 1 200 Static 0 00 07 Untagged 1 2 Tagged 3 8 ...

Страница 296: ...Chapter 42 IEEE 802 1Q Tagged VLAN Commands GS 2724 User s Guide 296 ...

Страница 297: ...to configure a multicast VLAN group Syntax mvr vlan id mvr vlan id source port port list mvr vlan id receiver port port list mvr vlan id inactive mvr vlan id mode dynamic compatible mvr vlan id name name str mvr vlan id tagged port list mvr vlan id group name str start address ip end address ip mvr vlan id exit where vlan id The VLAN ID 1 4094 source port port list Specifies the MVR source ports w...

Страница 298: ...ompatible does not send IGMP reports group name name str A name to identify the MVR IP multicast group start address ip Specifies the starting IP multicast address of the multicast group in dotted decimal notation end address ip Specifies the ending IP multicast address of the multicast group in dotted decimal notation Enter the same IP address as the start address if you want to configure only on...

Страница 299: ...s This is the IP address of the Switch in the routing domain Specify the IP address is dotted decimal notation For example 192 168 1 1 mask bits The number of bits in the subnet mask Enter the subnet mask number preceded with a To find the bit number convert the subnet mask to binary and add all of the 1 s together Take 255 255 255 0 for example 255 converts to eight 1 s in binary There are three ...

Страница 300: ...Chapter 44 Routing Domain Command Examples GS 2724 User s Guide 300 ...

Страница 301: ...client IP address your computer s IP address must match it Refer to Chapter 29 on page 193 for details I cannot access the web configurator The administrator username is admin The default administrator password is 1234 The username and password are case sensitive Make sure that you enter the correct password and username using the proper casing If you have changed the password and have now forgott...

Страница 302: ... password using the proper casing The administrator username is admin The default administrator password is 1234 The username and password are case sensitive Make sure that you enter the correct password and username using the proper casing If you have changed the password and have now forgotten it you will need to upload the default configuration file This restores all of the factory defaults inc...

Страница 303: ...dices and Index Product Specifications 305 Changing a Fuse 311 Pop up Windows JavaScripts and Java Permissions 313 IP Addresses and Subnetting 319 Common Services 329 Legal Information 333 Customer Support 337 Index 341 ...

Страница 304: ...304 ...

Страница 305: ...an IP default gateway and DNS servers to computers on your network IGMP Snooping The Switch supports IGMP snooping enabling group multicast traffic to be only forwarded to ports that are members of that group thus allowing you to significantly reduce multicast traffic passing through your Switch Differentiated Services DiffServ With DiffServ the Switch marks packets so that they receive specific p...

Страница 306: ...nt to trunk ports if for example it is cheaper to use multiple lower speed links than to under utilize a high speed but more costly single port link Port Authentication and Security For security the Switch allows authentication using IEEE 802 1x with an external RADIUS server and port security that allows only packets with dynamically learned MAC addresses and or configured static MAC addresses to...

Страница 307: ...oadcast storm control Static MAC address forwarding Switching Switching fabric 48 Gbps non blocking Max Frame size 1522 bytes Forwarding frame IEEE 802 3 IEEE 802 1Q Ethernet II PPPoE Prevent the forwarding of corrupted packets STP IEEE 802 1w Rapid Spanning Tree Protocol RSTP Multiple Rapid Spanning Tree capability 4 configurable trees QoS IEEE 802 1p with 8 priority queues per port Rule based cl...

Страница 308: ...802 3ad LACP 6 groups 8 ports groups randomly selected IEEE 802 1D STP IEEE 802 1w RSTP Supports ZyXEL BPS backup power system Security Static MAC address filtering Limiting number of dynamic addresses per port IEEE 802 1x port based authentication Port based VLAN 802 1Q VLAN 256 static VLAN GVRP automatic member registration SSH SSL Wire speed filtering per MAC IP TCP UDP Wire speed rate limiting...

Страница 309: ...nd security levels Privileges assigned via CLI or via RADIUS server Self diagnostics Non volatile memory for system database storage FLASH memory Support MIB community string community access privilege Trap IP setting Network Management CLI through console port and Telnet RS 232C DB 9 port for local management Firmware upgrade configuration backup restore via FTP Text based configuration profile f...

Страница 310: ... Ethernet mini GBIC port 100 1000 LNK ACT Per mini GBIC port LNK ACT Per Management port 10 100 Dimension Standard 19 rack mountable 438 mm W x 300 mm D x 44 45 mm H Weight 4 2 kg Temperature Operating 0º C 45º C 32º F 113º F Storage 25º C 70º C 14º F 158º F Humidity 10 90 non condensing Safety UL 60950 1 CSA 60950 1 EN 60950 1 IEC 60950 1 EMC FCC Part 15 Class A CE EMC Class A Table 102 Power Spe...

Страница 311: ...fuse housing 3 A burnt out fuse is blackened darkened or cloudy inside its glass casing A working fuse has a completely clear glass casing Pull gently but firmly to remove the burnt out fuse from the fuse housing Dispose of the burnt out fuse properly Installing a Fuse 1 The Switch is shipped from the factory with one spare fuse included in a box like section of the fuse housing Push the middle pa...

Страница 312: ...Appendix B Changing a Fuse GS 2724 User s Guide 312 ...

Страница 313: ... log into your device Either disable pop up blocking enabled by default in Windows XP SP Service Pack 2 or allow pop up blocking and create an exception for your device s IP address 45 3 0 1 1 Disable pop up Blockers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 125 Pop up Blocker You can also check if pop up blocking is disabled in the Pop up Bl...

Страница 314: ...lick Apply to save this setting 45 3 0 1 2 Enable pop up Blockers with Exceptions Alternatively if you only want to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab 2 Select Settings to open the Pop up Blocker Settings screen ...

Страница 315: ...nternet Options 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 1 1 4 Click Add to move the IP address to the list of Allowed sites Figure 128 Pop up Blocker Settings 5 Click Close to return to the Privacy screen ...

Страница 316: ... Internet Explorer check that JavaScripts are allowed 1 In Internet Explorer click Tools Internet Options and then the Security tab Figure 129 Internet Options 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default 6 Click OK to close the window...

Страница 317: ...Java Scripting 45 3 0 3 Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected 5 Click OK to close the window Figure 131 Security Settings Java ...

Страница 318: ...rmissions GS 2724 User s Guide 318 45 3 0 3 1 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 make sure that Use Java 2 for applet under Java Sun is selected 3 Click OK to close the window Figure 132 Java Sun ...

Страница 319: ...are a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the network the packets are delivered Structure An IP address is made up of four p...

Страница 320: ... part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Subnet masks can be referred to by the size of th...

Страница 321: ...by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks u...

Страница 322: ...ws the company network before subnetting Figure 134 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 The following figure shows the company...

Страница 323: ... 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving 2...

Страница 324: ...net 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 110 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 ...

Страница 325: ... BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 113 16 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 16382...

Страница 326: ... You don t need to change the subnet mask computed by the Switch unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA ...

Страница 327: ...computer B which is a DHCP client Neither can access the Internet This problem can be solved by assigning a different static IP address to computer A or setting computer A to obtain an IP address automatically Figure 136 Conflicting Computer IP Addresses Example Conflicting Router IP Addresses Example Since a router connects different networks it must have interfaces using different network number...

Страница 328: ...an not use the same IP address In the following example the computer and the router s LAN port both use 192 168 1 1 as the IP address The computer cannot access the Internet This problem can be solved by assigning a different IP address to the computer or the router s LAN port Figure 138 Conflicting Computer and Router IP Addresses Example ...

Страница 329: ...s USER this is the IP protocol number Description This is a brief explanation of the applications that use this service or the situations in which this service is used Table 114 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It is al...

Страница 330: ...rnet chat program NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that provides transparent file sharing for network environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING User Defined 1 Packet INternet Groper is a protocol that sends out ICMP echo requests to...

Страница 331: ...g mainframes midrange systems UNIX systems and network servers SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Inte...

Страница 332: ...Appendix E Common Services GS 2724 User s Guide 332 ...

Страница 333: ...ftware described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in thi...

Страница 334: ...xpressly approved by the party responsible for compliance could void the user s authority to operate the equipment This Class A digital apparatus complies with Canadian ICES 003 Cet appareil numérique de la classe A est conforme à la norme NMB 003 du Canada CLASS 1 LASER PRODUCT APPAREIL A LASER DE CLASS 1 PRODUCT COMPLIES WITH 21 CFR 1040 10 AND 1040 11 PRODUIT CONFORME SELON 21 CFR 1040 10 ET 10...

Страница 335: ...irect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact ZyXEL s Service Center for your Return Material Authorization number RMA Products must be returned Postage Prepaid It is recommended that the unit be insured when shipped Any returned products without proof of purchase or those with an out dated warranty will be repaired or replaced at the d...

Страница 336: ...Appendix F Legal Information GS 2724 User s Guide 336 ...

Страница 337: ...439 Web Site www zyxel com www europe zyxel com FTP Site ftp zyxel com ftp europe zyxel com Regular Mail ZyXEL Communications Corp 6 Innovation Road II Science Park Hsinchu 300 Taiwan Costa Rica Support E mail soporte zyxel co cr Sales E mail sales zyxel co cr Telephone 506 2017878 Fax 506 2015098 Web Site www zyxel co cr FTP Site ftp zyxel co cr Regular Mail ZyXEL Costa Rica Plaza Roble Escazú Et...

Страница 338: ...i Finland France E mail info zyxel fr Telephone 33 4 72 52 97 97 Fax 33 4 72 52 19 20 Web Site www zyxel fr Regular Mail ZyXEL France 1 rue des Vergers Bat 1 C 69760 Limonest France Germany Support E mail support zyxel de Sales E mail sales zyxel de Telephone 49 2405 690969 Fax 49 2405 6909 99 Web Site www zyxel de Regular Mail ZyXEL Deutschland GmbH Adenauerstr 20 A2 D 52146 Wuerselen Germany Hun...

Страница 339: ... U S A Norway Support E mail support zyxel no Sales E mail sales zyxel no Telephone 47 22 80 61 80 Fax 47 22 80 61 81 Web Site www zyxel no Regular Mail ZyXEL Communications A S Nils Hansens vei 13 0667 Oslo Norway Poland E mail info pl zyxel com Telephone 48 22 333 8250 Fax 48 22 333 8251 Web Site www pl zyxel com Regular Mail ZyXEL Communications ul Okrzei 1A 03 715 Warszawa Poland Russia Suppor...

Страница 340: ... support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 Fax 380 44 494 49 32 Web Site www ua zyxel com Regular Mail ZyXEL Ukraine 13 Pimonenko Str Kiev 04050 Ukraine United Kingdom Support E mail support zyxel co uk Sales E mail sales zyxel co uk Telephone 44 1344 303044 08707 555779 UK only Fax 44 1344 303034 Web Site www zyxel co uk FTP Site ftp zyxel co uk Regular Mail ...

Страница 341: ...he password 54 Class of Service CoS 173 classifier 131 133 and QoS 131 editing 134 example 135 overview 131 setup 131 133 134 viewing 134 CLI syntax conventions 230 cloning a port See port cloning 226 cluster management 211 and passwords 216 cluster manager 211 215 cluster member 211 216 cluster member firmware upgrade 213 models 211 network example 211 setup 214 specification 211 status 212 VID 2...

Страница 342: ...ing 175 network example 173 PHB 173 disclaimer 333 double tagged frames 147 DS Differentiated Services 173 DSCP DSCP to IEEE802 1p mapping 175 service level 173 what it does 173 DSCP DiffServ Code Point 173 dynamic link aggregation 117 E egress port 96 enable mode 232 examples 263 Ethernet broadcast address 221 Ethernet port test 206 Ethernet ports default settings 42 extended authentication proto...

Страница 343: ...tion freestanding 37 precautions 38 rack mounting 38 interface commands 281 Internet Assigned Numbers Authority See also IANA 326 introduction 33 IP interface 78 routing domain 78 setup 78 IP table 219 how it works 219 L LACP 117 system priority 120 timeout 120 LEDs 44 limit MAC address learning 128 Link Aggregate Control Protocol LACP 117 link aggregation 117 dynamic 117 ID information 118 setup ...

Страница 344: ...05 75 P password 54 administrator 197 PHB Per Hop Behavior 173 ping test connection 206 policy 140 141 and classifier 140 and DiffServ 137 configuration 140 example 142 overview 137 rules 137 138 viewing 141 policy configuration 141 port authentication 121 and RADIUS 121 123 and VSA 122 IEEE802 1x 124 port based VLAN type 77 port cloning 225 226 advanced settings 225 226 basic settings 225 226 por...

Страница 345: ...und Robin Scheduling 143 routing domain 78 routing table 223 RSTP 101 See also STP 101 rubber feet 37 S safety warnings 6 save configuration 54 190 screen summary 52 Secure Shell See SSH 198 service access control 202 service port 203 SFP Small Form factor Pluggable 42 show commands examples 263 Simple Network Management Protocol See SNMP 194 SNMP 194 agent 194 and MIB 194 communities 196 manageme...

Страница 346: ... time server 75 time service protocol 75 format 75 trademarks 333 transceiver installation 43 removal 43 traps SNMP 195 destination 196 trunk group 117 trunking 117 tunnel protocol attribute 122 Type of Service ToS 173 U user mode 232 examples 263 V Vendor Specific Attribute see VSA 121 ventilation 38 ventilation holes 38 VID 80 85 88 89 149 number of possible VIDs 85 priority frame 85 VID VLAN Id...

Страница 347: ...te 335 web configurator 49 getting help 57 home 50 login 49 logout 57 navigation panel 51 screen summary 52 weight queuing 143 Weighted Round Robin Scheduling WRR 143 WRR Weighted Round Robin Scheduling 143 Z ZyNOS ZyXEL Network Operating System 191 ...

Страница 348: ...Index GS 2724 User s Guide 348 ...

Отзывы:

Нет отзывов