ZyXEL Communications MES3500-24 Скачать руководство пользователя страница 1

Страница: 1 / 349

www.zyxel.com

MES3500-24/24F

Layer 2 Management Switch

Firmware Version 4.00

Edition 1, 12/2011

Default Login Details

IP Address

http://192.168.1.1

User Name

admin

Password

1234

Содержание MES3500-24

Страница 1: ...zyxel com MES3500 24 24F Layer 2 Management Switch Copyright 2011 ZyXEL Communications Corporation Firmware Version 4 00 Edition 1 12 2011 Default Login Details IP Address http 192 168 1 1 User Name a...

Страница 2: ......

Страница 3: ...e web configurator Related Documentation Web Configurator Online Help The embedded Web Help contains descriptions of individual screens and supplementary information Command Reference Guide The Comman...

Страница 4: ...ER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A...

Страница 5: ...is device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Euro...

Страница 6: ...Safety Warnings MES3500 24 24F User s Guide 6...

Страница 7: ...VLAN 97 Static MAC Forward Setup 114 Static Multicast Forward Setup 116 Filtering 120 Spanning Tree Protocol 122 Bandwidth Control 141 Broadcast Storm Control 144 Mirroring 146 Link Aggregation 148 Po...

Страница 8: ...ents Overview MES3500 24 24F User s Guide 8 DHCP 276 Maintenance 283 Access Control 290 Diagnostic 312 Syslog 313 Cluster Management 316 MAC Table 322 ARP Table 325 Configure Clone 327 Troubleshooting...

Страница 9: ...Q VLAN Application Examples 25 1 1 5 IPv6 Support 25 1 2 Ways to Manage the Switch 26 1 3 Good Habits for Managing the Switch 26 Chapter 2 Hardware Installation and Connection 27 2 1 Installation Scen...

Страница 10: ...50 5 2 Configuring Switch Management IP Address 51 Chapter 6 Tutorials 53 6 1 How to Use DHCP Snooping on the Switch 53 6 2 How to Use DHCP Relay on the Switch 56 6 2 1 DHCP Relay Tutorial Introducti...

Страница 11: ...Setup 95 Chapter 9 VLAN 97 9 1 Introduction to IEEE 802 1Q Tagged VLANs 97 9 1 1 Forwarding Tagged and Untagged Frames 97 9 2 Automatic VLAN Registration 98 9 2 1 GARP 98 9 2 2 GVRP 98 9 3 Port VLAN T...

Страница 12: ...1 4 Multiple RSTP 124 13 1 5 Multiple STP 124 13 2 Spanning Tree Protocol Status Screen 127 13 3 Spanning Tree Configuration 127 13 4 Configure Rapid Spanning Tree Protocol 128 13 5 Rapid Spanning Tr...

Страница 13: ...2 1x Authentication 156 18 1 2 MAC Authentication 157 18 2 Port Authentication Configuration 158 18 2 1 Activate IEEE 802 1x Security 159 18 2 2 Guest VLAN 160 18 2 3 Activate MAC Authentication 162 C...

Страница 14: ...23 4 Configuring VLAN Stacking 182 23 4 1 Port based Q in Q 183 23 4 2 Selective Q in Q 184 Chapter 24 Multicast 186 24 1 Multicast Overview 186 24 1 1 IP Multicast Addresses 186 24 1 2 IGMP Filterin...

Страница 15: ...spection Overview 216 26 2 IP Source Guard 218 26 3 IP Source Guard Static Binding 218 26 4 DHCP Snooping 220 26 5 DHCP Snooping Configure 222 26 5 1 DHCP Snooping Port Configure 224 26 5 2 DHCP Snoop...

Страница 16: ...tate 250 31 2 The PPPoE Screen 251 31 3 PPPoE Intermediate Agent 251 31 3 1 PPPoE IA Per Port 253 31 3 2 PPPoE IA Per Port Per VLAN 254 31 3 3 PPPoE IA for VLAN 256 Chapter 32 Error Disable 257 32 1 C...

Страница 17: ...HCP Configuration Options 276 36 2 DHCP Status 276 36 3 DHCP Relay 277 36 3 1 DHCP Relay Agent Information 277 36 3 2 Configuring DHCP Global Relay 278 36 3 3 Global DHCP Relay Configuration Example 2...

Страница 18: ...oduction to HTTPS 303 38 9 HTTPS Example 304 38 9 1 Internet Explorer Warning Messages 304 38 9 2 Mozilla Firefox Warning Messages 307 38 9 3 The Main Screen 308 38 10 Service Port Access Control 309...

Страница 19: ...ARP Works 325 43 2 The ARP Table Screen 326 Chapter 44 Configure Clone 327 44 1 Configure Clone 327 Chapter 45 Troubleshooting 329 45 1 Power Hardware Connections and LEDs 329 45 2 Switch Access and L...

Страница 20: ...Table of Contents MES3500 24 24F User s Guide 20...

Страница 21: ...21 PART I User s Guide...

Страница 22: ...22...

Страница 23: ...o be managed via Telnet any terminal emulator program on the console port or third party SNMP management See Chapter 46 on page 333 for a full list of software features available on the Switch This se...

Страница 24: ...multiple servers at a single location Figure 2 Bridging Application 1 1 3 High Performance Switching Example The Switch is ideal for connecting two networks that need high bandwidth In the following...

Страница 25: ...used by all ports in the same VLAN as the server In the following figure only ports that need access to the server need to be part of VLAN 1 Ports can belong to other VLAN groups too Figure 4 Shared S...

Страница 26: ...ent allows you to manage multiple switches through one switch called the cluster manager See Chapter 41 on page 316 1 3 Good Habits for Managing the Switch Do the following things regularly to make th...

Страница 27: ...the Switch is clean and dry 2 Set the Switch on a smooth level surface strong enough to support the weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure t...

Страница 28: ...nstalling the unit 2 3 2 Attaching the Mounting Brackets to the Switch 1 Position a mounting bracket on one side of the Switch lining up the four screw holes on the bracket with the screw holes on the...

Страница 29: ...o the Switch on one side of the rack lining up the two screw holes on the bracket with the screw holes on the side of the rack Figure 6 Mounting the Switch on a Rack 2 Using a 2 Philips screwdriver in...

Страница 30: ...el of the Switch Figure 7 MES3500 24 Front Panel AC Model Figure 8 MES3500 24 Front Panel DC Model Figure 9 MES3500 24F Front Panel AC Model Fast Ethernet Ports Dual Personality Interfaces Console Por...

Страница 31: ...Mbps RJ 45 Fast Ethernet Ports MES3500 24 Connect these ports to a computer a hub an Ethernet switch or router 24 100 Mbps Fast SFP Slots MES3500 24F Use transceivers in these slots for fiber optic o...

Страница 32: ...the peer Ethernet port does not support auto negotiation or turns off this feature the Switch determines the connection speed by detecting the signal on the cable and using half duplex mode When the S...

Страница 33: ...s to install a mini GBIC transceiver SFP module 1 Insert the transceiver into the slot with the exposed section of PCB board facing down 2 Press the transceiver firmly until it clicks into place 3 The...

Страница 34: ...ing procedures to connect the Switch to a power source after you have installed it Note Check the power supply requirements in Chapter 46 on page 333 and make sure you are using an appropriate power s...

Страница 35: ...on the power supply 4 Connect one end of a power wire to the Switch s 48V input pin and tighten the captive screw 5 Connect the other end of the power wire to the negative terminal on the power suppl...

Страница 36: ...otal of four sensors may be connected to the Signal connector in this way using the remaining signal input pins 3 Insert the alarm connector into the Signal slot Figure 16 Connecting a Sensor to the S...

Страница 37: ...tem is on and functioning properly Blinking The system is rebooting and performing self diagnostic tests Off The power is off or the system is not ready malfunctioning ALM Red On A hardware failure is...

Страница 38: ...itting receiving to from a 1000 Mbps Ethernet network On The link to a 1000 Mbps Ethernet network is up Amber Blinking The system is transmitting receiving to from a 10 Mbps or a 100 Mbps Ethernet net...

Страница 39: ...r Firefox 2 0 and later versions The recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up b...

Страница 40: ...ed a time server nor manually entered a time and date in the General Setup screen Figure 18 Web Configurator Login 4 Click OK to view the first web configurator screen 4 3 The Web Configurator Layout...

Страница 41: ...iguration file from which the Switch booted from and it stays the same even if the Switch s power is turned off See Section 37 3 on page 284 for information on saving your settings to a specific confi...

Страница 42: ...age out Filtering This link takes you to a screen to set up filtering rules Spanning Tree Protocol This link takes you to screens where you can configure the RSTP MRSTP MSTP to prevent network loops B...

Страница 43: ...en where you can block traffic between ports in a VLAN on the Switch IP Application Static Routing This link takes you to a screen where you can configure static routes A static route defines how the...

Страница 44: ...t when the Switch s power is turned off Click the Save link in the upper right hand corner of the web configurator to save your configuration to nonvolatile memory Nonvolatile memory refers to the Swi...

Страница 45: ...uration file replaces the current configuration file with the factory default configuration file This means that you will lose all previous configurations and the speed of the console port will be res...

Страница 46: ...fter you finish a management session for security reasons Figure 22 Web Configurator Logout Screen 4 8 Help The web configurator s online help has descriptions of individual screens and some supplemen...

Страница 47: ...Chapter 4 The Web Configurator MES3500 24 24F User s Guide 47...

Страница 48: ...Chapter 4 The Web Configurator MES3500 24 24F User s Guide 48...

Страница 49: ...or the initial setup Create a VLAN Set port VLAN ID Configure the Switch IP management address 5 1 1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port s belongs You ca...

Страница 50: ...nce the VLAN2 network is connected to port 1 on the Switch select Fixed to configure port 1 to be a permanent member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs c...

Страница 51: ...hen click the VLAN Port Setting link 2 Enter 2 in the PVID field for port 1 and click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s...

Страница 52: ...Basic Setting IP Setup in the navigation panel 4 Configure the related fields in the IP Setup screen 5 For the VLAN2 network enter 192 168 2 1 as the IP address and 255 255 255 0 as the subnet mask 6...

Страница 53: ...server A connected to port 5 to assign IP addresses to all devices in VLAN 100 Create a VLAN containing ports 5 6 and 7 Connect a computer M to the Switch s port which is not in VLAN 100 Note For rela...

Страница 54: ...s 5 6 and 7 in the VLAN by selecting Fixed in the Control field as shown Deselect Tx Tagging because you don t want outgoing traffic to contain this VLAN tag Click Add 3 Go to Advanced Application VLA...

Страница 55: ...ify VLAN 100 as the DHCP VLAN as shown Click Apply 5 Click the Port link at the top right corner 6 The DHCP Snooping Port Configure screen appears Select Trusted in the Server Trusted state field for...

Страница 56: ...r port 6 or 7 The computer should be able to get an IP address from the DHCP server If you put the DHCP server on port 6 or 7 the computer will not able to get an IP address 10 To check if DHCP snoopi...

Страница 57: ...the system name VLAN ID and port number in the DHCP request Client A connects to the Switch s port 2 in VLAN 102 6 2 2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 1...

Страница 58: ...N Group ID field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 7 Click Add to save the...

Страница 59: ...per right corner of the web configurator to save your configuration permanently 6 2 3 Configuring DHCP Relay Follow the steps below to enable DHCP relay on the Switch and allow the Switch to add relay...

Страница 60: ...nt A s IP address If it did not receive the IP address 172 16 1 18 make sure 1 Client A is connected to the Switch s port 2 in VLAN 102 2 You configured the correct VLAN ID port number and system name...

Страница 61: ...are as follows 6 3 1 Configuring Switch A 1 Click Advanced Application PPPoE Intermediate Agent Select Active then click Apply Click Port on the top of the screen Table 6 Settings in this Tutorial SWI...

Страница 62: ...port 5 and enter userC as Circuit id and 00134900000A as Remote id Select Trusted for port 12 and then leave the other fields empty Click Apply Then Click Intermediate Agent on the top of the screen 3...

Страница 63: ...ver are in VLAN 1 in this example Click Apply 5 Then select Yes to enable PPPoE IA in VLAN 1 and also select Circuit id and Remote id to allow the Switch to add these two strings to frames tagged with...

Страница 64: ...Guide 64 1 Click Advanced Application PPPoE Intermediate Agent Select Active then click Apply Click Port on the top of the screen 2 Select Trusted for ports 11 and 12 and then click Apply Then Click I...

Страница 65: ...Click VLAN on the top of the screen 4 Enter 1 for both Start VID and End VID Click Apply 5 Then select Yes to enable PPPoE IA in VLAN 1 and also select Circuit id and Remote id to allow the Switch to...

Страница 66: ...equests over 100 packets per second received on a port You also want the Switch to wait for a period of time 10 minutes before resuming the port automatically after the problem s are gone Loop guard a...

Страница 67: ...rt to apply the setting to all ports Then click Apply 3 Click Advanced Application Errdisable Errdisable Detect select Active for cause ARP and inactive port as the mode Then click Apply 4 Click Advan...

Страница 68: ...t to ports 1 2 or 3 to a guest VLAN 200 for example before they can authenticate with the authentication server In this guest VLAN clients can surf the Internet through the default gateway attached to...

Страница 69: ...Advanced Application VLAN Static VLAN 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN 200 for example in the Name field and enter 200 in the VLAN Group ID field 5 Select Fixed...

Страница 70: ...t when the Switch s power is turned off 8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen 9 Enter 200 in the PVID field for ports 1 2...

Страница 71: ...he upper right corner of the web configurator to save your configuration permanently 6 5 2 Enabling IEEE 802 1x Port Authentication Follow the steps below to enable port authentication to validate acc...

Страница 72: ...the first Active checkbox to enable 802 1x authentication on the Switch Select the Active checkboxes for ports 1 to 8 to turn on 802 1x authentication on the selected ports Click Apply 6 5 3 Enabling...

Страница 73: ...icate on each of these port 5 in this example Click Apply 3 Click the Save link in the upper right corner of the web configurator to save your configuration permanently Clients that attach to port 1 2...

Страница 74: ...ports 2 3 and 4 6 6 1 Creating a VLAN Follow the steps below to configure port 2 3 4 and 25 as a member of VLAN 123 1 Access the web configurator through the Switch s port which is not in VLAN 123 2 G...

Страница 75: ...Tagging check box to set the Switch to remove VLAN tags before sending frames out of these ports 7 Click Add to save the settings to the run time memory Settings in the run time memory are lost when...

Страница 76: ...he frames are forwarded to the VLAN group that the tag defines 10 Click Apply to save your changes back to the run time memory 11 Click the Save link in the upper right corner of the web configurator...

Страница 77: ...the VLAN ID field Click Add 3 Click the Save link in the upper right corner of the web configurator to save your configuration permanently Ports 2 3 and 4 in this VLAN will be added to the isolated p...

Страница 78: ...Chapter 6 Tutorials MES3500 24 24F User s Guide 78...

Страница 79: ...79 PART II Technical Reference...

Страница 80: ...80...

Страница 81: ...home page and port details screens 7 1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details 7 2 Port Status Summary...

Страница 82: ...s the STP state of the port see Section 13 1 on page 122 for more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP This fields displays w...

Страница 83: ...7 Status Port Details The following table describes the labels in this screen Table 8 Status Port Details LABEL DESCRIPTION Port Info Port NO This field displays the port number you are viewing Name T...

Страница 84: ...shows the number of good multicast packets received Broadcast This field shows the number of good broadcast packets received Pause This field shows the number of 802 3x Pause packets received TX Colli...

Страница 85: ...1023 This field shows the number of packets including bad packets received that were between 512 and 1023 octets in length 1024 1518 This field shows the number of packets including bad packets receiv...

Страница 86: ...om an external server when you turn on your Switch The real time is then displayed in the Switch logs The Switch Setup screen allows you to set up and configure global Switch features The IP Setup scr...

Страница 87: ...to the location of the temperature sensors on the Switch printed circuit board Current This shows the current temperature at this sensor MAX This field displays the maximum temperature measured at th...

Страница 88: ...e service protocol that your timeserver uses Not all time servers support all protocols so you may have to use trial and error to find a protocol that works The main differences between them are the t...

Страница 89: ...mples Daylight Saving Time starts in most parts of the United States on the second Sunday of March Each time zone in the United States starts using Daylight Saving Time at 2 A M local time So in the U...

Страница 90: ...ed to all ports on other switches A and C including the isolated ports Smart isolation allows you to prevent isolated ports on different switches from transmitting traffic to each other After you enab...

Страница 91: ...ing Switch Setup The following table describes the labels in this screen Table 11 Basic Setting Switch Setup LABEL DESCRIPTION VLAN Type Choose 802 1Q or Port Based The VLAN Setup screen changes depen...

Страница 92: ...given the default priority of the ingress port Use the next fields to configure the priority level to physical queue mapping The Switch has eight physical queues that you can map to the 8 priority le...

Страница 93: ...oing traffic 8 6 1 Management IP Addresses The Switch needs an IP address for it to be managed over the network The factory default in band IP address is 192 168 1 1 The subnet mask specifies the netw...

Страница 94: ...rt cannot access the device To access the Switch make sure the port that you are connected to is a member of Management VLAN Apply Click Apply to save your changes to the Switch s run time memory The...

Страница 95: ...BEL DESCRIPTION Port This is the port index number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the comm...

Страница 96: ...ows buffer memory causing packet discards and frame losses Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port The Switch uses IEEE802 3x flow control...

Страница 97: ...t The remaining twelve bits define the VLAN ID giving a possible maximum number of 4 096 VLANs Note that user priority and VLAN ID are independent of each other A frame with VID VLAN Identifier of nul...

Страница 98: ...it VLAN groups beyond the local Switch Please refer to the following table for common IEEE 802 1Q VLAN terminology Table 14 IEEE 802 1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Perma...

Страница 99: ...wever with VLAN Trunking enabled on a port s in each intermediary switch you only need to create VLAN groups in the end devices A and B C D and E automatically allow frames with VLAN group tags 1 and...

Страница 100: ...is is the number of VLANs configured on the Switch The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only whe...

Страница 101: ...IPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that was configured in the Static VLAN screen Port Number This column displays the ports that a...

Страница 102: ...up for identification purposes This name consists of up to 64 printable characters spaces are allowed VLAN Group ID Enter the VLAN ID for this static entry the valid range is between 1 and 4094 Port T...

Страница 103: ...ory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to start configuring the screen again VID This field displays the ID number of the VLAN...

Страница 104: ...o all the ports as soon as you make them Ingress Check If this check box is selected for a port the Switch discards incoming frames for VLANs that do not include this port in its member set Clear this...

Страница 105: ...ly That is video services receive the highest priority and data the lowest Figure 39 Subnet Based VLAN Application Example 9 7 Configuring Subnet Based VLAN Click Subnet Based VLAN in the VLAN Port Se...

Страница 106: ...hese changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Active Check this box to...

Страница 107: ...iority than ARP traffic when they go through the uplink port to a backbone switch C Figure 41 Protocol Based VLAN Application Example Add Click Add to save your changes to the Switch s run time memory...

Страница 108: ...d VLAN Ethernet type Use the drop down list box to select a predefined protocol to be included in this protocol based VLAN or select Others and type the protocol number in hexadecimal notation For exa...

Страница 109: ...fying this protocol based VLAN Click on any of these numbers to edit an existing protocol based VLAN Active This field shows whether the protocol based VLAN is active or not Port This field shows whic...

Страница 110: ...d VLANs require allowed outgoing ports to be defined for each port Therefore if you wish to allow two subscriber ports to talk to each other for example between conference rooms in a hotel you must de...

Страница 111: ...or Port Isolated from the drop down list depending on your VLAN and VLAN security requirements If VLAN members need to communicate directly with each other then select All Connected Select Port Isola...

Страница 112: ...hapter 9 VLAN MES3500 24 24F User s Guide 112 The following screen shows users on a port based port isolated VLAN configuration Figure 45 Advanced Application VLAN Port Based VLAN Setup Port Isolation...

Страница 113: ...at is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the in...

Страница 114: ...e MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC ad...

Страница 115: ...or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afres...

Страница 116: ...e Static multicast addresses do not age out Static multicast forwarding allows you the administrator to forward multicast frames to a member without the member having to join the group first If a mult...

Страница 117: ...ames being forwarded to ports 2 and 3 within VLAN group 4 Figure 47 No Static Multicast Forwarding Figure 48 Static Multicast Forwarding to A Single Port Figure 49 Static Multicast Forwarding to Multi...

Страница 118: ...the VLAN group here If you don t have a specific target VLAN enter 1 Port Enter the port s where frames with destination MAC address that matched the entry above are forwarded You can enter multiple p...

Страница 119: ...a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to...

Страница 120: ...PTION Active Make sure to select this check box to activate your rule You may temporarily deactivate a rule without deleting it by deselecting this check box Name Type a descriptive name up to 32 prin...

Страница 121: ...the factory defaults Index This field displays the index number of the rule Click an index number to change the settings Active This field displays Yes when the rule is activated and No when is it de...

Страница 122: ...eing backwards compatible with STP only aware bridges In RSTP topology change information is directly propagated throughout the network from the device that generates the topology change In STP a long...

Страница 123: ...en established all bridges listen for Hello BPDUs Bridge Protocol Data Units transmitted from the root bridge If a bridge does not get a Hello BPDU after a predefined interval Max Age the bridge assum...

Страница 124: ...s belong to which spanning tree Note Each port can belong to one STP tree only 13 1 5 Multiple STP Multiple Spanning Tree Protocol IEEE 802 1s is backwards compatible with STP RSTP and addresses the l...

Страница 125: ...ifferent spanning trees in the network Thus traffic from the two VLANs travel on different paths The following figure shows the network example using MSTP Figure 54 MSTP Network Example 13 1 5 2 MST R...

Страница 126: ...y to a region Thus an MSTI does not span across MST regions The following figure shows an example where there are two MST regions Regions 1 and 2 have 2 spanning tree instances Figure 55 MSTIs in Diff...

Страница 127: ...Protocol This screen differs depending on which STP mode RSTP MRSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration section for ea...

Страница 128: ...ed Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree or...

Страница 129: ...LAN If it is a root port a new root port is selected from among the switch ports attached to the network The allowed range is 6 to 40 seconds Forwarding Delay This is the maximum time in seconds a sw...

Страница 130: ...vigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 28 Advanced Application Spanning Tree Pro...

Страница 131: ...port states Note The listening state does not exist in RSTP Cost to Bridge This is the path cost from the root port on this Switch to the root switch Port ID This is the priority and number of the po...

Страница 132: ...tion about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary...

Страница 133: ...ble 31 Advanced Application Spanning Tree Protocol Status MRSTP LABEL DESCRIPTION Configuration Click Configuration to specify which STP mode you want to activate Click MRSTP to edit MRSTP settings on...

Страница 134: ...and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree Topology Changed Times This is the number of times the spanning tree has been reconfi...

Страница 135: ...de 135 13 8 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Section 13 1 5 on page 124 for more information on MSTP...

Страница 136: ...eive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwis...

Страница 137: ...ecides which port should be disabled when more than one port forms a loop in the Switch Ports with a higher priority numeric value are disabled first The allowed range is between 0 and 255 and the def...

Страница 138: ...rt by port basis Note Changes in this row are copied to all the ports as soon as you make them Edge Select this check box to configure a port as an edge port when it is directly attached to a computer...

Страница 139: ...n the Switch CST This section describes the Common Spanning Tree settings Bridge Root refers to the base of the spanning tree the root bridge Our Bridge is this Switch This Switch may also be the root...

Страница 140: ...e spanning tree was last reconfigured Instance These fields display the MSTI to VLAN mapping In other words which VLANs run on each spanning tree instance Instance This field displays the MSTI ID VLAN...

Страница 141: ...guaranteed bandwidth for the incoming traffic flow on a port The Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion...

Страница 142: ...s and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Ingress Rate Active Select this check box to activate commit rate limi...

Страница 143: ...y The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cance...

Страница 144: ...econd the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port Click Advanced...

Страница 145: ...ives per second Multicast pkt s Select this option and specify how many multicast packets the port receives per second DLF pkt s Select this option and specify how many destination lookup failure DLF...

Страница 146: ...s screen to select a monitor port and specify the traffic flow to be copied to the monitor port Figure 68 Advanced Application Mirroring The following table describes the labels in this screen Table 3...

Страница 147: ...mirror the traffic on a port Direction Specify the direction of the traffic to mirror by selecting from the drop down list box Choices are Egress outgoing Ingress incoming and Both Apply Click Apply t...

Страница 148: ...ensures increased network stability and control over the trunk groups on your Switch See Section 17 6 on page 154 for a static port trunking example 17 2 Dynamic Link Aggregation The Switch adheres t...

Страница 149: ...KEY PORT PRIORITY PORT NUMBER 0000 00 00 00 00 00 00 0000 00 0000 Table 39 Link Aggregation ID Peer Switch SYSTEM PRIORITY MAC ADDRESS KEY PORT PRIORITY PORT NUMBER 0000 00 00 00 00 00 00 0000 00 000...

Страница 150: ...rce MAC address dst mac means the Switch distributes traffic based on the packet s destination MAC address src dst mac means the Switch distributes traffic based on a combination of the packet s sourc...

Страница 151: ...dvanced Application Link Aggregation Link Aggregation Setting The following table describes the labels in this screen Table 41 Advanced Application Link Aggregation Link Aggregation Setting LABEL DESC...

Страница 152: ...addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distribute...

Страница 153: ...ESCRIPTION Link Aggregation Control Protocol Note Do not configure this screen unless you want to enable dynamic link aggregation Active Select this checkbox to enable Link Aggregation Control Protoco...

Страница 154: ...ges in this row are copied to all the ports as soon as you make them LACP Timeout Timeout is the time interval between the individual port exchanges of LACP packets in order to check that the peer por...

Страница 155: ...gregation Setting In this screen activate trunk group T1 select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below...

Страница 156: ...col to validate users See Section 25 1 2 on page 202 for more information on configuring your RADIUS server settings Note If you enable IEEE 802 1x authentication and MAC authentication on the same po...

Страница 157: ...1x Authentication Process 18 1 2 MAC Authentication MAC authentication works in a very similar way to IEEE 802 1x authentication The main difference is that the Switch does not prompt the client for l...

Страница 158: ...rt authentication first activate the port authentication method s you want to use both on the Switch and the port s then configure the RADIUS server settings in the AAA Radius Server Setup screen To a...

Страница 159: ...w only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to a...

Страница 160: ...enter his or her username and password to stay connected to the port Reauth period Specify the length of time required to pass before a client has to re enter his or her username and password to stay...

Страница 161: ...you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the por...

Страница 162: ...correct credential they are all put in the guest VLAN Once the first user who did authentication logs out or disconnects from the port rest of the users are blocked until a user does the authenticati...

Страница 163: ...lient fails MAC authentication its MAC address is learned by the MAC address table with a status of denied The timeout period you specify here is the time the MAC address entry stays in the MAC addres...

Страница 164: ...ividual ports other than the sum cannot exceed 16K For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you d...

Страница 165: ...k box to enable the port security feature on this port The Switch forwards packets whose MAC address es is in the MAC address table on this port Packets with no matching MAC address es are dropped Cle...

Страница 166: ...h as the source address destination address source port number destination port number or incoming port number For example you can configure a classifier to select traffic from the same protocol port...

Страница 167: ...ow to configure a layer 2 classifier VLAN Select Any to classify traffic from any VLAN or select the second option and specify the source VLAN ID in the field provided Priority Select Any to classify...

Страница 168: ...e IP Address Address Prefix Enter a source IP address in dotted decimal notation Specify the address prefix by entering the number of ones in the subnet mask Socket Number Note You must select either...

Страница 169: ...Active This field displays Yes when the rule is activated and No when it is deactivated Name This field displays the descriptive name for this rule This is for identification purposes only Rule This...

Страница 170: ...nfiguring a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 Figure 84 Classifier Example After you have configured a classifier you can configure a policy to define...

Страница 171: ...ry flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 21 1 2 DSCP and Per Hop Behavior DiffServ defines a new DS Differenti...

Страница 172: ...RIPTION Active Select this option to enable the policy Name Enter a descriptive name for identification purposes Classifier s This field displays the active classifier s you configure in the Classifie...

Страница 173: ...ated queue Select Replace the 802 1p priority field with the IP TOS value and send the packet to priority queue to replace the packet s 802 1p priority field with the value you set in the TOS field Th...

Страница 174: ...ing table describes the labels in this screen Table 52 Policy Summary Table LABEL DESCRIPTION Index This field displays the policy index number Click an index number to edit the policy Active This fie...

Страница 175: ...de 175 21 4 Policy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth on a traffic flow classified using the Example classifier refer to Section 20...

Страница 176: ...st When that queue empties traffic on the next highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traf...

Страница 177: ...looping fashion until a queue is empty Weighted Round Robin Scheduling WRR uses the same algorithm as round robin scheduling but services queues based on their priority and queue weight the number you...

Страница 178: ...e in the Weight field Queues with larger weights get more guaranteed bandwidth than queues with smaller weights Weighted Round Robin Scheduling services queues on a rotating basis based on their queue...

Страница 179: ...up to 4 094 customer VLANs This allows a service provider to provide different service based on specific VLANs for many different customers A service provider s customers may require a range of VLANs...

Страница 180: ...switching Select Access Port for ingress ports on the service provider s edge devices 1 and 2 in the VLAN stacking example figure The incoming frame is treated as untagged so a second VLAN tag outer V...

Страница 181: ...n the Switch then the Switch will not add the tag Priority refers to the IEEE 802 1p standard that allows the service provider to prioritize traffic based on the class of service CoS the customer has...

Страница 182: ...d Select Access Port to have the Switch add the SP TPID tag to all incoming frames received on this port Select Access Port for ingress ports at the edge of the service provider s network Select Tunne...

Страница 183: ...begin configuring this screen afresh Table 57 Advanced Application VLAN Stacking continued LABEL DESCRIPTION Table 58 Advanced Application VLAN Stacking Port based QinQ LABEL DESCRIPTION Port The port...

Страница 184: ...ame Enter a descriptive name up to 32 printable ASCII characters for identification purposes Port The port number identifies the port you are configuring CVID Enter a customer VLAN ID the inner VLAN t...

Страница 185: ...tomer VLAN ID in the incoming packets SPVID This is the service provider s VLAN ID that adds to the packets from the subscribers Priority This is the service provider s priority level in the packets D...

Страница 186: ...oses see the IANA website for more information 24 1 2 IGMP Filtering With the IGMP filtering feature you can control which IGMP groups a subscriber on a port can join This allows you to control the di...

Страница 187: ...es not learn multicast group membership of any VLANs other than those explicitly added as an IGMP snooping VLAN 24 2 Multicast Status Click Advanced Applications Multicast to display the screen as sho...

Страница 188: ...hat are members of that group Querier Select this option to allow the Switch to send IGMP General Query messages to the VLANs with the multicast hosts attached Host Timeout Specify the time from 1 to...

Страница 189: ...ost connected to this port Normal Leave Enter an IGMP normal leave timeout value from 200 to 6 348 800 in miliseconds Select this option to have the Switch use this timeout to update the forwarding ta...

Страница 190: ...connected to an IGMP multicast router or server The Switch forwards IGMP join or leave packets to an IGMP query port Select Auto to have the Switch use the port as an IGMP query port if the port recei...

Страница 191: ...witch can learn up to 16 VLANs including up to five VLANs you configured in the MVR screen For example if you have configured one multicast VLAN in the MVR screen you can only specify up to 15 VLANs i...

Страница 192: ...ulticast Setting IGMP Filtering Profile Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turne...

Страница 193: ...ame and specify a different IP multicast address range Start Address Type the starting multicast IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile End...

Страница 194: ...mpatible mode the Switch does not send any IGMP reports In this case you must manually configure the forwarding settings on the multicast devices in the multicast VLAN 24 6 3 How MVR Works The followi...

Страница 195: ...m the forwarding table Figure 98 MVR Multicast Television Example 24 7 General MVR Configuration Use the MVR screen to create multicast VLANs and select the receiver port s and a source port for each...

Страница 196: ...tion purposes Multicast VLAN ID Enter the VLAN ID 1 to 4094 of the multicast VLAN 802 1p Priority Select a priority level 0 7 with which the Switch replaces the priority in outgoing IGMP control packe...

Страница 197: ...outgoing frames transmitted Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigat...

Страница 198: ...to Section 24 1 1 on page 186 for more information on IP multicast addresses End Address Enter the ending IP multicast address of the multicast group in dotted decimal notation Enter the same IP addr...

Страница 199: ...VLAN 1 are able to receive the traffic Figure 101 MVR Configuration Example To configure the MVR settings on the Switch create a multicast group in the MVR screen and set the receiver and source ports...

Страница 200: ...o the subscribers configure multicast group settings in the Group Configuration screen The following figure shows an example where two multicast groups News and Movie are configured for the multicast...

Страница 201: ...itch itself or it can use an external server to authorize a large number of users Accounting is the process of recording what a user is doing The Switch can use an external server to track when users...

Страница 202: ...Switch First configure your authentication and accounting server settings RADIUS TACACS or both and then set up the authentication priority activate authorization and configure accounting settings Cl...

Страница 203: ...the second RADIUS server Select round robin to alternate between the RADIUS servers that it sends authentication requests to Timeout Specify the amount of time in seconds that the Switch waits for an...

Страница 204: ...erver Index This is a read only number representing a RADIUS accounting server entry IP Address Enter the IP address of an external RADIUS accounting server in dotted decimal notation UDP Port The def...

Страница 205: ...h tries to authenticate with the first configured TACACS server if the TACACS server does not respond then the Switch tries to authenticate with the second TACACS server Select round robin to alternat...

Страница 206: ...nds that the Switch waits for an accounting request response from the TACACS server Index This is a read only number representing a TACACS accounting server entry IP Address Enter the IP address of an...

Страница 207: ...Switch management Configure the access privilege of accounts via commands see the Ethernet Switch CLI Reference Guide for local authentication The TACACS and RADIUS are external servers Before you sp...

Страница 208: ...er Active Select this to activate authorization for a specified event types Method Select whether you want to use RADIUS or TACACS for authorization of specific types of events RADIUS is the only meth...

Страница 209: ...r users authenticating via the RADIUS server Mode The Switch supports two modes of recording login events Select start stop to have the Switch send information to the accounting server when a user beg...

Страница 210: ...ed on the RADIUS server This section lists the RADIUS attributes supported by the Switch Table 70 Supported VSAs FUNCTION ATTRIBUTE Ingress Bandwidth Assignment Vendor Id 890 Vendor Type 1 Vendor data...

Страница 211: ...erver when performing authentication 25 3 1 1 Attributes Used for Authenticating Privilege Access User Name the format of the User Name attribute is enab where is the privilege level 1 14 User Passwor...

Страница 212: ...that they are sent the difference between Console and Telnet SSH Exec events is that the Telnet SSH events utilize the Calling Station Id attribute Table 72 RADIUS Attributes Exec Events via Console...

Страница 213: ...74 RADIUS Attributes Exec Events via Console ATTRIBUTE START INTERIM UPDATE STOP User Name NAS IP Address NAS Port Class Called Station Id Calling Station Id NAS Identifier NAS Port Type Acct Status...

Страница 214: ...rd consists of the following features Static bindings Use this to create static bindings in the binding table DHCP snooping Use this to filter unauthorized DHCP packets on the network and to build the...

Страница 215: ...Switch restarts it loads static bindings from permanent memory but loses the dynamic bindings in which case the devices in the network have to send DHCP requests again As a result it is recommended yo...

Страница 216: ...configure this setting for each source VLAN This setting is independent of the DHCP relay settings Chapter 36 on page 276 26 1 1 4 Configuring DHCP Snooping Follow these steps to configure DHCP snoopi...

Страница 217: ...port or an untrusted port for ARP inspection This setting is independent of the trusted untrusted setting for DHCP snooping You can also specify the maximum rate at which the Switch receives ARP pack...

Страница 218: ...n one static binding If you try to create a static binding with the same MAC address and VLAN Table 75 IP Source Guard LABEL DESCRIPTION Index This field displays a sequential number for each binding...

Страница 219: ...to create the specified static binding or to update an existing one Cancel Click this to reset the values above based on the last selected static binding or if not applicable to clear the fields abov...

Страница 220: ...IP Source Guard DHCP Snooping Figure 114 DHCP Snooping The following table describes the labels in this screen Table 77 DHCP Snooping LABEL DESCRIPTION Database Status This section displays the curren...

Страница 221: ...updated the DHCP snooping database unsuccessfully Last failed reason This field displays the reason the Switch updated the DHCP snooping database unsuccessfully This section displays historical infor...

Страница 222: ...bindings the Switch ignored because the lease time had already expired Unsupported vlans This field displays the number of bindings the Switch ignored because the VLAN ID does not exist anymore Last...

Страница 223: ...guish between DHCP requests from different VLAN Select Disable if you do not want the Switch to forward DHCP packets to a specific VLAN Database If Timeout interval is greater than Write delay interva...

Страница 224: ...Switch to load it You can use this to load dynamic bindings from a different DHCP snooping database than the one specified in Agent URL When the Switch loads dynamic bindings from a DHCP snooping data...

Страница 225: ...nected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and...

Страница 226: ...to DHCP requests that it broadcasts to the DHCP VLAN if specified or VLAN You can specify the DHCP VLAN in the DHCP Snooping Configure screen See Section 26 5 on page 222 Information Select this to h...

Страница 227: ...and click Delete to remove the specified entry Delete Click this to remove the selected entries Cancel Click this to clear the Delete check boxes above Table 81 ARP Inspection Status continued LABEL D...

Страница 228: ...us table Click Apply to remove all the log messages that were generated by ARP packets and that have not been sent to the syslog server yet Total number of logs This field displays the number of log m...

Страница 229: ...ing with the same MAC address and VLAN ID static deny An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID deny An ARP packet was discarded because th...

Страница 230: ...re dropped due to unavailable buffer Click Clearing log status table in the ARP Inspection Log Status screen to clear the log and reset this counter See Section 26 6 2 on page 228 Syslog rate Type the...

Страница 231: ...trusted ports Limit Rate and Burst Interval settings have no effect on trusted ports Rate pps Specify the maximum rate 1 2048 packets per second at which the Switch receives ARP packets from each port...

Страница 232: ...splays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied to all VLANs Enabled Select Yes to enable ARP inspection on the VLAN Select No to disabl...

Страница 233: ...problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a switch are...

Страница 234: ...rd enabled port N on switch A sending a probe packet P to switch B Since switch B is in loop state the probe packet P returns to port N on A The Switch then shuts down port N to ensure that the rest o...

Страница 235: ...anced Application Loop Guard LABEL DESCRIPTION Active Select this option to enable loop guard on the Switch The Switch generates syslog internal log messages as well as SNMP traps when it shuts down a...

Страница 236: ...y The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cance...

Страница 237: ...nabled the Switch forwards the tagged packets according to its VLAN tag that do not match an entry in the VLAN mapping table If the incoming packets are untagged the Switch adds a PVID based on the VL...

Страница 238: ...he setting the same for all ports Use this row first and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this check...

Страница 239: ...level that replaces the customer priority level in the tagged packets or adds to the untagged packets Add Click Add to insert the entry in the summary table below and save your changes to the Switch s...

Страница 240: ...Chapter 28 VLAN Mapping MES3500 24 24F User s Guide 240...

Страница 241: ...customer switches A B and C in the following figure connected through the service provider s network The edge switch encapsulates layer 2 protocol packets with a specific MAC address before sending t...

Страница 242: ...er 2 protocol tunneling modes Access and Tunnel The Access port is an ingress port on the service provider s edge device 1 or 2 in Figure 133 on page 242 and connected to a customer switch A or B Inco...

Страница 243: ...acing the destination MAC address in the packets Note The MAC address can be either a unicast MAC address or multicast MAC address If you use a unicast MAC address make sure the MAC address does not e...

Страница 244: ...ption to have the Switch send LACP packets to a peer to dynamically creates and manages trunk groups UDLD Select this option to have the Switch send UDLD packets to a peer s port it connected to monit...

Страница 245: ...ow agent then creates sFlow data and sends it to an sFlow collector The sFlow collector is a server that collects and analyzes sFlow datagram An sFlow datagram includes packet header input and output...

Страница 246: ...on volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Port This field displays the port number Use this row to make the setting the same for all...

Страница 247: ...o allow incoming traffic if the collector is behind a firewall Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power...

Страница 248: ...This field displays IP address of the sFlow collector UDP Port This field displays port number the Switch uses to send sFlow datagram to the collector Delete Check the rule s that you want to remove i...

Страница 249: ...oE Active Discovery Initialization and PADR PPPoE Active Discovery Request packets from PPPoE clients This tag is defined in RFC 2516 and has the following format for this feature The Tag_Type is 0x01...

Страница 250: ...long to VLAN 123 31 1 2 2 WT 101 Default Circuit ID Syntax If you do not configure a Circuit ID string for a specific VLAN on a port or for a specific port and disable the flexible Circuit ID syntax i...

Страница 251: ...ed to subscribers If a PADI PADR or PADT packet is sent from a PPPoE client and received on an untrusted port the Switch adds a vendor specific tag to the packet and then forwards it to the trusted po...

Страница 252: ...over this That means if you also want to configure PPPoE IA Per Port or Per Port Per VLAN setting leave the fields here empty and configure circuit id and remote id in the Per Port or Per Port Per VLA...

Страница 253: ...escribes the labels in this screen Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the...

Страница 254: ...untrusted port Circuit id Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Circuit ID sub option for PPPoE discovery packets received on this port Spaces are allowed Th...

Страница 255: ...tings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Note Changes in this row are copied to all t...

Страница 256: ...ck Apply to display the specified range of VLANs in the section below VID This field displays the VLAN ID of each VLAN in the range specified above If you configure the VLAN the settings are applied t...

Страница 257: ...lows you to limit the rate of ARP BPDU and IGMP packets to be delivered to the CPU on a port This enhances the CPU efficiency and protects against potential DoS attacks or errors from other network s...

Страница 258: ...figuration Use this screen to limit the maximum number of control packets ARP BPDU and or IGMP that the Switch can receive or transmit on a port Click the Click Here link next to CPU protection in the...

Страница 259: ...you make them Rate Limit pkt s Enter a number from 0 to 256 to specify how many control packets this port can receive or transmit per second 0 means no rate limit You can configure the action that th...

Страница 260: ...rt rate limitation The Switch drops the additional control packets the port has to handle in every one second Apply Click Apply to save your changes to the Switch s run time memory The Switch loses th...

Страница 261: ...nter the number of seconds from 30 to 2592000 for the time interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses p...

Страница 262: ...ys in the promiscuous port list A promiscuous port can communicate with any port in the same VLAN An isolated port can communicate with the promiscuous port s only Note You can have up to one private...

Страница 263: ...Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the...

Страница 264: ...Chapter 33 Private VLAN MES3500 24 24F User s Guide 264...

Страница 265: ...h the default gateway The Switch can also use static routes to send data to a server or device that is not reachable through the default gateway for example when sending SNMP traps or using ping to te...

Страница 266: ...the gateway The gateway is an immediate neighbor of your Switch that will forward the packet to the destination The gateway must be a router on the same segment as your Switch Metric The metric repres...

Страница 267: ...lays the subnet mask for this destination Gateway Address This field displays the IP address of the gateway The gateway is an immediate neighbor of your Switch that will forward the packet to the dest...

Страница 268: ...ffServ defines a new DS Differentiated Services field to replace the Type of Service ToS field in the IP header The DS field contains a 6 bit DSCP field which can define up to 64 service levels and th...

Страница 269: ...ets are admitted to the network The PIR is greater than or equal to the CIR CIR and PIR values are based on the guaranteed and maximum bandwidth respectively as negotiated between a service provider a...

Страница 270: ...w can only be marked with an equal or higher packet loss priority Packets marked red high packet loss priority continue to be red without evaluation against the PIR or CIR Packets marked yellow can on...

Страница 271: ...Switch Port This field displays the index number of a port on the Switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row...

Страница 272: ...high loss priority colored packets Mode Select color blind to have the Switch treat all incoming packets as uncolored All incoming packets are evaluated against the CIR and PIR Select color aware to t...

Страница 273: ...o the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 108 IP Application DiffServ 2 rate 3 Color Marker continued LABEL DESCRIPTION...

Страница 274: ...erv DSCP Setting Green This field displays the DSCP value to use for packets with low packet loss priority in this profile Yellow This field displays the DSCP value to use for packets with medium pack...

Страница 275: ...ication number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses the...

Страница 276: ...s If there is already a DHCP server on your network then you can configure the Switch as a DHCP relay agent When the Switch receives a request from a computer on your network it contacts the DHCP serv...

Страница 277: ...the requests The DHCP server can then provide an IP address based on this information Please refer to RFC 3046 for more details The DHCP Relay Agent Information feature adds an Agent Information fiel...

Страница 278: ...ion Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information Th...

Страница 279: ...es the DHCP clients in both domains Figure 161 Global DHCP Relay Network Example Configure the DHCP Relay screen as shown Make sure you select the Option 82 check box to set the Switch to send additio...

Страница 280: ...ion Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information Th...

Страница 281: ...1 100 Requests from the academic buildings VLAN 2 are sent to the other DHCP server with an IP address of 172 16 10 100 Figure 164 DHCP Relay for Two VLANs For the example network configure the VLAN...

Страница 282: ...Chapter 36 DHCP MES3500 24 24F User s Guide 282...

Страница 283: ...re Upgrade Click Click Here to go to the Firmware Upgrade screen Restore Configuration Click Click Here to go to the Restore Configuration screen Backup Configuration Click Click Here to go to the Bac...

Страница 284: ...dress of your computer to be in the same subnet as that of the default Switch IP address 192 168 1 1 37 3 Save Configuration Click Config 1 to save the current configuration settings permanently to Co...

Страница 285: ...uploaded to the current image See Section 37 8 on page 287 for more information about images and uploading firmware to a different image Be sure to upload the correct model firmware as uploading the...

Страница 286: ...atically renamed when you restore using this screen 37 7 Backup a Configuration File Backing up your Switch configurations allows you to create various snap shots of your device from which you may res...

Страница 287: ...0 and ras 1 You can switch from one to the other by using the boot image index command where index is 1 ras 0 or 2 ras 1 See the CLI Reference Guide for more information about using commands The syst...

Страница 288: ...computer and renames it to config cfg See Table 117 on page 287 for more information on filename conventions 7 Enter quit to exit the ftp prompt 37 8 3 GUI based FTP Clients The following table descri...

Страница 289: ...7 Maintenance MES3500 24 24F User s Guide 289 The IP address es in the Remote Management screen does not match the client IP address If it does not match the Switch will disconnect the FTP session imm...

Страница 290: ...tion on disabling multi login 38 2 The Access Control Main Screen Click Management Access Control in the navigation panel to display the main screen as shown Figure 172 Management Access Control 38 3...

Страница 291: ...ents to communicate for the purpose of accessing these objects SNMP itself is a simple request response protocol based on the manager agent model The manager issues a request and the agent returns res...

Страница 292: ...ch The OIDs beginning with 1 3 6 1 4 1 890 1 5 8 57 are specific to the MES3500 24F switch Table 120 SNMP System Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION coldstart coldStart 1 3 6 1 6 3 1 1 5 1...

Страница 293: ...30 4 1 This trap is sent when an error is detected on a port such as a loop occurs or the rate limit for specific control packets is exceeded errdisableRecoveryTrap 1 3 6 1 4 1 890 1 5 8 68 130 4 2 1...

Страница 294: ...due to incorrect user name and or password RADIUSNotReachableEventOn 1 3 6 1 4 1 890 1 5 8 68 27 2 1 1 3 6 1 4 1 890 1 5 8 57 27 2 1 This trap is sent when there is no response message from the RADIU...

Страница 295: ...57 36 2 2 This trap is sent when the MRSTP topology changes MSTPTopologyChange 1 3 6 1 4 1 890 1 5 8 68 107 70 2 1 3 6 1 4 1 890 1 5 8 57 107 70 2 This trap is sent when the MSTP root switch changes...

Страница 296: ...ote SNMP version 2c is backwards compatible with SNMP version 1 Get Community Enter the Get Community string which is the password for the incoming Get and GetNext requests from the management station...

Страница 297: ...to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 125 Management Access Control SNMP continued LABEL DESCRIPTION Table 126 Man...

Страница 298: ...rol SNMP Trap Group continued LABEL DESCRIPTION Table 127 Management Access Control SNMP User LABEL DESCRIPTION User Information Note Use the username and password of the login accounts you specify in...

Страница 299: ...tem configuration including the management of administrator accounts readwrite Members of this group have read and write rights meaning that the user can create and edit the MIBs on the Switch except...

Страница 300: ...trator account with the admin user name You cannot change the default administrator user name Only the administrator has read write access Old Password Type the existing system password 1234 is the de...

Страница 301: ...etween two hosts over an unsecured network Figure 178 SSH Communication Example Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned of...

Страница 302: ...ds the result back to the server The client automatically saves any new server public keys In subsequent connections the server public key is checked against the saved version on the client computer 2...

Страница 303: ...transferred data authentication one party can identify the other party and data integrity you know if data has been changed It relies upon certificates public keys and private keys HTTPS on the Switch...

Страница 304: ...ere Switch IP Address is the IP address or domain name of the Switch you wish to access 38 9 1 Internet Explorer Warning Messages 38 9 1 1 Internet Explorer 6 When you attempt to access the Switch HTT...

Страница 305: ...icate may display If that is the case click Continue to this website not recommended to proceed to the web configurator login screen Figure 182 Security Certificate Warning Internet Explorer 7 or 8 Af...

Страница 306: ...r 38 Access Control MES3500 24 24F User s Guide 306 Click Install Certificate and follow the on screen instructions to install the certificate in your browser Figure 184 Certificate Internet Explorer...

Страница 307: ...2 Mozilla Firefox Warning Messages When you attempt to access the Switch HTTPS server a This Connection is Unstructed screen may display If that is the case click I Understand the Risks and then the...

Страница 308: ...tion to proceed to the web configurator login screen Figure 186 Security Alert Mozilla Firefox 38 9 3 The Main Screen After you accept the certificate and enter the login username and password the Swi...

Страница 309: ...r 7 or 8 denotes a secure connection Figure 187 Example Lock Denoting a Secure Connection 38 10 Service Port Access Control Service Access Control allows you to decide what services you may use to acc...

Страница 310: ...ch Service Port For Telnet SSH FTP HTTP or HTTPS services you may change the default service port by typing the new port number in the Server Port field If you change the default port number then you...

Страница 311: ...ient set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this...

Страница 312: ...llowing table describes the labels in this screen Table 131 Management Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi line text box Click Clear to empty...

Страница 313: ...message has a facility and severity level The syslog facility identifies a file in the syslog server Refer to the documentation of your syslog program for details The following table describes the sy...

Страница 314: ...setting Logging Type This column displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category F...

Страница 315: ...umber the more critical the logs are Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the to...

Страница 316: ...with one another In the following example switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members Figure 193 Clustering Applicat...

Страница 317: ...switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage c...

Страница 318: ...h through the cluster manager switch as shown in the following example Figure 196 Example Uploading Firmware to a Cluster Member Switch example example C ftp 192 168 1 1 Connected to 192 168 1 1 220 S...

Страница 319: ...gurator password default is 1234 ls Enter this command to list the name of cluster member switch s firmware and configuration file 400AABB0B1 bin This is the name of the firmware file you want to uplo...

Страница 320: ...SCRIPTION Clustering Manager Active Select Active to have this Switch become the cluster manager switch A cluster can only have one manager Other directly connected switches that are set to be cluster...

Страница 321: ...in the Clustering Candidate list and then enter its web configurator password If that switch administrator changes the web configurator password afterwards then it cannot be managed from the Cluster M...

Страница 322: ...mine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destinati...

Страница 323: ...tatic to display the MAC entries manually configured on the Switch Select MAC and enter a MAC address in the field provided to display a specified MAC entry Select VID and enter a VLAN ID in the field...

Страница 324: ...ring entries These entries will then display only in the Filtering screen and the default filtering action is Discard source Cancel Click Cancel to change the fields back to their last saved values In...

Страница 325: ...itch s ARP program looks in the ARP Table and if it finds the address sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch...

Страница 326: ...IP address Select Port and enter a port number to remove the dynamic entries learned on the specified port Flush Click Flush to remove the ARP entries according to the condition you specified Cancel C...

Страница 327: ...you can copy the settings of one port onto other ports 44 1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Manageme...

Страница 328: ...2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings you configured in the Basic Sett...

Страница 329: ...th the Switch 3 Make sure the power adaptor or cord is connected to the Switch and plugged in to an appropriate power source Make sure the power source is turned on 4 Turn the Switch off and on in DC...

Страница 330: ...AC DC models 6 If the problem continues contact the vendor 45 2 Switch Access and Login I forgot the IP address for the Switch 1 The default management IP address is 192 168 1 1 2 Use the console port...

Страница 331: ...ess the Switch check the remote management settings to find out why the Switch does not respond to HTTP I can see the Login screen but I cannot log in to the Switch 1 Make sure you have entered the us...

Страница 332: ...o check for unauthorized access to your Switch To avoid unauthorized access configure the secured client setting in the Management Access Control Remote Management screen for telnet HTTP and SSH see S...

Страница 333: ...cations that use this service or the situations in which this service is used Table 142 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authenticat...

Страница 334: ...rk environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING User Defined 1 Packet INternet Groper is a protocol that sends out ICMP ech...

Страница 335: ...ote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller...

Страница 336: ...Appendix A Common Services MES3500 24 24F User s Guide 336...

Страница 337: ...em is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned in this publication are used for identification purposes only and may be properties of their respective owners Certi...

Страница 338: ...duct on the ZyXEL home page to go to that product s page 3 Select the certification you wish to view from this page ZyXEL Limited Warranty ZyXEL warrants to the original end user purchaser that this p...

Страница 339: ...horization number RMA Products must be returned Postage Prepaid It is recommended that the unit be insured when shipped Any returned products without proof of purchase or those with an out dated warra...

Страница 340: ...ALIANO NEDERLANDS D claration de Produit Green Directive RoHS 2002 95 EC Dichiarazione Green Product Direttiva RoHS 2002 95 CE Productmilieuverklaring RoHS richtlijn 2002 95 EC Directive DEEE 2002 96...

Страница 341: ...7 authentication and RADIUS 202 setup 207 authorization privilege levels 209 setup 207 auto crossover 32 automatic VLAN registration 98 B back up configuration file 286 basic settings 86 basic setup t...

Страница 342: ...276 relay agent 276 relay example 281 setup 280 DHCP Dynamic Host Configuration Protocol 276 DHCP relay option 82 216 DHCP snooping 53 214 configuring 216 DHCP relay option 82 216 trusted ports 215 u...

Страница 343: ...ardware overview 30 hello time 136 hops 136 HTTPS 303 certificates 303 implementation 303 public keys private keys 303 HTTPS example 304 I IEEE 802 1p priority 92 IEEE 802 1x activate 159 162 205 reau...

Страница 344: ...233 how it works 234 port shut down 235 probe packet 234 loop guard vs STP 233 M MAC Media Access Control 87 MAC address 87 325 maximum number per port 165 MAC address learning 91 105 108 114 165 spec...

Страница 345: ...See MSTP 122 Multiple STP 124 Multiple STP see MSTP 124 MVR 193 configuration 195 group configuration 197 network example 193 MVR Multicast VLAN Registration 193 N network applications 23 network man...

Страница 346: ...ocols 106 108 isolate traffic 107 priority 106 108 PVID 97 104 PVID Priority Frame 97 Q QoS and classifier 166 queue weight 177 queuing 176 SPQ 177 WRR 177 queuing method 176 178 R rack mounting 27 RA...

Страница 347: ...114 static multicast address 116 static multicast forwarding 116 static routes 267 static trunking example 154 Static VLAN 102 static VLAN control 102 tagging 103 status 81 link aggregation 149 port 8...

Страница 348: ...UDLD 244 UniDirectional Link Detection see UDLD untrusted ports ARP inspection 217 DHCP snooping 215 PPPoE IA 251 user profiles 201 V Vendor Specific Attribute See VSA ventilation 27 VID 97 100 101 1...

Страница 349: ...l based VLAN VLAN subnet based See subnet based VLANs 104 VSA 209 VT100 31 VTP 244 W warranty 338 note 339 web configurator 39 getting help 46 layout 40 login 39 logout 46 navigation panel 41 weight q...

Результаты поиска

Содержание MES3500-24

Отзывы:

Похожие инструкции для MES3500-24

Бренды по названию

Популярные бренды

ZyXEL Communications MES3500-24, Руководство пользователя

Результаты поиска

Содержание MES3500-24

Отзывы:

Похожие инструкции для MES3500-24

Бренды по названию

Популярные бренды