manualshive.com logo in svg

ZyXEL Communications XGS-4528F, Руководство пользователя, Страница: 262 / 491

Поделиться
Скачать
ZyXEL Communications XGS-4528F Скачать руководство пользователя страница 262

Chapter 26 IP Source Guard

XGS-4526/4528F/4728F User’s Guide

262

3

Configure trusted and untrusted ports, and specify the maximum number of DHCP 
packets that each port can receive per second.

4

Configure static bindings.

26.1.2  ARP Inspection Overview

Use ARP inspection to filter unauthorized ARP packets on the network. This can 
prevent many kinds of man-in-the-middle attacks, such as the one in the following 
example.

Figure 116   

Example: Man-in-the-middle Attack

In this example, computer B tries to establish a connection with computer A
Computer X is in the same broadcast domain as computer A and intercepts the 
ARP request for computer A. Then, computer X does the following things:

• It pretends to be computer A and responds to computer B.
• It pretends to be computer B and sends a message to computer A.

As a result, all the communication between computer A and computer B passes 
through computer X. Computer X can read and alter the information passed 
between them.

26.1.2.1  ARP Inspection and MAC Address Filters

When the Switch identifies an unauthorized ARP packet, it automatically creates a 
MAC address filter to block traffic from the source MAC address and source VLAN 
ID of the unauthorized ARP packet. You can configure how long the MAC address 
filter remains in the Switch.

These MAC address filters are different than regular MAC address filters (

Chapter 

12 on page 145

).

• They are stored only in volatile memory.
• They do not use the same space in memory that regular MAC address filters 

use.

A

X

B

Содержание XGS-4528F

Страница 1: ...Intelligent Layer 3 Switch Copyright 2011 ZyXEL Communications Corporation Firmware Version 4 00 Edition 1 03 2011 Default Login Details IP Address http 192 168 0 1 Out of band MGMT port http 192 168...

Страница 2: ......

Страница 3: ...ference Guide The Command Reference Guide explains how to use the Command Line Interface CLI and CLI commands to configure the Switch Note It is recommended you use the web configurator to configure t...

Страница 4: ...d questions about ZyXEL products Forum This contains discussions on ZyXEL products Learn from others who use ZyXEL products and share your experiences as well Customer Support Should problems arise th...

Страница 5: ...labels and field choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type...

Страница 6: ...r s Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Switch icon is not an exact representation of your device The Switch Computer Notebook computer S...

Страница 7: ...this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in E...

Страница 8: ...Safety Warnings XGS 4526 4528F 4728F User s Guide 8...

Страница 9: ...ing 101 VLAN 117 Static MAC Forward Setup 137 Static Multicast Forward Setup 141 Filtering 145 Spanning Tree Protocol 147 Bandwidth Control 169 Broadcast Storm Control 173 Mirroring 175 Link Aggregati...

Страница 10: ...Differentiated Services 353 DHCP 361 VRRP 371 ARP Learning 381 Load Sharing 387 Maintenance 389 Access Control 397 Diagnostic 423 Syslog 425 Cluster Management 435 MAC Table 443 IP Table 447 ARP Tabl...

Страница 11: ...1 1 4 IEEE 802 1Q VLAN Application Example 29 1 1 5 IPv6 Support 30 1 2 Ways to Manage the Switch 30 1 3 Good Habits for Managing the Switch 31 Chapter 2 Hardware Installation and Connection 33 2 1 F...

Страница 12: ...6 1 Reload the Configuration File 55 4 7 Logging Out of the Web Configurator 56 4 8 Help 56 Chapter 5 Initial Setup Example 57 5 1 Overview 57 5 1 1 Configuring an IP Interface 57 5 1 2 Configuring DH...

Страница 13: ...cal Reference 93 Chapter 7 System Status and Port Statistics 95 7 1 Overview 95 7 2 Port Status Summary 95 7 2 1 Status Port Details 97 Chapter 8 Basic Setting 101 8 1 Overview 101 8 2 System Informat...

Страница 14: ...icast Forwarding Overview 141 11 2 Configuring Static Multicast Forwarding 142 Chapter 12 Filtering 145 12 1 Configure a Filtering Rule 145 Chapter 13 Spanning Tree Protocol 147 13 1 STP RSTP Overview...

Страница 15: ...gregation ID 178 17 3 Link Aggregation Status 179 17 4 Link Aggregation Setting 181 17 5 Link Aggregation Control Protocol 183 17 6 Static Trunking Example 184 Chapter 18 Port Authentication 187 18 1...

Страница 16: ...riority 215 22 1 2 Weighted Fair Queuing 215 22 1 3 Weighted Round Robin Scheduling WRR 216 22 2 Configuring Queuing 217 Chapter 23 VLAN Stacking 219 23 1 VLAN Stacking Overview 219 23 1 1 VLAN Stacki...

Страница 17: ...5 Tunnel Protocol Attribute 253 25 3 Supported RADIUS Attributes 254 25 3 1 Attributes Used for Authentication 254 25 3 2 Attributes Used for Accounting 255 Chapter 26 IP Source Guard 259 26 1 IP Sour...

Страница 18: ...ow Overview 295 30 2 sFlow Port Configuration 296 30 2 1 sFlow Collector Configuration 297 Chapter 31 PPPoE 299 31 1 PPPoE Intermediate Agent Overview 299 31 1 1 PPPoE Intermediate Agent Tag Format 29...

Страница 19: ...hapter 36 RIP 327 36 1 RIP Overview 327 36 1 1 Administrative Distance 327 36 2 Configuring RIP 328 Chapter 37 OSPF 331 37 1 OSPF Overview 331 37 1 1 OSPF Autonomous Systems and Areas 331 37 1 2 How O...

Страница 20: ...ng 354 40 2 1 TRTCM Color blind Mode 355 40 2 2 TRTCM Color aware Mode 355 40 3 Activating DiffServ 356 40 3 1 Configuring 2 Rate 3 Color Marker Settings 357 40 4 DSCP to IEEE 802 1p Priority Settings...

Страница 21: ...er 44 Load Sharing 387 44 1 Load Sharing Overview 387 44 2 Configuring Load Sharing 387 Chapter 45 Maintenance 389 45 1 The Maintenance Screen 389 45 2 Load Factory Default 390 45 3 Save Configuration...

Страница 22: ...Netscape Navigator Warning Messages 417 46 9 3 The Main Screen 419 46 10 Service Port Access Control 419 46 11 Remote Management 420 Chapter 47 Diagnostic 423 47 1 Diagnostic 423 Chapter 48 Syslog 42...

Страница 23: ...hapter 53 Routing Table 453 53 1 Overview 453 53 2 Viewing the Routing Table Status 453 Chapter 54 Configure Clone 455 54 1 Configure Clone 455 Chapter 55 Troubleshooting 457 55 1 Power Hardware Conne...

Страница 24: ...Table of Contents XGS 4526 4528F 4728F User s Guide 24...

Страница 25: ...25 PART I User s Guide...

Страница 26: ...26...

Страница 27: ...ule with one port active at a time The XGS 4526 requires 100 VAC to 240 VAC 0 8 A power There are two XGS 4528F or XGS 4728F models The XGS 4528F or XGS 4728F DC model requires DC power supply input o...

Страница 28: ...need high bandwidth In the following example a company uses the optional 10 Gigabit uplink modules to connect the headquarters to a branch office network Within the headquarters network a company can...

Страница 29: ...nternet To expand the network simply add more networking devices such as switches routers computers print servers and so on Figure 3 Gigabit to the Desktop 1 1 4 IEEE 802 1Q VLAN Application Example A...

Страница 30: ...dress allows up to 3 4 x 1038 IP addresses At the time of writing the Switch supports the following features Static address assignment and stateless auto configuration Neighbor Discovery Protocol a pr...

Страница 31: ...on page 398 1 3 Good Habits for Managing the Switch Do the following things regularly to make the Switch more secure and to manage the Switch more effectively Change the password Use a password that...

Страница 32: ...Chapter 1 Getting to Know Your Switch XGS 4526 4528F 4728F User s Guide 32...

Страница 33: ...the weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables...

Страница 34: ...tion Requirements Two mounting brackets Eight M3 flat head screws and a 2 Philips screwdriver Four M5 flat head screws and a 2 Philips screwdriver Failure to use the proper screws may damage the unit...

Страница 35: ...the Switch on a rack Proceed to the next section 2 2 3 Mounting the Switch on a Rack 1 Position a mounting bracket that is already attached to the Switch on one side of the rack lining up the two scr...

Страница 36: ...Chapter 2 Hardware Installation and Connection XGS 4526 4528F 4728F User s Guide 36...

Страница 37: ...l of the Switch and shows you how to make the hardware connections 3 1 Front Panel Connections The figure below shows the front panel of the Switch Figure 8 Front Panel XGS 4526 Figure 9 Front Panel X...

Страница 38: ...peed 100 1000 Mbps and duplex mode full duplex or half duplex of the connected device An auto crossover auto MDI MDI X port automatically works with a straight through or crossover Ethernet cable Tabl...

Страница 39: ...r Pluggable SFP Transceiver MultiSource Agreement MSA See the SFF committee s INF 8074i specification Rev 1 0 for details You can change transceivers while the Switch is operating You can use differen...

Страница 40: ...verify that it is functioning properly Figure 12 Installed Transceiver 3 1 3 2 Transceiver Removal Use the following steps to remove a mini GBIC transceiver SFP module 1 Open the transceiver s latch l...

Страница 41: ...232 management console port D A connector for the power receptacle E 3 2 2 XGS 4528F or XGS 4728F The following figures show the rear panels of the AC and DC power input model switches The rear panel...

Страница 42: ...switches for stacking in you network For EM 422 connection Use 10 Gigabit Small Form Factor Pluggable XFP transceivers to connect 1000Base X fiber optic cables to these ports See Section 3 1 3 1 on pa...

Страница 43: ...cord to the power socket of your Switch Connect the other end of the cord to a power outlet 3 2 5 2 DC Power Connection Note This is only for the DC model of the Switch The Switch uses a single ETB se...

Страница 44: ...pply Connector The Switch supports external backup power supply BPS The Switch constantly monitors the status of the internal power supply The backup power supply automatically provides power to the S...

Страница 45: ...728F Green On The Switch is connected to other switches in the stack on Stacking Port 1 Off The Switch is not connected to other switches in the stack on Stacking Port 1 S2 XGS 4528F or XGS 4728F Gree...

Страница 46: ...S 4526 4528F 4728F User s Guide 46 1 24 or 21 24 Green On The port has a successful connection Blinking The port is receiving or transmitting data Off This link is disconnected Table 3 LEDs continued...

Страница 47: ...The recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in...

Страница 48: ...ave not configured a time server nor manually entered a time and date in the General Setup screen Figure 19 Web Configurator Login 4 Click OK to view the first web configurator screen 4 3 The Web Conf...

Страница 49: ...ou are currently working in B Click this link to save your configuration into the Switch s nonvolatile memory Nonvolatile memory is saved in the configuration file from which the Switch booted from an...

Страница 50: ...e monitoring information General Setup This link takes you to a screen where you can configure general identification information and time settings for the Switch Switch Setup This link takes you to a...

Страница 51: ...entication This link takes you to a screen where you can configure IEEE 802 1x port authentication as well as MAC authentication for clients communicating via the Switch Port Security This link takes...

Страница 52: ...RIP Routing Information Protocol direction and versions OSPF This link takes you to screens where you can view the OSPF status and configure OSPF settings IGMP This link takes you to a screen where y...

Страница 53: ...view its status MAC Table This link takes you to a screen where you can view the MAC address and VLAN ID of a device attach to a port You can also view what kind of MAC address it is IP Table This lin...

Страница 54: ...nd management managing through the data ports if you do one of the following 1 Delete the management VLAN default is VLAN 1 2 Delete all port based VLANs with the CPU port as a member The CPU port is...

Страница 55: ...or details 2 Disconnect and reconnect the Switch s power to begin a session When you reconnect the Switch s power you will see the initial screen 3 When you see the message Press any key to enter Debu...

Страница 56: ...een to exit the web configurator You have to log in with your password again after you log out This is recommended after you finish a management session for security reasons Figure 23 Web Configurator...

Страница 57: ...t port VLAN ID Enable RIP 5 1 1 Configuring an IP Interface On a layer 3 switch an IP interface also known as an IP routing domain is not bound to a physical port The default IP address of the Switch...

Страница 58: ...for management Make sure your computer is in the same subnet as the MGMT port 2 Open your web browser and enter 192 168 0 1 the default MGMT port IP address in the address bar to access the web confi...

Страница 59: ...For the example network configure two DHCP client pools on the Switch for the DHCP clients in the RD and Sales networks 1 In the web configurator click IP Application and DHCP in the navigation panel...

Страница 60: ...Example VLAN 1 Click Advanced Application VLAN in the navigation panel and click the Static VLAN link 2 In the Static VLAN screen select ACTIVE enter a descriptive name in the Name field and enter 2...

Страница 61: ...st when the Switch s power is turned off 5 1 4 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag...

Страница 62: ...ol in the RIP screen 1 Click IP Application and RIP in the navigation panel 2 Select Both in the Direction field to set the Switch to broadcast and receive routing information 3 In the Version field s...

Страница 63: ...isable and Recovery on the Switch How to Set Up a Guest VLAN How to Do Port Isolation in a VLAN How to Configure Routing Policy 6 1 How to Use DHCP Snooping on the Switch You only want DHCP server A c...

Страница 64: ...fault 1234 2 Go to Advanced Application VLAN Static VLAN and create a VLAN with ID of 100 Add ports 5 6 and 7 in the VLAN by selecting Fixed in the Control field as shown Deselect Tx Tagging because y...

Страница 65: ...ing and set the PVID of the ports 5 6 and 7 to 100 This tags untagged incoming frames on ports 5 6 and 7 with the tag 100 4 Go to Advanced Application IP Source Guard DHCP snooping Configure activate...

Страница 66: ...Source Guard DHCP snooping Configure VLAN show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply Then select Yes in the Enabled field of the VLAN 100 entry shown at the bot...

Страница 67: ...se the command show dhcp snooping binding to see the DHCP snooping binding table as shown next 6 2 How to Use DHCP Relay on the Switch This tutorial describes how to configure your Switch to forward D...

Страница 68: ...l DHCP Relay Scenario 6 2 2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 102 1 Access the web configurator through the Switch s management port 2 Go to Basic Setting...

Страница 69: ...he Name field and enter 102 in the VLAN Group ID field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags b...

Страница 70: ...tus screen 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 10 Click Appl...

Страница 71: ...e DHCP Server 1 field 4 Select the Option 82 and the Information check boxes 5 Click Apply to save your changes back to the run time memory 6 Click the Save link in the upper right corner of the web c...

Страница 72: ...is way PPPoE server S can identify subscriber C and may apply different settings to it Figure 29 Tutorial PPPoE Intermediate Agentt Tutorial Overview Note For related information about PPPoE IA see Se...

Страница 73: ...PPPoE Intermediate Agent Select Active then click Apply Click Port on the top of the screen 2 Select Untrusted for port 5 and enter userC as Circuit id and 00134900000A as Remote id Select Trusted for...

Страница 74: ...6 4528F 4728F User s Guide 74 3 The Intermediate Agent screen appears Click VLAN on the top of the screen 4 Enter 1 for both Start VID and End VID since both the Switch and PPPoE server are in VLAN 1...

Страница 75: ...id and Remote id to allow the Switch to add these two strings to frames tagged with VLAN 1 and pass to the PPPoE server Click Apply 6 3 2 Configuring Switch B The example uses another XGS 4728F as sw...

Страница 76: ...4526 4528F 4728F User s Guide 76 2 Select Trusted for ports 11 and 12 and then click Apply Then Click Intermediate Agent on the top of the screen 3 The Intermediate Agent screen appears Click VLAN on...

Страница 77: ...1 and pass to the PPPoE server Click Apply The settings are completed now If you miss some settings above subscriber C could not successfully receive an IP address assigned by the PPPoE Server If this...

Страница 78: ...e features are helpful for this demand Note Refer to Section 27 2 on page 285 and Section 32 3 on page 310 for more information about Loop Guard and Errdiable To configure the settings 1 First click A...

Страница 79: ...CPU Protection select ARP as the reason enter 100 as the rate limit packets per second for the first entry port to apply the setting to all ports Then click Apply 3 Click Advanced Application Errdisa...

Страница 80: ...enable IEEE 802 1x authentication on ports 1 to 8 Clients that connect to these ports should provide the correct user name and password in order to access the ports You want to assign clients that con...

Страница 81: ...t the VLAN type to 802 1Q Click Apply to save the settings to the run time memory 3 Click Advanced Application VLAN Static VLAN 4 In the Static VLAN screen select ACTIVE enter a descriptive name VLAN...

Страница 82: ...lost when the Switch s power is turned off 8 Click the VLAN Status link in the Static VLAN screen and then the VLAN Port Setting link in the VLAN Status screen 9 Enter 200 in the PVID field for ports...

Страница 83: ...n the upper right corner of the web configurator to save your configuration permanently 6 5 2 Enabling IEEE 802 1x Port Authentication Follow the steps below to enable port authentication to validate...

Страница 84: ...ct the first Active checkbox to enable 802 1x authentication on the Switch Select the Active checkboxes for ports 1 to 8 to turn on 802 1x authentication on the selected ports Click Apply 6 5 3 Enabli...

Страница 85: ...Switch will authenticate on each of these port 5 in this example Click Apply 3 Click the Save link in the upper right corner of the web configurator to save your configuration permanently Clients that...

Страница 86: ...2 to 5 in VLAN 123 and create a private VLAN rule for VLAN 123 to block traffic between ports 2 3 and 4 6 6 1 Creating a VLAN Follow the steps below to configure port 2 3 4 and 5 as a member of VLAN...

Страница 87: ...enter 123 in the VLAN Group ID field 5 Select Fixed to configure ports 2 3 4 and 5 to be permanent members of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before se...

Страница 88: ...reen 9 Enter 123 in the PVID field for ports 2 3 4 and 5 to add a tag to incoming untagged frames received on these ports so that the frames are forwarded to the VLAN group that the tag defines 10 Cli...

Страница 89: ...Name field and enter 123 in the VLAN ID field List the port s that can communicate with any port in VLAN 123 5 in this example Then other ports in this VLAN 2 3 and 4 for example will be added to the...

Страница 90: ...with DSCP value 58 into a flow Packets marked with different DSCP values such as 13 are forwarded to the default gateway The Switch applies policy based routing rules to incoming packets prior to the...

Страница 91: ...Policy Routing Rule Follow the steps below to set up a policy routing profile first and then a rule to forward traffic of classifier DSCP58 to gateway R2 1 Click IP Application Policy Routing 2 Selec...

Страница 92: ...ndex number to 1 in the Sequence field Select Permit to have the Switch send matched traffic to the specified gateway Select the name of the layer 3 classifier to which the rule applies Enter the IP a...

Страница 93: ...93 PART II Technical Reference...

Страница 94: ...94...

Страница 95: ...or home page and port details screens 7 1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details 7 2 Port Status Summa...

Страница 96: ...state of the port See Section 13 1 3 on page 149 for more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP This fields displays whether L...

Страница 97: ...port on the Switch Figure 31 Status Port Details The following table describes the labels in this screen Table 9 Status Port Details LABEL DESCRIPTION Port Info Port NO This field displays the port n...

Страница 98: ...ckets transmitted Tagged This field shows the number of packets with VLAN tags transmitted Rx Packet The following fields display detailed information about packets received Unicast This field shows t...

Страница 99: ...5 and 127 octets in length 128 255 This field shows the number of packets including bad packets received that were between 128 and 255 octets in length 256 511 This field shows the number of packets i...

Страница 100: ...Chapter 7 System Status and Port Statistics XGS 4526 4528F 4728F User s Guide 100...

Страница 101: ...ication information The General Setup screen also allows you to set the system time manually or get the current time and date from an external server when you turn on your Switch The real time is then...

Страница 102: ...of the Switch ZyNOS F W Version This field displays the version number of the Switch s current firmware including the date created Ethernet Address This field refers to the Ethernet MAC Media Access C...

Страница 103: ...m speed measured in RPM 41 is displayed for speeds too small to measure under 2000 RPM Threshold This field displays the minimum speed at which a normal fan should work Status Normal indicates that th...

Страница 104: ...wing table describes the labels in this screen Table 11 Basic Setting General Setup LABEL DESCRIPTION System Name Type a descriptive name for identification purposes This name consists of up to 64 pri...

Страница 105: ...displays the date you open this menu New Date yyyy mm dd Enter the new date in year month and day format The new date then appears in the Current Date field after you click Apply Time Zone Select the...

Страница 106: ...c See Chapter 9 on page 117 for information on port based and 802 1Q tagged VLANs End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Saving Time The time field...

Страница 107: ...following example switch A is the root bridge Switch B s root port 7 connects to switch A and switch B s designated port 8 connects to switch C Traffic from isolated ports on switch B can only be sen...

Страница 108: ...Based in the VLAN Type field in this screen Refer to the chapter on VLAN Figure 34 Basic Setting Switch Setup The following table describes the labels in this screen Table 12 Basic Setting Switch Setu...

Страница 109: ...conds See Chapter 9 on page 117 for more background information Leave Timer Leave Time sets the duration of the Leave Period timer for GVRP in milliseconds Each port has a single Leave Period timer Le...

Страница 110: ...he same VLAN as long as the IP address ranges for the domains do not overlap To change the IP address of the Level 4 Typically used for controlled load latency sensitive traffic such as SNA Systems Ne...

Страница 111: ...dress and vice versa Enter a domain name server IP address in order to be able to use a domain name instead of an IP address Default Management Specify which traffic flow In Band or Out of band the Sw...

Страница 112: ...This is the IP address of the Switch in an IP routing domain IP Subnet Mask Enter the IP subnet mask of an IP routing domain in dotted decimal notation for example 255 255 255 0 VID Enter the VLAN id...

Страница 113: ...all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select th...

Страница 114: ...regulate transmission of signals to match the bandwidth of the receiving port The Switch uses IEEE 802 3x flow control in full duplex mode and backpressure flow control in half duplex mode IEEE 802 3...

Страница 115: ...e memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configurin...

Страница 116: ...Chapter 8 Basic Setting XGS 4526 4528F 4728F User s Guide 116...

Страница 117: ...l Information starting after the source address field of the Ethernet frame The CFI Canonical Format Indicator is a single bit flag always set to zero for Ethernet switches If a frame received at an E...

Страница 118: ...etwork switches to register and de register attribute values with other GARP participants within a bridged LAN GARP is a protocol that provides a generic mechanism for protocols that serve a more spec...

Страница 119: ...evices A and B C D and E automatically VLAN Administrative Control Registration Fixed Fixed registration ports are permanent VLAN members Registration Forbidden Ports with registration forbidden are f...

Страница 120: ...a VLAN type in the Basic Setting Switch Setup screen Figure 38 Switch Setup Select VLAN Type 9 5 Static VLAN Use a static VLAN to decide whether an incoming frame on a port should be sent to a VLAN g...

Страница 121: ...N This is the number of VLANs configured on the Switch The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only...

Страница 122: ...rmation on static VLAN To configure a Table 17 Advanced Application VLAN VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number...

Страница 123: ...Enter a descriptive name for the VLAN group for identification purposes This name consists of up to 64 printable characters spaces are allowed VLAN Group ID Enter the VLAN ID for this static entry th...

Страница 124: ...outgoing frames transmitted with this VLAN Group ID Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save...

Страница 125: ...forwarded to the VLAN group that the tag defines Enter a number between 1and 4094 as the port VLAN ID GVRP Select this check box to allow GVRP on this port Acceptable Frame Type Specify the type of f...

Страница 126: ...0 24 video for 192 168 1 0 24 and data for 10 1 1 0 24 The Switch can then be configured to group incoming traffic based on the source IP subnet of incoming frames You can then configure a subnet base...

Страница 127: ...ctivate this subnet based VLANs on the Switch DHCP Vlan Override When DHCP snooping is enabled DHCP clients can renew their IP address through the DHCP VLAN or via another DHCP server on the subnet ba...

Страница 128: ...be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch assigns to frames belonging to this VLAN Add Click Add to save your c...

Страница 129: ...ceived on port 6 and 7 All upstream ARP traffic from port 1 2 and 3 will be grouped together and all upstream Apple Talk traffic from port 6 and 7 will be in another group and have higher priority tha...

Страница 130: ...must be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch will assign to frames belonging to this VLAN Add Click Add to sa...

Страница 131: ...1 3 Give this protocol based VLAN a descriptive name Type IP VLAN 4 Select the protocol Leave the default value IP 5 Type the VLAN ID of an existing VLAN In our example we already created a static VLA...

Страница 132: ...ated Note When you activate port based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that require a VID you must enter 1 as the VID Th...

Страница 133: ...pter 9 VLAN XGS 4526 4528F 4728F User s Guide 133 The following screen shows users on a port based all connected VLAN configuration Figure 48 Advanced Application VLAN Port Based VLAN Setup All Connec...

Страница 134: ...ter 9 VLAN XGS 4526 4528F 4728F User s Guide 134 The following screen shows users on a port based port isolated VLAN configuration Figure 49 Advanced Application VLAN Port Based VLAN Setup Port Isolat...

Страница 135: ...that is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the...

Страница 136: ...Chapter 9 VLAN XGS 4526 4528F 4728F User s Guide 136...

Страница 137: ...ic MAC Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are settin...

Страница 138: ...port where the MAC address entered in the previous field will be automatically forwarded Add Click Add to save your rule to the Switch s run time memory The Switch loses this rule if it is turned off...

Страница 139: ...d displays the port where the MAC address shown in the next field will be forwarded Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete chec...

Страница 140: ...Chapter 10 Static MAC Forward Setup XGS 4526 4528F 4728F User s Guide 140...

Страница 141: ...not age out Static multicast forwarding allows you the administrator to forward multicast frames to a member without the member having to join the group first If a multicast group has no members then...

Страница 142: ...and 3 within VLAN group 4 Figure 51 No Static Multicast Forwarding Figure 52 Static Multicast Forwarding to A Single Port Figure 53 Static Multicast Forwarding to Multiple Ports 11 2 Configuring Stati...

Страница 143: ...octet pair 00000001 is 01 and 00000011 is 03 in hexadecimal so 01 00 5e 00 00 0A and 03 00 5e 00 00 27 are valid multicast MAC addresses VID You can forward frames with matching destination MAC addres...

Страница 144: ...ess This field displays the multicast MAC address that identifies a multicast group VID This field displays the ID number of a VLAN group to which frames containing the specified multicast MAC address...

Страница 145: ...ing in the navigation panel to display the screen as shown next Figure 55 Advanced Application Filtering The following table describes the related labels in this screen Table 25 Advanced Application F...

Страница 146: ...the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear t...

Страница 147: ...witches in your network to ensure that only one path exists between any two stations on the network The Switch uses IEEE 802 1w RSTP Rapid Spanning Tree Protocol that allows faster convergence of the...

Страница 148: ...or connected LANs and disables all other ports that participate in STP Network packets are therefore only forwarded between enabled ports eliminating any possible network loops STP aware switches exch...

Страница 149: ...with its own bridge information In the following example there are two RSTP instances MRSTP 1 and MRSTP2 on switch A Figure 56 MRSTP Network Example To set up MRSTP activate MRSTP on the Switch and sp...

Страница 150: ...ltiple bridges or switching devices into regions that appear as one single bridge on the network A VLAN can be mapped to a specific Multiple Spanning Tree Instance MSTI MSTI allows multiple VLANs to u...

Страница 151: ...region external path cost of paths outside this region is increased by one Internal path cost of paths within this region is increased by one when BPDUs traverse the region Devices that belong to the...

Страница 152: ...A CIST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of an MST in...

Страница 153: ...ree Protocol This screen differs depending on which STP mode RSTP MRSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration section for...

Страница 154: ...anced Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree...

Страница 155: ...ssage generations by the root switch The allowed range is 1 to 10 seconds Max Age This is the maximum time in seconds a switch can wait without receiving a BPDU before attempting to reconfigure All sw...

Страница 156: ...Protocol Data Unit BPDU Priority Configure the priority for each port here Priority decides which port should be disabled when more than one port forms a loop in a switch Ports with a higher priority...

Страница 157: ...itch Hello Time second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second...

Страница 158: ...RSTP The following table describes the labels in this screen Table 31 Advanced Application Spanning Tree Protocol MRSTP LABEL DESCRIPTION Status Click Status to display the MRSTP Status screen see Fig...

Страница 159: ...is 6 to 40 seconds Forwarding Delay This is the maximum time in seconds a switch will wait before changing states This delay is required because every switch must receive information about topology c...

Страница 160: ...ue are disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port It is recommended that y...

Страница 161: ...ime second This is the time interval in seconds at which the root switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the...

Страница 162: ...Guide 162 13 8 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Section 13 1 5 on page 150 for more information on M...

Страница 163: ...s Forwarding Delay This is the maximum time in seconds a switch will wait before changing states This delay is required because every switch must receive information about topology changes before it s...

Страница 164: ...he common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to add this port to the...

Страница 165: ...Delete column and then click the Delete button Cancel Click Cancel to begin configuring this screen afresh Table 33 Advanced Application Spanning Tree Protocol MSTP continued LABEL DESCRIPTION Table 3...

Страница 166: ...An edge port changes its initial STP port state from blocking state to forwarding state immediately without going through listening and learning states right after the port is configured as an edge po...

Страница 167: ...h cost from the root port on this Switch to the root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning T...

Страница 168: ...h cost from the root port in this MST instance to the regional root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of...

Страница 169: ...he guaranteed bandwidth for the incoming traffic flow on a port The Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congesti...

Страница 170: ...you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the po...

Страница 171: ...going traffic flow on a port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top n...

Страница 172: ...Chapter 14 Bandwidth Control XGS 4526 4528F 4728F User s Guide 172...

Страница 173: ...F packets the Switch receives per second on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this...

Страница 174: ...n a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per sec...

Страница 175: ...c flow to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference Click Advanced Application Mirroring in the navigation pa...

Страница 176: ...this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are cop...

Страница 177: ...logical link containing multiple ports The beginning port of each trunk group must be physically connected to form a trunk group The Switch supports both static and dynamic link aggregation Note In a...

Страница 178: ...ks on full duplex links All ports in the same trunk group must have the same media type speed duplex mode and flow control settings Configure trunk groups or LACP before you connect the Ethernet switc...

Страница 179: ...a trunk group that is one logical link containing multiple ports Enabled Port These are the ports you have configured in the Link Aggregation screen to be in the trunk group The port number s displays...

Страница 180: ...raffic based on a combination of the packet s source and destination MAC addresses src ip means the Switch distributes traffic based on the packet s source IP address dst ip means the Switch distribut...

Страница 181: ...4 Advanced Application Link Aggregation Link Aggregation Setting The following table describes the labels in this screen Table 42 Advanced Application Link Aggregation Link Aggregation Setting LABEL D...

Страница 182: ...tion MAC addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to dis...

Страница 183: ...Control Protocol Click in the Advanced Application Link Aggregation Link Aggregation Setting LACP to display the screen shown next See Section 17 2 on page 177 for more information on dynamic link ag...

Страница 184: ...al link containing multiple ports LACP Active Select this option to enable LACP for a trunk Port This field displays the port number Settings in this row apply to all ports Use this row only if you wa...

Страница 185: ...B Figure 76 Trunking Example Physical Connections 2 Configure static trunking Click Advanced Application Link Aggregation Link Aggregation Setting In this screen activate trunk group T1 select the tr...

Страница 186: ...Chapter 17 Link Aggregation XGS 4526 4528F 4728F User s Guide 186...

Страница 187: ...validate users See Section 25 1 2 on page 244 for more information on configuring your RADIUS server settings Note If you enable IEEE 802 1x authentication and MAC authentication on the same port the...

Страница 188: ...ss 18 1 2 MAC Authentication MAC authentication works in a very similar way to IEEE 802 1x authentication The main difference is that the Switch does not prompt the client for login credentials The lo...

Страница 189: ...ion first activate the port authentication method s you want to use both on the Switch and the port s then configure the RADIUS server settings in the AAA Radius Server Setup screen To activate a port...

Страница 190: ...his check box to permit 802 1x authentication on the Switch Note You must first enable 802 1x authentication on the Switch before configuring it on each port Port This field displays a port number Set...

Страница 191: ...est the Switch sends the client to the Guest VLAN The client needs to send a new request to be authenticated by the Switch again Reauth Specify if a subscriber has to periodically re enter his or her...

Страница 192: ...gures switches or routers with the guest network feature Figure 82 Guest VLAN Example Use this screen to enable and assign a guest VLAN to a port In the Port Authentication 802 1x screen click Guest V...

Страница 193: ...s the guest VLAN Make sure this is a VLAN recognized in your network Host mode Specify how the Switch authenticates users when more than one user connect to the port using a hub Select Multi Host to a...

Страница 194: ...thentication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch Note You must first enable MAC authentication on the Switch before configuring it on each port Na...

Страница 195: ...rsedes this setting See Section 8 5 on page 108 Port This field displays a port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by...

Страница 196: ...Chapter 18 Port Authentication XGS 4526 4528F 4728F User s Guide 196...

Страница 197: ...th no limit on individual ports other than the sum cannot exceed 16K The XGS 4526 or XGS 4528F can learn up to 8K MAC addresses in total with no limit on individual ports other than the sum cannot exc...

Страница 198: ...reviously learned MAC addresses on the specified port s will become static MAC addresses and display in the Static MAC Forwarding screen MAC freeze Click MAC freeze to have the Switch automatically se...

Страница 199: ...ort itself must be active with address learning enabled Limited Number of Learned MAC Address Use this field to limit the number of dynamic MAC addresses that may be learned on a port For example if y...

Страница 200: ...in the XGS 4526 or XGS 4528F 0 means this feature is disabled Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so u...

Страница 201: ...such as the source address destination address source port number destination port number or incoming port number For example you can configure a classifier to select traffic from the same protocol po...

Страница 202: ...tion Classifier LABEL DESCRIPTION Active Select this option to enable this rule Name Enter a descriptive name for this rule for identifying purposes Packet Format Specify the format of the packet Choi...

Страница 203: ...format six hexadecimal character pairs Layer 3 Specify the fields below to configure a layer 3 classifier DSCP Select Any to classify traffic from any DSCP or select the second option and specify a D...

Страница 204: ...P UDP protocol port number Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or lose...

Страница 205: ...ancel Click Cancel to clear the Delete check boxes Table 51 Common Ethernet Types and Protocol Number ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X 75 Internet 0801 NBS Internet 0802 ECMA Internet 080...

Страница 206: ...configuring a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 Figure 89 Classifier Example After you have configured a classifier you can configure a policy to def...

Страница 207: ...ating the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or...

Страница 208: ...ss the DiffServ network Based on the marking rule different kinds of traffic can be marked for different kinds of forwarding Resources can then be allocated according to the DSCP values and the config...

Страница 209: ...vigation panel to display the screen as shown Figure 90 Advanced Application Policy Rule The following table describes the labels in this screen Table 53 Advanced Application Policy Rule LABEL DESCRIP...

Страница 210: ...out of profile traffic Action Specify the action s the Switch takes on the associated classified traffic flow Forwarding Select No change to forward the packets Select Discard the packet to drop the p...

Страница 211: ...of profile traffic Select Drop the packet to discard the out of profile traffic Select Change the DSCP value to replace the DSCP field with the value specified in the Out of profile DSCP field Select...

Страница 212: ...er Click an index number to edit the policy Active This field displays Yes when policy is activated and No when is it deactivated Name This field displays the name you have assigned to this policy Cla...

Страница 213: ...licy Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out of profile traffic on a traffic flow classified using the Example classifie...

Страница 214: ...Chapter 21 Policy Rule XGS 4526 4528F 4728F User s Guide 214...

Страница 215: ...tch traffic on the highest priority queue Q7 is transmitted first When that queue empties traffic on the next highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted...

Страница 216: ...an equal amount of bandwidth and then moves to the end of the list and so on depending on the number of queues being used This works in a looping fashion until a queue is empty Weighted Round Robin S...

Страница 217: ...the labels in this screen Table 55 Advanced Application Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring Settings in this row apply to all ports Use this row only i...

Страница 218: ...e service than queues with smaller weights Weight Q0 Q7 When you select WFQ or WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their weights Hybri...

Страница 219: ...4 094 customer VLANs This allows a service provider to provide different service based on specific VLANs for many different customers A service provider s customers may require a range of VLANs to han...

Страница 220: ...ing Select Access Port for ingress ports on the service provider s edge devices 1 and 2 in the VLAN stacking example figure The incoming frame is treated as untagged so a second VLAN tag outer VLAN ta...

Страница 221: ...nnel Port then the Switch only adds the SP TPID tag to all incoming frames on the service provider s edge devices 1 and 2 in the VLAN stacking example figure that have an SP TPID different to the one...

Страница 222: ...e and Double Tagged 802 11Q Frame Format DA SA Len Etype Dat a FCS Untagged Ethernet frame DA SA TPI D Priorit y VI D Len Etype Dat a FCS IEEE 802 1Q customer tagged frame D A SA SPTPI D Priori ty VI...

Страница 223: ...ngress ports at the edge of the service provider s network Select Tunnel Port available for Gigabit ports only for egress ports at the edge of the service provider s network Select Tunnel Port to have...

Страница 224: ...r identifies the port you are configuring SPVID SPVID is the service provider s VLAN ID the outer VLAN tag Enter the service provider ID from 1 to 4094 for frames received on this port See Chapter 9 o...

Страница 225: ...nfiguring CVID Enter a customer VLAN ID the inner VLAN tag from 1 to 4094 This is the VLAN tag carried in the packets from the subscribers SPVID SPVID is the service provider s VLAN ID the outer VLAN...

Страница 226: ...is the service provider s VLAN ID that adds to the packets from the subscribers Priority This is the service provider s priority level in the packets Delete Check the rule s that you want to remove in...

Страница 227: ...ulticast address allows a device to send packets to a specific group of hosts multicast group in a different subnetwork A multicast IP address represents a traffic receiving group not individual recei...

Страница 228: ...on up to 16 VLANs You can configure the Switch to automatically learn multicast group membership of any VLANs The Switch then performs IGMP snooping on the first 16 VLANs that send IGMP packets This...

Страница 229: ...se settings to configure IGMP Snooping Active Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group Querier Select this option to allow...

Страница 230: ...ess Select Drop to discard the frame s Select Flooding to send the frame s to all ports Port This field displays the port number Settings in this row apply to all ports Use this row only if you want t...

Страница 231: ...entry is aged out Select Replace to replace an existing entry in the multicast forwarding table with the new IGMP report s received on this port IGMP Filtering Profile Select the name of the IGMP fil...

Страница 232: ...mation of any VLANs automatically Select fixed to have the Switch only learn multicast group membership information of the VLAN s that you specify below In either auto or fixed mode the Switch can lea...

Страница 233: ...r the ID of a static VLAN the valid range is between 1 and 4094 Note You cannot configure the same VLAN ID as in the MVR screen Add Click Add to insert the entry in the summary table below and save yo...

Страница 234: ...icast IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile End Address Type the ending multicast IP address for a range of IP addresses that you want to...

Страница 235: ...ups are managed by IGMP snooping The following figure shows a network example The subscriber VLAN 1 2 and 3 information is hidden from the streaming media server S In addition the multicast VLAN infor...

Страница 236: ...om the streaming media server S via the Switch Multiple subscriber devices can connect through a port configured as the receiver on the Switch When the subscriber selects a television channel computer...

Страница 237: ...ch automatically creates a static VLAN with the same VID when you create a multicast VLAN in this screen Figure 104 Advanced Application Multicast Multicast Setting MVR The following table describes t...

Страница 238: ...eives multicast traffic None Select this option to set the port not to participate in MVR No MVR multicast traffic is sent or received on this port Tagging Select this checkbox if you want the port to...

Страница 239: ...he labels in this screen Table 67 Advanced Application Multicast Multicast Setting MVR Group Configuration LABEL DESCRIPTION Multicast VLAN ID Select a multicast VLAN ID that you configured in the MVR...

Страница 240: ...ink on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh MVLAN This field displays the...

Страница 241: ...on the Switch create a multicast group in the MVR screen and set the receiver and source ports Figure 107 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subs...

Страница 242: ...8F User s Guide 242 following figure shows an example where two multicast groups News and Movie are configured for the multicast VLAN 200 Figure 108 MVR Group Configuration Example Figure 109 MVR Grou...

Страница 243: ...ilege levels associated with them For example user A may have the right to create new login accounts on the Switch but user B cannot The Switch can authorize users based on user accounts configured on...

Страница 244: ...limited to the memory capacity of the device In essence RADIUS and TACACS authentication both allow you to validate an unlimited number of users from a central location The following table describes s...

Страница 245: ...r Setup Use this screen to configure your RADIUS server settings See Section 25 1 2 on page 244 for more information on RADIUS servers and Section 25 3 on page 254 for RADIUS attributes utilized by th...

Страница 246: ...imal notation UDP Port The default port of a RADIUS server for authentication is 1812 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a pa...

Страница 247: ...ing server and the Switch This key is not sent over the network This key must be the same on the external RADIUS accounting server and the Switch Delete Check this box if you want to remove an existin...

Страница 248: ...erver in dotted decimal notation TCP Port The default port of a TACACS server for authentication is 49 You need not change this value unless your network administrator instructs you to do so Shared Se...

Страница 249: ...ent over the network This key must be the same on the external TACACS accounting server and the Switch Delete Check this box if you want to remove an existing TACACS accounting server entry from the S...

Страница 250: ...lds Select local to have the Switch check the access privilege configured for local authentication Select radius or tacacs to have the Switch check the access privilege via the external servers Login...

Страница 251: ...ient begins a session authenticates via the Switch ends a session as well as interim updates of a session Commands Configure the Switch to send information when commands of specified privilege level a...

Страница 252: ...yXEL s vendor ID is 890 Vendor Type A vendor specified attribute identifying the setting you want to modify Vendor data A value you want to assign to the setting Note Refer to the documentation that c...

Страница 253: ...Kbps in decimal format Privilege Assignment Vendor ID 890 Vendor Type 3 Vendor Data shell priv lvl N or Vendor ID 9 CISCO Vendor Type 1 CISCO AVPAIR Vendor Data shell priv lvl N where N is a privileg...

Страница 254: ...tes used by authentication and accounting functions on the Switch In cases where the attribute has a specific format associated with it the format is specified 25 3 1 Attributes Used for Authenticatio...

Страница 255: ...t sequential number for example 2007041917210300000001 date 2007 04 19 time 17 21 03 serial number 00000001 Acct Delay Time 25 3 2 2 Attributes Used for Accounting Exec Events The attributes are liste...

Страница 256: ...D Acct Status Type D D D Acct Delay Time D D D Acct Session Id D D D Acct Authentic D D D Acct Session Time D D Acct Terminate Cause D Table 76 RADIUS Attributes Exec Events via Console ATTRIBUTE STAR...

Страница 257: ...Chapter 25 AAA XGS 4526 4528F 4728F User s Guide 257 Acct Input Gigawords D D Acct Output Gigawords D D Table 76 RADIUS Attributes Exec Events via Console ATTRIBUTE START INTERIM UPDATE STOP...

Страница 258: ...Chapter 25 AAA XGS 4526 4528F 4728F User s Guide 258...

Страница 259: ...ere is a binding the Switch forwards the packet If there is not a binding the Switch discards the packet The Switch builds the binding table by snooping DHCP packets dynamic bindings and from informat...

Страница 260: ...here are no trusted ports Untrusted ports are connected to subscribers The Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example...

Страница 261: ...of the requests The Switch can add the following information Slot ID 1 byte port ID 1 byte and source VLAN ID 2 bytes System name up to 32 bytes This information is stored in an Agent Information fiel...

Страница 262: ...uter X does the following things It pretends to be computer A and responds to computer B It pretends to be computer B and sends a message to computer A As a result all the communication between comput...

Страница 263: ...e Switch can send syslog messages to the specified syslog server Chapter 48 on page 425 when it forwards or discards ARP packets The Switch can consolidate log messages and send log messages in batche...

Страница 264: ...P Source Guard LABEL DESCRIPTION Index This field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding IP Address This field displays the...

Страница 265: ...applies to all ports select Any Add Click this to create the specified static binding or to update an existing one Cancel Click this to reset the values above based on the last selected static binding...

Страница 266: ...cs about the DHCP snooping database To open this screen click Advanced Application IP Source Guard DHCP Snooping Figure 119 DHCP Snooping Delete Select this and click Delete to remove the specified en...

Страница 267: ...This field displays how much longer in seconds the Switch tries to complete the current update before it gives up It displays Not Running if the Switch is not updating the DHCP snooping database righ...

Страница 268: ...ference Guide Binding collisions This field displays the number of bindings the Switch ignored because the Switch already had a binding with the same MAC address and VLAN ID Invalid interfaces This fi...

Страница 269: ...restart To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Figure 120 DHCP Snooping Configure Parse failures This field displays the number of bindings the Switch h...

Страница 270: ...s tftp domain name or IP address directory if applicable file name for example tftp 192 168 10 1 database txt Timeout interval Enter how long 10 65535 seconds the Switch tries to complete a specific u...

Страница 271: ...s for DHCP snooping Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports You can also specify the maximum number for DHCP packets that each port trust...

Страница 272: ...rusted ports are connected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The sou...

Страница 273: ...the Switch and specify trusted ports Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports Option82 Select this to have the Switch add the slot number...

Страница 274: ...dentified unauthorized ARP packets Index This field displays a sequential number for each MAC address filter MAC Address This field displays the source MAC address in the MAC address filter VID This f...

Страница 275: ...ge in the section below Then enter the lowest VLAN ID Start VID and the highest VLAN ID End VID you want to look at Apply Click this to display the specified range of VLANs in the section below VID Th...

Страница 276: ...t were generated by ARP packets and that have not been sent to the syslog server yet If one or more log messages are dropped due to unavailable buffer there is an entry called overflow with the curren...

Страница 277: ...inding with the same MAC address and VLAN ID static deny An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID deny An ARP packet was discarded because...

Страница 278: ...ear the log and reset this counter See Section 26 6 2 on page 276 Syslog rate Type the maximum number of syslog messages the Switch can send to the syslog server in one batch This number is expressed...

Страница 279: ...nfigure the port the settings are applied to all of the ports Trusted State Select whether this port is a trusted port Trusted or an untrusted port Untrusted The Switch does not discard ARP packets on...

Страница 280: ...in every five second interval Enter the length 1 15 seconds of the burst interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned...

Страница 281: ...n ARP packet from the VLAN Permit The Switch generates log messages when it forwards an ARP packet from the VLAN All The Switch generates log messages every time it receives an ARP packet from the VLA...

Страница 282: ...Chapter 26 IP Source Guard XGS 4526 4528F 4728F User s Guide 282...

Страница 283: ...igure 129 Loop Guard vs STP Loop guard is designed to handle loop problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as...

Страница 284: ...same port If this is the case the Switch will shut down the port connected to the switch in loop state The following figure shows a loop guard enabled port N on switch A sending a probe packet P to sw...

Страница 285: ...etwork you can re activate the disabled port via the web configurator see Section 8 7 on page 113 or via commands see the Ethernet Switch CLI Reference Guide 27 2 Loop Guard Setup Click Advanced Appli...

Страница 286: ...e Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to c...

Страница 287: ...the Gigabit uplink port When VLAN mapping is enabled the Switch discards the tagged packets that do not match an entry in the VLAN mapping table If the incoming packets are untagged the Switch adds a...

Страница 288: ...e the setting the same for all ports Use this row first and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this ch...

Страница 289: ...o the VID you specified in the Translated VID field Translated VID Enter a VLAN ID from 1 to 4094 into which the customer VID carried in the packets will be translated Priority Select a priority level...

Страница 290: ...his is the VLAN ID that replaces the customer VLAN ID in the tagged packets Priority This is the priority level that replaces the customer priority level in the tagged packets Delete Check the rule s...

Страница 291: ...rvice provider s network The edge switch encapsulates layer 2 protocol packets with a specific MAC address before sending them across the service provider s network to other edge switches Figure 137 L...

Страница 292: ...port on the service provider s edge device 1 or 2 in Figure 138 on page 292 and connected to a customer switch A or B Incoming layer 2 protocol packets received on an access port are encapsulated and...

Страница 293: ...e Select this to enable layer 2 protocol tunneling on the Switch Destination MAC Address Specify an MAC address with which the Switch uses to encapsulate the layer 2 protocol packets by replacing the...

Страница 294: ...tus and detect a unidirectional link PAGP Select this option to have the Switch send PAgP packets to a peer to automatically negotiate and build a logical port aggregation LACP Select this option to h...

Страница 295: ...sFlow agent then creates sFlow data and sends it to an sFlow collector The sFlow collector is a server that collects and analyzes sFlow datagram An sFlow datagram includes packet header input and outp...

Страница 296: ...me memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuri...

Страница 297: ...tor Collector Address Enter the IP address of the sFlow collector Note You must have the sFlow collector already configured in the sFlow Collector screen The sFlow collector does not need to be in the...

Страница 298: ...loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cance...

Страница 299: ...rver 31 1 1 PPPoE Intermediate Agent Tag Format If the PPPoE Intermediate Agent is enabled the Switch adds a vendor specific tag to PADI PPPoE Active Discovery Initialization and PADR PPPoE Active Dis...

Страница 300: ...ic port the Switch adds the user defined identifier string and variables into the Agent Circuit ID Sub option The variables can be the slot ID of the PPPoE client the port number of the PPPoE client a...

Страница 301: ...connected to PPPoE servers If a PADO PPPoE Active Discovery Offer PADS PPPoE Active Discovery Session confirmation or PADT PPPoE Active Discovery Terminate packet is sent from a PPPoE server and recei...

Страница 302: ...to the Intermediate Agent screen Figure 143 Advanced Application PPPoE Intermediate Agent 31 3 PPPoE Intermediate Agent Use this screen to configure the Switch to give a PPPoE termination server addit...

Страница 303: ...nfigure circuit id and remote id in the Per Port or Per Port Per VLAN screen Active Select this option to have the Switch add the user defined identifier string and variables specified in the option f...

Страница 304: ...creen as shown Figure 145 Advanced Application PPPoE Intermediate Agent Port The following table describes the labels in this screen Table 101 Advanced Application PPPoE Intermediate Agent Port LABEL...

Страница 305: ...an untrusted port Circuit id Enter a string of up to 63 ASCII characters that the Switch adds into the Agent Circuit ID sub option for PPPoE discovery packets received on this port Spaces are allowed...

Страница 306: ...re in the section below End VID Enter the highest VLAN ID you want to configure in the section below Apply Click Apply to display the specified range of VLANs in the section below Port This field disp...

Страница 307: ...o the Agent Remote ID sub option for this VLAN on the specified port Spaces are allowed If you do not specify a string here or in the Remote id field for a specific port the Switch automatically uses...

Страница 308: ...settings are applied to all VLANs Use this row to make the setting the same for all VLANs Use this row first and then make adjustments on a VLAN by VLAN basis Note Changes in this row are copied to al...

Страница 309: ...allows you to limit the rate of ARP BPDU and IGMP packets to be delivered to the CPU on a port This enhances the CPU efficiency and protects against potential DoS attacks or errors from other network...

Страница 310: ...Configuration Use this screen to limit the maximum number of control packets ARP BPDU and or IGMP that the Switch can receive or transmit on a port Click the Click Here link next to CPU protection in...

Страница 311: ...re here Port This field displays the port number Use this row to make the setting the same for all ports Use this row first and then make adjustments to each port if necessary Note Changes in this row...

Страница 312: ...he action that the Switch takes when the number of control packets exceed the rate limit on a port set in the Advanced Application Errdisable CPU protection screen inactive port The Switch disables th...

Страница 313: ...scard packets on a port according to the feature requirements and what action you configure Use this row to make the setting the same for all entries Use this row first and then make adjustments to ea...

Страница 314: ...Chapter 32 Error Disable XGS 4526 4528F 4728F User s Guide 314...

Страница 315: ...witch automatically adds other ports in this VLAN to the isolated port list and blocks traffic between the isolated ports A promiscuous port can communicate with any port in the same VLAN An isolated...

Страница 316: ...VLAN Other ports belonging to this VLAN will be added to the isolation list and can only send and receive traffic from the port s you specify here Add Click Add to insert the entry in the summary tabl...

Страница 317: ...User s Guide 317 Delete Check the rule s that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to clear the Delete check boxes Table 107 Advanced Applicati...

Страница 318: ...Chapter 33 Private VLAN XGS 4526 4528F 4728F User s Guide 318...

Страница 319: ...s not reachable through the default gateway use static routes For example the next figure shows a computer A connected to the Switch The Switch routes most traffic from A to the Internet through the S...

Страница 320: ...host ID IP Subnet Mask Enter the subnet mask for this destination Gateway IP Address Enter the IP address of the gateway The gateway is an immediate neighbor of your Switch that will forward the pack...

Страница 321: ...ddress This field displays the IP network address of the final destination Subnet Mask This field displays the subnet mask for this destination Gateway Address This field displays the IP address of th...

Страница 322: ...Chapter 34 Static Route XGS 4526 4528F 4728F User s Guide 322...

Страница 323: ...prior to the normal routing Individual routing policies are used as part of the overall policy routing process A routing policy defines the action to take when a packet meets the criteria in a specif...

Страница 324: ...Add Click Add to insert a new policy routing profile to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel...

Страница 325: ...forward packets based on the classifier and action you specify A policy route rule defines the matching classifier and the action to take when a packet meets the criteria in the classifier The action...

Страница 326: ...ess of the gateway The gateway is an immediate neighbor of your Switch that will forward the packet to the destination Add Click Add to insert the entry in the summary table below and save your change...

Страница 327: ...ved The Version field controls the format and the broadcasting method of the RIP packets that the Switch sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carrie...

Страница 328: ...lication RIP The following table describes the labels in this screen Table 111 Default Distance Value ROUTE SOURCE ADMINISTRATIVE DISTANCE Local 0 Static 1 OSPF 110 RIP 120 Table 112 IP Application RI...

Страница 329: ...ng Both and None Version Select the RIP version from the drop down list box Choices are RIP 1 RIP 2B and RIP 2M Apply Click Apply to save your changes to the Switch s run time memory The Switch loses...

Страница 330: ...Chapter 36 RIP XGS 4526 4528F 4728F User s Guide 330...

Страница 331: ...routing protocols such as RIP The following table summarizes some of the major differences between OSPF and RIP 37 1 1 OSPF Autonomous Systems and Areas An OSPF autonomous system AS can be divided in...

Страница 332: ...ths to network destinations Layer 3 devices build a synchronized link state database by exchanging Hello messages to confirm which neighbor layer 3 devices exist and then they exchange database descri...

Страница 333: ...ection is fine but in some situations it must be controlled In the following figure only router A has direct connectivity with all the other routers on the network segment Routers B and C do not have...

Страница 334: ...isplay the screen as shown next See Section 37 1 on page 331 for more information on OSPF Figure 161 IP Application OSPF Status The following table describes the labels in this screen Table 115 IP App...

Страница 335: ...is used in the designated router election Designated Router This field displays the router ID of the designated router Backup Designated Router This field displays the router ID of a backup designated...

Страница 336: ...field displays the time in seconds since the last LSA was sent Seq This field displays the link sequence number of the LSA Checksum This field displays the checksum value of the LSA Link Count This fi...

Страница 337: ...e that is assigned to routes learned by OSPF The lower the administrative distance value is the more preferable the routing protocol is See Section 36 1 1 on page 327 for more information about admini...

Страница 338: ...Authenticati on Select an authentication method Simple or MD5 to activate authentication Select None default to disable authentication Usually interface s and virtual interface s should use the same a...

Страница 339: ...s turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this...

Страница 340: ...ed protocol Type Select 1 for routing protocols such as RIP whose external metrics are directly comparable to the internal OSPF cost When selecting a path the internal OSPF cost is added to the AB bou...

Страница 341: ...mple you can use 192 168 8 0 22 instead of using 192 168 8 0 24 192 168 9 0 24 192 168 10 0 24 and 192 168 11 0 24 The third octet of these four network IP addresses is 00001000 00001001 00001010 0000...

Страница 342: ...n you want to use Key When you select Simple in the Authentication field enter a password eight character long Characters after the eighth character will be ignored When you select MD5 in the Authenti...

Страница 343: ...t This field displays the interface cost used for calculating the routing table Priority This field displays the priority for this OSPF interface Delete Click Delete to remove the selected entry from...

Страница 344: ...sword eight character long When you select MD5 in the Authentication field enter a password 16 character long Add Click Add to save your changes to the Switch s run time memory The Switch loses these...

Страница 345: ...ip between a multicast server multicast routers and multicast hosts A multicast server transmits multicast packets and multicast routers forward multicast packets to multicast hosts Figure 168 IP Mult...

Страница 346: ...ersion 1 to version 3 IGMP version 1 defines how a multicast router checks to see if any multicast hosts are part of a multicast group It checks for group membership by sending out an IGMP Query packe...

Страница 347: ...and multicast server Z IP address 13 2 2 2 both send multicast traffic to the same multicast group identified by the multicast IP address 225 1 1 1 In IGMP version 3 multicast host A can join multica...

Страница 348: ...has not recorded any group members Select Drop to discard the frame s Select Flooding to send the frame s to all ports Index This field displays an index number of an entry Network This field displays...

Страница 349: ...t have IGMP enabled when you enable DVMRP otherwise you see the screen as in Figure 175 on page 351 39 2 How DVMRP Works DVMRP uses the Reverse Path Multicasting RPM algorithm to generate an IP Multic...

Страница 350: ...lticast routing table that is used to build source trees and also perform Reverse Path Forwarding RPF checks on incoming multicast packets RPF checks prevent duplicate packets being filtered when loop...

Страница 351: ...fic This applies only to multicast traffic this Switch sends out Index Index is the DVMRP configuration for the IP routing domain defined under Network The maximum number of DVMRP configurations allow...

Страница 352: ...VID Error Message 39 4 Default DVMRP Timer Values The following are some default DVMRP timer values Table 125 DVMRP Default Timer Values DVMRP FIELD DEFAULT VALUE Probe interval 10 sec Report interval...

Страница 353: ...kets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or g...

Страница 354: ...ld be to give higher drop precedence to one traffic flow over others In our example packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Plat...

Страница 355: ...network Green low loss priority level packets are forwarded TRTCM operates in one of two modes color blind or color aware In color blind mode packets are marked based on evaluating against the PIR an...

Страница 356: ...luated against the PIR Only the packets marked green are first evaluated against the PIR and then if they don t exceed the PIR level are they evaluated against the CIR Figure 181 TRTCM Color aware Mod...

Страница 357: ...t on the Switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustmen...

Страница 358: ...ed high loss priority colored packets Mode Select color blind to have the Switch treat all incoming packets as uncolored All incoming packets are evaluated against the CIR and PIR Select color aware t...

Страница 359: ...hey are marked via TRTCM green Specify the DSCP value to use for packets with low packet loss priority yellow Specify the DSCP value to use for packets with medium packet loss priority red Specify the...

Страница 360: ...le 129 IP Application DiffServ DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop...

Страница 361: ...ally 41 1 1 DHCP Modes The Switch can be configured as a DHCP server or DHCP relay agent If you configure the Switch as a DHCP server it will maintain the pool of IP addresses along with subnet masks...

Страница 362: ...onfiguration to view the screen as shown Use Table 130 IP Application DHCP Status LABEL DESCRIPTION Server Status This section displays configuration settings related to the Switch s DHCP server mode...

Страница 363: ...gateway value sent to clients from this DHCP server instance Primary DNS Server This field displays the primary DNS server value sent to clients from this DHCP server instance Secondary DNS Server Thi...

Страница 364: ...equests that it relays to a DHCP server by adding Relay Agent Information This helps provide authentication about the source of the requests The DHCP server can then provide an IP address based on thi...

Страница 365: ...tation Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information...

Страница 366: ...s the DHCP clients in both domains Figure 188 Global DHCP Relay Network Example Configure the DHCP Relay screen as shown Make sure you select the Option 82 check box to set the Switch to send addition...

Страница 367: ...each VLAN that you want to configure DHCP settings for on the Switch See Section 8 6 on page 110 for information on how to do this Figure 190 IP Application DHCP VLAN The following table describes the...

Страница 368: ...o client DHCP requests that it relays to a DHCP server Informati on This read only field displays the system name you configure in the General Setup screen Select the check box for the Switch to add t...

Страница 369: ...servers are installed to serve each VLAN The system is set up to forward DHCP requests from the dormitory rooms VLAN 1 to the DHCP server with an IP address of 192 168 1 100 Requests from the academi...

Страница 370: ...Chapter 41 DHCP XGS 4526 4528F 4728F User s Guide 370 For the example network configure the VLAN Setting screen as shown Figure 192 DHCP Relay for Two VLANs Configuration Example EXAMPLE...

Страница 371: ...ays available In VRRP a virtual router VR represents a number of physical layer 3 devices An IP address is associated with the virtual router A layer 3 device having the same IP address is the preferr...

Страница 372: ...Click IP Application VRRP in the navigation panel to display the VRRP Status screen as shown next Figure 194 IP Application VRRP Status The following table describes the labels in this screen 172 21 1...

Страница 373: ...ch functions as the master router This field is Backup indicating that this Switch functions as a backup router This field displays Init when this Switch is initiating the VRRP protocol or when the Up...

Страница 374: ...t of an IP domain Authenticati on Select None to disable authentication This is the default setting Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface Key W...

Страница 375: ...All routers participating in the virtual router must use the same advertisement interval 42 3 2 2 Priority Configure the priority level 1 to 254 to set which backup router to take over in case the ma...

Страница 376: ...outer number 1 to 7 for which this VRRP entry is created You can configure up to seven virtual routers for one network Advertisement Interval Specify the number of seconds between Hello message transm...

Страница 377: ...ar Click Clear to set the above fields back to the factory defaults Table 137 IP Application VRRP Configuration VRRP Parameters continued LABEL DESCRIPTION Table 138 VRRP Configuring VRRP Parameters L...

Страница 378: ...00 The host computer X is set to use VR1 as the default gateway Figure 198 VRRP Configuration Example One Virtual Router Network You want to set switch A as the master router Configure the VRRP parame...

Страница 379: ...s in the two network groups use different default gateways Each switch is configured to backup a virtual router using VRRP You wish to configure switch A as the master router for virtual router VR1 an...

Страница 380: ...e 204 VRRP Example 2 VRRP Parameter Settings for VR2 on Switch A Figure 205 VRRP Example 2 VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration the VRRP Stat...

Страница 381: ...t to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts th...

Страница 382: ...e ARP reply from host B it updates its ARP table and also forwards host A s ICMP request to host B After the Switch gets the ICMP reply from host B it sends out an ARP request to get host A s MAC addr...

Страница 383: ...1 2 3 ARP Request When the Switch is in ARP Request learning mode it updates the ARP table with both ARP replies gratuitous ARP requests and ARP requests Therefore in the following example the Switch...

Страница 384: ...make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon...

Страница 385: ...memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring...

Страница 386: ...Chapter 43 ARP Learning XGS 4526 4528F 4728F User s Guide 386...

Страница 387: ...g paths 1 2 and 3 of equal path cost This allows you to balance or share traffic loads between multiple routing paths when the Switch is connected to more than one next hop ECMP works with static rout...

Страница 388: ...acket s source and destination IP addresses into a hash value which acts as an index to a route path Aging Time Specify the time interval from 0 to 86400 in increments of 10 in seconds at which the Sw...

Страница 389: ...ment Maintenance The following table describes the labels in this screen Table 141 Management Maintenance LABEL DESCRIPTION Current This field displays which configuration Configuration 1 or Configura...

Страница 390: ...d to change the IP address of your computer to be in the same subnet as that of the default Switch IP address 192 168 1 1 45 3 Save Configuration Click Config 1 to save the current configuration setti...

Страница 391: ...one Config 1 or configuration two Config 2 when you reboot Follow the steps below to reboot the Switch 1 In the Maintenance screen click the Config 1 button next to Reboot System to reboot and load co...

Страница 392: ...rmware After the firmware upgrade process is complete see the System Info screen to verify your current firmware version number 45 6 Restore a Configuration File Restore a previously saved configurati...

Страница 393: ...splay the Save As screen 3 Choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the c...

Страница 394: ...of both files for later use Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 45 8 2 FTP Command Line Procedure 1 Launch the FTP client on your...

Страница 395: ...strictions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote Management screen does not match the client IP address If it does not mat...

Страница 396: ...Chapter 45 Maintenance XGS 4526 4528F 4728F User s Guide 396...

Страница 397: ...essions are allowed A console port access control session and Telnet access control session cannot coexist when multi login is disabled See the Ethernet Switch CLI Reference Guide for more information...

Страница 398: ...ed network consists of two main components agents and a manager An agent is a management software module that resides in a managed Switch the Switch An agent translates the local management informatio...

Страница 399: ...MIBs let administrators collect statistics and monitor status and performance The Switch supports the following MIBs SNMP MIB II RFC 1213 RFC 1157 SNMP v1 RFC 1493 Bridge MIBs RFC 1643 Ethernet MIBs...

Страница 400: ...with 1 3 6 1 4 1 890 1 5 8 46 are specific to the XGS 4728F switch Table 146 SNMP System Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION coldstart coldStart 1 3 6 1 6 3 1 1 5 1 This trap is sent when...

Страница 401: ...above or below the normal operating range VoltageEventClear 1 3 6 1 4 1 890 1 5 8 52 3 1 2 2 1 3 6 1 4 1 890 1 5 8 39 3 1 2 2 1 3 6 1 4 1 890 1 5 8 46 3 1 2 2 This trap is sent when the voltage return...

Страница 402: ...ion lock occurs on a port loopguard LoopguardEventOn 1 3 6 1 4 1 890 1 5 8 52 3 1 2 1 1 3 6 1 4 1 890 1 5 8 39 3 1 2 1 1 3 6 1 4 1 890 1 5 8 46 3 1 2 1 This trap is sent when loopguard shuts down a po...

Страница 403: ...en the Ethernet link is down autonegotiati on AutonegotiationFailedEven tOn 1 3 6 1 4 1 890 1 5 8 52 31 2 1 1 3 6 1 4 1 890 1 5 8 39 31 2 1 1 3 6 1 4 1 890 1 5 8 46 31 2 1 This trap is sent when an Et...

Страница 404: ...ice operating parameters return to the normal operating range Table 147 SNMP InterfaceTraps continued OPTION OBJECT LABEL OBJECT ID DESCRIPTION Table 148 AAA Traps OPTION OBJECT LABEL OBJECT ID DESCRI...

Страница 405: ...US accounting server can be reached Table 148 AAA Traps continued OPTION OBJECT LABEL OBJECT ID DESCRIPTION Table 149 SNMP IP Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION ping pingProbeFailed 1 3 6...

Страница 406: ...1 2 1 17 0 2 This trap is sent when the STP topology changes MRSTPTopologyChange 1 3 6 1 4 1 890 1 5 8 52 4 2 2 2 1 3 6 1 4 1 890 1 5 8 39 4 2 2 2 1 3 6 1 4 1 890 1 5 8 46 4 2 2 2 This trap is sent wh...

Страница 407: ...1 16 0 2 This trap is sent when the variable falls below the RMON falling threshold cfm dot1agCfmFaultAlarm 1 3 111 2 802 1 1 8 0 1 The trap is sent when the Switch detects a connectivity fault Table...

Страница 408: ...estination Use this section to configure where to send SNMP traps from the Switch Version Specify the version of the SNMP trap messages IP Enter the IP addresses of up to four managers to send your SN...

Страница 409: ...SNMP manager Type Select the categories of SNMP traps that the Switch is to send to the SNMP manager Options Select the individual SNMP traps that the Switch is to send to the SNMP station See Section...

Страница 410: ...witch Security Level Select whether you want to implement authentication and or encryption for SNMP communication from this user Choose noauth to use the username as the password string to send to the...

Страница 411: ...ve read rights only meaning the user can collect information from the Switch Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Swit...

Страница 412: ...me is something other than admin is someone who can view but not configure Switch settings Click Management Access Control Logins to view the screen as shown Figure 221 Management Access Control Login...

Страница 413: ...igher privileges via the CLI For more information on assigning privileges see the Ethernet Switch CLI Reference Guide User Name Set a user name up to 32 ASCII characters long Password Enter your new s...

Страница 414: ...server The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client automatical...

Страница 415: ...r Secure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensur...

Страница 416: ...ontrol screen then the Switch blocks all HTTP connection attempts 46 9 HTTPS Example If you haven t changed the default HTTPS port on the Switch then in your browser enter https Switch IP Address as t...

Страница 417: ...Figure 225 Security Alert Dialog Box Internet Explorer 46 9 2 Netscape Navigator Warning Messages When you attempt to access the Switch HTTPS server a Website Certified by an Unknown Authority screen...

Страница 418: ...4728F User s Guide 418 Select Accept this certificate permanently to import the Switch s certificate into the SSL client Figure 226 Security Certificate 1 Netscape Figure 227 Security Certificate 2 N...

Страница 419: ...Switch main screen appears The lock displayed in the bottom right of the browser status bar denotes a secure connection Figure 228 Example Lock Denoting a Secure Connection 46 10 Service Port Access...

Страница 420: ...s the Switch Service Port For Telnet SSH FTP HTTP or HTTPS services you may change the default service port by typing the new port number in the Server Port field If you change the default port number...

Страница 421: ...a group of one or more trusted computers from which an administrator may use a service to manage the Switch Active Select this check box to activate this secured client set Clear the check box if you...

Страница 422: ...The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel...

Страница 423: ...open this screen Use this screen to check system logs ping IP addresses or perform port tests Figure 231 Management Diagnostic The following table describes the labels in this screen Table 157 Manage...

Страница 424: ...a device that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address in the field to the left Ethernet Port Test Enter a port number and click Port Test to pe...

Страница 425: ...log message has a facility and severity level The syslog facility identifies a file in the syslog server Refer to the documentation of your syslog program for details The following table describes the...

Страница 426: ...og setting Logging Type This column displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding categor...

Страница 427: ...the more critical the logs are Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navi...

Страница 428: ...sername username SP_SYSLOG_TYPE_AAA SYSLOG_NOTICE Console authentication failure username username SP_SYSLOG_TYPE_AAA SYSLOG_NOTICE HTTP s authentication failure username username SP_SYSLOG_TYPE_AAA S...

Страница 429: ...SYSLOG_TYPE_AAA SYSLOG_WARNING 802 1x Ingress bandwidth bandwidth is out of range User name username NAS Port port SP_SYSLOG_TYPE_AAA SYSLOG_WARNING 802 1x Egress bandwidth bandwidth is out of range U...

Страница 430: ...rt port Current Value value SP_SYSLOG_TYPE_INTE RFACE SYSLOG_NOTICE Temperature Under Alarm Low Threshold threshold On Port port Current Value value SP_SYSLOG_TYPE_INTE RFACE SYSLOG_NOTICE Temperature...

Страница 431: ...ICE RxPower Over Warn High Threshold threshold On Port port Current Value value SP_SYSLOG_TYPE_INTE RFACE SYSLOG_NOTICE RxPower Under Alarm Low Threshold threshold On Port port Current Value value SP_...

Страница 432: ...g probe to target ip address failed SP_SYSLOG_TYPE_IP SYSLOG_INFO Ping test to target ip address failed SP_SYSLOG_TYPE_IP SYSLOG_INFO Ping test to target ip address completed SP_SYSLOG_TYPE_IP SYSLOG_...

Страница 433: ...SP_SYSLOG_TYPE_SWIT CH SYSLOG_NOTICE External alarm input index clear SP_SYSLOG_TYPE_SWIT CH SYSLOG_NOTICE System reboot SP_SYSLOG_TYPE_SWIT CH SYSLOG_NOTICE MSTP instance instance ID new root SP_SYSL...

Страница 434: ...Index index and MD Index index has no defects SP_SYSLOG_TYPE_SWIT CH SYSLOG_WARNING CFM MEP ID index with MA Index index and MD Index index has XconCCM defect ErrorCCM defect RemoteCCM defect MACstatu...

Страница 435: ...nnected and be in the same VLAN group so as to be able to communicate with one another Table 162 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models C...

Страница 436: ...manager and the other switches on the upper floors of the building are cluster members Figure 234 Clustering Application Example 49 2 Cluster Management Status Click Management Cluster Management in t...

Страница 437: ...plays the cluster manager switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switc...

Страница 438: ...r Management XGS 4526 4528F 4728F User s Guide 438 configurator home page and the home page that you d see if you accessed it directly are different Figure 236 Cluster Management Cluster Member Web Co...

Страница 439: ...00 a0 c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 370lt0 bin fw...

Страница 440: ...witches that are set to be cluster managers will not be visible in the Clustering Candidates list If a switch that was previously a cluster member is later set to become a cluster manager then its Sta...

Страница 441: ...managed from the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below If multiple devices have the same...

Страница 442: ...Chapter 49 Cluster Management XGS 4526 4528F 4728F User s Guide 442...

Страница 443: ...is dynamic learned by the Switch or static manually entered in the Static MAC Forwarding screen The Switch uses the MAC Table to determine how to forward frames See the following figure 1 The Switch...

Страница 444: ...it filters the frame Figure 239 MAC Table Flowchart 50 2 Viewing the MAC Table Click Management MAC Table in the navigation panel to display the following screen Use this screen to search specific MA...

Страница 445: ...elect the criteria here into the static MAC forwarding table see Section 10 2 on page 137 The type of the MAC address es will be changed to static Select Dynamic to MAC filtering and click Transfer to...

Страница 446: ...Chapter 50 MAC Table XGS 4526 4528F 4728F User s Guide 446...

Страница 447: ...learned by the Switch or static belonging to the Switch The Switch uses the IP Table to determine how to forward packets See the following figure 1 The Switch examines a received packet and learns th...

Страница 448: ...bes the labels in this screen Table 167 Management IP Table LABEL DESCRIPTION Sort by Click one of the following buttons to display and arrange the data according to that button type The information i...

Страница 449: ...ongs Port This is the port from which the above IP address was learned This field displays CPU to indicate the IP address belongs to the Switch Type This shows whether the IP address is dynamic learne...

Страница 450: ...Chapter 51 IP Table XGS 4526 4528F 4728F User s Guide 450...

Страница 451: ...witch s ARP program looks in the ARP Table and if it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Sw...

Страница 452: ...ed IP address Select Port and enter a port number to remove the dynamic entries learned on the specified port Flush Click Flush to remove the ARP entries according to the condition you specified Cance...

Страница 453: ...the navigation panel to display the screen as shown Figure 244 Management Routing Table The following table describes the labels in this screen Table 169 Management Routing Table LABEL DESCRIPTION Ind...

Страница 454: ...Chapter 53 Routing Table XGS 4526 4528F 4728F User s Guide 454...

Страница 455: ...how you can copy the settings of one port onto other ports 54 1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Manag...

Страница 456: ...Example 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings configured in the Basic S...

Страница 457: ...s turned on in DC models or if the DC power supply is connected in AC DC models 2 Make sure you are using the power adaptor or cord included with the Switch 3 Make sure the power adaptor or cord is co...

Страница 458: ...37 3 Inspect your cables for damage Contact the vendor to replace any damaged cables 4 Turn the Switch off and on in DC models or if the DC power supply is connected in AC DC models 5 Disconnect and r...

Страница 459: ...the hardware connections and make sure the LEDs are behaving as expected See Section 3 3 on page 45 3 Make sure your Internet browser does not block pop up windows and has JavaScripts and Java enabled...

Страница 460: ...ows JavaScripts and Java Permissions In order to use the web configurator you need to allow Web browser pop up windows from your device JavaScripts enabled by default Java permissions enabled by defau...

Страница 461: ...gs after I restart the Switch Make sure you save your configuration into the Switch s nonvolatile memory each time you make changes Click Save at the top right corner of the web configurator to save t...

Страница 462: ...Chapter 55 Troubleshooting XGS 4526 4528F 4728F User s Guide 462...

Страница 463: ...2 3 A max 80 W consumption There is no tolerance for the DC input voltage One Backup Power Supply BPS connector Interfaces XGS 4526 20 Gigabit Ethernet GbE copper ports plus 4 Dual Personality interf...

Страница 464: ...bps Amber 100 Mbps mini GBIC 1000Base T LEDs steady link state blinking transmitting receiving Operating Environment Temperature 0 C 45 C 32 F 113 F Humidity 10 90 non condensing Storage Environment T...

Страница 465: ...he Switch assign IP addresses an IP default gateway and DNS servers to computers on your network IGMP Snooping The Switch supports IGMP snooping enabling group multicast traffic to be only forwarded t...

Страница 466: ...protocol with IP Multicast support and the IGMP protocol VRRP Virtual Router Redundancy Protocol VRRP defined in RFC 2338 allows you to create redundant backup gateways to ensure that the default gate...

Страница 467: ...ng sample data and packet statistics from traffic and send information to an sFlow collector for analysis PPPoE IA With the PPPoE Intermediate Agent enabled the Switch can give a PPPoE termination ser...

Страница 468: ...rrupted packets STP IEEE 802 1w Rapid Spanning Tree Protocol RSTP Multiple Rapid Spanning Tree capability 4 configurable trees IEEE 802 1s Multiple Spanning Tree Protocol BPDU transparency Smart isola...

Страница 469: ...orwarding IPv6 MLD snooping proxy XGS 4728F only DHCPv6 client and relay ICMPv6 IPv6 Path MTU NDP host and router IPv6 address stateless auto configuration host and router IPv6 static route Routing pr...

Страница 470: ...P snooping ARP inspection MAC authentication Guest VLAN PPPoE IA and option 82 Configurable ARP learning mode Management IEEE 802 3ah OAM IEEE 802 1AB LLDP IEEE 802 1ag CFM Loop guard Password encrypt...

Страница 471: ...Internet Group Management Protocol Version 3 RFC 3414 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMP v3 RFC 3580 RADIUS Tunnel Protocol Attribute IEEE 802...

Страница 472: ...Chapter 56 Product Specifications XGS 4526 4528F 4728F User s Guide 472...

Страница 473: ...rther information about port numbers If the Protocol is TCP UDP or TCP UDP this is the IP port number If the Protocol is USER this is the IP protocol number Description This is a brief explanation of...

Страница 474: ...4000 This is a popular Internet chat program IGMP MULTICAST User Defined 2 Internet Group Multicast Protocol is used when sending packets to a specific group of hosts IKE UDP 500 The Internet Key Exch...

Страница 475: ...eal Time Streaming media control Protocol RTSP is a remote control for multimedia on the Internet SFTP TCP 115 Simple File Transfer Protocol SMTP TCP 25 Simple Mail Transfer Protocol is the message ex...

Страница 476: ...TCP IP networks Its primary function is to allow users to log into remote host systems TFTP UDP 69 Trivial File Transfer Protocol is an Internet file transfer protocol similar to FTP but uses the UDP...

Страница 477: ...arising out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves th...

Страница 478: ...device in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense CE Mark Warning This is a class A product I...

Страница 479: ...red with damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in li...

Страница 480: ...Appendix B Legal Information XGS 4526 4528F 4728F User s Guide 480...

Страница 481: ...262 configuring 263 syslog messages 263 trusted ports 263 AS Boundary Router 332 authentication 338 and OSPF 337 and RADIUS 244 setup 249 authorization privilege levels 251 setup 249 automatic VLAN re...

Страница 482: ...See port cloning copyright 477 CPU management port 132 CPU protection configuration 310 overview 309 current date 105 current time 105 D Database Description DD 332 daylight saving time 105 default g...

Страница 483: ...nterference statement 477 file transfer using FTP command example 394 filename convention configuration configuration file names 393 filtering 145 rules 145 filtering database MAC table 443 firmware 1...

Страница 484: ...ternet Protocol version 6 see IPv6 introduction 27 IP capability 469 interface 110 373 routing domain 110 services 469 setup 110 IP multicast example 345 IP source guard 259 ARP inspection 259 262 DHC...

Страница 485: ...reen 389 Management Information Base MIB 398 management port 135 managing the device good habits 31 using FTP See FTP using SNMP See SNMP using Telnet See command interface using the command interface...

Страница 486: ...teps 333 general settings 336 how it works 332 interface 332 334 341 link state database 332 335 network example 332 priority 333 redistribute route 340 route cost 338 router elections 333 router ID 3...

Страница 487: ...priority queue assignment 109 private VLAN 315 configuration 316 isolated port 315 overview 315 promiscuous port 315 product registration 479 protocol based VLAN 128 and IEEE 802 1Q tagging 128 exampl...

Страница 488: ...ation 410 411 communities 408 management model 398 manager 398 MIB 399 network components 398 object variables 398 protocol operations 399 security 410 411 setup 407 traps 409 users 410 version 3 and...

Страница 489: ...log 423 system reboot 391 T TACACS 244 setup 247 TACACS Terminal Access Controller Access Control System Plus 243 tagged VLAN 117 temperature 464 temperature indicator 102 time current 105 time zone...

Страница 490: ...6 VLAN mapping 287 activating 288 configuration 289 example 287 priority level 287 tagged 287 traffic flow 287 untagged 287 VLAN ID 287 VLAN number 112 VLAN stacking 219 221 configuration 222 example...

Страница 491: ...Index XGS 4526 4528F 4728F User s Guide 491 Weighted Round Robin Scheduling WRR 216 WFQ Weighted Fair Queuing 216 WRR Weighted Round Robin Scheduling 216 Z ZyNOS ZyXEL Network Operating System 394...

Отзывы:

Нет отзывов