ZyXEL Communications MGS-3712 Скачать руководство пользователя страница 186 | Manualshive

Страница: 186 / 308

background image

Chapter 23 IP Source Guard

MGS-3712/MGS-3012F User’s Guide

186

Trusted ports are connected to DHCP servers or other switches. The Switch discards DHCP
packets from trusted ports only if the rate at which DHCP packets arrive is too high. The
Switch learns dynamic bindings from trusted ports.

"

If DHCP is enabled and there are no trusted ports, DHCP requests will not
succeed.

Untrusted ports are connected to subscribers. The Switch discards DHCP packets from
untrusted ports in the following situations:

• The packet is a DHCP server packet (for example, OFFER, ACK, or NACK).
• The source MAC address and source IP address in the packet do not match any of the

current bindings.

• The packet is a RELEASE or DECLINE packet, and the source MAC address and source

port do not match any of the current bindings.

• The rate at which DHCP packets arrive is too high.

23.1.1.2 DHCP Snooping Database

The Switch stores the binding table in volatile memory. If the Switch restarts, it loads static
bindings from permanent memory but loses the dynamic bindings, in which case the devices in
the network have to send DHCP requests again. As a result, it is recommended you configure
the DHCP snooping database.
The DHCP snooping database maintains the dynamic bindings for DHCP snooping and ARP
inspection in a file on an external TFTP server. If you set up the DHCP snooping database, the
Switch can reload the dynamic bindings from the DHCP snooping database after the Switch
restarts.
You can configure the name and location of the file on the external TFTP server. The file has
the following format:

Figure 102

DHCP Snooping Database File Format

The <initial-checksum> helps distinguish between the bindings in the latest update and the
bindings from previous updates. Each binding consists of 72 bytes, a space, and another
checksum that is used to validate the binding when it is read. If the calculated checksum is not
equal to the checksum in the file, that binding and all others after it are ignored.

<initial-checksum>
TYPE DHCP-SNOOPING
VERSION 1
BEGIN
<binding-1> <checksum-1>
<binding-2> <checksum-1-2>
...
...
<binding-n> <checksum-1-2-..-n>
END

«
...
184
185
186
187
188
...
»

Содержание MGS-3712

Страница 1: ...www zyxel com MGS 3712 3712F MetroGigabit Switch User s Guide Version 3 80 2 2008 Edition 1 DEFAULT LOGIN IP Address http 192 168 1 1 User Name admin Password 1234 ...

Страница 2: ......

Страница 3: ...he web configurator and in some cases are necessary to configure advanced features Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information It is recommended you use the web configurator to configure the Switch Supporting Disk Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support...

Страница 4: ... bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance Log Log Setting means you...

Страница 5: ... User s Guide 5 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Switch icon is not an exact representation of your device The Switch Computer Notebook computer Server DSLAM Firewall Telephone Router ...

Страница 6: ...rrect ports Place connecting cables carefully so that no one will step on them or stumble over them Always disconnect all cables from this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord an...

Страница 7: ...Safety Warnings MGS 3712 MGS 3012F User s Guide 7 ...

Страница 8: ...Safety Warnings MGS 3712 MGS 3012F User s Guide 8 ...

Страница 9: ...rt Statistics 65 Basic Setting 71 Advanced 83 VLAN 85 Static MAC Forward Setup 97 Filtering 99 Spanning Tree Protocol 101 Bandwidth Control 119 Broadcast Storm Control 121 Mirroring 123 Link Aggregation 125 Port Authentication 133 Port Security 139 Classifier 143 Policy Rule 149 Queuing Method 155 Multicast 157 Authentication Accounting 171 IP Source Guard 185 Loop Guard 205 Two Rate Three Color M...

Страница 10: ... s Guide 10 Access Control 237 Diagnostic 255 Syslog 257 Cluster Management 261 MAC Table 267 ARP Table 269 Configure Clone 271 Troubleshooting Product Specifications 273 Troubleshooting 275 Product Specifications 279 Appendices and Index 285 ...

Страница 11: ...idging Example 32 1 1 3 High Performance Switching Example 32 1 1 4 IEEE 802 1Q VLAN Application Examples 33 1 2 Ways to Manage the Switch 34 1 3 Good Habits for Managing the Switch 34 Chapter 2 Hardware Installation and Connection 35 2 1 Installation Scenarios 35 2 2 Desktop Installation Procedure 35 2 3 Mounting the Switch on a Rack 36 2 3 1 Rack mounted Installation Requirements 36 2 3 2 Attach...

Страница 12: ...tus Screen 52 4 3 1 Change Your Password 57 4 4 Saving Your Configuration 58 4 5 Switch Lockout 58 4 6 Resetting the Switch 59 4 6 1 Reload the Configuration File 59 4 7 Logging Out of the Web Configurator 60 4 8 Help 60 Chapter 5 Initial Setup Example 61 5 1 Overview 61 5 1 1 Creating a VLAN 61 5 1 2 Setting Port VID 62 5 2 Configuring Switch Management IP Address 63 Chapter 6 System Status and P...

Страница 13: ...8 2 2 GVRP 86 8 3 Port VLAN Trunking 87 8 4 Select the VLAN Type 87 8 5 Static VLAN 87 8 5 1 Static VLAN Status 88 8 5 2 VLAN Details 88 8 5 3 Configure a Static VLAN 89 8 5 4 Configure VLAN Port Settings 90 8 6 Subnet Based VLANs 92 8 7 Configuring Subnet Based VLAN 93 8 8 Port based VLAN Setup 94 8 8 1 Configure a Port based VLAN 95 Chapter 9 Static MAC Forward Setup 97 9 1 Overview 97 9 2 Confi...

Страница 14: ...l Status 116 Chapter 12 Bandwidth Control 119 12 1 Bandwidth Control Overview 119 12 1 1 CIR and PIR 119 12 2 Bandwidth Control Setup 119 Chapter 13 Broadcast Storm Control 121 13 1 Broadcast Storm Control Setup 121 Chapter 14 Mirroring 123 14 1 Port Mirroring Setup 123 Chapter 15 Link Aggregation 125 15 1 Link Aggregation Overview 125 15 2 Dynamic Link Aggregation 125 15 2 1 Link Aggregation ID 1...

Страница 15: ...ew 149 19 1 1 DiffServ 149 19 1 2 DSCP and Per Hop Behavior 149 19 2 Configuring Policy Rules 150 19 3 Viewing and Editing Policy Configuration 152 19 4 Policy Example 152 Chapter 20 Queuing Method 155 20 1 Queuing Method Overview 155 20 1 1 Strictly Priority Queuing 155 20 1 2 Weighted Round Robin Scheduling WRR 155 20 2 Configuring Queuing 156 Chapter 21 Multicast 157 21 1 Multicast Overview 157...

Страница 16: ...ibute 179 22 3 Supported RADIUS Attributes 180 22 3 1 Attributes Used for Authentication 181 22 3 2 Attributes Used for Accounting 181 Chapter 23 IP Source Guard 185 23 1 IP Source Guard Overview 185 23 1 1 DHCP Snooping Overview 185 23 1 2 ARP Inspection Overview 187 23 2 IP Source Guard 189 23 3 IP Source Guard Static Binding 189 23 4 DHCP Snooping 191 23 5 DHCP Snooping Configure 194 23 5 1 DHC...

Страница 17: ...oute 217 26 1 Static Routing Overview 217 26 2 Configuring Static Routing 217 Chapter 27 DHCP 221 27 1 DHCP Overview 221 27 1 1 DHCP Modes 221 27 1 2 DHCP Configuration Options 221 27 2 DHCP Status 221 27 3 DHCP Relay 222 27 3 1 DHCP Relay Agent Information 222 27 3 2 Configuring DHCP Global Relay 223 27 3 3 Global DHCP Relay Configuration Example 224 27 4 Configuring DHCP VLAN Settings 224 27 4 1...

Страница 18: ...29 3 3 SNMP Traps 239 29 3 4 Configuring SNMP 243 29 3 5 Configuring SNMP Trap Group 245 29 3 6 Setting Up Login Accounts 246 29 4 SSH Overview 248 29 5 How SSH works 248 29 6 SSH Implementation on the Switch 249 29 6 1 Requirements for Using SSH 249 29 7 Introduction to HTTPS 250 29 8 HTTPS Example 250 29 8 1 Internet Explorer Warning Messages 251 29 8 2 Netscape Navigator Warning Messages 251 29...

Страница 19: ...8 Chapter 34 ARP Table 269 34 1 ARP Table Overview 269 34 1 1 How ARP Works 269 34 2 Viewing the ARP Table 269 Chapter 35 Configure Clone 271 35 1 Configure Clone 271 Part VI Troubleshooting Product Specifications 273 Chapter 36 Troubleshooting 275 36 1 Power Hardware Connections and LEDs 275 36 2 Switch Access and Login 276 Chapter 37 Product Specifications 279 Part VII Appendices and Index 285 A...

Страница 20: ...Table of Contents MGS 3712 MGS 3012F User s Guide 20 ...

Страница 21: ...Figure 17 Opening the Transceiver s Latch Example 44 Figure 18 Transceiver Removal Example 44 Figure 19 Connecting Sensors to the ALARM connector 45 Figure 20 Connecting a Sensor to the ALARM Slot 46 Figure 21 Daisy chaining an External Alarm Sensor to Other MGS 3712s 46 Figure 22 Rear Panel MGS 3712 47 Figure 23 Rear Panel MGS 3712F 47 Figure 24 Web Configurator Login 52 Figure 25 Web Configurato...

Страница 22: ...ng Tree Protocol Status RSTP 110 Figure 60 Advanced Application Spanning Tree Protocol MRSTP 111 Figure 61 Advanced Application Spanning Tree Protocol Status MRSTP 113 Figure 62 Advanced Application Spanning Tree Protocol MSTP 114 Figure 63 Advanced Application Spanning Tree Protocol Status MSTP 117 Figure 64 Advanced Application Bandwidth Control 120 Figure 65 Advanced Application Broadcast Storm...

Страница 23: ...72 Figure 99 Advanced Application Auth and Acct RADIUS Server Setup 173 Figure 100 Advanced Application Auth and Acct TACACS Server Setup 175 Figure 101 Advanced Application Auth and Acct Auth and Acct Setup 177 Figure 102 DHCP Snooping Database File Format 186 Figure 103 Example Man in the middle Attack 187 Figure 104 IP Source Guard 189 Figure 105 IP Source Guard Static Binding 190 Figure 106 DH...

Страница 24: ...244 Figure 144 Management Access Control SNMP Trap Group 246 Figure 145 Management Access Control Logins 247 Figure 146 SSH Communication Example 248 Figure 147 How SSH Works 249 Figure 148 HTTPS Implementation 250 Figure 149 Security Alert Dialog Box Internet Explorer 251 Figure 150 Security Certificate 1 Netscape 251 Figure 151 Security Certificate 2 Netscape 252 Figure 152 Example Lock Denoting...

Страница 25: ...dvanced Application Static MAC Forwarding 98 Table 21 Advanced Application FIltering 99 Table 22 STP Path Costs 102 Table 23 STP Port States 103 Table 24 Advanced Application Spanning Tree Protocol Configuration 107 Table 25 Advanced Application Spanning Tree Protocol RSTP 108 Table 26 Advanced Application Spanning Tree Protocol Status RSTP 110 Table 27 Advanced Application Spanning Tree Protocol ...

Страница 26: ...ication Multicast Multicast Setting MVR Group Configuration 167 Table 56 RADIUS vs TACACS 172 Table 57 Advanced Application Auth and Acct RADIUS Server Setup 173 Table 58 Advanced Application Auth and Acct TACACS Server Setup 175 Table 59 Advanced Application Auth and Acct Auth and Acct Setup 177 Table 60 Supported VSAs 179 Table 61 Supported Tunnel Protocol Attribute 180 Table 62 RADIUS Attribute...

Страница 27: ...ent Access Control Service Access Control 253 Table 97 Management Access Control Remote Management 254 Table 98 Management Diagnostic 255 Table 99 Syslog Severity Levels 257 Table 100 Management Syslog 258 Table 101 Management Syslog Syslog Server Setup 259 Table 102 ZyXEL Clustering Management Specifications 261 Table 103 Management Cluster Management Status 263 Table 104 FTP Upload to Cluster Me...

Страница 28: ...List of Tables MGS 3712 MGS 3012F User s Guide 28 ...

Страница 29: ...29 PART I Introduction and Hardware Getting to Know Your Switch 31 Hardware Installation and Connection 35 Hardware Overview 39 ...

Страница 30: ...30 ...

Страница 31: ... 3712F depending on power requirements These are the AC DC AC and DC versions With its built in web configurator managing and configuring the Switch is easy In addition the Switch can also be managed via Telnet any terminal emulator program on the console port or third party SNMP management This section shows a few examples of using the Switch in various network environments See Chapter 37 on page...

Страница 32: ... that need high bandwidth can connect to high speed department servers via the Switch You can provide a super fast uplink connection by using a Gigabit Ethernet mini GBIC port on the Switch Moreover the Switch eases supervision and maintenance by allowing network managers to centralize multiple servers at a single location Figure 2 Bridging Application 1 1 3 High Performance Switching Example The ...

Страница 33: ...etwork allows a physical network to be partitioned into multiple logical networks Stations on a logical network belong to one group A station can belong to more than one group With VLAN a station cannot directly talk to or hear from stations that are not in the same group s unless such traffic first goes through a router For more information on VLANs refer to Chapter 8 on page 85 1 1 4 1 Tag based...

Страница 34: ...nagement Cluster Management allows you to manage multiple switches through one switch called the cluster manager See Chapter 32 on page 261 1 3 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively Change the password Use a password that s not easy to guess and that consists of different types of characters su...

Страница 35: ...witch This is especially important for enclosed rack installations 2 2 Desktop Installation Procedure 1 Make sure the Switch is clean and dry 2 Set the Switch on a smooth level surface strong enough to support the weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment...

Страница 36: ...ts Two mounting brackets Eight M3 flat head screws and a 2 Philips screwdriver Four M5 flat head screws and a 2 Philips screwdriver 1 Failure to use the proper screws may damage the unit 2 3 1 1 Precautions Make sure the rack will safely support the combined weight of all the equipment it contains Make sure the position of the Switch does not make the rack unstable or top heavy Take all necessary ...

Страница 37: ...h 4 You may now mount the Switch on a rack Proceed to the next section 2 3 3 Mounting the Switch on a Rack 1 Position a mounting bracket that is already attached to the Switch on one side of the rack lining up the two screw holes on the bracket with the screw holes on the side of the rack Figure 7 Mounting the Switch on a Rack 2 Using a 2 Philips screwdriver install the M5 flat head screws through...

Страница 38: ...Chapter 2 Hardware Installation and Connection MGS 3712 MGS 3012F User s Guide 38 ...

Страница 39: ...panel contains the Switch LEDs 8 RJ 45 Gigabit Ethernet GbE ports four dual personality interfaces each consisting of a mini GBIC slot and an RJ 45 GbE port one console and one management port for local management and a slot for alarm management Figure 8 Front Panel MGS 3712 AC DC version Figure 9 Front Panel MGS 3712 AC version Ethernet Ports Dual Personality Interfaces Console Port Management Po...

Страница 40: ...or Pluggable transceivers four dual personality interfaces each consisting of a mini GBIC slot and an RJ 45 GbE port one console and one management port for local management and a slot for alarm management Figure 11 Front Panel MGS 3712F AC DC version Figure 12 Front Panel MGS 3712F AC version Ethernet Ports Dual Personality Interfaces Console Port Management Port LED ALARM slot Ethernet Ports Dua...

Страница 41: ... or use them to daisy chain other switches 8 Mini GBIC Slots MGS 3712F Use mini GBIC transceivers in these slots for Gigabit Ethernet fiber optic or copper connections to backbone Ethernet switches Four Dual Personality Interfaces Each interface has one 1000 Base T copper RJ 45 port and one mini GBIC slot with one port active at a time 4 100 1000 Mbps RJ 45 GbE Ports Connect these Gigabit Ethernet...

Страница 42: ...cable and using half duplex mode When the Switch s auto negotiation is turned off an Ethernet port uses the pre configured speed and duplex mode when making a connection thus requiring you to make sure that the settings of the peer Ethernet port are the same in order to connect 3 1 2 1 Default Ethernet Negotiation Settings The factory default negotiation settings for the Gigabit ports on the Switc...

Страница 43: ... transceiver firmly until it clicks into place 3 The Switch automatically detects the installed transceiver Check the LEDs to verify that it is functioning properly 4 Close the transceiver s latch latch styles vary 5 Connect the fiber optic cables to the transceiver Figure 14 Transceiver Installation Example Figure 15 Connecting the Fiber Optic Cables 3 1 3 2 Transceiver Removal Use the following ...

Страница 44: ...emale end of power cord to either the AC or DC power receptacle on the front panel depending on your power source Connect the other end of the supplied power cord to a power outlet Make sure that no objects obstruct the airflow of the fans located on the side of the unit The MGS 3712F AC version requires a power supply of 100 240 VAC 50 60 Hz 0 6 A Max The DC version requires a power supply of 36 ...

Страница 45: ...witch can be configured to create an error log of the alarm See Section 31 1 on page 257 for more information on using the system log 3 1 6 1 Connect a Sensor to the ALARM Slot This section shows you how to connect up to four sensors to the ALARM slot and to let a bell signal the alarm as shown in the diagram below Figure 19 Connecting Sensors to the ALARM connector Follow these steps to connect a...

Страница 46: ...l alarm feature If daisy chaining to a ZyXEL switch different from the MGS 3712 F check your switch s documentation for the correct pin assignments 1 Use wires of the correct gauge to connect either of the power output pin pairs 1 normal close 2 common or 2 common 3 normal open on the ALARM connector to the input power pin pairs of an ALARM connector on another ZyXEL Switch 2 When daisy chaining f...

Страница 47: ...R Green On The system is turned on Off The system is off SYS Green On The system is on and functioning properly Blinking The system is rebooting and performing self diagnostic tests Off The power is off or the system is not ready malfunctioning ALM Red On A hardware failure is detected or an alarm from the external alarm is received Off The system is functioning normally Mini GBIC Slots LNK Green ...

Страница 48: ... next part of this guide discusses configuring the Switch using the web configurator FDX Amber On The Gigabit port is negotiating in full duplex mode Blinking There is congestion in half duplex mode Off The Gigabit port is negotiating in half duplex mode MGMT 10 Green Blinking The system is transmitting receiving to from an Ethernet device On The port is connected at 10Mbps Off The port is not con...

Страница 49: ...49 PART II Basic Configuration The Web Configurator 51 Initial Setup Example 61 System Status and Port Statistics 65 Basic Setting 71 ...

Страница 50: ...50 ...

Страница 51: ...o use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 4 2 System Login 1 Start your web browser 2 Type http and the IP address of the Switch for example the default is 192 168 1 1 in the Location or Address field Press ENTER ...

Страница 52: ...igure 25 Web Configurator Home Screen Status A Click the menu items to open submenu links and then click on a submenu link to open the screen in the main window B C D E These are quick links which allow you to perform certain tasks no matter which screen you are currently working in B Click this link to save your configuration into the Switch s nonvolatile memory Nonvolatile memory is the configur...

Страница 53: ...nfigurator E Click this link to display web help pages The help pages provide descriptions for all of the configuration screens In the navigation panel click a main link to reveal a list of submenu links Table 3 Navigation Panel Sub links Overview BASIC SETTING ADVANCED APPLICATION IP APPLICATION MANAGEMENT ...

Страница 54: ...Chapter 4 The Web Configurator MGS 3712 MGS 3012F User s Guide 54 The following table lists the various web configurator screens within the sub links ...

Страница 55: ...ticast Setting IGMP Snooping VLAN IGMP Filtering Profile MVR Group Configuration Authentication and Accounting RADIUS Server Setup TACACS Server Setup Auth and Acct Setup IP Source Guard IP Source Guard Static Binding DHCP Snooping DHCP Snooping Configure DHCP Snooping Configure Port DHCP Snooping Configure VLAN ARP Inspection Status ARP Inspection VLAN Status ARP Inspection Log Status ARP Inspect...

Страница 56: ...ndwidth Control This link takes you to a screen where you can configure bandwidth limits on the Switch Broadcast Storm Control This link takes you to a screen to set up broadcast filters Mirroring This link takes you to screens where you can copy traffic from one port or ports to another port in order that you can examine the traffic from the first port without interference Link Aggregation This l...

Страница 57: ...k takes you to screens where you can configure the DHCP settings Management Maintenance This link takes you to screens where you can perform firmware and configuration file maintenance as well as reboot the system Access Control This link takes you to screens where you can change the system login password and configure SNMP and remote management Diagnostic This link takes you to a screen where you...

Страница 58: ... to the Switch s storage that remains even if the Switch s power is turned off Use the Save link when you are done with a configuration session 4 5 Switch Lockout You could block yourself and all others from using in band management managing through the data ports if you do one of the following 1 Delete the management VLAN default is VLAN 1 2 Delete all port based VLANs with the CPU port as a memb...

Страница 59: ...you will lose all previous configurations and the speed of the console port will be reset to the default of 9600bps with 8 data bit no parity one stop bit and flow control set to none The password will also be reset to 1234 and the IP address to 192 168 1 1 To upload the configuration file do the following 1 Connect to the console port using a computer with terminal emulation software 2 Disconnect...

Страница 60: ...for security reasons Figure 28 Web Configurator Logout Screen 4 8 Help The web configurator s online help has descriptions of individual screens and some supplementary information Click the Help link from a web configurator screen to view an online help description of that screen Bootbase Version V0 3 11 02 2007 18 36 17 RAM Size 64 Mbytes DRAM POST Testing 65536K OK DRAM Test SUCCESS FLASH Intel ...

Страница 61: ...s for the initial setup Create a VLAN Set port VLAN ID Configure the Switch IP management address 5 1 1 Creating a VLAN VLANs confine broadcast frames to the VLAN group in which the port s belongs You can do this with port based VLAN or tagged static VLAN with fixed port members In this example you want to configure port 1 as a member of VLAN 2 Figure 29 Initial Setup Network Example VLAN ...

Страница 62: ...ect Fixed to configure port 1 to be a permanent member of the VLAN only 4 To ensure that VLAN unaware devices such as computers and hubs can receive frames properly clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 5 Click Add to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 1 2 Setting Po...

Страница 63: ...ld for port 1 and click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned off 5 2 Configuring Switch Management IP Address The default management IP address of the Switch is 192 168 1 1 You can configure another IP address in a different subnet for management purposes The following figure shows an example Figure 31 Ini...

Страница 64: ...ore information 3 Click Basic Setting IP Setup in the navigation panel 4 Configure the related fields in the IP Setup screen 5 For the VLAN2 network enter 192 168 2 1 as the IP address and 255 255 255 0 as the subnet mask 6 In the VID field enter the ID of the VLAN group to which you want this management IP address to belong This is the same as the VLAN ID you configure in the Static VLAN screen 7...

Страница 65: ... showing statistical details 6 2 Port Status Summary To view the port statistics click Status in all web configurator screens to display the Status screen as shown next Figure 32 Status The following table describes the labels in this screen Table 6 Status LABEL DESCRIPTION Port This identifies the Ethernet port Click a port number to display the Port Details screen refer to Figure 33 on page 67 N...

Страница 66: ...led this field displays FORWARDING if the link is up otherwise it displays STOP LACP This fields displays whether LACP Link Aggregation Control Protocol has been enabled on the port TxPkts This field shows the number of transmitted frames on this port RxPkts This field shows the number of received frames on this port Errors This field shows the number of received errors on this port Tx KB s This f...

Страница 67: ... cable type Copper or Fiber Status If STP Spanning Tree Protocol is enabled this field displays the STP state of the port see Section 11 1 on page 101 for more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP This field shows if LACP is enabled on this port or not TxPkts This field shows the number of transmitted frames on this port Rx...

Страница 68: ...smitted packets for which transmission is inhibited by exactly one collision Multiple This is a count of successfully transmitted packets for which transmission was inhibited by more than one collision Excessive This is a count of packets for which transmission failed due to excessive collisions Excessive collision is defined as the number of maximum collisions before the retransmission count is r...

Страница 69: ...s received that were between 512 and 1023 octets in length 1024 1518 This field shows the number of packets including bad packets received that were between 1024 and 1518 octets in length Giant This field shows the number of packets dropped because they were bigger than the maximum frame size Table 7 Status Port Details continued LABEL DESCRIPTION ...

Страница 70: ...Chapter 6 System Status and Port Statistics MGS 3712 MGS 3012F User s Guide 70 ...

Страница 71: ...to set the system time manually or get the current time and date from an external server when you turn on your Switch The real time is then displayed in the Switch logs The Switch Setup screen allows you to set up and configure global Switch features The IP Setup screen allows you to configure a Switch IP address in each routing domain subnet mask s and DNS domain name server for management purpos...

Страница 72: ...us This field displays Normal for temperatures below the threshold and Error for those above Fan Speed RPM A properly functioning fan is an essential component along with a sufficiently ventilated cool operating environment in order for the device to stay within the temperature threshold Each fan has a sensor that is capable of detecting and reporting if the fan speed falls below the threshold sho...

Страница 73: ...displays the day month year and time with no time zone adjustment When you use this format it is recommended that you use a Daytime timeserver within your geographical time zone Time RFC 868 format displays a 4 byte integer giving the total number of seconds since 1970 1 1 at 0 0 0 NTP RFC 1305 is similar to Time RFC 868 None is the default value Enter the time manually Each time you turn on the S...

Страница 74: ...t 2 A M local time So in the United States you would select Second Sunday March and 2 00 Daylight Saving Time starts in the European Union on the last Sunday of March All of the time zones in the European Union start using Daylight Saving Time at the same moment 1 A M GMT or UTC So in the European Union you would select Last Sunday March and the last field depends on your time zone In Germany for ...

Страница 75: ... change depending on whether you choose 802 1Q or Port Based in the VLAN Type field in this screen Refer to the chapter on VLAN Figure 36 Basic Setting Switch Setup The following table describes the labels in this screen Table 10 Basic Setting Switch Setup LABEL DESCRIPTION VLAN Type Choose 802 1Q or Port Based The VLAN Setup screen changes depending on whether you choose 802 1Q VLAN type or Port ...

Страница 76: ...are given the default priority of the ingress port Use the next fields to configure the priority level to physical queue mapping The Switch has eight physical queues that you can map to the 8 priority levels On the Switch traffic assigned to higher index queues gets through faster while traffic in lower index queues is dropped if the network is congested Priority Level The following descriptions a...

Страница 77: ...p for outgoing traffic 7 6 1 Management IP Addresses The Switch needs an IP address for it to be managed over the network The factory default IP address is 192 168 1 1 The subnet mask specifies the network number portion of an IP address The factory default subnet mask is 255 255 255 0 You can configure up to 64 IP addresses which are used to access and manage the Switch from the ports belonging t...

Страница 78: ...t mask of your Switch in dotted decimal notation for example 255 255 255 0 Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation for example 192 168 1 254 VID Enter the VLAN identification number associated with the Switch IP address This is the VLAN ID of the CPU and is used for management only The default is 1 All ports by default are fixed members of th...

Страница 79: ...the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Index This field displays the index number of the rule Click an index number to edit the rule IP Address Th...

Страница 80: ...onnection speed by detecting the signal on the cable and using half duplex mode When the Switch s auto negotiation is turned off a port uses the pre configured speed and duplex mode when making a connection thus requiring you to make sure that the settings of the peer port are the same in order to connect Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buff...

Страница 81: ...e memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 12 Basic Setting Port Setup continued LABEL DESCRIPTION ...

Страница 82: ...Chapter 7 Basic Setting MGS 3712 MGS 3012F User s Guide 82 ...

Страница 83: ...l 101 Bandwidth Control 119 Broadcast Storm Control 121 Mirroring 123 Link Aggregation 125 Port Authentication 133 Port Security 139 Classifier 143 Policy Rule 149 Queuing Method 155 Multicast 157 Authentication Accounting 171 IP Source Guard 185 Loop Guard 205 Two Rate Three Color Marker 209 ...

Страница 84: ...84 ...

Страница 85: ... port The remaining twelve bits define the VLAN ID giving a possible maximum number of 4 096 VLANs Note that user priority and VLAN ID are independent of each other A frame with VID VLAN Identifier of null 0 is called a priority frame meaning that only the priority level is significant and the default VID of the ingress port is given as the VID of the frame Of the 4096 possible VIDs a VID of 0 is ...

Страница 86: ...ermit VLAN groups beyond the local Switch Please refer to the following table for common IEEE 802 1Q VLAN terminology Table 13 IEEE 802 1Q VLAN Terminology VLAN PARAMETER TERM DESCRIPTION VLAN Type Permanent VLAN This is a static VLAN created manually Dynamic VLAN This is a VLAN configured by a GVRP registration deregistration process VLAN Administrative Control Registration Fixed Fixed registrati...

Страница 87: ... with VLAN Trunking enabled on a port s in each intermediary switch you only need to create VLAN groups in the end devices A and B C D and E automatically allow frames with VLAN group tags 1 and 2 VLAN groups that are unknown to those switches to pass through their VLAN trunking port s Figure 39 Port VLAN Trunking 8 4 Select the VLAN Type Select a VLAN type in the Basic Setting Switch Setup screen...

Страница 88: ...gure 42 Advanced Application VLAN VLAN Detail Table 14 Advanced Application VLAN VLAN Status LABEL DESCRIPTION The Number of VLAN This is the number of VLANs configured on the Switch Index This is the VLAN index number Click on an index number to view more VLAN details VID This is the VLAN identification number that was configured in the Static VLAN screen Elapsed Time This field shows how long it...

Страница 89: ... VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that was configured in the Static VLAN screen Port Number This column displays the ports that are participating in a VLAN A tagged port is marked as T an untagged port is marked as U and ports not participating in a VLAN are marked as Elapsed Time This field shows how lo...

Страница 90: ...n this row are copied to all the ports as soon as you make them Control Select Normal for the port to dynamically join this VLAN group using GVRP This is the default selection Select Fixed for the port to be a permanent member of this VLAN group Select Forbidden if you want to prohibit the port from joining this VLAN group Tagging Select TX Tagging if you want the port to tag all outgoing frames t...

Страница 91: ...gs the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Ingress Check If this check box is selected for a port the Switch discards incoming frames for VLANs that do not include this port in its member set Clear this check box to disable ingress filtering P...

Страница 92: ...LAN with priority 6 and VID of 100 for traffic received from IP subnet 172 16 1 0 24 voice services You also have a subnet based VLAN with priority 5 and VID of 200 for traffic received from IP subnet 192 168 1 0 24 video services Lastly you configure VLAN with priority 3 and VID of 300 for traffic received from IP subnet 10 1 1 0 24 data services All untagged incoming frames will be classified ba...

Страница 93: ... Vlan Override When DHCP snooping is enabled DHCP clients can renew their IP address through the DHCP VLAN or via another DHCP server on the subnet based VLAN Select this checkbox to force the DHCP clients in this IP subnet to obtain their IP addresses through the DHCP VLAN Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or ...

Страница 94: ...sting VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch assigns to frames belonging to this VLAN Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when yo...

Страница 95: ... based VLAN setup screen is shown next The CPU management port forms a VLAN with all Ethernet ports 8 8 1 Configure a Port based VLAN Select Port Based as the VLAN Type in the Basic Setting Switch Setup screen and then click Advanced Application VLAN from the navigation panel to display the next screen Figure 47 Port Based VLAN Setup All Connected ...

Страница 96: ...oming port that is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the incoming port for the corresponding port listed on the left its outgoing port CPU refers to the Switch management port By default it forms a VLAN with all Ethernet ports If it does not form...

Страница 97: ...the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address forwarding together with port security allow only computers in the MAC address table on a port to access the Switch See Chapter 17 on page 139 for more information on port security Click Advan...

Страница 98: ... or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to their last saved values Clear Click Clear to begin configuring this screen afresh Index Click an index number to modify a static MAC address rule for a port Active This field displays whether this static MAC addres...

Страница 99: ...Filtering in the navigation panel to display the screen as shown next Figure 50 Advanced Application Filtering The following table describes the related labels in this screen Table 21 Advanced Application FIltering LABEL DESCRIPTION Active Make sure to select this check box to activate your rule You may temporarily deactivate a rule without deleting it by deselecting this check box Name Type a des...

Страница 100: ...he Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to clear the fields to the factory defaults Index This field displays the index number of the rule Click an index number to change the settings Active This field displays Yes when the rule is ...

Страница 101: ...ompliant switches in your network to ensure that only one path exists between any two stations on the network The Switch uses IEEE 802 1w RSTP Rapid Spanning Tree Protocol that allows faster convergence of the spanning tree than STP while also being backwards compatible with STP only aware bridges In RSTP topology change information is directly propagated throughout the network from the device tha...

Страница 102: ...ts for connected LANs and disables all other ports that participate in STP Network packets are therefore only forwarded between enabled ports eliminating any possible network loops STP aware switches exchange Bridge Protocol Data Units BPDUs periodically When the bridged LAN topology changes a new spanning tree is constructed Once a stable network topology has been established all bridges listen f...

Страница 103: ...nformation In the following example there are two RSTP instances MRSTP 1 and MRSTP2 on switch A To set up MRSTP activate MRSTP on the Switch and specify which port s belong to which spanning tree Each port can belong to one STP tree only Figure 51 MRSTP Network Example Table 23 STP Port States PORT STATE DESCRIPTION Disabled STP is disabled default Blocking Only configuration and management BPDUs ...

Страница 104: ...a specific Multiple Spanning Tree Instance MSTI MSTI allows multiple VLANs to use the same spanning tree Load balancing is possible as traffic from different VLANs can use distinct paths in a region 11 1 5 1 MSTP Network Example The following figure shows a network example where two VLANs are configured on the two switches If the switches are using STP or RSTP the link for VLAN 2 will be blocked a...

Страница 105: ...raverse the region Devices that belong to the same MST region are configured to have the same MSTP configuration identification settings These include the following parameters Name of the MST region Revision level as the unique number for the MST region VLAN to MST Instance mapping 11 1 5 3 MST Instance An MST Instance MSTI is a spanning tree instance VLANs can be configured to run on a specific M...

Страница 106: ...not members of an MST instance are members of the CIST In an MSTP enabled network there is only one CIST that runs between MST regions and single spanning tree devices A network may contain multiple MST regions and other network segments running RSTP Figure 55 MSTP and Legacy RSTP Network Example 11 2 Spanning Tree Protocol Status Screen The Spanning Tree Protocol status screen changes depending o...

Страница 107: ...panning Tree Protocol Figure 57 Advanced Application Spanning Tree Protocol Configuration The following table describes the labels in this screen Table 24 Advanced Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree or Multiple Spanning Tree See Section 11 1...

Страница 108: ...ctive Select this check box to activate RSTP Clear this checkbox to disable RSTP Note You must also activate Rapid Spanning Tree in the Advanced Application Spanning Tree Protocol Configuration screen to enable RSTP on the Switch Bridge Priority Bridge priority is used in determining the root switch root port and designated port The switch with the highest priority lowest numeric value becomes the...

Страница 109: ...therwise temporary data loops might result The allowed range is 4 to 30 seconds As a general rule Note 2 Forward Delay 1 Max Age 2 Hello Time 1 Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note...

Страница 110: ...e Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds the Switch can wait without receiving a configuration message before attempting to reconfigure Forwarding Delay second This is the time in s...

Страница 111: ...able an STP tree Note You must also activate Multiple Rapid Spanning Tree in the Advanced Application Spanning Tree Protocol Configuration screen to enable MRSTP on the Switch Bridge Priority Bridge priority is used in determining the root switch root port and designated port The switch with the highest priority lowest numeric value becomes the STP root switch If all switches have the same priorit...

Страница 112: ... Max Age 2 Hello Time 1 Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to activate STP o...

Страница 113: ...me for Root and Our Bridge if the Switch is the root switch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds the Switch can wait without receiving a configuration message before attempting to reconfigure Forwarding De...

Страница 114: ...Guide 114 11 8 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Section 11 1 5 on page 104 for more information on MSTP Figure 62 Advanced Application Spanning Tree Protocol MSTP ...

Страница 115: ... before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result The allowed range is 4 to 30 seconds As a general rule Note 2 Forward Delay 1 Max Age 2 Hello Time 1 Maximum hops Enter the number of hops between 1 and 255 in an MSTP region before the BPDU is discarded...

Страница 116: ... this check box to add this port to the MST instance Priority Configure the priority for each port here Priority decides which port should be disabled when more than one port forms a loop in a switch Ports with a higher priority numeric value are disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN th...

Страница 117: ...ings on the Switch CST This section describes the Common Spanning Tree settings Bridge Root refers to the base of the spanning tree the root bridge Our Bridge is this switch This Switch may also be the root bridge Bridge ID This is the unique identifier for this bridge consisting of bridge priority plus MAC address This ID is the same for Root and Our Bridge if the Switch is the root switch Hello ...

Страница 118: ...imes This is the number of times the spanning tree has been reconfigured Time Since Last Change This is the time since the spanning tree was last reconfigured Instance These fields display the MSTI to VLAN mapping In other words which VLANs run on each spanning tree instance Instance This field displays the MSTI ID VLAN This field displays which VLANs are mapped to an MSTI MSTI Select the MST inst...

Страница 119: ... The Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion The CIR and PIR should be set for all ports that use the same uplink bandwidth If the CIR is reached packets are sent at the rate up to the PIR When network congestion occurs packets through the ingress port exceeding the CIR will be marked for drop The CIR sh...

Страница 120: ...Commit Rate Specify the guaranteed bandwidth allowed in kilobits per second Kbps for the incoming traffic flow on a port The commit rate should be less than the peak rate The sum of commit rates cannot be greater than or equal to the uplink bandwidth Active Select this check box to activate peak rate limits on this port Peak Rate Specify the maximum bandwidth allowed in kilobits per second Kbps fo...

Страница 121: ...F packets the Switch receives per second on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port Click Advanced Application Broadcast Storm Control in the navigation ...

Страница 122: ...justments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second Multicast pkt s Select this option and specify how many multicast packets the port receives per second DLF pkt s Select this option and specify how many destination lookup failure DLF p...

Страница 123: ...c flow to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference Click Advanced Application Mirroring in the navigation panel to display the Mirroring screen Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port Figure 66 Advanced Application Mirroring ...

Страница 124: ... ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify the direction of the traffic to mirror by selecting from the drop ...

Страница 125: ...tatic and dynamic link aggregation In a properly planned network it is recommended to implement static link aggregation only This ensures increased network stability and control over the trunk groups on your Switch See Section 15 6 on page 130 for a static port trunking example 15 2 Dynamic Link Aggregation The Switch adheres to the IEEE 802 3ad standard for static and dynamic LACP port trunking T...

Страница 126: ...plays by default See Section 15 1 on page 125 for more information Figure 67 Advanced Application Link Aggregation Status The following table describes the labels in this screen Table 34 Link Aggregation ID Local Switch SYSTEM PRIORITY MAC ADDRESS KEY PORT PRIORITY PORT NUMBER 0000 00 00 00 00 00 00 0000 00 0000 Table 35 Link Aggregation ID Peer Switch SYSTEM PRIORITY MAC ADDRESS KEY PORT PRIORITY...

Страница 127: ...orts that are currently transmitting data as one logical link in this trunk group Aggregator ID Link Aggregator ID consists of the following system priority MAC address key port priority and port number Refer to Section 15 2 1 on page 126 for more information on this field Status This field displays how these ports were added to the trunk group It displays Static if the ports are configured as sta...

Страница 128: ...g This is the only screen you need to configure to enable static link aggregation Group ID The field identifies the link aggregation group that is one logical link containing multiple ports Active Select this option to activate a trunk group Port This field displays the port number Group Select the trunk group to which a port belongs Apply Click Apply to save your changes to the Switch s run time ...

Страница 129: ...nable Link Aggregation Control Protocol LACP System Priority LACP system priority is a number between 1 and 65 535 The switch with the lowest system priority and lowest port number if system priority is the same becomes the LACP server The LACP server controls the operation of LACP setup Enter a number to set the priority of an active port using Link Aggregation Control Protocol LACP The smaller t...

Страница 130: ... set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them LACP Timeout Timeout is the time interval between the individual port exchanges of LACP packets in order to check that the peer port in the trunk group is still up If a port does not respond after three tries then it is deemed to be down and is re...

Страница 131: ...er 15 Link Aggregation MGS 3712 MGS 3012F User s Guide 131 Figure 71 Trunking Example Configuration Screen Your trunk group 1 T1 configuration is now complete you do not need to go to any additional screens ...

Страница 132: ...Chapter 15 Link Aggregation MGS 3712 MGS 3012F User s Guide 132 ...

Страница 133: ...or more information on configuring your RADIUS server settings If you enable IEEE 802 1x authentication and MAC authentication on the same port the Switch performs IEEE 802 1x authentication first If a user fails to authenticate via the IEEE 802 1x method then access to the port is denied 16 1 1 IEEE 802 1x Authentication The following figure illustrates how a client connecting to a IEEE 802 1x au...

Страница 134: ...e client for login credentials The login credentials are based on the source MAC address of the client connecting to a port on the Switch along with a password configured specifically for MAC authentication on the Switch Figure 73 MAC Authentication Process New Connection Authentication Request Authentication Reply 1 4 5 Login Credentials Login Info Request 3 2 Session Granted Denied New Connectio...

Страница 135: ...DIUS server settings in the Auth and Acct Radius Server Setup screen Click Advanced Application Port Authentication in the navigation panel to display the screen as shown Figure 74 Advanced Application Port Authentication 16 2 1 Activate IEEE 802 1x Security Use this screen to activate IEEE 802 1x security In the Port Authentication screen click 802 1x to display the configuration screen as shown ...

Страница 136: ...his row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this checkbox to permit 802 1x authentication on this port You must first allow 802 1x authentication on the Switch before configuring it on each port Reauthentication Specify if a subscriber has to periodically re en...

Страница 137: ...forwarded to the RADIUS server Password Type the password the Switch sends along with the MAC address of a client for authentication with the RADIUS server You can enter up to 32 printable ASCII characters Timeout Specify the amount of time before the Switch allows a client MAC address that fails authentication to try and authenticate again Maximum time is 3000 seconds When a client fails MAC auth...

Страница 138: ...on on this port You must first allow MAC authentication on the Switch before configuring it on each port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin co...

Страница 139: ...otal with no limit on individual ports other than the sum cannot exceed 16K For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address learning is still enabled even though the port security i...

Страница 140: ...ch forwards packets whose MAC address es is in the MAC address table on this port Packets with no matching MAC address es are dropped Clear this check box to disable the port security feature The Switch forwards all packets on this port Address Learning MAC address learning reduces outgoing broadcast traffic For MAC address learning to occur on a port the port itself must be active with address le...

Страница 141: ...mory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 41 Advanced Application Port Security continued LABEL DESCRIPTION ...

Страница 142: ...Chapter 17 Port Security MGS 3712 MGS 3012F User s Guide 142 ...

Страница 143: ... port number destination port number or incoming port number For example you can configure a classifier to select traffic from the same protocol port such as Telnet to form a flow Configure QoS on the Switch to group and prioritize application traffic and fine tune network performance Setting up QoS involves two separate steps 1 Configure classifiers to sort traffic into different flows 2 Configur...

Страница 144: ... 802 3 untagged Ethernet II tagged and Ethernet II untagged A value of 802 3 indicates that the packets are formatted according to the IEEE 802 3 standards A value of Ethernet II indicates that the packets are formatted according to RFC 894 Ethernet II encapsulation Layer 2 Specify the fields below to configure a layer 2 classifier VLAN Select Any to classify traffic from any VLAN or select the se...

Страница 145: ...a source IP address in dotted decimal notation Specify the address prefix by entering the number of ones in the subnet mask A subnet mask can be represented in a 32 bit notation For example the subnet mask 255 255 255 0 can be represented as 11111111 11111111 11111111 00000000 and counting up the number of ones in this case results in 24 Socket Number Note You must select either UDP or TCP in the ...

Страница 146: ...configuration Clear Click Clear to set the above fields back to the factory defaults Table 42 Advanced Application Classifier continued LABEL DESCRIPTION Table 43 Classifier Summary Table LABEL DESCRIPTION Index This field displays the index number of the rule Click an index number to edit the rule Active This field displays Yes when the rule is activated and No when it is deactivated Name This fi...

Страница 147: ...ing screen shows an example where you configure a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 After you have configured a classifier you can configure a policy in the Policy screen to define action s on the classified traffic flow XNS Compat 0807 Banyan Systems 0BAD BBN Simnet 5208 IBM SNA 80D5 AppleTalk AARP 80F3 Table 45 Common IP Protocol Types and Protoc...

Страница 148: ...Chapter 18 Classifier MGS 3712 MGS 3012F User s Guide 148 Figure 80 Classifier Example ...

Страница 149: ...nts without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 19 1 2 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service TOS field in the IP header The DS field contains a 2 bit unused field an...

Страница 150: ...ring Policy Rules You must first configure a classifier in the Classifier screen Refer to Section 18 2 on page 143 for more information Click Advanced Applications Policy Rule in the navigation panel to display the screen as shown Figure 81 Advanced Application Policy Rule ...

Страница 151: ...akes on the associated classified traffic flow Forwarding Select No change to forward the packets Select Discard the packet to drop the packets Select Do not drop the matching frame previously marked for dropping to retain the frames that were marked to be dropped before Priority Select No change to keep the priority setting of the frames Select Set the packet s 802 1 priority to replace the packe...

Страница 152: ...rk is congested Select Do not drop the matching frame previously marked for dropping to queue the frames that are marked to be dropped Add Click Add to inset the entry to the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non vola...

Страница 153: ...Chapter 19 Policy Rule MGS 3712 MGS 3012F User s Guide 153 Figure 83 Policy Example ...

Страница 154: ...Chapter 19 Policy Rule MGS 3712 MGS 3012F User s Guide 154 ...

Страница 155: ...traffic on lower priority queues never gets sent SP does not automatically adapt to changing network requirements 20 1 2 Weighted Round Robin Scheduling WRR Round Robin Scheduling services queues on a rotating basis and is activated only when a port has more traffic than it can handle A queue is a given an amount of bandwidth irrespective of the incoming traffic on that port This queue then moves ...

Страница 156: ...highest priority and Q0 the lowest Weighted Round Robin Scheduling WRR services queues on a rotating basis based on their queue weight the number you configure in the queue Weight field Queues with larger weights get more service than queues with smaller weights Q0 Q7 Weight When you select WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their ...

Страница 157: ...vices IP addresses in the Class D range 224 0 0 0 to 239 255 255 255 are used for IP multicasting Certain IP multicast numbers are reserved by IANA for special purposes see the IANA web site for more information 21 1 2 IGMP Filtering With the IGMP filtering feature you can control which IGMP groups a subscriber on a port can join This allows you to control the distribution of multicast services su...

Страница 158: ... This is referred to as fixed mode In fixed mode the Switch does not learn multicast group membership of any VLANs other than those explicitly added as an IGMP snooping VLAN 21 2 Multicast Status Click Advanced Applications Multicast to display the screen as shown This screen shows the multicast group information See Section 21 1 on page 157 for more information on multicasting Figure 85 Advanced ...

Страница 159: ...P leave timeout value from 1 to 16 711 450 in seconds This defines how many seconds the Switch waits for an IGMP report before removing an IGMP snooping membership entry when an IGMP leave message is received from a host 802 1p Priority Select a priority level 0 7 to which the Switch changes the priority in outgoing IGMP control packets Otherwise select No Change to not replace the priority IGMP F...

Страница 160: ...his option to limit the number of multicast groups this port is allowed to join Max Group Num Enter the number of multicast groups this port is allowed to join Once a port is registered in the specified number of multicast groups any new IGMP join report frame s is dropped on this port IGMP Filtering Profile Select the name of the IGMP filtering profile to use for this port Otherwise select Defaul...

Страница 161: ...in the Multicast Setting screen first Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh VLAN Use this section of the screen to...

Страница 162: ... Name This field displays the descriptive name for this VLAN group VID This field displays the ID number of the VLAN group Delete Check the rule s that you want to remove in the Delete column then click the Delete button Cancel Click Cancel to clear the Delete check boxes Table 52 Advanced Application Multicast Multicast Setting IGMP Snooping VLAN LABEL DESCRIPTION Table 53 Advanced Application Mu...

Страница 163: ...a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive multicast traffic Once configured the Switch maintains a forwarding table that matches the multicast stream to the associated multicast group Add Click Add to save the profile to the Switch s run time memory The Switch loses these changes if it is turned off ...

Страница 164: ...P report to the Switch to join the appropriate multicast group If the IGMP report matches one of the configured MVR multicast group addresses on the Switch an entry is created in the forwarding table on the Switch This maps the subscriber VLAN to the list of forwarding destinations for the specified multicast traffic When the subscriber changes the channel or turns off the computer an IGMP leave m...

Страница 165: ...LAN to be shared among different subscriber VLANs on the network Name Enter a descriptive name up to 32 printable ASCII characters for identification purposes Multicast VLAN ID Enter the VLAN ID 1 to 4094 of the multicast VLAN 802 1p Priority Select a priority level 0 7 with which the Switch replaces the priority in outgoing IGMP control packets belonging to this multicast VLAN Mode Specify the MV...

Страница 166: ...cast traffic None Select this option to set the port not to participate in MVR No MVR multicast traffic is sent or received on this port Tagging Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on th...

Страница 167: ...efer to Section 21 1 1 on page 157 for more information on IP multicast addresses End Address Enter the ending IP multicast address of the multicast group in dotted decimal notation Enter the same IP address as the Start Address field if you want to configure only one IP address for a multicast group Refer to Section 21 1 1 on page 157 for more information on IP multicast addresses Add Click Add t...

Страница 168: ...and set the receiver and source ports Figure 94 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers configure multicast group settings in the Group Configuration screen The following figure shows an example where two multicast groups News and Movie are configured for the multicast VLAN 200 Figure 95 MVR Group Configuration Example ...

Страница 169: ...Chapter 21 Multicast MGS 3712 MGS 3012F User s Guide 169 Figure 96 MVR Group Configuration Example ...

Страница 170: ...Chapter 21 Multicast MGS 3712 MGS 3012F User s Guide 170 ...

Страница 171: ...the Switch itself or it can use an external server to authorize a large number of users Accounting is the process of recording what a user is doing The Switch can use an external server to track when users log in log out execute commands and so on Accounting can also record system related actions such as boot up and shut down times of the Switch The external servers that perform authentication aut...

Страница 172: ...IUS TACACS or both and then set up the authentication priority and accounting settings Click Advanced Application Auth and Acct in the navigation panel to display the screen as shown Figure 98 Advanced Application Auth and Acct 22 2 1 RADIUS Server Setup Use this screen to configure your RADIUS server settings See Section 22 1 2 on page 172 for more information on RADIUS servers and Section 22 3 o...

Страница 173: ...ds that the Switch waits for an authentication request response from the RADIUS server If you are using index priority for your authentication and you are using two RADIUS servers then the timeout value is divided between the two RADIUS servers For example if you set the timeout value to 30 seconds then the Switch waits for a response from the first RADIUS server for 15 seconds and then tries the ...

Страница 174: ...he RADIUS accounting server Index This is a read only number representing a RADIUS accounting server entry IP Address Enter the IP address of an external RADIUS accounting server in dotted decimal notation UDP Port The default port of a RADIUS server for accounting is 1813 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to...

Страница 175: ...n to alternate between the TACACS servers that it sends authentication requests to Timeout Specify the amount of time in seconds that the Switch waits for an authentication request response from the TACACS server If you are using index priority for your authentication and you are using two TACACS servers then the timeout value is divided between the two TACACS servers For example if you set the ti...

Страница 176: ...ngs Timeout Specify the amount of time in seconds that the Switch waits for an accounting request response from the TACACS server Index This is a read only number representing a TACACS accounting server entry IP Address Enter the IP address of an external TACACS accounting server in dotted decimal notation TCP Port The default port of a TACACS server for accounting is 49 You need not change this v...

Страница 177: ...f accounts via commands See the CLI Reference Guide for local authentication The TACACS and RADIUS are external servers Before you specify the priority make sure you have set up the corresponding database correctly first You can specify up to three methods for the Switch to authenticate the access privilege level of administrators The Switch checks the methods in the order you configure them first...

Страница 178: ...m accounting is enabled system accounting is disabled Exec Configure the Switch to send information when an administrator logs in and logs out via the console port telnet or SSH Dot1x Configure the Switch to send information when an IEEE 802 1x client begins a session authenticates via the Switch ends a session as well as interim updates of a session Commands Configure the Switch to send informati...

Страница 179: ...any by the IANA Internet Assigned Numbers Authority ZyXEL s vendor ID is 890 Vendor Type A vendor specified attribute identifying the setting you want to modify Vendor data A value you want to assign to the setting Refer to the documentation that comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server The following table describes the VSAs supported on...

Страница 180: ...or authentication Refer to RFC 2866 and RFC 2869 for RADIUS attributes used for accounting This section lists the attributes used by authentication and accounting functions on the Switch In cases where the attribute has a specific format associated with it the format is specified Egress Bandwidth Assignment Vendor Id 890 Vendor Type 2 Vendor data egress rate Kbps in decimal format Privilege Assign...

Страница 181: ...fier NAS IP Address 22 3 1 3 Attributes Used by the IEEE 802 1x Authentication User Name NAS Identifier NAS IP Address NAS Port NAS Port Type This value is set to Ethernet 15 on the Switch Calling Station Id Frame MTU EAP Message State Message Authenticator 22 3 2 Attributes Used for Accounting The following sections list the attributes sent from the Switch to the RADIUS server when performing aut...

Страница 182: ...ERIM UPDATE STOP User Name Y Y Y NAS Identifier Y Y Y NAS IP Address Y Y Y Service Type Y Y Y Acct Status Type Y Y Y Acct Delay Time Y Y Y Acct Session Id Y Y Y Acct Authentic Y Y Y Acct Session Time Y Y Acct Terminate Cause Y Table 63 RADIUS Attributes Exec Events via Telnet SSH ATTRIBUTE START INTERIM UPDATE STOP User Name Y Y Y NAS Identifier Y Y Y NAS IP Address Y Y Y Service Type Y Y Y Callin...

Страница 183: ... Time Y Y Y Acct Session Id Y Y Y Acct Authentic Y Y Y Acct Input Octets Y Y Acct Output Octets Y Y Acct Session Time Y Y Acct Input Packets Y Y Acct Output Packets Y Y Acct Terminate Cause Y Acct Input Gigawords Y Y Acct Output Gigawords Y Y Table 64 RADIUS Attributes Exec Events via 802 1x ATTRIBUTE START INTERIM UPDATE STOP ...

Страница 184: ...Chapter 22 Authentication Accounting MGS 3712 MGS 3012F User s Guide 184 ...

Страница 185: ...guard consists of the following features Static bindings Use this to create static bindings in the binding table DHCP snooping Use this to filter unauthorized DHCP packets on the network and to build the binding table dynamically ARP inspection Use this to filter unauthorized ARP packets on the network If you want to use dynamic bindings to filter unauthorized ARP packets typical implementation yo...

Страница 186: ...estarts it loads static bindings from permanent memory but loses the dynamic bindings in which case the devices in the network have to send DHCP requests again As a result it is recommended you configure the DHCP snooping database The DHCP snooping database maintains the dynamic bindings for DHCP snooping and ARP inspection in a file on an external TFTP server If you set up the DHCP snooping datab...

Страница 187: ...guring DHCP Snooping Follow these steps to configure DHCP snooping on the Switch 1 Enable DHCP snooping on the Switch 2 Enable DHCP snooping on each VLAN and configure DHCP relay option 82 3 Configure trusted and untrusted ports and specify the maximum number of DHCP packets that each port can receive per second 4 Configure static bindings 23 1 2 ARP Inspection Overview Use ARP inspection to filte...

Страница 188: ...lso specify the maximum rate at which the Switch receives ARP packets on untrusted ports The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on untrusted ports in the following situations The sender s information in the ARP packet does not match any of the current bindings The rate at which ARP packets arrive is too high 23 1 2 3 Syslog The Switc...

Страница 189: ...address and VLAN ID as an existing static binding the new static binding replaces the original one To open this screen click Advanced Application IP Source Guard Static Binding Table 65 IP Source Guard LABEL DESCRIPTION Index This field displays a sequential number for each binding Mac Address This field displays the source MAC address in the binding IP Address This field displays the IP address a...

Страница 190: ...lick this to reset the values above based on the last selected static binding or if not applicable to clear the fields above Clear Click this to clear the fields above Index This field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding IP Address This field displays the IP address assigned to the MAC address in the binding Lease This...

Страница 191: ... 3712 MGS 3012F User s Guide 191 23 4 DHCP Snooping Use this screen to look at various statistics about the DHCP snooping database To open this screen click Advanced Application IP Source Guard DHCP Snooping Figure 106 DHCP Snooping ...

Страница 192: ...o update the DHCP snooping database again It displays Not Running if the current bindings have not changed since the last update This section displays information about the last time the Switch updated the DHCP snooping database Last succeeded time This field displays the last time the Switch updated the DHCP snooping database successfully Last failed time This field displays the last time the Swi...

Страница 193: ... Expired leases This field displays the number of bindings the Switch ignored because the lease time had already expired Unsupported vlans This field displays the number of bindings the Switch ignored because the VLAN ID does not exist anymore Last ignored time This field displays the last time the Switch ignored any bindings for any reason from the DHCP binding database Total ignored bindings cou...

Страница 194: ...le describes the labels in this screen Table 68 DHCP Snooping Configure LABEL DESCRIPTION Active Select this to enable DHCP snooping on the Switch You still have to enable DHCP snooping on specific VLAN and specify trusted ports Note If DHCP is enabled and there are no trusted ports DHCP requests will not succeed DHCP Vlan Select a VLAN ID if you want the Switch to forward DHCP packets to DHCP ser...

Страница 195: ...e DHCP snooping database before it gives up Write delay interval Enter how long 10 65535 seconds the Switch waits to update the DHCP snooping database the first time the current bindings change after an update Once the next update is scheduled additional changes in current bindings are automatically included in the next update Renew DHCP Snooping URL Enter the location of a DHCP snooping database ...

Страница 196: ...g situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address and source port do not match any of the current bindings The rate at which DHCP packets arrive is too high Rate pps Specify the maximum number for DHCP p...

Страница 197: ...the VLAN the settings are applied to all VLANs Enabled Select Yes to enable DHCP snooping on the VLAN You still have to enable DHCP snooping on the Switch and specify trusted ports Note If DHCP is enabled and there are no trusted ports DHCP requests will not succeed Option82 Select this to have the Switch add the slot number port number and VLAN ID to DHCP requests that it broadcasts to the DHCP V...

Страница 198: ... Total number of filters This field displays the current number of MAC address filters that were created because the Switch identified unauthorized ARP packets Index This field displays a sequential number for each MAC address filter Mac Address This field displays the source MAC address in the MAC address filter VID This field displays the source VLAN ID in the MAC address filter Port This field ...

Страница 199: ... VLANs in a specific range in the section below Then enter the lowest VLAN ID Start VID and the highest VLAN ID End VID you want to look at Apply Click this to display the specified range of VLANs in the section below VID This field displays the VLAN ID of each VLAN in the range specified above Received This field displays the total number of ARP packets received from the VLAN since the Switch las...

Страница 200: ...dress of the ARP packet Num Pkts This field displays the number of ARP packets that were consolidated into this log message The Switch consolidates identical log messages generated by ARP packets in the log consolidation interval into one log message You can configure this interval in the ARP Inspection Configure screen See Section 23 7 on page 201 Reason This field displays the reason the log mes...

Страница 201: ...is setting has no effect on existing MAC address filters Enter how long 1 2147483647 seconds the MAC address filter remains in the Switch after the Switch identifies an unauthorized ARP packet The Switch automatically deletes the MAC address filter afterwards Enter 0 if you want the MAC address filter to be permanent Log Profile Log buffer size Enter the maximum number 1 1024 of log messages that ...

Страница 202: ...erver The relationship between Syslog rate and Log interval is illustrated in the following examples 4 invalid ARP packets per second Syslog rate is 5 Log interval is 1 the Switch sends 4 syslog messages every second 6 invalid ARP packets per second Syslog rate is 5 Log interval is 2 the Switch sends 5 syslog messages every 2 seconds Log interval Enter how often 1 86400 seconds the Switch sends a ...

Страница 203: ...which ARP packets arrive is too high You can specify the maximum rate at which ARP packets can arrive on untrusted ports Limit These settings have no effect on trusted ports Rate pps Specify the maximum rate 1 2048 packets per second at which the Switch receives ARP packets from each port The Switch discards any additional ARP packets Enter 0 to disable this limit Burst interval seconds The burst ...

Страница 204: ... inspection on the VLAN Select No to disable ARP inspection on the VLAN Log Specify when the Switch generates log messages for receiving ARP packets from the VLAN None The Switch does not generate any log messages when it receives an ARP packet from the VLAN Deny The Switch generates log messages when it discards an ARP packet from the VLAN Permit The Switch generates log messages when it forwards...

Страница 205: ...op problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a switch are connected with the same cable When a switch in loop state sends out broadcast messages the messages loop back to the switch and are re broadcast again and again causing a broadcast storm If a switc...

Страница 206: ...guard enabled port N on switch A sending a probe packet P to switch B Since switch B is in loop state the probe packet P returns to port N on A The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state Figure 118 Loop Guard Probe Packet The Switch also shuts down port N if the probe packet returns to switch A on any other port In other wor...

Страница 207: ...g Tree Protocol RSTP MRSTP or MSTP enabled Figure 120 Advanced Application Loop Guard The following table describes the labels in this screen Table 77 Advanced Application Loop Guard LABEL DESCRIPTION Active Select this option to enable loop guard on the Switch The Switch generates syslog internal log messages as well as SNMP traps when it shuts down a port via the loop guard feature Port This fie...

Страница 208: ...p state the Switch will shut down this port Clear this check box to disable the loop guard feature Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configur...

Страница 209: ... on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 25 1 1 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service ToS field in the IP header The DS field contains a 6 bit...

Страница 210: ...raffic policing methods measure traffic flows against user defined criteria and identify it as either conforming exceeding or violating the criteria Two Rate Three Color Marker trTCM defined in RFC 2698 is a type of traffic policing that identifies packets by comparing them to two user defined rates the Committed Information Rate CIR and the Peak Information Rate PIR The CIR specifies the average ...

Страница 211: ... Figure 123 trTCM Color blind Mode 25 2 2 trTCM Color aware Mode In color aware mode the evaluation of the packets uses the existing packet loss priority trTCM can increase a packet loss priority of a packet but it cannot decrease it Packets that have been previously marked red or yellow can only be marked with an equal or higher packet loss priority Packets marked red high packet loss priority co...

Страница 212: ...evaluates and marks the packets based on the trTCM settings Mode Select color blind to have the Switch treat all incoming packets as uncolored All incoming packets are evaluated against the CIR and PIR Select color aware to treat the packets as marked by some preceding entity Incoming packets are evaluated based on their existing color Incoming packets that are not marked proceed through the Switc...

Страница 213: ...P value to use for packets with low packet loss priority yellow Specify the DSCP value to use for packets with medium packet loss priority red Specify the DSCP value to use for packets with high packet loss priority Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation pane...

Страница 214: ...Chapter 25 Two Rate Three Color Marker MGS 3712 MGS 3012F User s Guide 214 ...

Страница 215: ...215 PART IV IP Application Static Route 217 DHCP 221 ...

Страница 216: ...216 ...

Страница 217: ... to send data to a server or device that is not reachable through the default gateway for example when sending SNMP traps or using ping to test IP connectivity This figure shows a Telnet session coming in from network N1 The Switch sends reply traffic to default gateway R1 which routes it back to the manager s computer The Switch needs a static route to tell it to use router R2 to send traffic to ...

Страница 218: ...tric represents the cost of transmission for routing purposes IP routing uses hop count as the measurement of cost with a minimum of 1 for directly connected networks Enter a number that approximates the cost for this link The number need not be precise but it must be between 1 and 15 In practice 2 or 3 is usually a good number Add Click Add to insert a new static route to the Switch s run time me...

Страница 219: ...immediate neighbor of your Switch that will forward the packet to the destination Metric This field displays the cost of transmission for routing purposes Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete check boxes Table 79 IP Application Static Routing continued LABEL DESCRIPTION ...

Страница 220: ...Chapter 26 Static Route MGS 3712 MGS 3012F User s Guide 220 ...

Страница 221: ...ually 27 1 1 DHCP Modes If there is already a DHCP server on your network then you can configure the Switch as a DHCP relay agent When the Switch receives a request from a computer on your network it contacts the DHCP server for the necessary IP information and then relays the assigned information back to the computer 27 1 2 DHCP Configuration Options The DHCP configuration on the Switch is divide...

Страница 222: ...uests that it relays to a DHCP server by adding Relay Agent Information This helps provide authentication about the source of the requests The DHCP server can then provide an IP address based on this information Please refer to RFC 3046 for more details The DHCP Relay Agent Information feature adds an Agent Information field to the Option 82 field The Option 82 field is in the DHCP headers of clie...

Страница 223: ...ct this check box to enable DHCP relay Remote DHCP Server 1 3 Enter the IP address of a DHCP server in dotted decimal notation Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This read only field displays the system name you configure in the General Setu...

Страница 224: ...wn Make sure you select the Option 82 check box to set the Switch to send additional information such as the VLAN ID together with the DHCP requests to the DHCP server This allows the DHCP server to assign the appropriate IP address according to the VLAN ID Figure 131 DHCP Relay Configuration Example 27 4 Configuring DHCP VLAN Settings Use this screen to configure your DHCP settings based on the V...

Страница 225: ...Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This read only field displays the system name you configure in the General Setup screen Select the check box for the Switch to add the system name to the client DHCP requests that it relays to a DHCP server...

Страница 226: ...ith an IP address of 172 23 10 100 Figure 133 DHCP Relay for Two VLANs For the example network configure the VLAN Setting screen as shown VID This field displays the ID number of the VLAN group to which this DHCP settings apply Type This field displays the DHCP mode Relay DHCP Status For DHCP relay configuration this field displays the first remote DHCP server IP address Delete Select the configur...

Страница 227: ...Chapter 27 DHCP MGS 3712 MGS 3012F User s Guide 227 Figure 134 DHCP Relay for Two VLANs Configuration Example ...

Страница 228: ...Chapter 27 DHCP MGS 3712 MGS 3012F User s Guide 228 ...

Страница 229: ...229 PART V Management Maintenance 231 Access Control 237 Diagnostic 255 Syslog 257 Cluster Management 261 MAC Table 267 ARP Table 269 Configure Clone 271 ...

Страница 230: ...230 ...

Страница 231: ... Maintenance The following table describes the labels in this screen Table 84 Management Maintenance LABEL DESCRIPTION Current This field displays which configuration Configuration 1 or Configuration 2 is currently operating on the Switch Firmware Upgrade Click Click Here to go to the Firmware Upgrade screen Restore Configuration Click Click Here to go to the Restore Configuration screen Backup Co...

Страница 232: ...o save the current configuration settings permanently to Configuration 1 on the Switch Click Config 2 to save the current configuration settings to Configuration 2 on the Switch Alternatively click Save on the top right hand corner in any screen to save the configuration changes to the current configuration Clicking the Apply or Add button does NOT save the changes permanently All unsaved changes ...

Страница 233: ...d load configuration two on the Switch 28 5 Firmware Upgrade Make sure you have downloaded and unzipped the correct model firmware and version to your computer before uploading to the device 1 Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device Click Management Maintenance Firmware Upgrade to view the screen as shown next Figure 138 Management ...

Страница 234: ...tomatically renamed when you restore using this screen 28 7 Backup a Configuration File Backing up your Switch configurations allows you to create various snap shots of your device from which you may restore at a later date Back up your current Switch configuration to a computer using the Backup Configuration screen Figure 140 Management Maintenance Backup Configuration Follow the steps below to b...

Страница 235: ...he current configuration to a file called config cfg on your computer If your T FTP client does not allow you to have a destination filename different than the source you will need to rename them as the Switch only recognizes config and ras Be sure you keep unaltered copies of both files for later use 1 Be sure to upload the correct model firmware as uploading the wrong model firmware may damage y...

Страница 236: ... FTP clients 28 8 4 FTP Restrictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote Management screen does not match the client IP address If it does not match the Switch will disconnect the FTP session immediately General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server Log...

Страница 237: ...ntrol sessions are allowed A console port access control session and Telnet access control session cannot coexist when multi login is disabled See Section 36 12 2 on page 286 for more information on disabling multi login 29 2 The Access Control Main Screen Click Management Access Control in the navigation panel to display the main screen as shown Figure 141 Management Access Control Table 86 Acces...

Страница 238: ...agement functions It executes applications that control and monitor managed devices The managed devices contain object variables managed objects that define each piece of information to be collected about a switch Examples of variables include number of packets received node port status and so on A Management Information Base MIB is a collection of managed objects SNMP allows a manager and agents ...

Страница 239: ...r version compliant with RFC 2011 SNMPv2 MIB for IP RFC 2012 SNMPv2 MIB for TCP RFC 2013 SNMPv2 MIB for UDP 29 3 3 SNMP Traps The Switch sends traps to an SNMP manager when an event occurs The following tables outline the SNMP traps by category An OID Object ID that begins with 1 3 6 1 4 1 890 1 5 8 is defined in private MIBs Otherwise it is a standard MIB OID Table 88 SNMP System Traps OPTION OBJ...

Страница 240: ...resets ControlledResetEventOn MGS 3712F 1 3 6 1 4 1 890 1 5 8 48 25 2 1 MGS 3712 1 3 6 1 4 1 890 1 5 8 47 25 2 1 This trap is sent when the Switch resets by an administrator through a management interface RebootEvent MGS 3712F 1 3 6 1 4 1 890 1 5 0 1 MGS 3712 1 3 6 1 4 1 890 1 5 0 1 This trap is sent when the Switch reboots by an administrator through a management interface timesync RTCNotUpdatedE...

Страница 241: ...k is up LinkDownEventClear MGS 3712F 1 3 6 1 4 1 890 1 5 8 48 25 2 2 MGS 3712 1 3 6 1 4 1 890 1 5 8 47 25 2 2 This trap is sent when the Ethernet link is up linkdown linkDown 1 3 6 1 6 3 1 1 5 3 This trap is sent when the Ethernet link is down LinkDownEventOn MGS 3712F 1 3 6 1 4 1 890 1 5 8 48 25 2 1 MGS 3712 1 3 6 1 4 1 890 1 5 8 47 25 2 1 This trap is sent when the Ethernet link is down autonego...

Страница 242: ...otReach ableEventOn MGS 3712F 1 3 6 1 4 1 890 1 5 8 48 25 2 1 MGS 3712 1 3 6 1 4 1 890 1 5 8 47 25 2 1 This trap is sent when there is no response message from the RADIUS accounting server RADIUSAccountingNotReach ableEventClear MGS 3712F 1 3 6 1 4 1 890 1 5 8 48 25 2 2 MGS 3712 1 3 6 1 4 1 890 1 5 8 47 25 2 2 This trap is sent when the RADIUS accounting server can be reached Table 91 SNMP IP Trap...

Страница 243: ...ent when the STP topology changes MRSTPTopologyChange MGS 3712F 1 3 6 1 4 1 890 1 5 8 48 32 2 2 MGS 3712 1 3 6 1 4 1 890 1 5 8 47 32 2 2 This trap is sent when the MRSTP topology changes MSTPTopologyChange MGS 3712F 1 3 6 1 4 1 890 1 5 8 48 107 7 0 2 MGS 3712 1 3 6 1 4 1 890 1 5 8 47 107 7 0 2 This trap is sent when the MSTP root switch changes mactable MacTableFullEventOn MGS 3712F 1 3 6 1 4 1 89...

Страница 244: ...ring which is the password for the incoming Get and GetNext requests from the management station The Get Community string is only used by SNMP managers using SNMP version 2c or lower Set Community Enter the Set Community which is the password for incoming Set requests from the management station The Set Community string is only used by SNMP managers using SNMP version 2c or lower Trap Community En...

Страница 245: ...NMP v2c This is the lowest security level auth to implement an authentication algorithm for SNMP messages sent by this user priv to implement authentication and encryption for SNMP messages sent by this user This is the highest security level Note The settings on the SNMP manager must be set at the same security level or higher than the security level settings on the Switch Authentication Select a...

Страница 246: ...of the screen to select which traps the Switch sends to that SNMP manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See Section 29 3 3 on page 239 for individual trap descriptions The traps are grouped by category Selecting a category automatically selects all of th...

Страница 247: ... administrator account with the admin user name You cannot change the default administrator user name Only the administrator has read write access Old Password Type the existing system password 1234 is the default password when shipped New Password Enter your new system password Retype to confirm Retype your new system password for confirmation Edit Logins You may configure passwords for up to fou...

Страница 248: ... SSH Communication Example 29 5 How SSH works The following table summarizes how a secure connection is established between two remote hosts Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configu...

Страница 249: ... agree on the type of encryption method to use 3 Authentication and Data Transmission After the identification is verified and data encryption activated a secure tunnel is established between the client and the server The client then sends its authentication information user name and password to the server to log in to the server 29 6 SSH Implementation on the Switch Your Switch supports SSH versi...

Страница 250: ...requests the HTTPS connection with the Switch whereas the SSL client only should authenticate itself when the SSL server requires it to do so Authenticating client certificates is optional and if selected means the SSL client must send the Switch a certificate You must apply for a certificate for the browser from a CA that is a trusted CA on the Switch Please refer to the following figure 1 HTTPS ...

Страница 251: ...hen web configurator access is blocked Figure 149 Security Alert Dialog Box Internet Explorer 29 8 2 Netscape Navigator Warning Messages When you attempt to access the Switch HTTPS server a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate Click Examine Certificate if you want to verify that the certificate is from the Switch If Accept this certifi...

Страница 252: ... of the browser status bar denotes a secure connection Figure 152 Example Lock Denoting a Secure Connection 29 9 Service Port Access Control Service Access Control allows you to decide what services you may use to access the Switch You may also change the default service port and configure trusted computer s for each service in the Remote Management screen discussed later Click Management Access C...

Страница 253: ...ant to allow to access the Switch Service Port For Telnet SSH FTP HTTP or HTTPS services you may change the default service port by typing the new port number in the Server Port field If you change the default port number then you will have to let people who wish to use the service know the new port number for that service Timeout Type how many minutes a management session via the web configurator...

Страница 254: ...it Start Address End Address Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here The Switch immediately disconnects the session if it does not match Telnet FTP HTTP ICMP SNMP SSH HTTPS Select services that may be used for managing the Switch fro...

Страница 255: ... following table describes the labels in this screen Table 98 Management Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi line text box Click Clear to empty the text box and reset the syslog entry IP Ping Type the IP address of a device that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address in the field to ...

Страница 256: ...Chapter 30 Diagnostic MGS 3712 MGS 3012F User s Guide 256 ...

Страница 257: ...efer to the documentation of your syslog program for details The following table describes the syslog severity levels 31 2 Syslog Setup Click Management Syslog in the navigation panel to display this screen The syslog feature sends logs to an external syslog server Use this screen to configure the device s system logging settings Table 99 Syslog Severity Levels CODE SEVERITY 0 Emergency The system...

Страница 258: ...his column displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category Facility The log facility allows you to send logs to different files in the syslog server Refer to the documentation of your syslog program for more details Apply Click Apply to save your changes to the Switch s run time me...

Страница 259: ...witch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to return the fields to the factory defaults Index This is the index number of a syslog server entry Clic...

Страница 260: ...Chapter 31 Syslog MGS 3712 MGS 3012F User s Guide 260 ...

Страница 261: ...o be able to communicate with one another In the following example switch A in the basement is the cluster manager and the other switches on the upper floors of the building are cluster members Table 102 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models Must be compatible with ZyXEL cluster management implementation Cluster Manager The switch thr...

Страница 262: ...Guide 262 Figure 158 Clustering Application Example 32 2 Cluster Management Status Click Management Cluster Management in the navigation panel to display the following screen A cluster can only have one manager Figure 159 Management Cluster Management Status ...

Страница 263: ...cluster manager None neither a manager nor a member of a cluster Manager This field displays the cluster manager switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage cluster member switches via the cluster manager switch Each number in the Index column i...

Страница 264: ... rw rw 1 owner group 393216 Jul 01 12 00 config w w w 1 owner group 0 Jul 01 12 00 fw 00 a0 c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 370lt0 bin fw 00 a0 c5 01 23 46 200 Port command okay 150 Opening data connection for STOR fw 00 a0 c5 01 23 46 226 File receive...

Страница 265: ...es list If a switch that was previously a cluster member is later set to become a cluster manager then its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below Name Type a name to identify the Clustering Manager You may use up to 32 printable characters spaces are allowed VID This is the VLAN ID and is only applicable if t...

Страница 266: ...be managed from the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below If multiple devices have the same password then hold SHIFT and click those switches to select them Then enter their common web configurator password Add Click Add to save your changes to the Switch s run time memory The Switch lose...

Страница 267: ...termine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port on which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the MAC table If the Switch has already learned the port for this MAC address then it forwards the frame to that port If the Switch ha...

Страница 268: ...he summary table below MAC Click this button to display and arrange the data according to MAC address VID Click this button to display and arrange the data according to VLAN group Port Click this button to display and arrange the data according to port number Index This is the incoming frame index number MAC Address This is the MAC address of the device from which this incoming frame came VID This...

Страница 269: ... to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC field FF FF FF FF FF FF is the Ethernet broadcast address The replying device whic...

Страница 270: ...ement ARP Table LABEL DESCRIPTION Index This is the ARP Table entry number IP Address This is the learned IP address of a device connected to a Switch port with corresponding MAC address below MAC Address This is the MAC address of the device with corresponding IP address above Type This shows whether the MAC address is dynamic learned by the Switch or static ...

Страница 271: ...how you can copy the settings of one port onto other ports 35 1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management Configure Clone to open the following screen Figure 166 Management Configure Clone ...

Страница 272: ...ple 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings you configured in the Basic Setting menus should be copied to the destination port s Advanced Application Select which port settings you configured in the Advanced Application menus should be copied to the destination ports Apply...

Страница 273: ...273 PART VI Troubleshooting Product Specifications Troubleshooting 275 Product Specifications 279 ...

Страница 274: ...274 ...

Страница 275: ...n to an appropriate power source Make sure the power source is turned on 3 Disconnect and re connect the power adaptor or cord to the Switch 4 If the problem continues contact the vendor V The ALM LED is on 1 Disconnect and re connect the power adaptor to the Switch 2 If the problem continues contact the vendor V One of the LEDs does not behave as expected 1 Make sure you understand the normal beh...

Страница 276: ... 1 If you changed the IP address use the new IP address If you changed the IP address and have forgotten it see the troubleshooting suggestions for I forgot the IP address for the Switch 2 Check the hardware connections and make sure the LEDs are behaving as expected See the Quick Start Guide and Section 3 3 on page 47 3 Make sure your Internet browser does not block pop up windows and has JavaScr...

Страница 277: ...r try connecting again later Check that you have enabled logins for HTTP or telnet If you have configured a secured client IP address your computer s IP address must match it Refer to the chapter on access control for details 3 Turn the Switch off and on 4 Disconnect and re connect the cord to the Switch 5 If this does not work you have to reset the device to its factory defaults See Section 4 6 o...

Страница 278: ...Chapter 36 Troubleshooting MGS 3712 MGS 3012F User s Guide 278 ...

Страница 279: ...tage Power Consumption MGS 3712 AC unit 30 W maximum MGS 3712 DC unit 30 W maximum MGS 3712F AC unit 30 W maximum MGS 3712F DC unit 30 W maximum Interfaces MGS 3712F 8 mini GBIC SFP slots MGS 3712 8 100 1000 Base Tx ports All Models 4 GbE Dual Personality interfaces Each interface has one 1000Base T RJ 45 port and one Small Form Factor Pluggable SFP slot with one port active at a time One local ma...

Страница 280: ...outer MAC Address Filter Filter traffic based on the source and or destination MAC address and VLAN group ID DHCP Dynamic Host Configuration Protocol Relay Use this feature to have the Switch forward DHCP requests to DHCP servers on your network IGMP Snooping The Switch supports IGMP snooping enabling group multicast traffic to be only forwarded to ports that are members of that group thus allowin...

Страница 281: ...up links between switches bridges or routers It allows a Switch to interact with other M R STP compliant switches in your network to ensure that only one path exists between any two stations on the network Loop Guard Use the loop guard feature to protect against network loops on the edge of your network IP Source Guard Use IP source guard to filter unauthorized DHCP and ARP packets in your network...

Страница 282: ...IEEE 802 1q Ethernet II PPPoE Prevent the forwarding of corrupted packets STP IEEE 802 1w Rapid Spanning Tree Protocol RSTP Multiple Rapid Spanning Tree capability 2 configurable trees IEEE 802 1s Multiple Spanning Tree Protocol QoS IEEE 802 1p Eight priority queues per port Port based egress traffic shaping Rule based traffic mirroring Supports IGMP snooping VLAN Port based VLAN setting Tag based...

Страница 283: ... RFC 2138 RADIUS Remote Authentication Dial In User Service RFC 2139 RADIUS Accounting RFC 2236 Internet Group Management Protocol Version 2 RFC 2698 Two Rate Three Color Marker trTCM RFC 2865 RADIUS Vendor Specific Attribute RFC 2674 P BRIDGE MIB Q BRIDGE MIB RFC 3046 DHCP Relay RFC 3164 Syslog RFC 3376 Internet Group Management Protocol Version 3 RFC 3414 User based Security Model USM for versio...

Страница 284: ... Product Specifications MGS 3712 MGS 3012F User s Guide 284 Safety UL 60950 1 CSA 60950 1 EN 60950 1 IEC 60950 1 EMC FCC Part 15 Class A CE EMC Class A Table 112 Standards Supported continued STANDARD DESCRIPTION ...

Страница 285: ...285 PART VII Appendices and Index Common Services 287 Legal Information 291 Customer Support 295 Index 301 ...

Страница 286: ...286 ...

Страница 287: ...ocol is USER this is the IP protocol number Description This is a brief explanation of the applications that use this service or the situations in which this service is used Table 113 Commonly Used Services NAME PROTOCOL PORT S DESCRIPTION AH IPSEC_TUNNEL User Defined 51 The IPSEC AH Authentication Header tunneling protocol uses this service AIM New ICQ TCP 5190 AOL s Internet Messenger service It...

Страница 288: ... Internet chat program NEWS TCP 144 A protocol for news groups NFS UDP 2049 Network File System NFS is a client server distributed file service that provides transparent file sharing for network environments NNTP TCP 119 Network News Transport Protocol is the delivery mechanism for the USENET newsgroup service PING User Defined 1 Packet INternet Groper is a protocol that sends out ICMP echo reques...

Страница 289: ...cluding mainframes midrange systems UNIX systems and network servers SSH TCP UDP 22 Secure Shell Remote Login Program STRM WORKS UDP 1558 Stream Works Protocol SYSLOG UDP 514 Syslog allows you to send system logs to a UNIX server TACACS UDP 49 Login Host Protocol used for Terminal Access Controller Access Control System TELNET TCP 23 Telnet is the login and terminal emulation protocol common on th...

Страница 290: ...Appendix A Common Services MGS 3712 MGS 3012F User s Guide 290 ...

Страница 291: ... or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of ZyXEL Communications Inc Other trademarks mentioned ...

Страница 292: ... not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment This Class A digital apparatus complies with Canadian ICES 003 Cet appareil numérique de la classe A est conforme à la norme NMB 003 du Canada CLASS 1 LASER PRODUCT APPAREIL A LASER DE CLASS 1 PRODUCT COMPLIES WITH 21 CFR 1040 10 AND 1040 11 PRODUIT CONFORME SELON 21 CFR 1040 10...

Страница 293: ...f the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequential damages of any kind to the purchaser To obtain the services of this warranty contact your vendor You may also refer to the warranty policy for the region ...

Страница 294: ...Appendix B Legal Information MGS 3712 MGS 3012F User s Guide 294 ...

Страница 295: ...oblem and the steps you took to solve it is the prefix number you dial to make an international telephone call Corporate Headquarters Worldwide Support E mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 3 578 3942 Fax 886 3 578 2439 Web www zyxel com Regular Mail ZyXEL Communications Corp 6 Innovation Road II Science Park Hsinchu 300 Taiwan China ZyXEL Communications Beijing...

Страница 296: ... zyxel cz Regular Mail ZyXEL Communications Czech s r o Modranská 621 143 01 Praha 4 Modrany Ceská Republika Denmark Support E mail support zyxel dk Sales E mail sales zyxel dk Telephone 45 39 55 07 00 Fax 45 39 55 07 07 Web www zyxel dk Regular Mail ZyXEL Communications A S Columbusvej 2860 Soeborg Denmark Finland Support E mail support zyxel fi Sales E mail sales zyxel fi Telephone 358 9 4780 84...

Страница 297: ... Sales E mail sales zyxel in Telephone 91 11 30888144 to 91 11 30888153 Fax 91 11 30888149 91 11 26810715 Web http www zyxel in Regular Mail India ZyXEL Technology India Pvt Ltd II Floor F2 9 Okhla Phase 1 New Delhi 110020 India Japan Support E mail support zyxel co jp Sales E mail zyp zyxel co jp Telephone 81 3 6847 3700 Fax 81 3 6847 3705 Web www zyxel co jp Regular Mail ZyXEL Japan 3F Office T ...

Страница 298: ... 714 632 0858 Web www zyxel com Regular Mail ZyXEL Communications Inc 1130 N Miller St Anaheim CA 92806 2001 U S A Norway Support E mail support zyxel no Sales E mail sales zyxel no Telephone 47 22 80 61 80 Fax 47 22 80 61 81 Web www zyxel no Regular Mail ZyXEL Communications A S Nils Hansens vei 13 0667 Oslo Norway Poland E mail info pl zyxel com Telephone 48 22 333 8250 Fax 48 22 333 8251 Web ww...

Страница 299: ...5ª planta 28033 Madrid Spain Sweden Support E mail support zyxel se Sales E mail sales zyxel se Telephone 46 31 744 7700 Fax 46 31 744 7701 Web www zyxel se Regular Mail ZyXEL Communications A S Sjöporten 4 41764 Göteborg Sweden Taiwan Support E mail support zyxel com tw Sales E mail sales zyxel com tw Telephone 886 2 27399889 Fax 886 2 27353220 Web http www zyxel com tw Address Room B 21F No 333 ...

Страница 300: ...ine Support E mail support ua zyxel com Sales E mail sales ua zyxel com Telephone 380 44 247 69 78 Fax 380 44 494 49 32 Web www ua zyxel com Regular Mail ZyXEL Ukraine 13 Pimonenko Str Kiev 04050 Ukraine United Kingdom Support E mail support zyxel co uk Sales E mail sales zyxel co uk Telephone 44 1344 303044 0845 122 0301 UK only Fax 44 1344 303034 Web www zyxel co uk Regular Mail ZyXEL Communicat...

Страница 301: ... 171 setup 176 Authentication Authorization and Accounting see AAA 171 authorization 171 privilege levels 177 auto crossover 42 automatic VLAN registration 86 B back up configuration file 234 Backup Power Supply BPS 47 bandwidth control 119 282 egress rate 120 ingress rate 120 setup 119 bandwidth control and TRTCM 212 basic settings 71 binding 185 binding table 185 building 185 BPDUs Bridge Protoc...

Страница 302: ...ation Protocol 221 DHCP relay option 82 187 DHCP snooping 185 configuring 187 DHCP relay option 82 187 trusted ports 186 untrusted ports 186 DHCP snooping database 186 diagnostics 255 Ethernet port test 255 ping 255 system log 255 Differentiated Service DiffServ 209 DiffServ and TRTCM 212 DS field 209 DSCP 209 network example 210 PHB 209 dimensions 279 disclaimer 291 DS Differentiated Services 209...

Страница 303: ... IGMP Internet Group Management Protocol 157 IGMP filtering 157 profile 162 profiles 159 IGMP snooping 157 and VLANs 158 MVR 163 setup 160 ingress port 96 ingress rate and bandwidth control 120 installation desktop 35 precautions 36 rack mounting 36 transceivers 43 installation scenarios 35 introduction 31 IP capability 282 services 282 IP address 78 IP interface 77 IP setup 77 IP source guard 185...

Страница 304: ...e middle attacks 187 max age 115 hops 115 MDIX Media Dependent Interface Crossover 42 MGMT port 44 MIB and SNMP 238 supported MIBs 239 MIB Management Information Base 238 mirroring ports 123 monitor port 123 124 mounting brackets 36 MRSTP status 112 MST ID 105 MST Instance See MSTI 105 MST region 105 MSTI 105 MSTP 101 104 bridge ID 117 118 configuration 114 configuration digest 118 forwarding dela...

Страница 305: ...d VLAN 94 all connected 96 port isolation 96 settings wizard 96 ports standby 125 diagnostics 255 mirroring 123 speed duplex 80 power voltage 72 power connector 44 power consumption 279 power specification 279 power status 72 priority level 76 priority queue assignment 76 product registration 293 PVID 85 91 PVID Priority Frame 85 PWR LED 47 Q QoS 282 and classifier 143 Queue priority 156 Queue wei...

Страница 306: ...hell 248 SSL Secure Socket Layer 250 standby ports 125 static bindings 185 static link aggregation example 130 static MAC address 97 static MAC forwarding 93 97 static routes 219 static trunking example 130 Static VLAN 89 static VLAN control 90 tagging 90 status 52 65 link aggregation 126 MSTP 116 port 65 port details 66 power 72 STP 109 112 VLAN 88 STP 101 282 bridge ID 110 113 bridge priority 10...

Страница 307: ...rvice ToS 209 U untrusted ports ARP inspection 188 DHCP snooping 186 user profiles 171 V Vendor Specific Attribute See VSA ventilation 35 ventilation holes 36 VID 85 88 89 number of possible VIDs 85 priority frame 85 VID VLAN Identifier 85 VLAN 74 85 282 acceptable frame type 91 automatic registration 86 ID 85 IGMP snooping 158 ingress filtering 91 introduction 74 number of VLANs 88 port isolation...

Страница 308: ...Index MGS 3712 MGS 3012F User s Guide 308 ...

Отзывы:

Нет отзывов

Похожие инструкции для MGS-3712

Бренд: ABB Страницы: 32

Бренд: ABB Страницы: 44

Бренд: ABB Страницы: 15

Бренд: GE Страницы: 20

Бренд: Hama Страницы: 18

Бренд: Raritan Страницы: 4

EdgeLens INT10G8SR56

Бренд: Garland Страницы: 76

T0-4 SE2 Series

Бренд: Eaton Страницы: 2

Бренд: SELS Страницы: 2

Бренд: Steren Страницы: 13

AVS-OCT-3264-360

Бренд: AMX Страницы: 1

ServicePlus S11

Бренд: Horstmann Страницы: 8

SwitchMan USB-Combo SW4

Бренд: Raritan Страницы: 2

Бренд: Netis Страницы: 9

Бренд: StarTech.com Страницы: 12

Бренд: Bryston Страницы: 8

Бренд: i3 International Страницы: 204

Бренд: Ascent Communication Technology Страницы: 8

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды