ZyXEL Communications GS3700 Series Скачать руководство пользователя страница 197

Страница: 197 / 215

197/215

www.zyxel.com

6.1.1 Configure VLAN for IP Phone

Configure VLAN 100 on Switch (Please refer to the topic:

2.1

How to configure the switch to separate traffic between
departments

). VLAN 100 is created for the IP Phone.

Содержание GS3700 Series

Страница 1: ...zyxel com Switch Series Firmware Version 4 50 Edition 04 2018 Handbook Default Login Details LAN Port IP Address https 192 168 1 1 User Name admin Password 1234 Copyright 2018 ZyXEL Communications Co...

Страница 2: ...2 215 www zyxel com Classifications of Zyxel switches L2 switches GS2210 XGS2210 GS1920 XGS1930 series L2 switches XGS3700 GS3700 series L3 switches XGS4600 series...

Страница 3: ...device 25 1 4 1 Configuration in Switch 1 26 1 4 2 Test the Result 27 1 5 How to configure the switch to update the time from an NTP server28 1 5 1 Configuration in Switch 29 1 5 2 Test the Result 30...

Страница 4: ...nts using VLAN 65 2 1 1 Configure Switch 1 66 2 1 2 Configure Switch 2 69 2 1 3 Test the Result 71 2 2 How to configure the switch to route traffic across VLANs 72 2 2 1 Configure VLAN 10 73 2 2 2 Con...

Страница 5: ...3 5 How to configure ACL to rate limit IP traffic 118 3 5 1 Configure VLAN and Route Traffic 119 3 5 2 Configure the Classifier 120 3 5 3 Configure the ACL Policy Rule 122 3 5 4 Test the Result 124 3...

Страница 6: ...er to Provide Network Access through 802 1x Port Authentication 151 5 4 1 Configuration in the Switch 152 5 4 2 Configuration in the RADIUS Server 154 5 4 3 Test the Result 155 5 4 4 What May Go Wrong...

Страница 7: ...AN and Route Traffic 190 5 10 2 Configure the Classifier 191 5 10 3 Configure the Policy Rule 193 5 10 4 Test the Result 194 5 10 5 What Could Go Wrong 195 Implementing VOIP 196 6 1 How to configure a...

Страница 8: ...8 215 www zyxel com 6 3 5 What Could Go Wrong 212 Implementing PoE 213 7 1 How does the PoE LED works 213 7 1 1 Meanings of PoE LED 214 7 1 2 Examples 215...

Страница 9: ...rk management 1 1 How to use the Wizard function Wizard is a new function which provides an easier and faster way for users to set up switches The wizard includes four often used basic settings which...

Страница 10: ...r configurations not supported in the Wizard to return to default settings 2 Original VLAN configurations set on Web GUI will NOT be merged into the Wizard Following example was tested using XGS1930 2...

Страница 11: ...users can configure the switch management IP address Subnet Mask Gateway and DNS server 2 In Password users can change the administrator password as well as configure SNMP settings We can configure pa...

Страница 12: ...12 215 www zyxel com 3 In Link Aggregation users can configure Link aggregation settings with a maximum of 5 trunks 4 In Summary users can confirm final settings on this page...

Страница 13: ...13 215 www zyxel com 1 1 2 Protection 1 By using Loop Guard users can prevent loops from happening 2 In Broadcast Storm Control users can limit broadcast traffic by pkt s...

Страница 14: ...14 215 www zyxel com 3 In Summary we can confirm setting of Loop Guard and Broadcast Storm Control...

Страница 15: ...15 215 www zyxel com 1 1 3 VLAN 1 We can use the Wizard to setup VLAN with a faster and easier way Users can configure 5 VLANs...

Страница 16: ...ww zyxel com 1 1 4 QoS Users can configure QoS as High Medium and Low to divide packets into different priorities Below are the meanings of High Medium and Low High Priority 5 Medium Priority 3 Low Pr...

Страница 17: ...EL s customers who is an Internet Service Provider benefits a lot from it Before they provide services for their customers they will configure a last known good configuration that best matches the cus...

Страница 18: ...network works fine Note All network IP addresses and subnet masks are used as examples in this article Please replace them with your actual network IP addresses and subnet masks This example was teste...

Страница 19: ...Configuration on Switch 1 After making sure running configurations work fine Enter the web GUI and go to Menu Management Maintenance Save Configuration Custom Default The running configuration will b...

Страница 20: ...1 Hardware button Press and hold down the RESTORE button on the panel for 3 6 seconds until Power LED turns blinking green Note 1 RESTORE Button behaviors No Action Press 3 seconds Return to custom d...

Страница 21: ...21 215 www zyxel com 2 Web GUI Go to Menu Management Maintenance Reboot System Custom Default...

Страница 22: ...Both default IP addresses of the two switches are 192 168 1 1 Two switches are using the same default IP address 1 3 1 Configuration in the Switch 2 1 Disconnect the link between Switch 1 and Switch 2...

Страница 23: ...23 215 www zyxel com 3 Open a browser IE Chrome Safari Firefox etc Go to website http 192 168 1 1 default management IP address Key in username admin password 1234 and log in...

Страница 24: ...ample 192 168 1 2 Then click Add 5 Log back in using the new IP address 192 168 1 2 After logging in again remember to click the Save icon to save the new configurations 1 3 2 Test the Result 1 Log in...

Страница 25: ...ces As shown below the PC connects with Switch 1 in the environment In the default setting device name System Name will be the model name XGS4600 in this example Change the device name of the switch N...

Страница 26: ...w zyxel com 1 4 1 Configuration in Switch 1 1 Enter the web GUI and go to Menu Basic Setting General Setup Change the System Name Switch 1 in this example and click Apply 2 Click Save to save the conf...

Страница 27: ...27 215 www zyxel com 1 4 2 Test the Result Enter the web GUI and you will see the page of the switch information Check if the System Name is the name you configured Switch 1 in this example or not...

Страница 28: ...to get time from NTP Server Note All network IP addresses and subnet masks are used as examples in this article Please replace them with your actual network IP addresses and subnet masks This example...

Страница 29: ...P 192 168 1 1 Then click Apply 2 Go to Menu Basic Setting General Setup Select Use Time Server when Bootup to NTP RFC 1305 and set the Time Server IP Address In this scenario we use the google free pu...

Страница 30: ...Current Time and Current Date should be the current time in your location If the current time is not updated as the correct time click Refresh 2 Try to select the User Time Server when Bootup as None...

Страница 31: ...31 215 www zyxel com...

Страница 32: ...ch may not be able to access the NTP Server successfully Follow the step to test if NTP Server is available Go to Menu Management Diagnostic Select IPv4 as in band and type the IP address of NTP Serve...

Страница 33: ...p the switch to send system log events to a remote syslog server Upload the syslog automatically to the server Note All network IP addresses and subnet masks are used as examples in this article Pleas...

Страница 34: ...1 200 Choose the Log Level you prefer Level 0 7 in this example The wider the range the more detailed log will be recorded Remember to click Add 2 In the same page activate the Syslog and activate th...

Страница 35: ...35 215 www zyxel com 3 Click Save to save the configuration...

Страница 36: ...Result 1 Unplug and re plug PC 1 from the switch 2 The Syslog Server should receive an event log from the switch 3 We can also check the directory C app Tftpd64 in this example to find out if a text f...

Страница 37: ...are in different subnets remember to set default gateway so that Switch 1 and the Syslog Server can communicate with each other 2 Confirm the service port number of the Switch 1 and the Syslog Server...

Страница 38: ...fy directly connected devices By doing this administrators and quickly identify which port connects to which device location or section of the network Configure the port name of the switch Note All ne...

Страница 39: ...er the web GUI and go to Menu Basic Setting Port Setup Type the name of each directly connected devices on the corresponding port name For example you can type Switch 2 in port 2 and AP in port 3 Then...

Страница 40: ...40 215 www zyxel com 1 7 2 Test the Result 1 Go to Menu Maintenance Port Status You will see the name you type in the column of name...

Страница 41: ...cludes useful information such as System Information CPU utilization history system logs and debug reports for issue analysis Collect the Diagnostic Info from web GUI Note All network IP addresses and...

Страница 42: ...Collect the Diagnostic Info from web GUI 1 Enter the web GUI and go to Menu Management Maintenance Tech Support Click Here Click the Download button for All You can also select the specific Diagnostic...

Страница 43: ...43 215 www zyxel com 1 8 2 Test the Result 1 Open the file and you can view the Diagnostic Info In this example we use the Notepad to open the txt file...

Страница 44: ...o change the default administrator password is a security risk that allows unauthorized user access to your device s management Change the default administrator password Note All network IP addresses...

Страница 45: ...efault administrator password 1 Enter the web GUI and go to Menu Management Access Control Logins Click Here Enter the Old Password and New Password Then click Apply 2 After clicking the Apply the bro...

Страница 46: ...yxel com 1 9 2 Test the Result 1 Close the web GUI and login again with the OLD password The Authentication Required window will pop up again 2 Use the new password to login Switch 1 web GUI should be...

Страница 47: ...unauthorized devices or subnets The whitelist inspects the source IP addresses of hosts and the types of services accessing the switch Ex Telnet FTP HTTP Configure the whitelist for remote management...

Страница 48: ...remote management 1 Enter the web GUI and go to Menu Management Access Control Remote Management Click Here using AdministratorPC Enter the range of IP addresses and the corresponding types of servic...

Страница 49: ...168 10 100 to access the Switch by HTTP the Switch will refuse the connection If we try to access the web GUI by HTTPS Enter the https 192 168 10 1 PC 1 can connect to the Switch successfully 2 The PC...

Страница 50: ...ces are ALLOWED for 192 168 10 120 2 If the administrator has forgotten or lost track of the whitelisted IP addresses the administrator will not be able to access the Switch To solve this problem use...

Страница 51: ...configurations before handing over the switch to the customer However there is a possibility that the restored configuration was for a different site With DHCP auto configuration the SI do not need t...

Страница 52: ...el com Note DHCP Auto configuration is only supported by L2 GS2210 series firmware version 4 50 Client server environment must correctly setup DHCPv4 and TFTP server for auto configuration feature to...

Страница 53: ...Configure DHCP auto configuration 1 Install a TFTP server For example Tftpd software for commonly used and free server Configure the path where to get the configuration file in the Current Directory...

Страница 54: ...54 215 www zyxel com 2 Enter Global field and check the TFTP server box...

Страница 55: ...55 215 www zyxel com 3 Go to TFTP server tab and specify the path of the configuration file then click OK to save the configuration...

Страница 56: ...or the DHCP server we ve used haneWIN software for the test to show the difference between with and without class ID First create a new profile Option Manage Profiles 5 Click Add and specify a profile...

Страница 57: ...n download its configuration file a Fill up the TFTP server IP in the Next Server IP Address b Fill the filename config_GS2210_1 log for default configuration file c Check the Vendor Class id box then...

Страница 58: ...ave the settings Note If the Vendor Class ID is not enabled the server will only send config_GS2210_1 log which is used as a default switch configuration The server will only send config_GS2210 log wh...

Страница 59: ...uto Configuration 9 Check the Active box and choose DHCP then click Apply to save the settings 10 Go to Basic Setting IP Setup choose DHCP Client and check Option 60 For the Class ID specify an ID tha...

Страница 60: ...ch 2 Input the command show running config via CLI to check the initial configuration 3 Reboot the switch It will automatically download the configuration from the TFTP server and update the switch s...

Страница 61: ...www zyxel com configuration Enter web GUI Management System Log to verify the result 4 Enter web GUI and go to Management Maintenance Auto Configuration to verify the auto configuration status With Cl...

Страница 62: ...62 215 www zyxel com Without Class ID 5 Enter web GUI Management Maintenance Backup Configuration to download and verify the config file With Class ID...

Страница 63: ...63 215 www zyxel com Without Class ID...

Страница 64: ...screenshot below Please check the following information a Please check the IP interface settings on the TFTP server and make sure that the server IP is correct b The TFTP server IP configured in the...

Страница 65: ...ic between departments Using Static VLAN hosts accessing the same VLAN will only be able to communicate with hosts accessing the same VLAN Set up VLAN to separate the traffic between departments Note...

Страница 66: ...ation VLAN VLAN Configuration Static VLAN Setup VID 1 Select port 1 2 as Normal Click Add 2 Use AdministratorPC to create VLAN 10 in Switch 1 Enter the web GUI and go to Menu Advanced Application VLAN...

Страница 67: ...1 Enter the web GUI and go to Menu Advanced Application VLAN VLAN Configuration Static VLAN Setup Check the ACTIVE box Type the Name and VLAN Group ID 20 Select port 2 5 as Fixed and uncheck Tx Taggin...

Страница 68: ...68 215 www zyxel com 4 Set the PVID on Switch 1 Go to Menu Advanced Application VLAN VLAN Configuration VLAN Port Setup Set port 1 as PVID 10 VLAN 10 and port 2 as PVID 20 VLAN 20...

Страница 69: ...Application VLAN VLAN Configuration Static VLAN Setup VID 1 Select port 3 4 as Normal Click Add 2 Use AdministratorPC to create VLAN 10 in Switch 2 Enter the web GUI and go to Menu Advanced Applicati...

Страница 70: ...tion Static VLAN Setup Check the ACTIVE box Type the Name and VLAN Group ID 20 Select port 4 5 as Fixed and uncheck Tx Tagging Untagged on port 4 and check Tx Tagging tagged on port 5 Click Apply 4 Se...

Страница 71: ...215 www zyxel com 2 1 3 Test the Result 1 The PC in the same VLAN can ping each other PC 1 can ping PC 3 successfully but PC 1 cannot ping PC 2 2 PC 2 can ping PC 4 successfully but PC 2 cannot ping P...

Страница 72: ...th each other we have to set the switch to route traffic The example shows how to configure the switch to route traffic across one VLAN to another Set up switch to route traffic across VLANs Note All...

Страница 73: ...u Advanced Application VLAN VLAN Configuration Static VLAN Setup Check the ACTIVE box Type the Name and VLAN Group ID 10 Select port 1 as Fixed and uncheck Tx Tagging Untagged Click Apply 2 Go to Menu...

Страница 74: ...om 3 Create a Static IP Address for Switch in VLAN 10 To be the gateway in VLAN 10 Go to Menu Basic Setting IP Setup IP Configuration IP Interface Set the Static IP Address 192 168 10 1 for Switch in...

Страница 75: ...pplication VLAN VLAN Configuration Static VLAN Setup Check the ACTIVE box Type the Name and VLAN Group ID 20 Select port 2 as Fixed and uncheck Tx Tagging Untagged Click Apply 2 Go to Menu Advanced Ap...

Страница 76: ...com 3 Create a Static IP Address for Switch in VLAN 20 To be the gateway in VLAN 20 Go to Menu Basic Setting IP Setup IP Configuration IP Interface Set a Static IP Address 192 168 20 1 for Switch in V...

Страница 77: ...77 215 www zyxel com 2 2 3 Set the gateway on PC 1 and PC 2 1 Set the Gateway of PC 1 as 192 168 10 1 The Static IP Address of Switch in VLAN 10...

Страница 78: ...78 215 www zyxel com 2 Set the Gateway of PC 2 as 192 168 20 1 The Static IP Address of Switch in VLAN 20...

Страница 79: ...79 215 www zyxel com 2 2 4 Test the Result 1 PC 1 can ping PC 2 successfully...

Страница 80: ...hat the subnet of PC 1 is not using the same subnet as that of PC 2 b Verify that the default gateways of PC 1 and PC 2 matches the Switch s IP interface on their respective VLANs c Make sure that the...

Страница 81: ...ide dynamic IP addresses to hosts in each VLANs Perform DHCP service in different VLAN Note All network IP addresses and subnet masks are used as examples in this article Please replace them with your...

Страница 82: ...u Advanced Application VLAN VLAN Configuration Static VLAN Setup Check the ACTIVE box Type the Name and VLAN Group ID 10 Select port 1 as Fixed and uncheck Tx Tagging Untagged Click Apply 2 Go to Menu...

Страница 83: ...Create a Static IP Address for Switch in VLAN 10 IP Address to be DHCP Server in VLAN 10 Go to Menu Basic Setting IP Setup IP Configuration IP Interface Set the Static IP Address 192 168 10 1 for Swit...

Страница 84: ...pplication VLAN VLAN Configuration Static VLAN Setup Check the ACTIVE box Type the Name and VLAN Group ID 20 Select port 2 as Fixed and uncheck Tx Tagging Untagged Click Apply 2 Go to Menu Advanced Ap...

Страница 85: ...Create Static IP Address for Switch in VLAN 20 IP Address to be DHCP Server in VLAN 20 Go to Menu Basic Setting IP Setup IP Configuration IP Interface Set the Static IP Address 192 168 20 1 for Switc...

Страница 86: ...ss refers to the first IP Address the Switch will assign to DHCP clients The Size of Client IP Pool refers to the maximum number of IP addresses the switch will provide Set the gateway as the IP of th...

Страница 87: ...IP Address the Switch will assign to DHCP clients The Size of Client IP Pool refers to the maximum number of IP addresses the switch will provide Set the gateway as the IP of the Switch in VLAN 20 19...

Страница 88: ...88 215 www zyxel com 3 Set PC 1 and PC 2 as DHCP clients by configuring IPv4 to Obtain an IP Address automatically...

Страница 89: ...in command prompt PC 1 will get an IP address in the range of 192 168 10 11 192 168 10 20 and the gateway is 192 168 10 1 2 PC 2 can get the IP Address assigned by Switch successfully We can check thi...

Страница 90: ...Go Wrong 1 If some devices are no longer receiving any dynamic IP address from the DHCP server consider increasing the Size of Client Pool 2 If you want to surf the Internet using a URL or domain name...

Страница 91: ...l reach the server This ensures high availability for servers This example instructs administrators to disconnect all links before configuring the switches to avoid any network outages caused by broad...

Страница 92: ...me a master and click Apply Check Active and click Apply Switch 1 will reboot 2 Set up Switch 2 Enter the web GUI and go to Menu Basic Setting Stacking Configuration Key in the system priority The hig...

Страница 93: ...LED on the front panel of the switches should display 1 and 2 5 Remember to save the configuration Note The last two ports are usually reserved for stacking channels when the switch is in stacking mo...

Страница 94: ...ggregation Link Aggregation Setting Active T1 and T2 Select SLOT 1 and set the Group of port 1 1 and 1 2 as T1 and T2 respectively Click Apply Select SLOT 2 and set the Group of port 2 1 and 2 2 as T1...

Страница 95: ...to Menu Advanced Application Link Aggregation Link Aggregation Setting Check the Active box for T1 and select the port 1 and 2 as Group T1 Click Apply 2 Go to Menu Advanced Application Link Aggregatio...

Страница 96: ...C and connect these ports to port 1 2 and 2 2 of the stacked switch 2 Use PC to ping the Server 192 168 1 40 After few times of ping try to shut down Switch 1 Master down The ping will display timed o...

Страница 97: ...connect the two switches using a non stacking port you will find that the two switches will not form a stacking system 2 Remember to save the configuration before doing the test If you forget to save...

Страница 98: ...ning Tree Protocol in the ring topology to implement network redundancy Configure RSTP in a ring topology Note All network IP addresses and subnet masks are used as examples in this article Please rep...

Страница 99: ...2 Set up Switch 1 Enter the web GUI Go to Menu Advanced Application Spanning Tree Protocol Configuration Check if the Spanning Tree Configuration is Rapid Spanning Tree If not select it and click App...

Страница 100: ...ion Spanning Tree Protocol RSTP Check the Active box Set the Bridge Priority 20480 Active port 1 2 Click Apply 6 Set up Switch 3 Enter the web GUI Go to Menu Advanced Application Spanning Tree Protoco...

Страница 101: ...101 215 www zyxel com 8 Finally connect the link between Switch 2 and Switch 3...

Страница 102: ...same This means that Switch 1 is the Root Bridge Both port 1 and 2 should be in FORWARDING state while both their Port Roles are Designated Ports 2 Verify the status of Switch 2 Go to Menu Advanced A...

Страница 103: ...Verify the status of Switch 3 Go to Menu Advanced Application Spanning Tree Protocol Check the port status of Switch 3 Port 1 should be the Root Port in FORWARDING state while Port 2 is an Alternate P...

Страница 104: ...ty will be the Root Bridge If the priority is the same the switch LOWEST MAC address will be the Root Bridge 2 If it is not possible to access the management of the switches and the switch s port LEDs...

Страница 105: ...ateways Two gateways running VRRP on the same LAN Note All network IP addresses and subnet masks are used as examples in this article Please replace them with your actual network IP addresses and subn...

Страница 106: ...GUI 2 Go to Advance Application VLAN VLAN Configuration Static VLAN Setup Create Edit VLAN 1 to make sure only Port 23 is a fixed port Click Add 3 Go to Advance Application VLAN VLAN Configuration St...

Страница 107: ...Configuration VLAN Port Setup Configure port 24 with PVID 10 Click Apply 5 Go to Basic Setting IP Setup Configure the IP address for VLAN 1 Click Add and do the same for VLAN 10 6 Go to Basic Setting...

Страница 108: ...108 215 www zyxel com 7 Go to IP Application VRRP Configuration Enable VRRP for network 192 168 1 252 24 Make sure that the priority is 200 Click Add...

Страница 109: ...GUI 2 Go to Advance Application VLAN VLAN Configuration Static VLAN Setup Create Edit VLAN 1 to make sure only Port 23 is a fixed port Click Add 3 Go to Advance Application VLAN VLAN Configuration St...

Страница 110: ...VLAN Configuration VLAN Port Setup Configure port 24 with PVID 20 Click Apply 5 Go to Basic Setting IP Setup Configure the IP address for VLAN 1 Click Add and do the same for VLAN 20 6 Go to Basic Set...

Страница 111: ...111 215 www zyxel com 7 Go to IP Application VRRP Configuration Enable VRRP for network 192 168 1 252 24 Click Add...

Страница 112: ...P Router Go to IP Application VRRP VR Status should display Master 2 Verify that Gateway B is the Backup VRRP Router Go to IP Application VRRP VR Status should display Backup 3 Verify that Gateway A a...

Страница 113: ...Configure the Host with a Static IP The Host should be able to ping the virtual IP address 192 168 1 254 5 Disconnect port 23 or port 24 of Gateway A Hosts should still be able to ping the virtual IP...

Страница 114: ...net when Gateway A has been disconnected from the network the following problems may have occurred a Verify that the hosts and Gateway B IP interface are in the same subnet and VLAN b Check for link f...

Страница 115: ...traffic or both In this example we use two computers FTP Client PC and FTP Server FTPServer PC will either be uploading files or downloading files from the FTP Server Configure bandwidth control to li...

Страница 116: ...ter the web GUI Go to Menu Advanced Application Bandwidth Control Check the Active box Key in the rate in Ingress Rate PC Upload rate 10240 kbps and Egress Rate PC Download rate 20480 kbps Remember to...

Страница 117: ...Test the Result 1 Use PC to upload a file to the FTP Server Transfer rate should be more or less 1 2 MB s or 10240 Mb s 2 Use PC to download a file from the FTP Server Transfer rate should be more or...

Страница 118: ...users in VLAN 10 This example shows administrators how to configure ACL to rate limit VLAN traffic Results are verified by observing and comparing the upload and download rate between VLAN 10 and VLA...

Страница 119: ...g VLAN 10 and VLAN 20 on Switch 1 and Switch 2 Please refer to the topic 2 1 How to configure the switch to separate traffic between departments 2 Configure the route traffic on Switch 1 and Switch 2...

Страница 120: ...d in VALN 10 and VLAN 20 Therefore there are total 4 Classifiers 2 The Classifier for download traffic in VLAN 10 Check the Active box and key in the Name Set Layer 3 Destination as 192 168 10 0 24 Me...

Страница 121: ...Add 4 The Classifier of download in VLAN 20 Check the Active and key in the Name Set Layer 3 Destination as 192 168 20 0 24 Means the destination is in VLAN 20 and Source as 192 168 1 100 32 Means the...

Страница 122: ...lication Policy Rule 2 The Policy Rule of download traffic in VLAN 10 Check the Active box and key in the Name Select the Classifier of download in VLAN 10 DL10 Set up the action to do if match this C...

Страница 123: ...VLAN 20 Check the Active and key in the Name Select the Classifier of download in VLAN 20 DP20 Set up the action to do if match this Classifier Bandwidth Metering 20480 kbps Enable Metering and set t...

Страница 124: ...ould be increasing every time the web page refreshes 2 Use PC 1 to download a file from the FTP Server Transfer rate should be more or less 5 MB s or 40960 Mb s 3 Use PC 1 to upload a file to the FTP...

Страница 125: ...125 215 www zyxel com 5 Use PC 2 to upload a file to the FTP Server Transfer rate should be more or less 1 2 MB s or 10240 Mb s...

Страница 126: ...the source and destination of the traffic In the example if we only set up the source as VLAN 10 192 168 10 0 24 during file upload the Server but didn t set up the destination Server IP 192 168 1 15...

Страница 127: ...group message the querier will send this query message to learn if a particular group has any other active members on a downlink port 4 1 2 What are IGMP Snooping Querier Modes There are 3 Querier Mo...

Страница 128: ...hen the Switch receives an IGMP leave message from a host on a port it forwards the message to the multicast router The multicast router then sends out an IGMP Group Specific Query GSQ message to dete...

Страница 129: ...ts are in a different LAN or VLAN from the streaming server Configure IGMP routing for multicast clients in different VLAN Note All network IP addresses and subnet masks are used as examples in this a...

Страница 130: ...topic 2 1 How to configure the switch to separate traffic between departments 2 Configure the IGMP Snooping Enter the web GUI and go to Menu Advanced Application Multicast IPv4 Multicast IGMP Snooping...

Страница 131: ...onfigure the IP addresses for Switch on BOTH VLAN 10 and VLAN 20 as shown in the figure Please refer to the topic 1 1 How to change the switch management IP address to avoid accessing the wrong device...

Страница 132: ...lt 1 Play the stream on MediaServer using Multicast IP address 239 1 1 2 2 Have PC send an IGMP join message for 239 1 1 2 3 Go to Menu Advanced Application Multicast IPv4 Multicast PC connected to po...

Страница 133: ...Go Wrong 1 The Switch 2 IGMP Router must contain both VLAN of MediaServer VLAN 20 and PC Client VLAN 10 so that the IGMP stream can route successfully If the stream is not received by the Client try...

Страница 134: ...to learn multicast groups without having the user to manually configure the each switch This prevents the switch from flooding multicast streams on ports that have no members for these multicast addre...

Страница 135: ...the topic 2 1 How to configure the switch to separate traffic between departments 2 Configure the IGMP Snooping Enter the web GUI and go to Menu Advanced Application Multicast IPv4 Multicast IGMP Snoo...

Страница 136: ...sult 1 Play the stream on MediaServer using Multicast IP address 239 1 1 1 2 Have PC send an IGMP join message for 239 1 1 1 3 Go to Menu Advanced Application Multicast IPv4 Multicast PC connected to...

Страница 137: ...es In a real environment port security controls the number of users connecting to a server Configure the port security to limit the number of connected devices Note All network IP addresses and subnet...

Страница 138: ...ecurity Check port 3 and set the Limited Number of Learned MAC Address to 2 Note The Zyxel switch sends Link Layer Discovery Protocol LLDP packets every period of time by default If Switch 2 does not...

Страница 139: ...C 1 can ping Server successfully 2 Connect PC 2 to port 2 3 PC 2 cannot ping Server 4 Access Switch 1 web GUI Go to Menu Management MAC Table Search The MAC Address Table should show MAC address ofPC...

Страница 140: ...1 3 What Could Go Wrong 1 The MAC address of Switch 2 will also be learned in Switch 1 MAC address table Therefore remember to consider Switch 2 s MAC address when setting the number of Limited Number...

Страница 141: ...block traffic based on which device sends the packet or which device receives the packet Configure MAC filter to block unwanted traffic Note All network IP addresses and subnet masks are used as examp...

Страница 142: ...eck the Active box and set the filter Name Choose the Action as Discard source Key in the MAC you want to block and the VID Click Add Note Use Discard source to drop traffic sent by the device with th...

Страница 143: ...143 215 www zyxel com 5 2 2 Test the Result 1 PC 1 with MAC address 00 1E 33 27 04 93 fails to ping Server 2 PC 2 can ping Server successfully...

Страница 144: ...144 215 www zyxel com 5 2 3 What Could Go Wrong 1 The MAC address set on Switch 1 should be identical to the MAC address of PC 1 so that the traffic can be blocked successfully...

Страница 145: ...end multiple ARP request packets in a very short period of time to flood across the entire broadcast domain IP Scanning from Wired and Wireless Devices Note All network IP addresses and subnet masks a...

Страница 146: ...ch s Web GUI 2 Go to Advance Application Anti Arpscan Configure Check the Active box and configure the uplink port port 24 as Trusted state Click Apply Optional 3 Go to Advance Application Errdisable...

Страница 147: ...nload and install an IP Scanning software into Host A and Host C 2 Connect Host A and Host B via the Wireless Access Point 3 Host A should initiate a scan for IP address 192 168 1 1 to 192 168 1 20 4...

Страница 148: ...Err Disable state 6 Host B should still be able to reach the USG 7 Connect Host C to the Switch 8 Host C should perform a quick scan for IP address 192 168 1 1 to 192 168 1 100 Note If Errdisable Rec...

Страница 149: ...should change to forwarding after the Errdisable Recovery Interval Host C will be able to reach the USG afterwards 9 Host C should no longer be able to reach the USG 10 Access the Switch s Web GUI Go...

Страница 150: ...eless Access Points are untrusted Ports to servers and the local gateway should be trusted 2 If all hosts connected through a Wireless Access Point can no longer reach the local gateway check whether...

Страница 151: ...Authentication the organization can ensure that only authorized personnel can access core network resources 802 1x Port Authentication Providing Access to Authorized Users Note All network IP address...

Страница 152: ...er s IP address and set the shared secret Click Apply 3 Go to Advance Application Port Authentication 802 1x Check the 802 1x Active box as well as for all ports connected to end devices Do not check...

Страница 153: ...153 215 www zyxel com...

Страница 154: ...ient profile in etc freeradius clients conf Save the file and exit 2 Add the following user profiles in etc freeradius users Save the file and exit 3 Restart FreeRADIUS service Note The client IP addr...

Страница 155: ...d Guest device 2 If using Windows OS click the Start button and type services msc into the search box 3 In the Services window locate the service named Wired AutoConfig Make sure the service status is...

Страница 156: ...thentication tab and check Enable IEEE 802 1X authentication Make sure that the network authentication method is Microsoft Protected EAP PEAP 6 Click on Additional Settings select Specify authenticati...

Страница 157: ...age 8 Enter the username User A and password zyxeluserA which must be consistent with the RADIUS Server s user profile settings 9 Devices using User A and User B credentials can communicate with USG a...

Страница 158: ...158 215 www zyxel com 11 Enter the username Guest and a random password 12 Device using Guest credentials cannot communicate with USG and Private Server...

Страница 159: ...rnames and passwords are case sensitive Make sure that the user input the correct lower case or upper case characters b The RADIUS server is unreachable The Switch should be able to ping the RADIUS Se...

Страница 160: ...guests to access the USG so that they can access the Internet but still isolated from Private Server On the contrary we have to allow the users with valid credentials to only access the Private Server...

Страница 161: ...Authentication 5 5 2 Configure VLAN for Guest VLAN 1 Configure the VLAN for Guest VLAN VLAN 100 on Switch VLAN 100 Set fixed port 1 2 3 30 untagged port 1 2 3 30 forbidden port 31 32 port 30 pvid 100...

Страница 162: ...profile in etc freeradius clients conf Save the file and exit 2 Add the following user profiles in etc freeradius users Save the file and exit 3 Restart FreeRADIUS service Note The client IP address...

Страница 163: ...w locate the service named Wired AutoConfig Make sure the service status is Started 2 Right click on your network adapter and select Properties Click on the Authentication tab and check Enable IEEE 80...

Страница 164: ...164 215 www zyxel com 3 Click on Additional Settings select Specify authentication mode and specify User authentication...

Страница 165: ...h must be consistent with the RADIUS Server s user profile settings 3 Devices using User A and User B credentials can communicate with Private Server 4 Connect User A device to the Switch User A shoul...

Страница 166: ...166 215 www zyxel com 7 Check the MAC table of the Switch The device of users with wrong credentials are assigned to VLAN 100 Menu Management MAC Table Search...

Страница 167: ...us Server b Right click on your network adapter and select Properties Authentication Additional settings Uncheck the Validate server certificate 2 If the shared secret setting of Switch and PC does NO...

Страница 168: ...5 www zyxel com 4 If devices sent to the Guest VLAN cannot reach the USG make sure that the switch has created and configured the Guest VLAN in Advance Application VLAN VLAN Configuration Static VLAN...

Страница 169: ...ly devices provided by the organization can access internal resources 802 1x Port Authentication Providing Access to Authorized Devices 5 6 1 Configuration in the Switch 1 Access the Switch s Web GUI...

Страница 170: ...s IP address and set the shared secret Click Apply 3 Go to Advance Application Port Authentication MAC Authentication Check the MAC Authentication Active box as well as for access ports Do not check...

Страница 171: ...215 www zyxel com ports connected to either the USG RADIUS Server or Private Server 5 6 2 Configuration in the RADIUS Server 1 Edit the client profile in etc freeradius clients conf Save the file and...

Страница 172: ...ername format should be Name Prefix MAC Address of your device Save the file and exit 3 Restart FreeRADIUS service 5 6 3 Test the Result 1 Connect PC A PC B and PC Guest to the Switch Note The client...

Страница 173: ...be able to reach the USG and Private Server 3 PC Guest should not be able to reach the USG and Private Server 5 6 4 What Could Go Wrong 1 If the Switch does not allow access to authorized devices a T...

Страница 174: ...reless etc Make sure that the correct MAC address is used in the RADIUS Server s user profile 2 If the Switch still does not allow access to authorized devices after correcting the Switch or RADIUS Se...

Страница 175: ...er denial of services or an unwanted man in the middle receiving sensitive information IP Source Guard s ARP Inspection forces all clients connected to access ports to use the IP addresses provided by...

Страница 176: ...ource Guard Setup ARP Inspection Configure Check the Active box to globally enable ARP Inspection 4 Go to Advance Application IP Source Guard IPv4 Source Guard Setup ARP Inspection Configure Port Set...

Страница 177: ...ce Guard Setup ARP Inspection Configure VLAN Input the Start VID and End VID Make sure that the PVID of the access ports are included in this range Click Apply 6 After inputting the VID range a list o...

Страница 178: ...fully received an IP address access the Switch s web GUI Go to Advance Application IP Source Guard IPv4 Source An entry should appear in the IP Source Guard Table 3 Connect another device using a stat...

Страница 179: ...SG again ARP Inspection sends the device s MAC address into a filter table This device must wait until the entry expires indicated by the Expiry sec column 3 If some of the devices are not able to rea...

Страница 180: ...CP Snooping blocks DHCP offers coming from an untrusted port Untrusted ports are usually ports connected to office workstations or publicly accessible jacks Fake DHCP Server Connected through Publicly...

Страница 181: ...pplication VLAN VLAN Configuration Static VLAN Setup For this example all traffic entering access ports are sent to VLAN 1 VLAN 1 should be fixed and untagged for all access ports Click Add 3 Go to Ad...

Страница 182: ...ooping Configure Check the Active box under DHCP Snooping Configure Click Apply 5 Go to Advance Application IP Source Guard IPv4 Source Guard Setup DHCP Snooping Configure Port Set all access ports as...

Страница 183: ...ce Guard Setup DHCP Snooping Configure VLAN Input the Start VID and End VID Make sure that the PVID of the access ports are included in this range Click Apply 7 After inputting the VID range a list of...

Страница 184: ...DHCP on one of the access ports Create the following DHCP Pool on the LAN interface Starting IP Address 172 16 1 10 End IP Address 172 16 1 20 2 Connect DHCP clients on the other access ports The cli...

Страница 185: ...re that DHCP snooping is enabled for that VLAN in Advance Application IP Source Guard IPv4 Source Guard Setup DHCP Snooping Configure VLAN 2 If the DHCP clients in the publicly accessible ports are no...

Страница 186: ...ministrator device more freedom and take advantage of IP specific policies configured on the network while non administrative devices must still use IP addresses offered by the real DHCP server Admini...

Страница 187: ...5 7 1 3 Go to Advance Application IP Source Guard IPv4 Source Guard Setup Static Binding Create a Static Binding entry using your device s MAC address and IP address Input the VLAN and port that this...

Страница 188: ...Infinity Lease in the IP Source Guard Table 2 Configure your Admin PC with the Static IP address In this example we use 192 168 1 10 Connect this to any access port This PC should be able to reach th...

Страница 189: ...identify unwanted traffic The example will use ACL to prevent only a single host in VLAN 10 from accessing the Server Configure ACL to block unwanted traffic Note All network IP addresses and subnet m...

Страница 190: ...e VLAN setting VLAN 10 and VLAN 20 on Switch Please refer to the topic 2 1 How to configure the switch to separate traffic between departments 2 Configure the VLAN IP interfaces on Switch Please refer...

Страница 191: ...r Classifier Configuration Set up Classifier For VLAN 20 2 The Classifier of VLAN 20 Check the Active box and key in the classifier Name Set Layer 2 VLAN as 20 and Layer 3 Destination as 192 168 1 150...

Страница 192: ...192 215 www zyxel com...

Страница 193: ...Policy Rule Go to Menu Advanced Application Policy Rule The policy rule of VLAN 20 Check the Active and key in the Policy Rule Name Select the Classifier in VLAN 20 VLAN20 Set up the action to do if m...

Страница 194: ...194 215 www zyxel com 5 10 4 Test the Result 1 PC 1 can ping Server successfully 2 Due to the ACL setting the PC 2 VLAN 20 cannot ping Server successfully...

Страница 195: ...rule for source VLAN 20 but didn t create the policy rule for destination IP Server IP 192 168 1 150 the switch will block all the traffic from VLAN 20 no matter where the destination is 2 Go to Menu...

Страница 196: ...introduce other ways to send VOIP traffic into a specific Voice VLAN Implementing VOIP allows administrators the option to prioritize Voice traffic during network congestions thus preventing poor voic...

Страница 197: ...zyxel com 6 1 1 Configure VLAN for IP Phone 1 Configure VLAN 100 on Switch Please refer to the topic 2 1 How to configure the switch to separate traffic between departments VLAN 100 is created for th...

Страница 198: ...ter web GUI and go to Menu Advanced Application LLDP LLDP MED Configuration Check the Network Policy on port 1 the port that connects to the IP Phone 3 Enter the web GUI and go to Menu Advanced Applic...

Страница 199: ...199 215 www zyxel com...

Страница 200: ...to Menu Management MAC Table Search Check the MAC table The IP Phone s MAC address should be in VLAN 100 2 Enter the web GUI and go to Menu Management Diagnostic Ping test Use Switch to ping the IP Ph...

Страница 201: ...assigned a VLAN ID via the function of the Network Policy in LLDP MED The voice traffic from the switch must be tagged backed to the IP Phone Port 1 in VLAN 100 on the Switch should be tagged out Chec...

Страница 202: ...e VLAN feature separates VOIP and data traffic as traffic reaches the switch This means that the VLAN architecture begins on the switch and not on the IP Phones themselves Configure Voice VLAN to sepa...

Страница 203: ...6 2 1 Configure VLAN 100 for IP Phone 1 Configure VLAN 100 on Switch Please refer to the topic 2 1 How to configure the switch to separate traffic between departments VLAN 100 is created as the Voice...

Страница 204: ...nfigure the OUI Setup Enter the web GUI and go to Menu Advanced Application VLAN VLAN Configuration Voice VLAN Setup Set the OUI address You can key in the MAC address In this example it is cc 5d 4e 6...

Страница 205: ...sult 1 Go to Menu Management MAC Table Search Check the MAC address table The IP Phone is assigned to VLAN 100 2 Enter web GUI and go to Menu Management Diagnostic Ping test Use Switch to ping IP Phon...

Страница 206: ...VLAN is the same as Voice VLAN The Switch will keep the Voice VLAN and assign the priority setting to the IP phone The IP phone will only recognize the tagged traffic In this case port 1 in VLAN 100 o...

Страница 207: ...c a certain priority Administrators can use this priority to improve Voice traffic quality The Voice VLAN priority can be applied to both tagged and untagged voice traffic Configure Voice VLAN to sepa...

Страница 208: ...Configure VLAN 100 on Switch 1 and Switch 2 Please refer to the topic 2 1 How to configure the switch to separate traffic between departments VLAN 100 is created for the Voice VLAN Make sure that dev...

Страница 209: ...e priority 6 Click Add 2 Configure the OUI Setup Enter the web GUI and go to Menu Advanced Application VLAN VLAN Configuration Voice VLAN Setup Set the OUI address You can key in the MAC address In th...

Страница 210: ...mirroring function to check if the priority of the packet is what we assigned Enter the web GUI and go to Menu Advanced Application Mirroring Check the Active box Key in the Monitor port which is used...

Страница 211: ...nitor the packet Filter arp igmp 2 Use Switch 2 to ping IP Phone Enter web GUI and go to Menu Management Diagnostic Ping test Switch 2 can ping IP Phone successfully 3 Check the packet from IP Phone 1...

Страница 212: ...ng to the IP phone The IP phone will only recognize the tagged traffic In this case port 1 in VLAN 100 on Switch should be set as tagged out check the TX tagging box b If the IP Phone is VLAN enabled...

Страница 213: ...ional method to check power consumption from device panel to help users directly identify the switch s power consumption There are 5 LEDs representing PoE Usage on the front panel These 5 LEDs can sho...

Страница 214: ...214 215 www zyxel com 7 1 1 Meanings of PoE LED 1 We can observe the behavior of the PoE LEDs below Each segment represents 20 of PoE Power consumption If all LEDs are OFF PD Power Consumption is 0...

Страница 215: ...215 215 www zyxel com 7 1 2 Examples 2 Segment 1 Steady Green It means power consumption is 0 and 20 a PoE LED b Web GUI 3 Segment 5 Steady Red It means power consumption 80 a PoE LED b Web GUI...

Результаты поиска

Содержание GS3700 Series

Отзывы:

Похожие инструкции для GS3700 Series

Бренды по названию

Популярные бренды

ZyXEL Communications GS3700 Series, Руководство пользователя

Результаты поиска

Содержание GS3700 Series

Отзывы:

Похожие инструкции для GS3700 Series

Бренды по названию

Популярные бренды