ZyXEL Communications GS2200 Series Скачать руководство пользователя страница 205 | Manualshive

Страница: 205 / 320

background image

Chapter 25 IP Source Guard

GS2200 Series User’s Guide

205

25.10 Technical Reference

This section provides technical background information on the topics discussed in this chapter.

25.10.1 DHCP Snooping Overview

Use DHCP snooping to filter unauthorized DHCP packets on the network and to build the binding
table dynamically. This can prevent clients from getting IP addresses from unauthorized DHCP
servers.

25.10.1.1 Trusted vs. Untrusted Ports

Every port is either a trusted port or an untrusted port for DHCP snooping. This setting is
independent of the trusted/untrusted setting for ARP inspection. You can also specify the maximum
number for DHCP packets that each port (trusted or untrusted) can receive each second.

Trusted ports are connected to DHCP servers or other switches. The Switch discards DHCP packets
from trusted ports only if the rate at which DHCP packets arrive is too high. The Switch learns
dynamic bindings from trusted ports.

Note: If DHCP is enabled and there are no trusted ports, DHCP requests will not succeed.

Untrusted ports are connected to subscribers. The Switch discards DHCP packets from untrusted
ports in the following situations:

• The packet is a DHCP server packet (for example, OFFER, ACK, or NACK).
• The source MAC address and source IP address in the packet do not match any of the current

bindings.

• The packet is a RELEASE or DECLINE packet, and the source MAC address and source port do not

match any of the current bindings.

• The rate at which DHCP packets arrive is too high.

Log

Specify when the Switch generates log messages for receiving ARP packets from the
VLAN.

None: The Switch does not generate any log messages when it receives an ARP packet
from the VLAN.

Deny: The Switch generates log messages when it discards an ARP packet from the
VLAN.

Permit: The Switch generates log messages when it forwards an ARP packet from the
VLAN.

All: The Switch generates log messages every time it receives an ARP packet from the
VLAN.

Apply

Click Apply to save your changes to the Switch’s run-time memory. The Switch loses
these changes if it is turned off or loses power, so use the Save link on the top navigation
panel to save your changes to the non-volatile memory when you are done configuring.

Cancel

Click this to reset the values in this screen to their last-saved values.

Table 78

ARP Inspection VLAN Configure (continued)

LABEL

DESCRIPTION

«
...
203
204
205
206
207
...
»

Содержание GS2200 Series

Страница 1: ...el com GS2200 Series Intelligent Layer 2 GbE Switch Version 4 00 Edition 2 08 2012 Copyright 2012 ZyXEL Communications Corporation User s Guide Default Login Details IP Address https 192 168 1 1 User...

Страница 2: ...his book may differ slightly from your product due to differences in your product firmware or your computer operating system Every effort has been made to ensure that the information in this manual is...

Страница 3: ...VLAN 77 Static MAC Forward Setup 95 Static Multicast Forward Setup 97 Filtering 101 Spanning Tree Protocol 103 Bandwidth Control 123 Broadcast Storm Control 126 Mirroring 128 Link Aggregation 131 Port...

Страница 4: ...Contents Overview GS2200 Series User s Guide 4 Diagnostic 279 Syslog 281 Cluster Management 284 MAC Table 290 ARP Table 293 Configure Clone 295 Troubleshooting 297...

Страница 5: ...bits for Managing the Switch 20 Chapter 2 Hardware Installation and Connection 21 2 1 Installation Scenarios 21 2 2 Desktop Installation Procedure 21 2 3 Mounting the Switch on a Rack 21 2 3 1 Rack mo...

Страница 6: ...Creating a VLAN 41 5 1 2 Setting Port VID 42 5 2 Configuring Switch Management IP Address 43 Chapter 6 Tutorials 45 6 1 Overview 45 6 2 How to Use DHCP Snooping on the Switch 45 6 3 How to Use DHCP R...

Страница 7: ...ased VLANs 85 9 5 1 Configuring Subnet Based VLAN 86 9 6 Protocol Based VLANs 88 9 6 1 Configuring Protocol Based VLAN 88 9 7 Port based VLAN Setup 90 9 7 1 Configure a Port based VLAN 91 9 8 Technica...

Страница 8: ...gure Multiple Spanning Tree Protocol 114 13 8 1 Multiple Spanning Tree Protocol Port Configuration 117 13 9 Multiple Spanning Tree Protocol Status 117 13 10 Technical Reference 119 13 10 1 MSTP Networ...

Страница 9: ...40 18 3 Activate IEEE 802 1x Security 141 18 3 1 Guest VLAN 142 Chapter 19 Port Security 145 19 1 Overview 145 19 1 1 What You Can Do 145 19 2 Port Security Setup 146 Chapter 20 Classifier 148 20 1 Ov...

Страница 10: ...24 1 Overview 176 24 1 1 What You Can Do 176 24 1 2 What You Need to Know 176 24 2 AAA Screens 177 24 3 RADIUS Server Setup 177 24 4 TACACS Server Setup 180 24 5 AAA Setup 182 24 6 Technical Reference...

Страница 11: ...ol Tunneling 213 27 1 Overview 213 27 1 1 What You Can Do 213 27 1 2 What You Need to Know 213 27 2 Configuring Layer 2 Protocol Tunneling 215 Chapter 28 PPPoE 217 28 1 PPPoE Intermediate Agent Overvi...

Страница 12: ...You Can Do 238 32 1 2 What You Need to Know 238 32 2 DHCP Status 239 32 3 Configuring DHCP Global Relay 240 32 3 1 Global DHCP Relay Configuration Example 241 32 4 Configuring DHCP VLAN Settings 241 3...

Страница 13: ...g SNMP Trap Group 258 35 3 2 Configuring SNMP User 259 35 4 Setting Up Login Accounts 260 35 5 Service Port Access Control 262 35 6 Remote Management 262 35 7 Technical Reference 264 35 7 1 About SNMP...

Страница 14: ...P Table 293 40 1 Overview 293 40 1 1 What You Can Do 293 40 1 2 What You Need to Know 293 40 2 Viewing the ARP Table 293 Chapter 41 Configure Clone 295 41 1 Overview 295 41 2 Configure Clone 295 Chapt...

Страница 15: ...15 PART I User s Guide...

Страница 16: ...16...

Страница 17: ...he IEEE 802 3af PoE standard Ports 1 to 4 on the GS2200 8HP can supply power of up to 30W per Ethernet port Ports 5 to 8 on the GS2200 8HP and ports 1 to 24 on the GS2200 24P can supply power of up to...

Страница 18: ...alleviate bandwidth contention and eliminate server and network bottlenecks All users that need high bandwidth can connect to high speed department servers via the Switch You can provide a super fast...

Страница 19: ...rmance Switched Workgroup Application 1 1 4 IEEE 802 1Q VLAN Application Examples A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple logical networks Stations...

Страница 20: ...6 1 on page 253 SNMP The Switch can be monitored by an SNMP manager See Section 35 7 1 on page 264 Cluster Management Cluster Management allows you to manage multiple switches through one switch call...

Страница 21: ...evel surface strong enough to support the weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air ci...

Страница 22: ...to the Switch 1 Position a mounting bracket on one side of the Switch lining up the four screw holes on the bracket with the screw holes on the side of the Switch Figure 5 Attaching the Mounting Brack...

Страница 23: ...l Mounting for GS2200 8 only Do the following to attach your Switch to a wall Insecure mounting may damage the device or cause injury ZyXEL is not responsible for damages incurred by insecure wall mou...

Страница 24: ...igure 7 Wall mounting Example The Switch should be wall mounted horizontally The Switch s side panels with ventilation slots should not be facing up or down as this position is less safe The following...

Страница 25: ...the Switch and shows you how to make the hardware connections 3 2 Front Panels The following figure shows the front panel of the Switch Figure 9 Front Panel GS2200 8 Figure 10 Front Panel GS2200 8HP E...

Страница 26: ...1000 BASE T PoE Ports GS2200 8HP or GS2200 24P only Connect these ports to a computer a hub a wireless AP an Ethernet switch or router The GS2200 8HP supports the IEEE 802 3at High Power over Ethernet...

Страница 27: ...C and 1000Base T Ethernet pair The mini GBIC slots have priority over the Gigabit ports This means that if a mini GBIC slot and the corresponding GbE port are connected at the same time the GbE port w...

Страница 28: ...t Interface Converter transceivers A transceiver is a single unit that houses a transmitter and a receiver The Switch does not come with transceivers You must use transceivers that comply with the Sma...

Страница 29: ...following steps to remove a mini GBIC transceiver SFP module 1 Remove the fiber optic cables from the transceiver 2 Open the transceiver s latch latch styles vary 3 Pull the transceiver out of the slo...

Страница 30: ...ing PPS GS2200 24P only Green On External power supply is turned on Off External power supply is turned off or has failed ALM Red On A hardware failure is detected Off The system is functioning normal...

Страница 31: ...31 PART II Technical Reference...

Страница 32: ...32...

Страница 33: ...eb browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 4 2 System Login...

Страница 34: ...me Screen for GS2200 24P Status A Click the menu items to open submenu links and then click on a submenu link to open the screen in the main window B C D E These are quick links which allow you to per...

Страница 35: ...ys general system information General Setup This link takes you to a screen where you can configure general identification information about the Switch Switch Setup This link takes you to a screen whe...

Страница 36: ...resses to learn on a port Classifier This link takes you to a screen where you can configure the Switch to group packets based on the specified criteria Policy Rule This link takes you to a screen whe...

Страница 37: ...an change the system login password and configure SNMP and remote management Diagnostic This link takes you to a screen where you can view system logs and test port s Syslog This link takes you to scr...

Страница 38: ...ply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off Click the Save link in the upper right hand corner of the web config...

Страница 39: ...le with the factory default configuration file This means that you will lose all previous configurations and the speed of the console port will be reset to the default of 9600 bps with 8 data bits no...

Страница 40: ...your password again after you log out This is recommended after you finish a management session for security reasons Figure 21 Web Configurator Logout Screen 4 8 Help The web configurator s online he...

Страница 41: ...r the initial setup Create a VLAN Set port VLAN ID Configure the Switch IP management address 5 1 1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port s belongs You can...

Страница 42: ...nce the VLAN2 network is connected to port 1 on the Switch select Fixed to configure port 1 to be a permanent member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs c...

Страница 43: ...en click the VLAN Port Setting link 2 Enter 2 in the PVID field for port 1 and click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s p...

Страница 44: ...information 3 Click Basic Setting IP Setup in the navigation panel 4 Configure the related fields in the IP Setup screen 5 For the VLAN2 network enter 192 168 2 1 as the IP address and 255 255 255 0...

Страница 45: ...LAN containing ports 5 6 and 7 Connect a computer M to the Switch for management Figure 25 Tutorial DHCP Snooping Tutorial Overview Note For related information about DHCP snooping see Section 25 1 on...

Страница 46: ...the Control field as shown Deselect Tx Tagging because you don t want outgoing traffic to contain this VLAN tag Click Add Figure 26 Tutorial Create a VLAN and Add Ports to It 3 Go to Advanced Applicat...

Страница 47: ...ply Figure 28 Tutorial Specify DHCP VLAN 5 Click the Port link at the top right corner 6 The DHCP Snooping Port Configure screen appears Select Trusted in the Server Trusted state field for port 5 bec...

Страница 48: ...ort 6 or 7 The computer should be able to get an IP address from the DHCP server If you put the DHCP server on port 6 or 7 the computer will not able to get an IP address 10 To check if DHCP snooping...

Страница 49: ...72 16 1 18 to DHCP client A based on the system name VLAN ID and port number in the DHCP request Client A connects to the Switch s port 2 in VLAN 102 Figure 32 Tutorial DHCP Relay Scenario 6 3 2 Creat...

Страница 50: ...utorial Set VLAN Type to 802 1Q 3 Click Advanced Application VLAN Static VLAN 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN 102 for example in the Name field and enter 102 in...

Страница 51: ...Figure 34 Tutorial Create a Static VLAN 8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen Figure 35 Tutorial Click the VLAN Port Sett...

Страница 52: ...uration permanently 6 3 3 Configuring DHCP Relay Follow the steps below to enable DHCP relay on the Switch and allow the Switch to add relay agent information such as the VLAN ID to DHCP requests 1 Cl...

Страница 53: ...ion permanently 7 The DHCP server can then assign a specific IP address based on the DHCP request 6 3 4 Troubleshooting Check the client A s IP address If it did not receive the IP address 172 16 1 18...

Страница 54: ...page port details and PoE status The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details 7 1 1 What You Can Do Use the Port Sta...

Страница 55: ...e Status screen as shown next Figure 38 Status GS2200 24 Figure 39 Status GS2200 24P The following table describes the labels in this screen Table 7 Status LABEL DESCRIPTION Port This identifies the E...

Страница 56: ...ower from the Switch on this port LACP This fields displays whether LACP Link Aggregation Control Protocol has been enabled on the port TxPkts This field shows the number of transmitted frames on this...

Страница 57: ...an individual port on the Switch Figure 40 Status Port Details The following table describes the labels in this screen Table 8 Status Port Details LABEL DESCRIPTION Port Info Port NO This field displa...

Страница 58: ...hows the number of good multicast packets received Broadcast This field shows the number of good broadcast packets received Pause This field shows the number of 802 3x Pause packets received TX Collis...

Страница 59: ...1023 This field shows the number of packets including bad packets received that were between 512 and 1023 octets in length 1024 1518 This field shows the number of packets including bad packets receiv...

Страница 60: ...65 to choose your VLAN type set the ARP aging time and GARP timers and assign priorities to queues Use the IP Setup screen Section 8 6 1 on page 67 to configure the Switch IP address default gateway d...

Страница 61: ...r of the Switch s current firmware including the date created Ethernet Address This field refers to the Ethernet MAC Media Access Control address of the Switch Hardware Monitor Temperature Unit The Sw...

Страница 62: ...te RPM 41 is displayed for speeds too small to measure under 2000 RPM Threshold This field displays the minimum speed at which a normal fan should work Status Normal indicates that this fan is functio...

Страница 63: ...service protocol that your timeserver uses Not all time servers support all protocols so you may have to use trial and error to find a protocol that works The main differences between them are the tim...

Страница 64: ...mples Daylight Saving Time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the U...

Страница 65: ...een Refer to Chapter 9 on page 77 for more information on VLAN Figure 43 Basic Setting Switch Setup The following table describes the labels in this screen Table 11 Basic Setting Switch Setup LABEL DE...

Страница 66: ...g The Switch has eight physical queues that you can map to the 8 priority levels On the Switch traffic assigned to higher index queues gets through faster while traffic in lower index queues is droppe...

Страница 67: ...64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre defined VLAN s Note You must configure a VLAN first Figure 44 Basic Setting IP Setup The following ta...

Страница 68: ...esses You can create up to 64 IP addresses which are used to access and manage the Switch from the ports belonging to the pre defined VLAN s You must configure a VLAN first IP Address Enter the IP add...

Страница 69: ...ake some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as...

Страница 70: ...l is used in full duplex mode to send a pause signal to the sending port causing it to temporarily stop sending signals when the receiving port memory buffers fill Back Pressure flow control is typica...

Страница 71: ...High Power over Ethernet PoE standard and the GS2200 24P complies with the IEEE 802 3af PoE standard Ports 1 to 4 on the GS2200 8HP can supply power of up to 30W per Ethernet port Ports 5 to 8 on the...

Страница 72: ...y supplying to the connected PoE enabled devices Allocated Power W This field displays the total amount of power the Switch has reserved for PoE after negotiating with the connected PoE device s It sh...

Страница 73: ...IEEE 802 3at PD Priority When the total power requested by the PDs exceeds the total PoE power budget on the Switch you can set the PD priority to allow the Switch to provide power to ports with high...

Страница 74: ...llocated by the Switch may be less than the Max Power mW of the PD PDs with higher priority also get more power than those with lower priority levels Port This is the port index number PD Select this...

Страница 75: ...ory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Can...

Страница 76: ...Chapter 8 Basic Setting GS2200 Series User s Guide 76...

Страница 77: ...MAC address and its associated port 9 1 2 What You Need to Know Read this section to know more about VLAN and how to configure the screens IEEE 802 1Q Tagged VLANs A tagged VLAN uses an explicit tag...

Страница 78: ...in 9 1 2 1 Automatic VLAN Registration GARP and GVRP are the protocols used to automatically register VLAN membership across switches GARP GARP Generic Attribute Registration Protocol allows network s...

Страница 79: ...trunking port s Figure 49 Port VLAN Trunking 9 1 2 3 Select the VLAN Type Select a VLAN type in the Basic Setting Switch Setup screen Figure 50 Switch Setup Select VLAN Type VLAN Administrative Contr...

Страница 80: ...ication VLAN VLAN Status LABEL DESCRIPTION VLAN Search by VID Enter an existing VLAN ID number s separated by a comma and click Search to display only the specified VLAN s in the list below Leave this...

Страница 81: ...annot be seen in one screen Table 17 Advanced Application VLAN VLAN Status continued LABEL DESCRIPTION Table 18 Advanced Application VLAN VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to...

Страница 82: ...VLAN Static VLAN The following table describes the related labels in this screen Table 19 Advanced Application VLAN Static VLAN LABEL DESCRIPTION ACTIVE Select this check box to activate the VLAN sett...

Страница 83: ...ansmitted with this VLAN Group ID Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top n...

Страница 84: ...defines a way for switches to register necessary VLAN members on ports across the network Select this check box to permit VLAN groups beyond the local Switch Ingress Check If this check box is selecte...

Страница 85: ...PVID Port VLAN ID is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines Enter a number between 1and 4094 as the port...

Страница 86: ...ple 9 5 1 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown Note Subnet based VLAN applies to un tagged packets and is...

Страница 87: ...bnet VLAN you are creating or editing Name Enter up to 32 alpha numeric characters to identify this subnet based VLAN IP Enter the IP address of the subnet for which you want to configure this subnet...

Страница 88: ...r group and have higher priority than ARP traffic when they go through the uplink port to a backbone switch C Figure 57 Protocol Based VLAN Application Example 9 6 1 Configuring Protocol Based VLAN Cl...

Страница 89: ...s protocol based VLAN or select Others and type the protocol number in hexadecimal notation For example the IP protocol in hexadecimal notation is 0800 and Novell IPX protocol is 8137 Note Protocols i...

Страница 90: ...vate port based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that require a VID you must enter 1 as the VID The port based VLAN setup...

Страница 91: ...7 1 Configure a Port based VLAN Select Port Based as the VLAN Type in the Basic Setting Switch Setup screen and then click Advanced Application VLAN from the navigation panel to display the next scree...

Страница 92: ...Chapter 9 VLAN GS2200 Series User s Guide 92 Figure 60 Port Based VLAN Setup Port Isolation...

Страница 93: ...y top right of screen to display the screens as mentioned above You can still customize these settings by adding deleting incoming or outgoing ports but you must also click Apply at the bottom of the...

Страница 94: ...et to 0 and click Add Figure 61 Protocol Based VLAN Configuration Example To add more ports to this protocol based VLAN 1 Click the index number of the protocol based VLAN entry Click 1 2 Change the v...

Страница 95: ...MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for...

Страница 96: ...loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved...

Страница 97: ...s is the MAC address of a member of a multicast group A static multicast address is a multicast MAC address that has been manually entered in the multicast table Static multicast addresses do not age...

Страница 98: ...mes being forwarded to ports 2 and 3 within VLAN group 4 Figure 63 No Static Multicast Forwarding Figure 64 Static Multicast Forwarding to A Single Port Figure 65 Static Multicast Forwarding to Multip...

Страница 99: ...he VLAN group here If you don t have a specific target VLAN enter 1 Port Enter the port s where frames with destination MAC address that matched the entry above are forwarded You can enter multiple po...

Страница 100: ...a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to...

Страница 101: ...ination MAC addresses and VLAN group ID 12 1 1 What You Can Do Use the Filtering screen Section 12 2 on page 101 to create rules for traffic going through the Switch 12 2 Configure a Filtering Rule Us...

Страница 102: ...irs VID Type the VLAN group identification number Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save l...

Страница 103: ...on screen Section 13 3 on page 107 to activate one of the STP modes on the Switch Use the Rapid Spanning Tree Protocol screen Section 13 4 on page 108 to configure RSTP settings Use the Rapid Spanning...

Страница 104: ...slower the media the higher the cost On each bridge the root port is the port through which this bridge communicates with the root It is the port on this switch with the lowest path cost to the root...

Страница 105: ...and assign port s to each tree Each spanning tree operates independently with its own bridge information In the following example there are two RSTP instances MRSTP 1 and MRSTP2 on switch A To set up...

Страница 106: ...ning Tree Instance MSTI MSTI allows multiple VLANs to use the same spanning tree Load balancing is possible as traffic from different VLANs can use distinct paths in a region 13 2 Spanning Tree Protoc...

Страница 107: ...lication Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree or Multip...

Страница 108: ...110 Active Select this check box to activate RSTP Clear this checkbox to disable RSTP Note You must also activate Rapid Spanning Tree in the Advanced Application Spanning Tree Protocol Configuration s...

Страница 109: ...s Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row ar...

Страница 110: ...Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwardin...

Страница 111: ...trees Active Select this check box to activate an STP tree Clear this checkbox to disable an STP tree Note You must also activate Multiple Rapid Spanning Tree in the Advanced Application Spanning Tre...

Страница 112: ...to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as so...

Страница 113: ...e for Root and Our Bridge if the Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines...

Страница 114: ...de 114 13 8 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Multiple STP on page 106 for more information on MSTP F...

Страница 115: ...ormation about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise tempor...

Страница 116: ...ecides which port should be disabled when more than one port forms a loop in a switch Ports with a higher priority numeric value are disabled first The allowed range is between 0 and 255 and the defau...

Страница 117: ...ttings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make t...

Страница 118: ...spanning tree the root bridge Our Bridge is this switch This Switch may also be the root bridge Bridge ID This is the unique identifier for this bridge consisting of bridge priority plus MAC address T...

Страница 119: ...econfigured Time Since Last Change This is the time since the spanning tree was last reconfigured Instance These fields display the MSTI to VLAN mapping In other words which VLANs run on each spanning...

Страница 120: ...fferent spanning trees in the network Thus traffic from the two VLANs travel on different paths The following figure shows the network example using MSTP Figure 79 MSTP Network Example 13 10 2 MST Reg...

Страница 121: ...cific MSTI Each created MSTI is identified by a unique number known as an MST ID known internally to a region Thus an MSTI does not span across MST regions The following figure shows an example where...

Страница 122: ...ocol GS2200 Series User s Guide 122 that runs between MST regions and single spanning tree devices A network may contain multiple MST regions and other network segments running RSTP Figure 81 MSTP and...

Страница 123: ...an cap the maximum bandwidth using the Bandwidth Control screen Bandwidth control means defining a maximum allowable bandwidth for out going traffic flows on a port 14 1 1 What You Can Do Use the Band...

Страница 124: ...o all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in t...

Страница 125: ...ime memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configur...

Страница 126: ...d on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast...

Страница 127: ...me settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you m...

Страница 128: ...g allows you to copy a traffic flow to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference 16 1 1 What You Can Do Use t...

Страница 129: ...or Port The monitor port is the port you copy the traffic to in order to examine it in more detail without interfering with the traffic flow on the original port s Enter the port number of the monitor...

Страница 130: ...ime memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configur...

Страница 131: ...ne logical link in the trunk group and so on Use the Link Aggregation Setting screen Section 17 3 on page 134 to configure to enable static link aggregation Use the Link Aggregation Control Protocol s...

Страница 132: ...k topology loops Link Aggregation ID LACP aggregation ID consists of the following information1 17 2 Link Aggregation Status Click Advanced Application Link Aggregation in the navigation panel The Lin...

Страница 133: ...belonging to this trunk group and LACP is also enabled for this group Criteria This shows the outgoing traffic distribution algorithm used in this trunk group Packets from the same source and or to t...

Страница 134: ...dvanced Application Link Aggregation Link Aggregation Setting The following table describes the labels in this screen Table 43 Advanced Application Link Aggregation Link Aggregation Setting LABEL DESC...

Страница 135: ...addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distribute...

Страница 136: ...mation on dynamic link aggregation Figure 87 Advanced Application Link Aggregation Link Aggregation Setting LACP The following table describes the labels in this screen Table 44 Advanced Application L...

Страница 137: ...orts Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row...

Страница 138: ...h B Figure 88 Trunking Example Physical Connections 2 Configure static trunking Click Advanced Application Link Aggregation Link Aggregation Setting In this screen activate trunk group T1 select the t...

Страница 139: ...the Guest VLAN screen Section 18 3 on page 141 to activate IEEE 802 1x security 18 1 2 What You Need to Know IEEE 802 1x authentication uses the RADIUS Remote Authentication Dial In User Service RFC...

Страница 140: ...the port authentication method both on the Switch and the port s then configure the RADIUS server settings in the Auth and Acct Radius Server Setup screen Click Advanced Application Port Authenticatio...

Страница 141: ...s the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them A...

Страница 142: ...feature on a port when a subnet based VLAN or protocol based VLAN is activated on the Switch Reauth Specify if a subscriber has to periodically re enter his or her username and password to stay conne...

Страница 143: ...est Vlan A guest VLAN is a pre configured VLAN on the Switch that allows non authenticated users to access limited network resources through the Switch You must also enable IEEE 802 1x authentication...

Страница 144: ...ply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your cha...

Страница 145: ...r than the sum cannot exceed 16K For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port securi...

Страница 146: ...eviously learned MAC addresses on the specified port s will become static MAC addresses and display in the Static MAC Forwarding screen MAC freeze Click MAC freeze to have the Switch automatically sel...

Страница 147: ...number of dynamic MAC addresses that may be learned on a port For example if you set this field to 5 on port 2 then only the devices with these five learned MAC addresses may access port 2 at any one...

Страница 148: ...twork performance and make the network inadequate for time critical application such as video on demand A classifier groups traffic into data flows according to specific criteria such as the source ad...

Страница 149: ...riptive name for this rule for identifying purposes Layer 2 Specify the fields below to configure a layer 2 classifier Ethernet Type Select an Ethernet type or select Other and enter the Ethernet type...

Страница 150: ...00000000 and counting up the number of ones in this case results in 24 Socket Number Note You must select either UDP or TCP in the IP Protocol field before you configure the socket numbers Select Any...

Страница 151: ...DESCRIPTION Index This field displays the index number of the rule Click an index number to edit the rule Active This field displays Yes when the rule is activated and No when it is deactivated Name...

Страница 152: ...lassifier Example The following screen shows an example where you configure a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 EGP 8 L2TP 115 Table 52 Common TCP and...

Страница 153: ...0 Classifier GS2200 Series User s Guide 153 After you have configured a classifier you can configure a policy in the Policy screen to define action s on the classified traffic flow Figure 98 Classifie...

Страница 154: ...on page 148 for more information A policy rule ensures that a traffic flow gets the requested treatment in the network 21 1 1 What You Can Do Use the Policy screen Section 21 2 on page 154 to enable t...

Страница 155: ...ter a descriptive name for identification purposes Classifier s This field displays the active classifier s you configure in the Classifier screen Select the classifier s to which this policy rule app...

Страница 156: ...will forward the packets If Policy 1 applies to Class 1 and the action is to drop the packets Policy 2 applies to Class 2 and the action is to enable bandwidth limitation the Switch will discard the p...

Страница 157: ...table at the bottom of the Policy screen To change the settings of a rule click a number in the Index field Figure 100 Advanced Application Policy Rule Summary Table Delete Click Cancel to clear the D...

Страница 158: ...Guide 158 21 3 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier refer to Section...

Страница 159: ...highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent S...

Страница 160: ...field rather than a fixed amount of bandwidth WRR is activated only when a port has more traffic than it can handle Queues with larger weights get more service than queues with smaller weights This qu...

Страница 161: ...n the Weight field Queues with larger weights get more guaranteed bandwidth than queues with smaller weights Weighted Round Robin Scheduling services queues on a rotating basis based on their queue we...

Страница 162: ...ast group membership information and add VLANs upon which the Switch is to perform IGMP snooping Use the IGMP Filtering Profile screen Section 23 5 on page 169 to specify a range of multicast groups t...

Страница 163: ...ing VLAN MVR Overview Multicast VLAN Registration MVR is designed for applications such as Media on Demand MoD that use multicast traffic across an Ethernet ring based service provider network MVR all...

Страница 164: ...channel computer A sends an IGMP report to the Switch to join the appropriate multicast group If the IGMP report matches one of the configured MVR multicast group addresses on the Switch an entry is c...

Страница 165: ...See Section 23 1 on page 162 for more information on multicasting Figure 106 Advanced Application Multicast Multicast Setting Table 55 Advanced Application Multicast Status LABEL DESCRIPTION Index Thi...

Страница 166: ...orward a packet with the destination IP address within this range to other networks See the IANA web site for more information The layer 2 multicast MAC addresses used by Cisco layer 2 protocols 01 00...

Страница 167: ...ast Setting IGMP Filtering Profile screen IGMP Querier Mode The Switch treats an IGMP query port as being connected to an IGMP multicast router or server The Switch forwards IGMP join or leave packets...

Страница 168: ...he MVR screen you can only specify up to 15 VLANs in this screen The Switch drops any IGMP control messages which do not belong to these 16 VLANs Note You must also enable IGMP snooping in the Multica...

Страница 169: ...Cancel to reset the fields to your previous configuration Clear Click this to clear the fields Index This is the number of the IGMP snooping VLAN entry in the table Name This field displays the descri...

Страница 170: ...if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Clear Click Clear to clear the fields...

Страница 171: ...ation purposes Multicast VLAN ID Enter the VLAN ID 1 to 4094 of the multicast VLAN 802 1p Priority Select a priority level 0 7 with which the Switch replaces the priority in outgoing IGMP control pack...

Страница 172: ...is sent or received on this port Tagging Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted Add Click Add to save your changes to the Switch s run time me...

Страница 173: ...page 162 for more information on IP multicast addresses End Address Enter the ending IP multicast address of the multicast group in dotted decimal notation Enter the same IP address as the Start Addre...

Страница 174: ...23 Multicast GS2200 Series User s Guide 174 To configure the MVR settings on the Switch create a multicast group in the MVR screen and set the receiver and source ports Figure 112 MVR Configuration E...

Страница 175: ...raffic to the subscribers configure multicast group settings in the Group Configuration screen The following figure shows an example where two multicast groups News and Movie are configured for the mu...

Страница 176: ...4 on page 180 to configure your TACACS authentication settings Use the AAA Setup screen Section 24 5 on page 182 to specify the methods used to authenticate users accessing the Switch and specify whi...

Страница 177: ...cribes some key differences between RADIUS and TACACS 24 2 AAA Screens The AAA screens allow you to enable authentication and authorization or both of them on the Switch First configure your authentic...

Страница 178: ...econd RADIUS server Select round robin to alternate between the RADIUS servers that it sends authentication requests to Timeout Specify the amount of time in seconds that the Switch waits for an authe...

Страница 179: ...rver Index This is a read only number representing a RADIUS accounting server entry IP Address Enter the IP address of an external RADIUS accounting server in dotted decimal notation UDP Port The defa...

Страница 180: ...icate with the first configured TACACS server if the TACACS server does not respond then the Switch tries to authenticate with the second TACACS server Select round robin to alternate between the TACA...

Страница 181: ...nds that the Switch waits for an accounting request response from the TACACS server Index This is a read only number representing a TACACS accounting server entry IP Address Enter the IP address of an...

Страница 182: ...r Switch management Configure the access privilege of accounts via commands See the CLI Reference Guide for local authentication The TACACS and RADIUS are external servers Before you specify the prior...

Страница 183: ...erver Active Select this to activate authorization for a specified event types Method Select whether you want to use RADIUS or TACACS for authorization of specific types of events RADIUS is the only m...

Страница 184: ...at comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server Mode The Switch supports two modes of recording login events Select start stop to have the Swit...

Страница 185: ...for authentication This section lists the attributes used by authentication functions on the Switch In cases where the attribute has a specific format associated with it the format is specified Table...

Страница 186: ...User Name The format of the User Name attribute is enab where is the privilege level 1 14 User Password NAS Identifier NAS IP Address 24 6 3 2 Attributes Used to Login Users User Name User Password NA...

Страница 187: ...snooping on the Switch not on specific VLAN specify the VLAN where the default DHCP server is located and configure the DHCP snooping database Use the DHCP Snooping Port Configure screen Section 25 5...

Страница 188: ...RP packets typical implementation you have to enable DHCP snooping before you enable ARP inspection 25 2 IP Source Guard Use this screen to look at the current bindings for DHCP snooping and ARP inspe...

Страница 189: ...ding the new static binding replaces the original one To open this screen click Advanced Application IP Source Guard Static Binding Figure 121 IP Source Guard Static Binding Type This field displays h...

Страница 190: ...static bindings from previously learned ARP entries which match the specified criteria and display them in the lower part of the screen Static Binding MAC Address Enter the source MAC address in the...

Страница 191: ...igure screen See Section 25 5 on page 193 Agent URL This field displays the location of the DHCP snooping database Write delay timer This field displays how long in seconds the Switch tries to complet...

Страница 192: ...s the Switch could not create or read the DHCP snooping database when the Switch started up or a new URL is configured for the DHCP snooping database Successful transfers This field displays the numbe...

Страница 193: ...the DHCP binding database Total ignored bindings counters This section displays the reasons the Switch has ignored bindings any time it read bindings from the DHCP binding database You can clear these...

Страница 194: ...rs on a specific VLAN Note You have to enable DHCP snooping on the DHCP VLAN too You can enable Option82 in the DHCP Snooping VLAN Configure screen Section 25 5 2 on page 197 to help the DHCP servers...

Страница 195: ...Snooping URL Enter the location of a DHCP snooping database and click Renew if you want the Switch to load it You can use this to load dynamic bindings from a different DHCP snooping database than the...

Страница 196: ...nected to DHCP servers or other switches and the Switch discards DHCP packets from trusted ports only if the rate at which DHCP packets arrive is too high Untrusted ports are connected to subscribers...

Страница 197: ...y the VLANs you want to manage in the section below Start VID Enter the lowest VLAN ID you want to manage in the section below End VID Enter the highest VLAN ID you want to manage in the section below...

Страница 198: ...ower so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last s...

Страница 199: ...ncel Click this to clear the Delete check boxes above Change Pages Click Previous or Next to show the previous next screen if all status information cannot be seen in one screen Table 73 ARP Inspectio...

Страница 200: ...RP Inspection Log Status LABEL DESCRIPTION Clearing log status table Click Apply to remove all the log messages that were generated by ARP packets and that have not been sent to the syslog server yet...

Страница 201: ...ng with the same MAC address and VLAN ID static deny An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID deny An ARP packet was discarded because the...

Страница 202: ...re dropped due to unavailable buffer Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter See Section 25 8 on page 200 Syslog rate Enter the...

Страница 203: ...in the ARP packet does not match any of the current bindings The rate at which ARP packets arrive is too high You can specify the maximum rate at which ARP packets can arrive on untrusted ports Limit...

Страница 204: ...our changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last saved values Table 77 ARP Inspection Port Configure continued LA...

Страница 205: ...witch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet...

Страница 206: ...g consists of 72 bytes a space and another checksum that is used to validate the binding when it is read If the calculated checksum is not equal to the checksum in the file that binding and all others...

Страница 207: ...ts the ARP request for computer A Then computer X does the following things It pretends to be computer A and responds to computer B It pretends to be computer B and sends a message to computer A As a...

Страница 208: ...he rate at which ARP packets arrive is too high 25 10 2 3 Syslog The Switch can send syslog messages to the specified syslog server Chapter 37 on page 281 when it forwards or discards ARP packets The...

Страница 209: ...tion 26 1 1 What You Can Do Use the Loop Guard screen Section 26 2 on page 211 to enable loop guard on the Switch and in specific ports 26 1 2 What You Need to Know Loop guard is designed to handle lo...

Страница 210: ...packet and seeing if the packet returns on the same port If this is the case the Switch will shut down the port connected to the switch in loop state The following figure shows a loop guard enabled po...

Страница 211: ...p problem on your network you can re activate the disabled port via the web configurator see Section 8 7 on page 69 or via commands See the CLI Reference Guide 26 2 Loop Guard Setup Click Advanced App...

Страница 212: ...hanges in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to chec...

Страница 213: ...2 in the following figure to tunnel layer 2 STP Spanning Tree Protocol CDP Cisco Discovery Protocol and VTP VLAN Trunking Protocol packets between customer switches A B and C in the following figure c...

Страница 214: ...er 2 protocol tunneling modes Access and Tunnel The Access port is an ingress port on the service provider s edge device 1 or 2 in Figure 140 on page 214 and connected to a customer switch A or B Inco...

Страница 215: ...ddress with which the Switch uses to encapsulate the layer 2 protocol packets by replacing the destination MAC address in the packets Note The MAC address can be either a unicast MAC address or multic...

Страница 216: ...er to automatically negotiate and build a logical port aggregation LACP Select this option to have the Switch send LACP packets to a peer to dynamically creates and manages trunk groups UDLD Select th...

Страница 217: ...on the Switch Use the PPPoE Per Port screen Section 28 3 1 on page 221 to set the port state and configure PPPoE intermediate agent sub options on a per port basis Use the PPPoE Per Port Per VLAN scr...

Страница 218: ...the Switch adds the user defined identifier string and variables into the Agent Circuit ID Sub option The variables can be the slot ID of the PPPoE client the port number of the PPPoE client and or t...

Страница 219: ...nt but received on a trusted port the Switch forwards it to other trusted port s Note The Switch will drop all PPPoE discovery packets if you enable the PPPoE intermediate agent and there are no trust...

Страница 220: ...PADI and PADR packets The Circuit ID you configure for a specific port or for a specific VLAN on a port has priority over this The Circuit ID you configure for a specific port in the Advanced Applicat...

Страница 221: ...Circuit ID sub option The variable options include sp sv pv and spv which indicate combinations of slot port slot VLAN port VLAN and slot port VLAN respectively The Switch enters a zero into the PADI...

Страница 222: ...E client and received on an untrusted port the Switch adds a vendor specific tag to the packet and then forwards it to the trusted port s The Switch discards PADO and PADS packets which are sent from...

Страница 223: ...ings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Note Changes in this row are copied to all th...

Страница 224: ...k Apply to display the specified range of VLANs in the section below VID This field displays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to...

Страница 225: ...configure the screen in this chapter 29 1 2 1 CPU Protection Switches exchange protocol control packets in a network to get the latest networking information If a switch receives large numbers of cont...

Страница 226: ...iguration Use this screen to limit the maximum number of control packets ARP BPDU and or IGMP that the Switch can receive or transmit on a port Click the Click Here link next to CPU protection in the...

Страница 227: ...as you make them Rate Limit pkt s Enter a number from 0 to 256 to specify how many control packets this port can receive or transmit per second 0 means no rate limit You can configure the action that...

Страница 228: ...t rate limitation The Switch drops the additional control packets the port has to handle in every one second Apply Click Apply to save your changes to the Switch s run time memory The Switch loses the...

Страница 229: ...nter the number of seconds from 30 to 2592000 for the time interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses p...

Страница 230: ...Chapter 29 Error Disable GS2200 Series User s Guide 230...

Страница 231: ...data to a server or device that is not reachable through the default gateway for example when sending SNMP traps or using ping to test IP connectivity This figure shows a Telnet session coming in from...

Страница 232: ...your Switch that will forward the packet to the destination The gateway must be a router on the same segment as your Switch Metric The metric represents the cost of transmission for routing purposes I...

Страница 233: ...ddress This field displays the IP address of the gateway The gateway is an immediate neighbor of your Switch that will forward the packet to the destination Metric This field displays the cost of tran...

Страница 234: ...very flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 31 1 1 What You Can Do Use the DiffServ screen Section 31 2 on page...

Страница 235: ...value the incoming packets into different traffic flows Platinum Gold Silver Bronze based on the configured marking rules A network administrator can then apply various traffic policies to the traffi...

Страница 236: ...k the DSCP Setting link in the DiffServ screen to display the screen as shown next Figure 156 IP Application DiffServ DSCP Setting Table 94 IP Application DiffServ LABEL DESCRIPTION Active Select this...

Страница 237: ...cation number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses thes...

Страница 238: ...e 241 to configure your DHCP settings based on the VLAN domain of the DHCP clients 32 1 2 What You Need to Know Read on for concepts on DHCP that can help you configure the screens in this chapter DHC...

Страница 239: ...s helps provide authentication about the source of the requests The DHCP server can then provide an IP address based on this information Please refer to RFC 3046 for more details The DHCP Relay Agent...

Страница 240: ...on DHCP Global LABEL DESCRIPTION Active Select this check box to enable DHCP relay Remote DHCP Server 1 3 Enter the IP address of a DHCP server in dotted decimal notation Relay Agent Information Selec...

Страница 241: ...itch to send additional information such as the VLAN ID together with the DHCP requests to the DHCP server This allows the DHCP server to assign the appropriate IP address according to the VLAN ID Fig...

Страница 242: ...t number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This read only field displays the system name you configure in the General Setup screen Select the...

Страница 243: ...sent to the other DHCP server with an IP address of 172 23 10 100 Figure 162 DHCP Relay for Two VLANs For the example network configure the VLAN Setting screen as shown Figure 163 DHCP Relay for Two...

Страница 244: ...ts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In a...

Страница 245: ...ich both the source and destination IP address fields are set to the IP address of the device that sends this request and the destination MAC address field is set to the broadcast address There will b...

Страница 246: ...he Switch then forwards host B s ICMP reply to host A right after getting host B s MAC address and ICMP reply 33 2 Configuring ARP Learning Click IP Application ARP Learning in the navigation panel to...

Страница 247: ...RP learning mode the Switch uses on the port Select ARP Reply to have the Switch update the ARP table only with the ARP replies to the ARP requests sent by the Switch Select Gratuitous ARP to have the...

Страница 248: ...Chapter 33 ARP Learning GS2200 Series User s Guide 248...

Страница 249: ...ction 34 4 on page 252 to upload a stored device configuration file Use the Backup Configuration screen Section 34 5 on page 252 to save your configurations for later use 34 2 The Maintenance Screen U...

Страница 250: ...on settings to Configuration 2 on the Switch Alternatively click Save on the top right hand corner in any screen to save the configuration changes to the current configuration Note Clicking the Apply...

Страница 251: ...h 34 3 Firmware Upgrade Use the following screen to upgrade your Switch to the latest firmware Make sure you have downloaded and unzipped the correct model firmware and version to your computer before...

Страница 252: ...is screen 34 5 Backup a Configuration File Use this screen to save and store your current device settings Backing up your Switch configurations allows you to create various snap shots of your device f...

Страница 253: ...he computer file firmware bin to the Switch ftp get config config cfg This is a sample FTP session saving the current configuration to a file called config cfg on your computer If your T FTP client do...

Страница 254: ...of the commands that you may see in GUI based FTP clients 34 6 5 FTP Restrictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote M...

Страница 255: ...p screen Section 35 3 1 on page 258 to specify the types of SNMP traps that should be sent to each SNMP manager Use the User Information screen Section 35 3 2 on page 259 to create SNMP users for auth...

Страница 256: ...reen as shown Figure 172 Management Access Control SNMP The following table describes the labels in this screen Table 105 Management Access Control SNMP LABEL DESCRIPTION General Setting Use this sect...

Страница 257: ...Destination Use this section to configure where to send SNMP traps from the Switch Version Specify the version of the SNMP trap messages IP Enter the IP addresses of up to four managers to send your...

Страница 258: ...ories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See SNMP Traps on page 265 for individual tra...

Страница 259: ...implement authentication and or encryption for SNMP communication from this user Choose noauth to use the username as the password string to send to the SNMP manager This is equivalent to the Get Set...

Страница 260: ...nts readwrite Members of this group have read and write rights meaning that the user can create and edit the MIBs on the Switch except the user account and AAA configuration readonly Members of this g...

Страница 261: ...default password when shipped New Password Enter your new system password Retype to confirm Retype your new system password for confirmation Edit Logins You may configure passwords for up to four user...

Страница 262: ...Control Service Access Control LABEL DESCRIPTION Services Services you may use to access the Switch are listed here Active Select this option for the corresponding services that you want to allow to a...

Страница 263: ...ient set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this...

Страница 264: ...switch into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and monitor managed...

Страница 265: ...B for TCP RFC 2013 SNMPv2 MIB for UDP SNMP Traps The Switch sends traps to an SNMP manager when an event occurs The following tables outline the SNMP traps by category An OID Object ID that begins wit...

Страница 266: ...normal operating range reset UncontrolledResetEventOn 1 3 6 1 4 1 890 1 5 8 55 27 2 1 1 3 6 1 4 1 890 1 5 8 56 27 2 1 1 3 6 1 4 1 890 1 5 8 59 27 2 1 1 3 6 1 4 1 890 1 5 8 60 27 2 1 This trap is sent...

Страница 267: ...ecified recovery interval fanspeed FanSpeedEventOn 1 3 6 1 4 1 890 1 5 8 56 27 2 1 1 3 6 1 4 1 890 1 5 8 60 27 2 1 This trap is sent when the fan speed goes above or below the normal operating range F...

Страница 268: ...8802 1 1 2 0 0 1 This trap is sent when the LLDP Link Layer Discovery Protocol remote topology changes transceiver ddm DDMIRxPowerEventOn DDMITemperatureEventOn DDMITxBiasEventOn DDMITxPowerEventOn D...

Страница 269: ...nting RADIUSAccNotNotReachableE ventOn 1 3 6 1 4 1 890 1 5 8 55 27 2 1 1 3 6 1 4 1 890 1 5 8 56 27 2 1 1 3 6 1 4 1 890 1 5 8 59 27 2 1 1 3 6 1 4 1 890 1 5 8 60 27 2 1 This trap is sent when there is n...

Страница 270: ...60 36 2 2 This trap is sent when the MRSTP topology changes MSTPTopologyChange 1 3 6 1 4 1 890 1 5 8 55 107 70 2 1 3 6 1 4 1 890 1 5 8 56 107 70 2 1 3 6 1 4 1 890 1 5 8 59 107 70 2 1 3 6 1 4 1 890 1...

Страница 271: ...7 2 1 How SSH works The following table summarizes how a secure connection is established between two remote hosts Figure 180 How SSH Works 1 Host Identification The SSH client sends a connection requ...

Страница 272: ...Transfer Protocol over Secure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transact...

Страница 273: ...our browser enter https Switch IP Address as the web site address where Switch IP Address is the IP address or domain name of the Switch you wish to access Internet Explorer Warning Messages Internet...

Страница 274: ...If that is the case click Continue to this website not recommended to proceed to the web configurator login screen Figure 183 Security Certificate Warning Internet Explorer 7 or 8 After you log in you...

Страница 275: ...r 35 Access Control GS2200 Series User s Guide 275 Click Install Certificate and follow the on screen instructions to install the certificate in your browser Figure 185 Certificate Internet Explorer 7...

Страница 276: ...ozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server a This Connection is Unstructed screen may display If that is the case click I Understand the Risks and then the Add...

Страница 277: ...ion to proceed to the web configurator login screen Figure 187 Security Alert Mozilla Firefox 35 7 3 2 The Main Screen After you accept the certificate and enter the login username and password the Sw...

Страница 278: ...35 Access Control GS2200 Series User s Guide 278 Mozilla Firefox or next to the address bar in Internet Explorer 7 or 8 denotes a secure connection Figure 188 Example Lock Denoting a Secure Connection...

Страница 279: ...ostic Click Management Diagnostic in the navigation panel to open this screen Use this screen to check system logs ping IP addresses or perform port tests Figure 189 Management Diagnostic The followin...

Страница 280: ...vice that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address in the field to the left Ethernet Port Test Enter a port number and click Port Test to perfor...

Страница 281: ...s The following table describes the syslog severity levels 37 1 1 What You Can Do Use the Syslog Setup screen Section 37 2 on page 281 to configure the device s system logging settings Use the Syslog...

Страница 282: ...he names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category Facility The log facility allows you to send...

Страница 283: ...mber the more critical the logs are Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top...

Страница 284: ...ther In the following example switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members Figure 192 Clustering Application Example T...

Страница 285: ...wing table describes the labels in this screen Table 122 Management Cluster Management Status LABEL DESCRIPTION Status This field displays the role of this Switch within the cluster Manager Member you...

Страница 286: ...guration Model This field displays the model name Status This field displays Online the cluster member switch is accessible Error for example the cluster member switch password was changed or the swit...

Страница 287: ...ndidates found by auto discovery is shown here The switches must be directly connected Directly connected switches that are set to be cluster managers will not be visible in the Clustering Candidate l...

Страница 288: ...gement Go to the Clustering Management Status screen of the cluster manager switch and then select an Index hyperlink from the list of members to go to that cluster member switch s web configurator ho...

Страница 289: ...a0 c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 400BPN0 bin fw 00...

Страница 290: ...MAC Table screen Section 39 2 on page 291 to check whether the MAC address is dynamic or static 39 1 2 What You Need to Know The Switch uses the MAC table to determine how to forward frames See the f...

Страница 291: ...destination port is the same as the port it came in on then it filters the frame Figure 197 MAC Table Flowchart 39 2 Viewing the MAC Table Use this screen to check whether the MAC address is dynamic o...

Страница 292: ...ct VID to display and arrange the data according to VLAN group Select PORT to display and arrange the data according to port number Transfer Type Select Dynamic to MAC forwarding and click the Transfe...

Страница 293: ...RP program looks in the ARP Table and if it finds the address sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills i...

Страница 294: ...dynamic entries learned on the specified port Flush Click Flush to remove the ARP entries according to the condition you specified Cancel Click Cancel to return the fields to the factory defaults Inde...

Страница 295: ...ou how you can copy the settings of one port onto other ports 41 2 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Ma...

Страница 296: ...2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings you configured in the Basic Setti...

Страница 297: ...e the power adaptor or cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or cord to th...

Страница 298: ...page 39 I cannot see or access the Login screen in the web configurator 1 Make sure you are using the correct IP address The default IP address is 192 168 1 1 If you changed the IP address use the ne...

Страница 299: ...in later Check that you have enabled logins for HTTP or Telnet If you have configured a secured client IP address your computer s IP address must match it Refer to the chapter on access control for de...

Страница 300: ...telnet HTTP and SSH see Section 35 6 on page 262 Computers not belonging to the secured client set cannot get permission to access the Switch 42 3 Switch Configuration I lost my configuration settings...

Страница 301: ...fuse housing 3 A burnt out fuse is blackened darkened or cloudy inside its glass casing A working fuse has a completely clear glass casing Pull gently but firmly to remove the burnt out fuse from the...

Страница 302: ...Appendix A Changing a Fuse GS2200 Series User s Guide 302...

Страница 303: ...ns in which this service is used Table 128 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this servi...

Страница 304: ...t sends out ICMP echo requests to test whether or not a remote host is reachable POP3 TCP 110 Post Office Protocol version 3 lets a client computer get e mail from a POP3 server through a temporary co...

Страница 305: ...UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on the Internet and in UNIX environments...

Страница 306: ...Appendix B Common Services GS2200 Series User s Guide 306...

Страница 307: ...ted and found to comply with the limits for a Class A digital switch pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a c...

Страница 308: ...ion Make sure to connect the cables to the correct ports Place connecting cables carefully so that no one will step on them or stumble over them Always disconnect all cables from this device before se...

Страница 309: ...Appendix C Legal Information GS2200 Series User s Guide 309 ROHS...

Страница 310: ...Appendix C Legal Information GS2200 Series User s Guide 310...

Страница 311: ...208 syslog messages 208 trusted ports 208 authentication 176 setup 182 Authentication and Authorization see AAA 176 authorization 176 privilege levels 182 184 setup 182 auto crossover 28 automatic VLA...

Страница 312: ...ing time 64 default Ethernet settings 28 DHCP 238 configuration options 238 modes 238 Option 82 239 overview 238 relay agent 238 relay agent information 239 relay example 242 setup 241 VLAN setting 24...

Страница 313: ...e Registration Protocol 78 GARP terminology 78 GARP timer 65 78 general setup 63 getting help 40 Gigabit ports 27 GMT Greenwich Mean Time 64 Guide CLI Reference 2 GVRP 78 84 85 and port assignment 85...

Страница 314: ...distribution algorithm 133 traffic distribution type 135 trunk group 131 Link Aggregation Control Protocol LACP 131 Link Aggregation Control Protocol see LACP 131 lockout 38 log 279 login 33 password...

Страница 315: ...h cost 116 port priority 116 revision level 115 status 117 MTU Multi Tenant Unit 64 Multicast 162 multicast 162 802 1 priority 166 and IGMP 162 IGMP throttling 167 IP addresses 162 overview 162 setup...

Страница 316: ...iority queue assignment 66 product registration 308 protocol based VLAN 88 and IEEE 802 1Q tagging 88 application example 88 configuration example 93 isolate traffic 88 priority 89 un tagged packets 8...

Страница 317: ...188 static link aggregation example 137 static MAC address 95 static MAC forwarding 86 88 95 static multicast address 97 static multicast forwarding 97 static routes 233 static trunking example 137 St...

Страница 318: ...l Link Detection see UDLD untrusted ports ARP inspection 208 DHCP snooping 205 PPPoE IA 219 user profiles 177 V Vendor Specific Attribute See VSA 184 ventilation 21 VID 80 81 number of possible VIDs 7...

Страница 319: ...200 Series User s Guide 319 login 33 logout 40 navigation panel 35 weight queuing 160 Weighted Round Robin Scheduling WRR 160 WRR Weighted Round Robin Scheduling 159 Z ZyNOS ZyXEL Network Operating Sy...

Страница 320: ...Index GS2200 Series User s Guide 320...

Отзывы:

Нет отзывов

Похожие инструкции для GS2200 Series

Бренд: Wave wifi Страницы: 2

Бренд: TP-Link Страницы: 3

Бренд: Planet Страницы: 20

Бренд: FOR-A Страницы: 2

Ethernet Communication Module DVPEN01-SL

Бренд: Delta Electronics Страницы: 54

BIC 1I12-P2A25-M30MI1-BPX05-110

Бренд: Balluff Страницы: 12

InterReach Fusion SingleStar

Бренд: LGC wireless Страницы: 154

Бренд: XNET Страницы: 17

AT-8550/SP Series

Бренд: Allied Telesis Страницы: 114

Бренд: Belkin Страницы: 57

Бренд: UfiSpace Страницы: 35

8677 - BladeCenter Rack-mountable - Power Supply

Бренд: IBM Страницы: 126

Бренд: ACTi Страницы: 12

DEEP LEARNING PLUS

Бренд: Concept Pro Страницы: 28

Бренд: Flexwatch Страницы: 13

ExtremeCloud Appliance E1120

Бренд: Extreme Networks Страницы: 219

Бренд: NetComm Страницы: 75

Бренд: Proscend Страницы: 93

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды