background image

Chapter 25 AAA

XGS-4728F User’s Guide

216

25.1.2 on page 216

as external authentication, authorization and accounting 

servers. 

Figure 114   

AAA Server 

25.1.1  Local User Accounts

By storing user profiles locally on the Switch, your Switch is able to authenticate 
and authorize users without interacting with a network AAA server. However, there 
is a limit on the number of users you may authenticate in this way (See 

Chapter 

39 on page 333

). 

25.1.2  RADIUS and  

RADIUS and are security protocols used to authenticate users by means 
of an external server instead of (or in addition to) an internal device user database 
that is limited to the memory capacity of the device. In essence, RADIUS and 
authentication both allow you to validate an unlimited number of users 
from a central location. 

The following table describes some key differences between RADIUS and 

25.2  AAA Screens 

The AAA screens allow you to enable authentication, authorization, accounting or 
all of them on the Switch. First, configure your authentication and accounting 
server settings (RADIUS,  or both) and then set up the authentication 
priority, activate authorization and configure accounting settings.

Client

AAA Server

      

Table 67   

RADIUS vs  

RADIUS

Transport 
Protocol

UDP (User Datagram Protocol)

TCP (Transmission Control Protocol)

Encryption

Encrypts the password sent for 
authentication.

All communication between the client 
(the Switch) and the TACACS server 
is encrypted.

Содержание XGS-4728F

Страница 1: ...elligent Layer 3 Switch Copyright 2009 ZyXEL Communications Corporation Firmware Version 3 90 Edition 1 7 2009 Default Login Details IP Address http 192 168 0 1 Out of band MGMT port http 192 168 1 1 In band ports User Name admin Password 1234 ...

Страница 2: ......

Страница 3: ...are Web Configurator Online Help Embedded web help for descriptions of individual screens and supplementary information Note It is recommended you use the web configurator to configure the Switch Supporting Disc Refer to the included CD for support documents ZyXEL Web Site Please refer to www zyxel com for additional support documentation and product certifications Documentation Feedback Send your...

Страница 4: ...wers to previously asked questions about ZyXEL products Forum This contains discussions on ZyXEL products Learn from others who use ZyXEL products and share your experiences as well Customer Support Should problems arise that cannot be solved by the methods listed above you should contact your vendor If you cannot contact your vendor then contact a ZyXEL office for the region in which you bought t...

Страница 5: ... field choices are all in bold font A key stroke is denoted by square brackets and uppercase text for example ENTER means the enter or return key on your keyboard Enter means for you to type one or more characters and then press the ENTER key Select or choose means for you to use one of the predefined choices A right angle bracket within a screen name denotes a mouse click For example Maintenance ...

Страница 6: ...Guide 6 Icons Used in Figures Figures in this User s Guide may use the following generic icons The Switch icon is not an exact representation of your device The Switch Computer Notebook computer Server DSLAM Firewall Telephone Switch Router ...

Страница 7: ...e connecting cables carefully so that no one will step on them or stumble over them Always disconnect all cables from this device before servicing or disassembling Use ONLY an appropriate power adaptor or cord for your device Connect it to the right supply voltage for example 110V AC in North America or 230V AC in Europe Do NOT allow anything to rest on the power adaptor or cord and do NOT place t...

Страница 8: ...Safety Warnings XGS 4728F User s Guide 8 ...

Страница 9: ...s 73 Basic Setting 79 Advanced Setup 93 VLAN 95 Static MAC Forward Setup 115 Static Multicast Forward Setup 119 Filtering 123 Spanning Tree Protocol 125 Bandwidth Control 145 Broadcast Storm Control 149 Mirroring 151 Link Aggregation 153 Port Authentication 163 Port Security 169 Classifier 173 Policy Rule 179 Queuing Method 187 VLAN Stacking 191 Multicast 199 AAA 215 IP Source Guard 231 Loop Guard...

Страница 10: ...DHCP 303 VRRP 313 Management 323 Maintenance 325 Access Control 333 Diagnostic 353 Syslog 355 Cluster Management 359 MAC Table 367 IP Table 371 ARP Table 375 Routing Table 377 Configure Clone 379 Troubleshooting Product Specifications 381 Troubleshooting 383 Product Specifications 393 Appendices and Index 403 ...

Страница 11: ... IEEE 802 1Q VLAN Application Example 27 1 2 Ways to Manage the Switch 28 1 3 Good Habits for Managing the Switch 28 Chapter 2 Hardware Installation and Connection 31 2 1 Freestanding Installation 31 2 2 Mounting the Switch on a Rack 32 2 2 1 Rack mounted Installation Requirements 32 2 2 2 Attaching the Mounting Brackets to the Switch 32 2 2 3 Mounting the Switch on a Rack 33 Chapter 3 Hardware Ov...

Страница 12: ...tion File 54 4 7 Logging Out of the Web Configurator 56 4 8 Help 56 Chapter 5 Initial Setup Example 57 5 1 Overview 57 5 1 1 Configuring an IP Interface 57 5 1 2 Configuring DHCP Server Settings 59 5 1 3 Creating a VLAN 59 5 1 4 Setting Port VID 61 5 1 5 Enabling RIP 62 Chapter 6 Tutorials 63 6 1 How to Use DHCP Snooping on the Switch 63 6 2 How to Use DHCP Relay on the Switch 67 6 2 1 DHCP Relay ...

Страница 13: ...Frames 95 9 2 Automatic VLAN Registration 96 9 2 1 GARP 96 9 2 2 GVRP 96 9 3 Port VLAN Trunking 97 9 4 Select the VLAN Type 98 9 5 Static VLAN 98 9 5 1 VLAN Status 99 9 5 2 VLAN Details 100 9 5 3 Configure a Static VLAN 100 9 5 4 Configure VLAN Port Settings 102 9 6 Subnet Based VLANs 103 9 7 Configuring Subnet Based VLAN 104 9 8 Protocol Based VLANs 106 9 9 Configuring Protocol Based VLAN 107 9 1...

Страница 14: ...Screen 131 13 3 Spanning Tree Configuration 131 13 4 Configure Rapid Spanning Tree Protocol 132 13 5 Rapid Spanning Tree Protocol Status 134 13 6 Configure Multiple Rapid Spanning Tree Protocol 136 13 7 Multiple Rapid Spanning Tree Protocol Status 138 13 8 Configure Multiple Spanning Tree Protocol 140 13 9 Multiple Spanning Tree Protocol Status 143 Chapter 14 Bandwidth Control 145 14 1 Bandwidth C...

Страница 15: ... 2 Activate MAC Authentication 167 Chapter 19 Port Security 169 19 1 About Port Security 169 19 2 Port Security Setup 170 19 3 VLAN MAC Address Limit 171 Chapter 20 Classifier 173 20 1 About the Classifier and QoS 173 20 2 Configuring the Classifier 173 20 3 Viewing and Editing Classifier Configuration 176 20 4 Classifier Example 178 Chapter 21 Policy Rule 179 21 1 Policy Rules Overview 179 21 1 1...

Страница 16: ...24 1 2 IGMP Filtering 199 24 1 3 IGMP Snooping 200 24 1 4 IGMP Snooping and VLANs 200 24 2 Multicast Status 200 24 3 Multicast Setting 201 24 4 IGMP Snooping VLAN 203 24 5 IGMP Filtering Profile 205 24 6 MVR Overview 207 24 6 1 Types of MVR Ports 207 24 6 2 MVR Modes 208 24 6 3 How MVR Works 208 24 7 General MVR Configuration 209 24 8 MVR Group Configuration 211 24 8 1 MVR Configuration Example 21...

Страница 17: ...26 5 2 DHCP Snooping VLAN Configure 244 26 6 ARP Inspection Status 246 26 6 1 ARP Inspection VLAN Status 247 26 6 2 ARP Inspection Log Status 248 26 7 ARP Inspection Configure 249 26 7 1 ARP Inspection Port Configure 251 26 7 2 ARP Inspection VLAN Configure 253 Chapter 27 Loop Guard 255 27 1 Loop Guard Overview 255 27 2 Loop Guard Setup 257 Chapter 28 VLAN Mapping 259 28 1 VLAN Mapping Overview 25...

Страница 18: ...32 2 OSPF Status 276 32 3 OSPF Configuration 278 32 4 Configure OSPF Areas 279 32 4 1 View OSPF Area Information Table 280 32 5 Configuring OSPF Redistribution 281 32 6 Configuring OSPF Interfaces 282 32 7 OSPF Virtual Links 284 Chapter 33 IGMP 287 33 1 IGMP Overview 287 33 1 1 How IGMP Works 288 33 2 Port based IGMP 289 33 3 Configuring IGMP 290 Chapter 34 DVMRP 291 34 1 DVMRP Overview 291 34 2 H...

Страница 19: ... DHCP Configuration Options 303 36 2 DHCP Status 304 36 3 DHCP Server Status Detail 304 36 4 DHCP Relay 306 36 4 1 DHCP Relay Agent Information 306 36 4 2 Configuring DHCP Global Relay 307 36 4 3 Global DHCP Relay Configuration Example 308 36 5 Configuring DHCP VLAN Settings 309 36 5 1 Example DHCP Relay for Two VLANs 311 Chapter 37 VRRP 313 37 1 VRRP Overview 313 37 2 VRRP Status 314 37 3 VRRP Co...

Страница 20: ...ccess Control Main Screen 333 39 3 About SNMP 334 39 3 1 SNMP v3 and Security 335 39 3 2 Supported MIBs 335 39 3 3 SNMP Traps 336 39 3 4 Configuring SNMP 340 39 3 5 Configuring SNMP Trap Group 342 39 3 6 Setting Up Login Accounts 343 39 4 SSH Overview 344 39 5 How SSH works 345 39 6 SSH Implementation on the Switch 346 39 6 1 Requirements for Using SSH 346 39 7 Introduction to HTTPS 346 39 8 HTTPS...

Страница 21: ... Overview 367 43 2 Viewing the MAC Table 368 Chapter 44 IP Table 371 44 1 IP Table Overview 371 44 2 Viewing the IP Table 372 Chapter 45 ARP Table 375 45 1 ARP Table Overview 375 45 1 1 How ARP Works 375 45 2 Viewing the ARP Table 376 Chapter 46 Routing Table 377 46 1 Overview 377 46 2 Viewing the Routing Table Status 377 Chapter 47 Configure Clone 379 47 1 Configure Clone 379 Part VI Troubleshoot...

Страница 22: ...2 1 Pop up Windows JavaScripts and Java Permissions 384 48 3 Problems with the Password 391 Chapter 49 Product Specifications 393 Part VII Appendices and Index 403 Appendix A Legal Information 405 Appendix B IP Addresses and Subnetting 409 Index 417 ...

Страница 23: ...23 PART I Introduction Getting to Know Your Switch 25 Hardware Installation and Connection 31 Hardware Overview 35 ...

Страница 24: ...24 ...

Страница 25: ...a time There are two XGS 4728F models The XGS 4728F DC model requires DC power supply input of 36 VDC to 72 VDC 1 5 A Max no tolerance The XGS 4728F AC model requires 100 VAC to 240 VAC 0 8 A power With its built in web configurator managing and configuring the Switch is easy In addition the Switch can also be managed via Telnet any terminal emulator program on the console port or third party SNMP...

Страница 26: ... high bandwidth In the following example a company uses the optional 10 Gigabit uplink modules to connect the headquarters to a branch office network Within the headquarters network a company can use trunking to group several physical ports into one logical higher capacity link Trunking can be used if for example it is cheaper to use multiple lower speed links than to under utilize a high speed bu...

Страница 27: ...net To expand the network simply add more networking devices such as switches routers computers print servers and so on Figure 3 Gigabit to the Desktop 1 1 4 IEEE 802 1Q VLAN Application Example A VLAN Virtual Local Area Network allows a physical network to be partitioned into multiple logical networks Stations on a logical network belong to one or more groups With VLAN a station cannot directly t...

Страница 28: ...pter 4 on page 45 Command Line Interface Line commands offer an alternative to the Web Configurator and may be necessary to configure advanced features See the CLI Reference Guide FTP Use File Transfer Protocol for firmware upgrades and configuration backup restore See Section 38 8 on page 329 SNMP The device can be monitored and or managed by an SNMP manager See Section 39 3 on page 334 1 3 Good ...

Страница 29: ...ng an earlier working configuration may be useful if the device becomes unstable or even crashes If you forget your password you will have to reset the Switch to its factory default settings If you backed up an earlier configuration file you would not have to totally re configure the Switch You could simply restore your last configuration ...

Страница 30: ...Chapter 1 Getting to Know Your Switch XGS 4728F User s Guide 30 ...

Страница 31: ...weight of the Switch and the connected cables Make sure there is a power outlet nearby 3 Make sure there is enough clearance around the Switch to allow air circulation and the attachment of cables and the power cord 4 Remove the adhesive backing from the rubber feet 5 Attach the rubber feet to each corner on the bottom of the Switch These rubber feet help protect the Switch from shock or vibration...

Страница 32: ...Requirements Two mounting brackets Eight M3 flat head screws and a 2 Philips screwdriver Four M5 flat head screws and a 2 Philips screwdriver Failure to use the proper screws may damage the unit 2 2 1 1 Precautions Make sure the rack will safely support the combined weight of all the equipment it contains Make sure the position of the Switch does not make the rack unstable or top heavy Take all ne...

Страница 33: ... Switch on a rack Proceed to the next section 2 2 3 Mounting the Switch on a Rack 1 Position a mounting bracket that is already attached to the Switch on one side of the rack lining up the two screw holes on the bracket with the screw holes on the side of the rack Figure 7 Mounting the Switch on a Rack 2 Using a 2 Philips screwdriver install the M5 flat head screws through the mounting bracket hol...

Страница 34: ...Chapter 2 Hardware Installation and Connection XGS 4728F User s Guide 34 ...

Страница 35: ...port The mini GBIC ports have priority over the 1000Base T ports This means that if a mini GBIC port and the corresponding 1000Base T port are connected at the same time the 1000Base T port will be disabled Table 1 Panel Connections CONNECTO R DESCRIPTION 24 Dual Personality Interfaces Each interface has one 1000Base T copper RJ 45 port and one mini GBIC Gigabit Interface Converter fiber port with...

Страница 36: ...x Auto Flow control Off 3 1 3 Mini GBIC Slots These are 24 slots for Small Form Factor Pluggable SFP transceivers A transceiver is a single unit that houses a transmitter and a receiver Use a transceiver to connect a fiber optic cable to the Switch The Switch does not come with transceivers You must use transceivers that comply with the Small Form Factor Pluggable SFP Transceiver MultiSource Agree...

Страница 37: ...the transceiver firmly until it clicks into place 3 The Switch automatically detects the installed transceiver Check the LEDs to verify that it is functioning properly Figure 10 Installed Transceiver 3 1 3 2 Transceiver Removal Use the following steps to remove a mini GBIC transceiver SFP module 1 Open the transceiver s latch latch styles vary Figure 11 Opening the Transceiver s Latch Example ...

Страница 38: ...er input model switches The rear panels contain A connector for the backup power supply A An optional slot B for installing an EM 422 or EM 412 uplink module Two stacking ports C An RJ 45 out of band management port D An RS 232 management console port E A connector for the power receptacle F A power switch G DC power input model only Figure 13 Rear Panel AC Model Figure 14 Rear Panel DC Model B D ...

Страница 39: ...hese ports are available when you install an EM 422 or ES 412 in the optional uplink module B in the figure above Both the EM 422 and ES 412 are used to connect your switch to other high speed Ethernet switches for stacking in you network For EM 422 connection Use 10 Gigabit Small Form Factor Pluggable XFP transceivers to connect 1000Base X fiber optic cables to these ports See Section 3 1 3 1 on ...

Страница 40: ... following parameters VT100 terminal emulation 9600 bps No parity 8 data bits 1 stop bit No flow control Connect the male 9 pin end of the RS 232 console cable to the console port of the Switch Connect the female end to a serial port COM1 COM2 or other COM port of your computer 3 3 LEDs The following table describes the LEDs Table 3 LEDs LED COLO R STATUS DESCRIPTION BPS Green Blinking The system ...

Страница 41: ...s hourglas s icon The Switch is starting up Displays Stack ID number The LED is showing the Stack ID number of the Switch 1000Base T Gigabit Ports 1 24 Green Blinking The system is transmitting receiving to from a 10 1000 Mbps Ethernet network On The link to a 10 1000 Mbps Ethernet network is up Amber Blinking The system is transmitting receiving to from a 100 Mbps Ethernet network On The link to ...

Страница 42: ...Chapter 3 Hardware Overview XGS 4728F User s Guide 42 ...

Страница 43: ...43 PART II Basic Configuration The Web Configurator 45 Initial Setup Example 57 System Status and Port Statistics 73 Basic Setting 79 ...

Страница 44: ...44 ...

Страница 45: ...er or Netscape Navigator 7 0 and later versions The recommended screen resolution is 1024 by 768 pixels In order to use the web configurator you need to allow Web browser pop up windows from your device Web pop up blocking is enabled by default in Windows XP SP Service Pack 2 JavaScript enabled by default Java permissions enabled by default 4 2 System Login 1 Start your web browser 2 Type http and...

Страница 46: ... is 1234 The date and time display as shown if you have not configured a time server nor manually entered a time and date in the General Setup screen Figure 16 Web Configurator Login 4 Click OK to view the first web configurator screen 4 3 The Status Screen The Status screen is the first screen that displays when you access the web configurator ...

Страница 47: ...u are currently working in B Click this link to save your configuration into the Switch s nonvolatile memory Nonvolatile memory is saved in the configuration file from which the Switch booted from and it stays the same even if the Switch s power is turned off See Section 38 3 on page 326 for information on saving your settings to a specific configuration file C Click this link to go to the status ...

Страница 48: ...Configurator XGS 4728F User s Guide 48 In the navigation panel click a main link to reveal a list of submenu links Table 4 Navigation Panel Sub links Overview BASIC SETTING ADVANCED APPLICATION IP APPLICATION MANAGEMENT ...

Страница 49: ... Aggregation Status Link Aggregation Setting Link Aggregation Control Protocol Port Authentication 802 1x MAC Authentication Port Security VLAN MAC Address Limit Classifier Policy Rule Queuing Method VLAN Stacking Port based QinQ Selective QinQ Static Routing RIP OSPF Status OSPF Configuration OSPF Redistribute OSPF Interface OSPF Virtual Link IGMP DVMRP DiffServ 2 Rate 3 Color Marker DSCP Setting...

Страница 50: ... Guard VLAN Mapping Configure Layer 2 Protocol Tunneling Table 7 Navigation Panel Links LINK DESCRIPTION Basic Settings System Info This link takes you to a screen that displays general system and hardware monitoring information General Setup This link takes you to a screen where you can configure general identification information and time settings for the Switch Switch Setup This link takes you ...

Страница 51: ...ut interference Link Aggregation This link takes you to screen where you can logically aggregate physical links to form one logical higher bandwidth link Port Authentication This link takes you to a screen where you can configure IEEE 802 1x port authentication as well as MAC authentication for clients communicating via the Switch Port Security This link takes you to a screen where you can activat...

Страница 52: ...e DiffServ configure marking rules and set DSCP to IEEE802 1p mappings DHCP This link takes you to screens where you can configure the DHCP settings VRRP This link takes you to screens where you can configure redundant virtual router for your network Management Maintenance This link takes you to screens where you can perform firmware and configuration file maintenance as well as reboot the system ...

Страница 53: ... memory Settings in the run time memory are lost when the Switch s power is turned off Click the Save link in the upper right hand corner of the web configurator to save your configuration to nonvolatile memory Nonvolatile memory refers to the Switch s storage that remains even if the Switch s power is turned off Note Use the Save link when you are done with a configuration session Routing Table T...

Страница 54: ...ers out of the Switch If you do lock yourself out try using out of band management via the management port to configure the Switch 4 6 Resetting the Switch If you lock yourself and others from the Switch or forget the administrator password you will need to reload the factory default configuration file or reset the Switch back to the factory defaults 4 6 1 Reload the Configuration File Uploading t...

Страница 55: ... XMODEM upload message before activating XMODEM upload on your terminal 6 After a configuration file upload type atgo to restart the Switch Figure 19 Resetting the Switch Via the Console Port The Switch is now reinitialized with a default configuration file including the default password of 1234 ZyNOS Version V3 90 BBC 0 b1 04 28 2009 09 20 42 Bootbase Version V1 00 10 22 2007 12 48 50 RAM Size 12...

Страница 56: ...your password again after you log out This is recommended after you finish a management session for security reasons Figure 20 Web Configurator Logout Screen 4 8 Help The web configurator s online help has descriptions of individual screens and some supplementary information Click the Help link from a web configurator screen to view an online help description of that screen ...

Страница 57: ...rt VLAN ID Enable RIP 5 1 1 Configuring an IP Interface On a layer 3 switch an IP interface also known as an IP routing domain is not bound to a physical port The default IP address of the Switch is 192 168 1 1 with a subnet mask of 255 255 255 0 In the example network since the RD network is already in the same IP interface as the Switch you don t need to create an IP interface for it However if ...

Страница 58: ...management Make sure your computer is in the same subnet as the MGMT port 2 Open your web browser and enter 192 168 0 1 the default MGMT port IP address in the address bar to access the web configurator See Section 4 2 on page 45 for more information 3 Click Basic Setting and IP Setup in the navigation panel 4 Configure the related fields in the IP Setup screen For the Sales network enter 192 168 ...

Страница 59: ...the example network configure two DHCP client pools on the Switch for the DHCP clients in the RD and Sales networks 1 In the web configurator click IP Application and DHCP in the navigation panel and click the VLAN link 2 In the VLAN Setting screen specify the ID of the VLAN to which the DHCP clients belong the starting IP address pool subnet mask default gateway address and the DNS server address...

Страница 60: ...ple VLAN 1 Click Advanced Application VLAN in the navigation panel and click the Static VLAN link 2 In the Static VLAN screen select ACTIVE enter a descriptive name in the Name field and enter 2 in the VLAN Group ID field for the VLAN2 network Note The VLAN Group ID field in this screen and the VID field in the IP Setup screen refer to the same VLAN ID EXAMPLE ...

Страница 61: ...en the Switch s power is turned off 5 1 4 Setting Port VID Use PVID to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines In the example network configure 2 as the port VID on port 1 so that any untagged frames received on that port get sent to VLAN 2 Figure 23 Initial Setup Network Example Port VID 1 Click Advanced A...

Страница 62: ... the RIP screen 1 Click IP Application and RIP in the navigation panel 2 Select Both in the Direction field to set the Switch to broadcast and receive routing information 3 In the Version field select RIP 1 for the RIP packet format that is universally supported 4 Click Apply to save your changes back to the run time memory Settings in the run time memory are lost when the Switch s power is turned...

Страница 63: ...o assign IP addresses to all devices in VLAN network V Create a VLAN containing ports 5 6 and 7 Connect a computer M to the Switch s MGMT port Figure 24 Tutorial DHCP Snooping Tutorial Overview Note For related information about DHCP snooping see Section 26 1 on page 231 The settings in this tutorial are as the following Table 8 Tutorial Settings in this Tutorial HOST PORT CONNECTED VLAN PVID DHCP...

Страница 64: ... username default admin and password default 1234 2 Go to Advanced Application VLAN Static VLAN and create a VLAN with ID of 100 Add ports 5 6 and 7 in the VLAN by selecting Fixed in the Control field as shown Deselect Tx Tagging because you don t want outgoing traffic to contain this VLAN tag Click Add Figure 25 Tutorial Create a VLAN and Add Ports to It ...

Страница 65: ...7 to 100 This tags untagged incoming frames on ports 5 6 and 7 with the tag 100 Figure 26 Tutorial Tag Untagged Frames 4 Go to Advanced Application IP Source Guard DHCP snooping Configure activate and specify VLAN 100 as the DHCP VLAN as shown Click Apply Figure 27 Tutorial Specify DHCP VLAN 5 Click the Port link at the top right corner ...

Страница 66: ...urce Guard DHCP snooping Configure VLAN show VLAN 100 by entering 100 in the Start VID and End VID fields and click Apply Then select Yes in the Enabled field of the VLAN 100 entry shown at the bottom section of the screen If you want to add more information in the DHCP request packets such as source VLAN ID or system name you can also select the Option82 and Information fields in the entry See Se...

Страница 67: ...nto the Switch s console Use the command show dhcp snooping binding to see the DHCP snooping binding table as shown next 6 2 How to Use DHCP Relay on the Switch This tutorial describes how to configure your Switch to forward DHCP client requests to a specific DHCP server The DHCP server can then assign a specific IP address based on the information in the DHCP requests 6 2 1 DHCP Relay Tutorial In...

Страница 68: ...cenario 6 2 2 Creating a VLAN Follow the steps below to configure port 2 as a member of VLAN 102 1 Access the web configurator through the Switch s management port 2 Go to Basic Setting Switch Setup and set the VLAN type to 802 1Q Click Apply to save the settings to the run time memory Figure 32 Tutorial Set VLAN Type to 802 1Q VLAN 102 DHCP Server Port 2 PVID 102 172 16 1 18 A 192 168 2 3 ...

Страница 69: ...e Name field and enter 102 in the VLAN Group ID field 5 Select Fixed to configure port 2 to be a permanent member of this VLAN 6 Clear the TX Tagging check box to set the Switch to remove VLAN tags before sending 7 Click Add to save the settings to the run time memory Settings in the run time memory are lost when the Switch s power is turned off Figure 33 Tutorial Create a Static VLAN ...

Страница 70: ...ink 9 Enter 102 in the PVID field for port 2 to add a tag to incoming untagged frames received on that port so that the frames are forwarded to the VLAN group that the tag defines 10 Click Apply to save your changes back to the run time memory Figure 35 Tutorial Add Tag for Frames Received on Port 2 11 Click the Save link in the upper right corner of the web configurator to save your configuration...

Страница 71: ...e Option 82 and the Information check boxes 5 Click Apply to save your changes back to the run time memory Figure 36 Tutorial Set DHCP Server and Relay Information 6 Click the Save link in the upper right corner of the web configurator to save your configuration permanently 7 The DHCP server can then assign a specific IP address based on the DHCP request 6 2 4 Troubleshooting Check the client A s ...

Страница 72: ...Chapter 6 Tutorials XGS 4728F User s Guide 72 3 You clicked the Save link on the Switch to have your settings take effect ...

Страница 73: ...ome page and port details screens 7 1 Overview The home screen of the web configurator displays a port statistical summary with links to each port showing statistical details 7 2 Port Status Summary To view the port statistics click Status in all web configurator screens to display the Status screen as shown next Figure 37 Status ...

Страница 74: ... page 127 for more information If STP is disabled this field displays FORWARDING if the link is up otherwise it displays STOP LACP This fields displays whether LACP Link Aggregation Control Protocol has been enabled on the port TxPkts This field shows the number of transmitted frames on this port RxPkts This field shows the number of received frames on this port Errors This field shows the number ...

Страница 75: ... on the Switch Figure 38 Status Port Details The following table describes the labels in this screen Table 10 Status Port Details LABEL DESCRIPTION Port Info Port NO This field displays the port number you are viewing Name This field displays the name of the port Link This field displays the speed either 10M for 10Mbps 100M for 100Mbpsl 1000M for 1000 Mbps and 10G for 10 Gbps and the duplex F for ...

Страница 76: ...e This field shows the number of 802 3x Pause packets transmitted Tagged This field shows the number of packets with VLAN tags transmitted Rx Packet The following fields display detailed information about packets received RX Packets This field shows the number of good packets unicast multicast and broadcast received Multicast This field shows the number of good multicast packets received Broadcast...

Страница 77: ...n length 65 127 This field shows the number of packets including bad packets received that were between 65 and 127 octets in length 128 255 This field shows the number of packets including bad packets received that were between 128 and 255 octets in length 256 511 This field shows the number of packets including bad packets received that were between 256 and 511 octets in length 512 1023 This fiel...

Страница 78: ...Chapter 7 System Status and Port Statistics XGS 4728F User s Guide 78 ...

Страница 79: ...neral Setup screen allows you to configure general Switch identification information The General Setup screen also allows you to set the system time manually or get the current time and date from an external server when you turn on your Switch The real time is then displayed in the Switch logs The Switch Setup screen allows you to set up and configure global Switch features The IP Setup screen all...

Страница 80: ...the Switch s current firmware including the date created Ethernet Address This field refers to the Ethernet MAC Media Access Control address of the Switch Hardware Monitor Temperature Unit The Switch has temperature sensors that are capable of detecting and reporting if the temperature rises above the threshold You may choose the temperature unit Centigrade or Fahrenheit in this field Temperature ...

Страница 81: ...r speeds too small to measure under 2000 RPM Threshold This field displays the minimum speed at which a normal fan should work Status Normal indicates that this fan is functioning above the minimum speed Error indicates that this fan is functioning below the minimum speed Voltage V The power supply for each voltage has a sensor that is capable of detecting and reporting if the voltage falls out of...

Страница 82: ...table describes the labels in this screen Table 12 Basic Setting General Setup LABEL DESCRIPTION System Name Type a descriptive name for identification purposes This name consists of up to 64 printable characters spaces are allowed Location Type the geographic location of your Switch You can use up to 32 printable ASCII characters spaces are allowed Contact Person s Name Type the name of the perso...

Страница 83: ...lays the date you open this menu New Date yyyy mm dd Enter the new date in year month and day format The new date then appears in the Current Date field after you click Apply Time Zone Select the time difference between UTC Universal Time Coordinated formerly known as GMT Greenwich Mean Time and your time zone from the drop down list box Daylight Saving Time Daylight saving is a period from late s...

Страница 84: ...e Chapter 9 on page 95 for information on port based and 802 1Q tagged VLANs End Date Configure the day and time when Daylight Saving Time ends if you selected Daylight Saving Time The time field uses the 24 hour format Here are a couple of examples Daylight Saving Time ends in the United States on the last Sunday of October Each time zone in the United States stops using Daylight Saving Time at 2...

Страница 85: ...or more information Bridge Control Protocol Transparency Select Active to allow the Switch to handle bridging control protocols STP for example You also need to define how to treat a BPDU in the Port Setup screen MAC Address Learning MAC address learning reduces outgoing traffic broadcasts For MAC address learning to occur on a port the port must be active Aging Time Enter a time from 10 to 3000 s...

Страница 86: ...ts through faster while traffic in lower index queues is dropped if the network is congested Priority Level The following descriptions are based on the traffic types defined in the IEEE 802 1d standard which incorporates the 802 1p Level 7 Typically used for network control traffic such as router configuration messages Level 6 Typically used for voice traffic that is especially sensitive to jitter...

Страница 87: ...255 0 On the Switch as a layer 3 device an IP address is not bound to any physical ports Since each IP address on the Switch must be in a separate subnet the configured IP address is also known as IP interface or routing domain In addition this allows routing between subnets based on the IP address without additional routers You can configure multiple routing domains on the same VLAN as long as th...

Страница 88: ...nter the IP subnet mask of your Switch in dotted decimal notation for example 255 255 255 0 Default Gateway Enter the IP address of the default outgoing gateway in dotted decimal notation for example 192 168 0 254 Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel ...

Страница 89: ...y from the summary table Note Deleting all IP subnets locks you out of the Switch Cancel Click Cancel to clear the Delete check boxes Table 14 Basic Setting IP Setup continued LABEL DESCRIPTION Table 15 Basic Setting Port Setup LABEL DESCRIPTION Port This is the port index number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use ...

Страница 90: ...speed by detecting the signal on the cable and using half duplex mode When the Switch s auto negotiation is turned off a port uses the pre configured speed and duplex mode when making a connection thus requiring you to make sure that the settings of the peer port are the same in order to connect Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory ...

Страница 91: ... Network to process a BPDU with no VLAN tag and forward a tagged BPDU CX4 Cable Select the number of meters for the length of the 10GBASE CX4 cable you use to connect between the Switch and another switch for stacking Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation pa...

Страница 92: ...Chapter 8 Basic Setting XGS 4728F User s Guide 92 ...

Страница 93: ...ng Tree Protocol 125 Bandwidth Control 145 Broadcast Storm Control 149 Mirroring 151 Link Aggregation 153 Port Authentication 163 Port Security 169 Classifier 173 Policy Rule 179 Queuing Method 187 VLAN Stacking 191 Multicast 199 AAA 215 IP Source Guard 231 Loop Guard 255 VLAN Mapping 259 Layer 2 Protocol Tunneling 263 ...

Страница 94: ...94 ...

Страница 95: ...ormation starting after the source address field of the Ethernet frame The CFI Canonical Format Indicator is a single bit flag always set to zero for Ethernet switches If a frame received at an Ethernet port has a CFI set to 1 then that frame should not be forwarded as it is to an untagged port The remaining twelve bits define the VLAN ID giving a possible maximum number of 4 096 VLANs Note that u...

Страница 96: ...k switches to register and de register attribute values with other GARP participants within a bridged LAN GARP is a protocol that provides a generic mechanism for protocols that serve a more specific application for example GVRP 9 2 1 1 GARP Timers Switches join VLANs by making a declaration A declaration is made by issuing a Join message using GARP Declarations are withdrawn by issuing a Leave me...

Страница 97: ...s A and B C D and E automatically VLAN Administrative Control Registration Fixed Fixed registration ports are permanent VLAN members Registration Forbidden Ports with registration forbidden are forbidden to join the specified VLAN Normal Registration Ports dynamically join a VLAN using GVRP VLAN Tag Control Tagged Ports belonging to the specified VLAN tag all outgoing frames transmitted Untagged P...

Страница 98: ...AN type in the Basic Setting Switch Setup screen Figure 45 Switch Setup Select VLAN Type 9 5 Static VLAN Use a static VLAN to decide whether an incoming frame on a port should be sent to a VLAN group as normal depending on its VLAN tag sent to a group whether it has a VLAN tag or not blocked from a VLAN group regardless of its VLAN tag You can also tag all outgoing frames that were previously unta...

Страница 99: ... is the number of VLANs configured on the Switch The Number of Search Results This is the number of VLANs that match the searching criteria and display in the list below This field displays only when you use the Search button to look for certain VLANs Index This is the VLAN index number Click on an index number to view more VLAN details VID This is the VLAN identification number that was configure...

Страница 100: ...n on static VLAN To configure a Table 18 Advanced Application VLAN VLAN Detail LABEL DESCRIPTION VLAN Status Click this to go to the VLAN Status screen VID This is the VLAN identification number that was configured in the Static VLAN screen Port Number This column displays the ports that are participating in a VLAN A tagged port is marked as T an untagged port is marked as U and ports not particip...

Страница 101: ...r a descriptive name for the VLAN group for identification purposes This name consists of up to 64 printable characters spaces are allowed VLAN Group ID Enter the VLAN ID for this static entry the valid range is between 1 and 4094 Port The port number identifies the port you are configuring Settings in this row apply to all ports Use this row only if you want to make some settings the same for all...

Страница 102: ...ing frames transmitted with this VLAN Group ID Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to start config...

Страница 103: ...e Switch discards incoming frames for VLANs that do not include this port in its member set Clear this check box to disable ingress filtering PVID Enter a number between 1and 4094 as the port VLAN ID GVRP Select this check box to allow GVRP on this port Acceptable Frame Type Specify the type of frames allowed on a port Choices are All and Tag Only Select All from the drop down list box to accept a...

Страница 104: ...sed VLAN with priority 6 and VID of 100 for traffic received from IP subnet 172 16 1 0 24 voice services You can also have a subnet based VLAN with priority 5 and VID of 200 for traffic received from IP subnet 192 168 1 0 24 video services Lastly you can configure VLAN with priority 3 and VID of 300 for traffic received from IP subnet 10 1 1 0 24 data services All untagged incoming frames will be ...

Страница 105: ... IP subnet to obtain their IP addresses through the DHCP VLAN Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Active Check this box to activate the IP subnet VLAN you are creating or e...

Страница 106: ...ust be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch assigns to frames belonging to this VLAN Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile m...

Страница 107: ...P traffic when they go through the uplink port to a backbone switch C Figure 52 Protocol Based VLAN Application Example 9 9 Configuring Protocol Based VLAN Click Protocol Based VLAN in the VLAN Port Setting screen to display the configuration screen as shown Figure 53 Advanced Application VLAN VLAN Port Setting Protocol Based VLAN ...

Страница 108: ...be an existing VLAN which you defined in the Advanced Applications VLAN screens Priority Select the priority level that the Switch will assign to frames belonging to this VLAN Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile m...

Страница 109: ...Give this protocol based VLAN a descriptive name Type IP VLAN 4 Select the protocol Leave the default value IP 5 Type the VLAN ID of an existing VLAN In our example we already created a static VLAN with an ID of 5 Type 5 6 Leave the priority set to 0 and click Add Figure 54 Protocol Based VLAN Configuration Example To add more ports to this protocol based VLAN 1 Click the index number of the proto...

Страница 110: ... Note When you activate port based VLAN the Switch uses a default VLAN ID of 1 You cannot change it Note In screens such as IP Setup and Filtering that require a VID you must enter 1 as the VID The port based VLAN setup screen is shown next The CPU management port forms a VLAN with all Ethernet ports 9 11 1 Configure a Port based VLAN Select Port Based as the VLAN Type in the Switch Setup screen a...

Страница 111: ...Chapter 9 VLAN XGS 4728F User s Guide 111 The following screen shows users on a port based all connected VLAN configuration Figure 55 Advanced Application VLAN Port Based VLAN Setup All Connected ...

Страница 112: ...Chapter 9 VLAN XGS 4728F User s Guide 112 The following screen shows users on a port based port isolated VLAN configuration Figure 56 Advanced Application VLAN Port Based VLAN Setup Port Isolation ...

Страница 113: ...t is a port through which a data packet enters If you wish to allow two subscriber ports to talk to each other you must define the ingress port for both ports The numbers in the top row denote the incoming port for the corresponding port listed on the left its outgoing port CPU refers to the Switch management port By default it forms a VLAN with all Ethernet ports If it does not form a VLAN with a...

Страница 114: ...Chapter 9 VLAN XGS 4728F User s Guide 114 ...

Страница 115: ...AC Forwarding A static MAC address is an address that has been manually entered in the MAC address table Static MAC addresses do not age out When you set up static MAC address rules you are setting static MAC addresses for a port This may reduce the need for broadcasting Static MAC address forwarding together with port security allows only computers in the MAC address table on a port to access the...

Страница 116: ... where the MAC address entered in the previous field will be automatically forwarded Add Click Add to save your rule to the Switch s run time memory The Switch loses this rule if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Cl...

Страница 117: ...splays the port where the MAC address shown in the next field will be forwarded Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete check boxes Table 24 Advanced Application Static MAC Forwarding continued LABEL DESCRIPTION ...

Страница 118: ...Chapter 10 Static MAC Forward Setup XGS 4728F User s Guide 118 ...

Страница 119: ...ge out Static multicast forwarding allows you the administrator to forward multicast frames to a member without the member having to join the group first If a multicast group has no members then the switch will either flood the multicast frames to all ports or drop them You can configure this in the Advanced Application Multicast Multicast Setting screen see Section 24 3 on page 201 Figure 58 show...

Страница 120: ...3 within VLAN group 4 Figure 58 No Static Multicast Forwarding Figure 59 Static Multicast Forwarding to A Single Port Figure 60 Static Multicast Forwarding to Multiple Ports 11 2 Configuring Static Multicast Forwarding Use this screen to configure rules to forward specific multicast frames such as streaming or control frames to specific port s ...

Страница 121: ... pair 00000001 is 01 and 00000011 is 03 in hexadecimal so 01 00 5e 00 00 0A and 03 00 5e 00 00 27 are valid multicast MAC addresses VID You can forward frames with matching destination MAC address to port s within a VLAN group Enter the ID that identifies the VLAN group here If you don t have a specific target VLAN enter 1 Port Enter the port s where frames with destination MAC address that matche...

Страница 122: ...This field displays the multicast MAC address that identifies a multicast group VID This field displays the ID number of a VLAN group to which frames containing the specified multicast MAC address will be forwarded Port This field displays the port s within a identified VLAN group to which frames containing the specified multicast MAC address will be forwarded Delete Click Delete to remove the sel...

Страница 123: ...in the navigation panel to display the screen as shown next Figure 62 Advanced Application Filtering The following table describes the related labels in this screen Table 26 Advanced Application FIltering LABEL DESCRIPTION Active Make sure to select this check box to activate your rule You may temporarily deactivate a rule without deleting it by deselecting this check box Name Type a descriptive n...

Страница 124: ...Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to clear the fields to the factory defaults Index This field displays the index number of the rule Click an index number to change the settings Active This field displays Yes when the rule is activated and ...

Страница 125: ...hes in your network to ensure that only one path exists between any two stations on the network The Switch uses IEEE 802 1w RSTP Rapid Spanning Tree Protocol that allows faster convergence of the spanning tree than STP while also being backwards compatible with STP only aware bridges In RSTP topology change information is directly propagated throughout the network from the device that generates th...

Страница 126: ...nnected LANs and disables all other ports that participate in STP Network packets are therefore only forwarded between enabled ports eliminating any possible network loops STP aware switches exchange Bridge Protocol Data Units BPDUs periodically When the bridged LAN topology changes a new spanning tree is constructed Once a stable network topology has been established all bridges listen for Hello ...

Страница 127: ... its own bridge information In the following example there are two RSTP instances MRSTP 1 and MRSTP2 on switch A Figure 63 MRSTP Network Example To set up MRSTP activate MRSTP on the Switch and specify which port s belong to which spanning tree Table 28 STP Port States PORT STATE DESCRIPTION Disabled STP is disabled default Blocking Only configuration and management BPDUs are received and processe...

Страница 128: ...le bridges or switching devices into regions that appear as one single bridge on the network A VLAN can be mapped to a specific Multiple Spanning Tree Instance MSTI MSTI allows multiple VLANs to use the same spanning tree Load balancing is possible as traffic from different VLANs can use distinct paths in a region 13 1 5 1 MSTP Network Example The following figure shows a network example where two...

Страница 129: ...ion external path cost of paths outside this region is increased by one Internal path cost of paths within this region is increased by one when BPDUs traverse the region Devices that belong to the same MST region are configured to have the same MSTP configuration identification settings These include the following parameters Name of the MST region Revision level as the unique number for the MST re...

Страница 130: ...ST represents the connectivity of the entire network and it is equivalent to a spanning tree in an STP RSTP The CIST is the default MST instance MSTID 0 Any VLANs that are not members of an MST instance are members of the CIST In an MSTP enabled network there is only one CIST that runs between MST regions and single spanning tree devices A network may contain multiple MST regions and other network...

Страница 131: ...Protocol This screen differs depending on which STP mode RSTP MRSTP or MSTP you configure on the Switch This screen is described in detail in the section that follows the configuration section for each STP mode Click Configuration to activate one of the STP standards on the Switch 13 3 Spanning Tree Configuration Use the Spanning Tree Configuration screen to activate one of the STP modes on the Sw...

Страница 132: ...d Application Spanning Tree Protocol Configuration LABEL DESCRIPTION Spanning Tree Mode You can activate one of the STP modes on the Switch Select Rapid Spanning Tree Multiple Rapid Spanning Tree or Multiple Spanning Tree See Section 13 1 on page 125 for background information on STP Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turn...

Страница 133: ...e generations by the root switch The allowed range is 1 to 10 seconds Max Age This is the maximum time in seconds a switch can wait without receiving a BPDU before attempting to reconfigure All switch ports except for designated ports should receive BPDUs at regular intervals Any port that ages out STP information provided in the last BPDU becomes the designated port for the attached LAN If it is ...

Страница 134: ... loop in a switch Ports with a higher priority numeric value are disabled first The allowed range is between 0 and 255 and the default value is 128 Path Cost Path cost is the cost of transmitting a frame on to a LAN through that port It is recommended to assign this value according to the speed of the bridge The slower the media the higher the cost see Table 27 on page 126 for more information App...

Страница 135: ...oot switch transmits a configuration message The root bridge determines Hello Time Max Age and Forwarding Delay Max Age second This is the maximum time in seconds a switch can wait without receiving a configuration message before attempting to reconfigure Forwarding Delay second This is the time in seconds the root switch will wait before changing states that is listening to learning to forwarding...

Страница 136: ...The following table describes the labels in this screen Table 32 Advanced Application Spanning Tree Protocol MRSTP LABEL DESCRIPTION Status Click Status to display the MRSTP Status screen see Figure 71 on page 134 Tree This is a read only index number of the STP trees Active Select this check box to activate an STP tree Clear this checkbox to disable an STP tree Note You must also activate Multipl...

Страница 137: ...imum time in seconds a switch will wait before changing states This delay is required because every switch must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result The allowed range is 4 to 30 seconds As a general...

Страница 138: ...ff or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 32 Advanced Application Spanning Tree Protocol MRSTP continued LABEL DESCRIPTION Table 33 Advanced Application Spanning Tree Protocol Status MRSTP LABEL DESCRIPTION Configuration Click Conf...

Страница 139: ...s the root switch will wait before changing states that is listening to learning to forwarding Note The listening state does not exist in RSTP Cost to Bridge This is the path cost from the root port on this Switch to the root switch Port ID This is the priority and number of the port on the Switch through which this Switch must communicate with the root of the Spanning Tree Topology Changed Times ...

Страница 140: ... 140 13 8 Configure Multiple Spanning Tree Protocol To configure MSTP click MSTP in the Advanced Application Spanning Tree Protocol screen See Section 13 1 5 on page 128 for more information on MSTP Figure 74 Advanced Application Spanning Tree Protocol MSTP ...

Страница 141: ...rwarding Delay This is the maximum time in seconds a switch will wait before changing states This delay is required because every switch must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a blocking state otherwise temporary data loops might result The allowed range i...

Страница 142: ...ommon settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this check box to add this port to the MST instance Priority Configure the priority for each port here Priority decides which port should be disabled when more than one port forms a loop in the Switch Ports with a higher priority numeric value...

Страница 143: ...ee Protocol Status MSTP The following table describes the labels in this screen Delete Check the rule s that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to begin configuring this screen afresh Table 34 Advanced Application Spanning Tree Protocol MSTP continued LABEL DESCRIPTION Table 35 Advanced Application Spanning Tree Protocol Status MSTP LABEL D...

Страница 144: ... number for this MST region Configuration Digest A configuration digest is generated from the VLAN MSTI mapping information This field displays the 16 octet signature that is included in an MSTP BPDU This field displays the digest when MSTP is activated on the system Topology Changed Times This is the number of times the spanning tree has been reconfigured Time Since Last Change This is the time s...

Страница 145: ...aranteed bandwidth for the incoming traffic flow on a port The Peak Information Rate PIR is the maximum bandwidth allowed for the incoming traffic flow on a port when there is no network congestion The CIR and PIR should be set for all ports that use the same uplink bandwidth If the CIR is reached packets are sent at the rate up to the PIR When network congestion occurs packets through the ingress...

Страница 146: ... want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Ingress Rate Active Select this check box to activate commit rate limits on this port Commit Rate Specify the guaranteed bandwidth allowed in kilobits per second Kbps for the ...

Страница 147: ...g traffic flow on a port Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 36 Advanced Application Bandwidth Control con...

Страница 148: ...Chapter 14 Bandwidth Control XGS 4728F User s Guide 148 ...

Страница 149: ...ckets the Switch receives per second on the ports When the maximum number of allowable broadcast multicast and or DLF packets is reached per second the subsequent packets are discarded Enable this feature to reduce broadcast multicast and or DLF packets in your network You can specify limits for each packet type on each port Click Advanced Application Broadcast Storm Control in the navigation pane...

Страница 150: ...ort by port basis Note Changes in this row are copied to all the ports as soon as you make them Broadcast pkt s Select this option and specify how many broadcast packets the port receives per second Multicast pkt s Select this option and specify how many multicast packets the port receives per second DLF pkt s Select this option and specify how many destination lookup failure DLF packets the port ...

Страница 151: ...w to a monitor port the port you copy the traffic to in order that you can examine the traffic from the monitor port without interference Click Advanced Application Mirroring in the navigation panel to display the Mirroring screen Use this screen to select a monitor port and specify the traffic flow to be copied to the monitor port Figure 78 Advanced Application Mirroring ...

Страница 152: ... row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Mirrored Select this option to mirror the traffic on a port Direction Specify the direction of the traffic to mirror by selecting from the drop down list box C...

Страница 153: ...cal link containing multiple ports The beginning port of each trunk group must be physically connected to form a trunk group The Switch supports both static and dynamic link aggregation Note In a properly planned network it is recommended to implement static link aggregation only This ensures increased network stability and control over the trunk groups on your Switch See Section 17 6 on page 160 ...

Страница 154: ... full duplex links All ports in the same trunk group must have the same media type speed duplex mode and flow control settings Configure trunk groups or LACP before you connect the Ethernet switch to avoid causing network topology loops 17 2 1 Link Aggregation ID LACP aggregation ID consists of the following information1 Table 39 Link Aggregation ID Local Switch SYSTEM PRIORITY MAC ADDRESS KEY POR...

Страница 155: ...unk group that is one logical link containing multiple ports Enabled Port These are the ports you have configured in the Link Aggregation screen to be in the trunk group The port number s displays only when this trunk group is activated and there is a port belonging to this group Synchronized Ports These are the ports that are currently transmitting data as one logical link in this trunk group Agg...

Страница 156: ...c based on a combination of the packet s source and destination MAC addresses src ip means the Switch distributes traffic based on the packet s source IP address dst ip means the Switch distributes traffic based on the packet s destination IP address src dst ip means the Switch distributes traffic based on a combination of the packet s source and destination IP addresses Status This field displays...

Страница 157: ...vanced Application Link Aggregation Link Aggregation Setting The following table describes the labels in this screen Table 42 Advanced Application Link Aggregation Link Aggregation Setting LABEL DESCRIPTION Link Aggregation Setting This is the only screen you need to configure to enable static link aggregation Group ID The field identifies the link aggregation group that is one logical link contai...

Страница 158: ... MAC addresses Select src ip to distribute traffic based on the packet s source IP address Select dst ip to distribute traffic based on the packet s destination IP address Select src dst ip to distribute traffic based on a combination of the packet s source and destination IP addresses Port This field displays the port number Group Select the trunk group to which a port belongs Note When you enabl...

Страница 159: ...ion on dynamic link aggregation Figure 81 Advanced Application Link Aggregation Link Aggregation Setting LACP The following table describes the labels in this screen Table 43 Advanced Application Link Aggregation Link Aggregation Setting LACP LABEL DESCRIPTION Link Aggregation Control Protocol Note Do not configure this screen unless you want to enable dynamic link aggregation Active Select this c...

Страница 160: ...ame for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them LACP Timeout Timeout is the time interval between the individual port exchanges of LACP packets in order to check that the peer port in the trunk group is still up If a port does not respond after three tries...

Страница 161: ...igure 82 Trunking Example Physical Connections 2 Configure static trunking Click Advanced Application Link Aggregation Link Aggregation Setting In this screen activate trunk group T1 select the traffic distribution algorithm used by this group and select the ports that should belong to this group as shown in the figure below Click Apply when you are done Figure 83 Trunking Example Configuration Sc...

Страница 162: ...Chapter 17 Link Aggregation XGS 4728F User s Guide 162 ...

Страница 163: ...lidate users See Section 25 1 2 on page 216 for more information on configuring your RADIUS server settings Note If you enable IEEE 802 1x authentication and MAC authentication on the same port the Switch performs IEEE 802 1x authentication first If a user fails to authenticate via the IEEE 802 1x method then access to the port is denied 18 1 1 IEEE 802 1x Authentication The following figure illus...

Страница 164: ...tion Process 18 1 2 MAC Authentication MAC authentication works in a very similar way to IEEE 802 1x authentication The main difference is that the Switch does not prompt the client for login credentials The login credentials are based on the source MAC address of the New Connection Authentication Request Authentication Reply 1 4 5 Login Credentials Login Info Request 3 2 Session Granted Denied ...

Страница 165: ...first activate the port authentication method s you want to use both on the Switch and the port s then configure the RADIUS server settings in the AAA Radius Server Setup screen To activate a port authentication method click Advanced Application Port Authentication in the navigation panel Select a port authentication method in the screen that appears Figure 86 Advanced Application Port Authenticat...

Страница 166: ...port Port This field displays a port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this checkbox to permit 802 1x authentication on this...

Страница 167: ...n panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 44 Advanced Application Port Authentication 802 1x continued LABEL DESCRIPTION Table 45 Advanced Application Port Authentication MAC Authentication LABEL DESCRIPTION Active Select this check box to permit MAC authentication on the Switch Note You m...

Страница 168: ...e If the Aging Time in the Switch Setup screen is set to a lower value then it supersedes this setting See Section 7 5 on page 81 Port This field displays a port number Use this row to make the setting the same for all ports Use this row first and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select this checkbox ...

Страница 169: ...Switch The Switch can learn up to 16K MAC addresses in total with no limit on individual ports other than the sum cannot exceed 16K For maximum port security enable this feature disable MAC address learning and configure static MAC address es for a port It is not recommended you disable port security together with MAC address learning as this will result in many broadcasts By default MAC address l...

Страница 170: ...ously learned MAC addresses on the specified port s will become static MAC addresses and display in the Static MAC Forwarding screen MAC freeze Click MAC freeze to have the Switch automatically select the Active check boxes and clear the Address Learning check boxes only for the ports specified in the Port list Active Select this option to enable port security on the Switch Port This field display...

Страница 171: ...ing to occur on a port the port itself must be active with address learning enabled Limited Number of Learned MAC Address Use this field to limit the number of dynamic MAC addresses that may be learned on a port For example if you set this field to 5 on port 2 then only the devices with these five learned MAC addresses may access port 2 at any one time A sixth device must wait until one of the fiv...

Страница 172: ... this feature is disabled Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click Clear to clear the fields to th...

Страница 173: ...as the source address destination address source port number destination port number or incoming port number For example you can configure a classifier to select traffic from the same protocol port such as Telnet to form a flow Configure QoS on the Switch to group and prioritize application traffic and fine tune network performance Setting up QoS involves two separate steps 1 Configure classifiers...

Страница 174: ...Classifier LABEL DESCRIPTION Active Select this option to enable this rule Name Enter a descriptive name for this rule for identifying purposes Packet Format Specify the format of the packet Choices are All 802 3 tagged 802 3 untagged Ethernet II tagged and Ethernet II untagged A value of 802 3 indicates that the packets are formatted according to the IEEE 802 3 standards A value of Ethernet II in...

Страница 175: ...mat six hexadecimal character pairs Layer 3 Specify the fields below to configure a layer 3 classifier DSCP Select Any to classify traffic from any DSCP or select the second option and specify a DSCP DiffServ Code Point number between 0 and 63 in the field provided IP Protocol Select an IP protocol type or select Other and enter the protocol number in decimal value Refer to Table 51 on page 177 fo...

Страница 176: ...P protocol port number Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Cli...

Страница 177: ...l Click Cancel to clear the Delete check boxes Table 50 Common Ethernet Types and Protocol Number ETHERNET TYPE PROTOCOL NUMBER IP ETHII 0800 X 75 Internet 0801 NBS Internet 0802 ECMA Internet 0803 Chaosnet 0804 X 25 Level 3 0805 XNS Compat 0807 Banyan Systems 0BAD BBN Simnet 5208 IBM SNA 80D5 AppleTalk AARP 80F3 Table 51 Common IP Ports PORT NUMBER PORT NAME 21 FTP 23 Telnet 25 SMTP 53 DNS 80 HTT...

Страница 178: ...figuring a classifier that identifies all traffic from MAC address 00 50 ba ad 4f 81 on port 2 Figure 93 Classifier Example After you have configured a classifier you can configure a policy to define action s on the classified traffic flow See Chapter 21 on page 179 for information on configuring a policy rule EXAMPLE ...

Страница 179: ... the level of service desired This allows the intermediary DiffServ compliant network devices to handle the packets differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 21 1 2 DSCP and Per Hop Behavior DiffSe...

Страница 180: ...he DiffServ network Based on the marking rule different kinds of traffic can be marked for different kinds of forwarding Resources can then be allocated according to the DSCP values and the configured policies 21 2 Configuring Policy Rules You must first configure a classifier in the Classifier screen Refer to Section 20 2 on page 173 for more information ...

Страница 181: ...Chapter 21 Policy Rule XGS 4728F User s Guide 181 Click Advanced Applications Policy Rule in the navigation panel to display the screen as shown Figure 94 Advanced Application Policy Rule ...

Страница 182: ...le to a traffic flow Traffic that exceeds the maximum bandwidth allocated in cases where the network is congested is called out of profile traffic Bandwidth Specify the bandwidth in kilobit per second Kbps Enter a number between 1 and 1000000 Out of Profile DSCP Specify a new DSCP number between 0 and 63 if you want to replace or remark the DSCP number for out of profile traffic Action Specify the...

Страница 183: ...ss port Metering Select Enable to activate bandwidth limitation on the traffic flow s then set the actions to be taken on out of profile packets Out of profile action Select the action s to be performed for out of profile traffic Select Drop the packet to discard the out of profile traffic Select Change the DSCP value to replace the DSCP field with the value specified in the Out of profile DSCP fi...

Страница 184: ...lick an index number to edit the policy Active This field displays Yes when policy is activated and No when is it deactivated Name This field displays the name you have assigned to this policy Classifier s This field displays the name s of the classifier to which this policy applies Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete chec...

Страница 185: ...Example The figure below shows an example Policy screen where you configure a policy to limit bandwidth and discard out of profile traffic on a traffic flow classified using the Example classifier refer to Section 20 4 on page 178 Figure 96 Policy Example EXAMPLE ...

Страница 186: ...Chapter 21 Policy Rule XGS 4728F User s Guide 186 ...

Страница 187: ...raffic on the highest priority queue Q7 is transmitted first When that queue empties traffic on the next highest priority queue Q6 is transmitted until Q6 empties and then traffic is transmitted on Q5 and so on If higher priority queues never empty then traffic on lower priority queues never gets sent SP does not automatically adapt to changing network requirements 22 1 2 Weighted Fair Queuing Wei...

Страница 188: ...qual amount of bandwidth and then moves to the end of the list and so on depending on the number of queues being used This works in a looping fashion until a queue is empty Weighted Round Robin Scheduling WRR uses the same algorithm as round robin scheduling but services queues based on their priority and queue weight the number you configure in the queue Weight field rather than a fixed amount of...

Страница 189: ... labels in this screen Table 54 Advanced Application Queuing Method LABEL DESCRIPTION Port This label shows the port you are configuring Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports...

Страница 190: ...ce than queues with smaller weights Weight When you select WFQ or WRR enter the queue weight here Bandwidth is divided across the different traffic queues according to their weights Q0 Q7 This field is applicable only when you select WFQ or WRR Select a queue Q0 to Q7 to have the Switch use Strictly Priority to service the subsequent queue s after and including the specified queue for the 1000Base...

Страница 191: ...4 customer VLANs This allows a service provider to provide different service based on specific VLANs for many different customers A service provider s customers may require a range of VLANs to handle multiple applications A service provider s customers can assign their own inner VLAN tags on ports for these applications The service provider can assign an outer VLAN tag for each customer Therefore ...

Страница 192: ...ect Access Port for ingress ports on the service provider s edge devices 1 and 2 in the VLAN stacking example figure The incoming frame is treated as untagged so a second VLAN tag outer VLAN tag can be added Note Static VLAN Tx Tagging MUST be disabled on a port where you choose Normal or Access Port Select Tunnel Port available for Gigabit ports only for egress ports at the edge of the service pr...

Страница 193: ... Port then the Switch only adds the SP TPID tag to all incoming frames on the service provider s edge devices 1 and 2 in the VLAN stacking example figure that have an SP TPID different to the one configured on the Switch If an incoming frame s SP TPID is the same as the one configured on the Switch then the Switch will not add the tag Priority refers to the IEEE 802 1p standard that allows the ser...

Страница 194: ... Double Tagged 802 11Q Frame Format DA SA Len Etype Dat a FCS Untagged Ethernet frame DA SA TPI D Priorit y VI D Len Etype Dat a FCS IEEE 802 1Q customer tagged frame D A SA SPTPI D Priori ty VI D TPI D Priorit y VI D Len Etype Dat a FCS Double tagged frame Table 57 802 1Q Frame DA Destination Address Priority 802 1p Priority SA Source Address Len Etype Length and type of Ethernet frame SP TPI D S...

Страница 195: ...s ports at the edge of the service provider s network Select Tunnel Port available for Gigabit ports only for egress ports at the edge of the service provider s network Select Tunnel Port to have the Switch add the Tunnel TPID tag to all outgoing frames sent on this port In order to support VLAN stacking on a port the port must be able to allow frames of 1526 Bytes 1522 Bytes 4 Bytes for the secon...

Страница 196: ...es the port based Q in Q rules to them Table 59 Advanced Application VLAN Stacking Port based QinQ LABEL DESCRIPTION Port The port number identifies the port you are configuring SPVID SPVID is the service provider s VLAN ID the outer VLAN tag Enter the service provider ID from 1 to 4094 for frames received on this port See Chapter 9 on page 95 for more background information on VLAN ID Priority Se...

Страница 197: ...94 for frames received on this port See Chapter 9 on page 95 for more background information on VLAN ID Priority Select a priority level from 0 to 7 This is the service provider s priority level that adds to the frames received on this port 0 is the lowest priority level and 7 is the highest Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is ...

Страница 198: ... provider s priority level in the packets Delete Check the rule s that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to clear the Delete check boxes Table 60 Advanced Application VLAN Stacking Selective QinQ continued LABEL DESCRIPTION ...

Страница 199: ...ast address allows a device to send packets to a specific group of hosts multicast group in a different subnetwork A multicast IP address represents a traffic receiving group not individual receiving devices IP addresses in the Class D range 224 0 0 0 to 239 255 255 255 are used for IP multicasting Certain IP multicast numbers are reserved by IANA for special purposes see the IANA website for more...

Страница 200: ...p to 16 VLANs You can configure the Switch to automatically learn multicast group membership of any VLANs The Switch then performs IGMP snooping on the first 16 VLANs that send IGMP packets This is referred to as auto mode Alternatively you can specify the VLANs that IGMP snooping should be performed on This is referred to as fixed mode In fixed mode the Switch does not learn multicast group membe...

Страница 201: ...ettings to configure IGMP Snooping Active Select Active to enable IGMP Snooping to forward group multicast traffic only to ports that are members of that group Querier Select this option to allow the Switch to send IGMP General Query messages to the VLANs with the multicast hosts attached Host Timeout Specify the time from 1 to 16 711 450 in seconds that elapses before the Switch removes an IGMP g...

Страница 202: ... s Select Flooding to send the frame s to all ports Port This field displays the port number Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Immed Leave Select...

Страница 203: ... select Default to prohibit the port from joining any multicast group You can create IGMP filtering profiles in the Multicast Multicast Setting IGMP Filtering Profile screen IGMP Querier Mode The Switch treats an IGMP query port as being connected to an IGMP multicast router or server The Switch forwards IGMP join or leave packets to an IGMP query port Select Auto to have the Switch use the port a...

Страница 204: ... to 16 VLANs including up to five VLANs you configured in the MVR screen For example if you have configured one multicast VLAN in the MVR screen you can only specify up to 15 VLANs in this screen The Switch drops any IGMP control messages which do not belong to these 16 VLANs Note You must also enable IGMP snooping in the Multicast Setting screen first Apply Click Apply to save your changes to the...

Страница 205: ... screen Add Click Add to insert the entry in the summary table below and save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to reset the fields to your previous configuration Clear Click t...

Страница 206: ...t IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile End Address Type the ending multicast IP address for a range of IP addresses that you want to belong to the IGMP filter profile If you want to add a single multicast IP address enter it in both the Start Address and End Address fields Add Click Add to save the profile to the Switch s run time memo...

Страница 207: ...igure shows a network example The subscriber VLAN 1 2 and 3 information is hidden from the streaming media server S In addition the multicast VLAN information is only visible to the Switch and S Figure 106 MVR Network Example 24 6 1 Types of MVR Ports In MVR a source port is a port on the Switch that can send and receive multicast traffic in a multicast VLAN while a receiver port can only receive ...

Страница 208: ...le subscriber devices can connect through a port configured as the receiver on the Switch When the subscriber selects a television channel computer A sends an IGMP report to the Switch to join the appropriate multicast group If the IGMP report matches one of the configured MVR multicast group addresses on the Switch an entry is created in the forwarding table on the Switch This maps the subscriber...

Страница 209: ...s on the Switch Note Your Switch automatically creates a static VLAN with the same VID when you create a multicast VLAN in this screen Figure 108 Advanced Application Multicast Multicast Setting MVR The following table describes the related labels in this screen Table 65 Advanced Application Multicast Multicast Setting MVR LABEL DESCRIPTION Active Select this check box to enable MVR to allow one s...

Страница 210: ...a receiver port that only receives multicast traffic None Select this option to set the port not to participate in MVR No MVR multicast traffic is sent or received on this port Tagging Select this checkbox if you want the port to tag the VLAN ID in all outgoing frames transmitted Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off o...

Страница 211: ...abels in this screen Table 66 Advanced Application Multicast Multicast Setting MVR Group Configuration LABEL DESCRIPTION Multicast VLAN ID Select a multicast VLAN ID that you configured in the MVR screen from the drop down list box Name Enter a descriptive name for identification purposes Start Address Enter the starting IP multicast address of the multicast group in dotted decimal notation Refer ...

Страница 212: ... turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh MVLAN This field displays the multicast VLAN ID Name This field displays the descriptive name for this setting Start Address This field displays the starting IP address of the multicast ...

Страница 213: ...he Switch create a multicast group in the MVR screen and set the receiver and source ports Figure 111 MVR Configuration Example To set the Switch to forward the multicast group traffic to the subscribers configure multicast group settings in the Group Configuration screen The EXAMPLE ...

Страница 214: ...er s Guide 214 following figure shows an example where two multicast groups News and Movie are configured for the multicast VLAN 200 Figure 112 MVR Group Configuration Example Figure 113 MVR Group Configuration Example EXAMPLE EXAMPLE ...

Страница 215: ... levels associated with them For example user A may have the right to create new login accounts on the Switch but user B cannot The Switch can authorize users based on user accounts configured on the Switch itself or it can use an external server to authorize a large number of users Accounting is the process of recording what a user is doing The Switch can use an external server to track when user...

Страница 216: ...ted to the memory capacity of the device In essence RADIUS and TACACS authentication both allow you to validate an unlimited number of users from a central location The following table describes some key differences between RADIUS and TACACS 25 2 AAA Screens The AAA screens allow you to enable authentication authorization accounting or all of them on the Switch First configure your authentication ...

Страница 217: ...up Use this screen to configure your RADIUS server settings See Section 25 1 2 on page 216 for more information on RADIUS servers and Section 25 3 on page 226 for RADIUS attributes utilized by the authentication and accounting features on the Switch Click on the RADIUS Server Setup link in the AAA screen to view the screen as shown Figure 116 Advanced Application AAA RADIUS Server Setup ...

Страница 218: ...notation UDP Port The default port of a RADIUS server for authentication is 1812 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as the key to be shared between the external RADIUS server and the Switch This key is not sent over the network This key must be the same on the external RADIUS serv...

Страница 219: ...server and the Switch This key is not sent over the network This key must be the same on the external RADIUS accounting server and the Switch Delete Check this box if you want to remove an existing RADIUS accounting server entry from the Switch This entry is deleted when you click Apply Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is t...

Страница 220: ... in dotted decimal notation TCP Port The default port of a TACACS server for authentication is 49 You need not change this value unless your network administrator instructs you to do so Shared Secret Specify a password up to 32 alphanumeric characters as the key to be shared between the external TACACS server and the Switch This key is not sent over the network This key must be the same on the ext...

Страница 221: ...ver the network This key must be the same on the external TACACS accounting server and the Switch Delete Check this box if you want to remove an existing TACACS accounting server entry from the Switch This entry is deleted when you click Apply Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save lin...

Страница 222: ...Select local to have the Switch check the access privilege configured for local authentication Select radius or tacacs to have the Switch check the access privilege via the external servers Login These fields specify which database the Switch should use first second and third to authenticate administrator accounts users for Switch management Configure the local user accounts in the Access Control ...

Страница 223: ...begins a session authenticates via the Switch ends a session as well as interim updates of a session Commands Configure the Switch to send information when commands of specified privilege level and higher are executed on the Switch Active Select this to activate accounting for a specified event types Broadcast Select this to have the Switch send accounting information to all configured accounting ...

Страница 224: ...s vendor ID is 890 Vendor Type A vendor specified attribute identifying the setting you want to modify Vendor data A value you want to assign to the setting Note Refer to the documentation that comes with your RADIUS server on how to configure VSAs for users authenticating via the RADIUS server The following table describes the VSAs supported on the Switch Note that these atrributes only work when...

Страница 225: ... in decimal format Privilege Assignment Vendor ID 890 Vendor Type 3 Vendor Data shell priv lvl N or Vendor ID 9 CISCO Vendor Type 1 CISCO AVPAIR Vendor Data shell priv lvl N where N is a privilege level from 0 to 14 Note If you set the privilege level of a login account differently on the RADIUS server s and the Switch the user is assigned a privilege level from the database RADIUS or local the Sw...

Страница 226: ...used by authentication and accounting functions on the Switch In cases where the attribute has a specific format associated with it the format is specified 25 3 1 Attributes Used for Authentication The following sections list the attributes sent from the Switch to the RADIUS server when performing authentication 25 3 1 1 Attributes Used for Authenticating Privilege Access User Name the format of t...

Страница 227: ...uential number for example 2007041917210300000001 date 2007 04 19 time 17 21 03 serial number 00000001 Acct Delay Time 25 3 2 2 Attributes Used for Accounting Exec Events The attributes are listed in the following table along with the time that they are sent the difference between Console and Telnet SSH Exec events is that the Telnet SSH events utilize the Calling Station Id attribute Table 73 RAD...

Страница 228: ...t Status Type D D D Acct Delay Time D D D Acct Session Id D D D Acct Authentic D D D Acct Session Time D D Acct Terminate Cause D Table 75 RADIUS Attributes Exec Events via Console ATTRIBUTE START INTERIM UPDATE STOP User Name D D D NAS IP Address D D D NAS Port D D D Class D D D Called Station Id D D D Calling Station Id D D D NAS Identifier D D D NAS Port Type D D D Acct Status Type D D D Acct D...

Страница 229: ...Chapter 25 AAA XGS 4728F User s Guide 229 Acct Input Gigawords D D Acct Output Gigawords D D Table 75 RADIUS Attributes Exec Events via Console ATTRIBUTE START INTERIM UPDATE STOP ...

Страница 230: ...Chapter 25 AAA XGS 4728F User s Guide 230 ...

Страница 231: ...is a binding the Switch forwards the packet If there is not a binding the Switch discards the packet The Switch builds the binding table by snooping DHCP packets dynamic bindings and from information provided manually by administrators static bindings IP source guard consists of the following features Static bindings Use this to create static bindings in the binding table DHCP snooping Use this to...

Страница 232: ...are no trusted ports Untrusted ports are connected to subscribers The Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address and source port do...

Страница 233: ...e requests The Switch can add the following information Slot ID 1 byte port ID 1 byte and source VLAN ID 2 bytes System name up to 32 bytes This information is stored in an Agent Information field in the option 82 field of the DHCP headers of client DHCP request frames See Chapter 36 on page 303 for more information about DHCP relay option 82 When the DHCP server responds the Switch removes the in...

Страница 234: ... X does the following things It pretends to be computer A and responds to computer B It pretends to be computer B and sends a message to computer A As a result all the communication between computer A and computer B passes through computer X Computer X can read and alter the information passed between them 26 1 2 1 ARP Inspection and MAC Address Filters When the Switch identifies an unauthorized A...

Страница 235: ...itch can send syslog messages to the specified syslog server Chapter 41 on page 355 when it forwards or discards ARP packets The Switch can consolidate log messages and send log messages in batches to make this mechanism more efficient 26 1 2 4 Configuring ARP Inspection Follow these steps to configure ARP inspection on the Switch 1 Configure DHCP snooping See Section 26 1 1 4 on page 233 Note It ...

Страница 236: ...rce Guard LABEL DESCRIPTION Index This field displays a sequential number for each binding MAC Address This field displays the source MAC address in the binding IP Address This field displays the IP address assigned to the MAC address in the binding Lease This field displays how many days hours minutes and seconds the binding is valid for example 2d3h4m5s means the binding is still valid for 2 day...

Страница 237: ...es to all ports select Any Add Click this to create the specified static binding or to update an existing one Cancel Click this to reset the values above based on the last selected static binding or if not applicable to clear the fields above Clear Click this to clear the fields above Index This field displays a sequential number for each binding MAC Address This field displays the source MAC addr...

Страница 238: ...out the DHCP snooping database To open this screen click Advanced Application IP Source Guard DHCP Snooping Figure 123 DHCP Snooping Delete Select this and click Delete to remove the specified entry Cancel Click this to clear the Delete check boxes above Table 77 IP Source Guard Static Binding continued LABEL DESCRIPTION ...

Страница 239: ... field displays how much longer in seconds the Switch tries to complete the current update before it gives up It displays Not Running if the Switch is not updating the DHCP snooping database right now Abort timer expiry This field displays when in seconds the Switch is going to update the DHCP snooping database again It displays Not Running if the current bindings have not changed since the last u...

Страница 240: ...ce Guide Binding collisions This field displays the number of bindings the Switch ignored because the Switch already had a binding with the same MAC address and VLAN ID Invalid interfaces This field displays the number of bindings the Switch ignored because the port number was a trusted interface or does not exist anymore Parse failures This field displays the number of bindings the Switch ignored...

Страница 241: ...rt To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Figure 124 DHCP Snooping Configure Parse failures This field displays the number of bindings the Switch has ignored because the Switch was unable to understand the binding in the DHCP binding database Expired leases This field displays the number of bindings the Switch has ignored because the lease time had a...

Страница 242: ...h waits to start the next update until it completes the current one Agent URL Enter the location of the DHCP snooping database The location should be expressed like this tftp domain name or IP address directory if applicable file name for example tftp 192 168 10 1 database txt Timeout interval Enter how long 10 65535 seconds the Switch tries to complete a specific update in the DHCP snooping datab...

Страница 243: ...ntrusted can receive each second To open this screen click Advanced Application IP Source Guard DHCP Snooping Configure Port Figure 125 DHCP Snooping Port Configure Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory w...

Страница 244: ...ed ports are connected to subscribers and the Switch discards DHCP packets from untrusted ports in the following situations The packet is a DHCP server packet for example OFFER ACK or NACK The source MAC address and source IP address in the packet do not match any of the current bindings The packet is a RELEASE or DECLINE packet and the source MAC address and source port do not match any of the cu...

Страница 245: ... above If you configure the VLAN the settings are applied to all VLANs Enabled Select Yes to enable DHCP snooping on the VLAN You still have to enable DHCP snooping on the Switch and specify trusted ports Note The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports Option82 Select this to have the Switch add the slot number port number and VLAN ID to DHCP ...

Страница 246: ...wer so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click this to reset the values in this screen to their last saved values Table 81 DHCP Snooping VLAN Configure continued LABEL DESCRIPTION Table 82 ARP Inspection Status LABEL DESCRIPTION Total number of filters This field displays the current number of MAC addr...

Страница 247: ...dress were in the binding table but the port number was not valid Delete Select this and click Delete to remove the specified entry Delete Click this to remove the selected entries Cancel Click this to clear the Delete check boxes above Table 82 ARP Inspection Status continued LABEL DESCRIPTION Table 83 ARP Inspection VLAN Status LABEL DESCRIPTION Show VLAN range Use this section to specify the VL...

Страница 248: ...splays the total number of ARP packets the Switch forwarded for the VLAN since the Switch last restarted Dropped This field displays the total number of ARP packets the Switch discarded for the VLAN since the Switch last restarted Table 83 ARP Inspection VLAN Status LABEL DESCRIPTION Table 84 ARP Inspection Log Status LABEL DESCRIPTION Clearing log status table Click Apply to remove all the log me...

Страница 249: ...ays the reason the log message was generated dhcp deny An ARP packet was discarded because it violated a dynamic binding with the same MAC address and VLAN ID static deny An ARP packet was discarded because it violated a static binding with the same MAC address and VLAN ID deny An ARP packet was discarded because there were no bindings with the same MAC address and VLAN ID dhcp permit An ARP packe...

Страница 250: ...C address filter remains in the Switch after the Switch identifies an unauthorized ARP packet The Switch automatically deletes the MAC address filter afterwards Type 0 if you want the MAC address filter to be permanent Log Profile Log buffer size Enter the maximum number 1 1024 of log messages that were generated by ARP packets and have not been sent to the syslog server yet Make sure this number ...

Страница 251: ...ng examples 4 invalid ARP packets per second Syslog rate is 5 Log interval is 1 the Switch sends 4 syslog messages every second 6 invalid ARP packets per second Syslog rate is 5 Log interval is 2 the Switch sends 5 syslog messages every 2 seconds Log interval Type how often 1 86400 seconds the Switch sends a batch of syslog messages to the syslog server Enter 0 if you want the Switch to send syslo...

Страница 252: ...s a trusted port Trusted or an untrusted port Untrusted The Switch does not discard ARP packets on trusted ports for any reason The Switch discards ARP packets on untrusted ports in the following situations The sender s information in the ARP packet does not match any of the current bindings The rate at which ARP packets arrive is too high You can specify the maximum rate at which ARP packets can ...

Страница 253: ...one second interval If the burst interval is 5 seconds then the Switch accepts a maximum of 75 ARP packets in every five second interval Enter the length 1 15 seconds of the burst interval Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to t...

Страница 254: ...ges when it receives an ARP packet from the VLAN Deny The Switch generates log messages when it discards an ARP packet from the VLAN Permit The Switch generates log messages when it forwards an ARP packet from the VLAN All The Switch generates log messages every time it receives an ARP packet from the VLAN Apply Click Apply to save your changes to the Switch s run time memory The Switch loses thes...

Страница 255: ...e 133 Loop Guard vs STP Loop guard is designed to handle loop problems on the edge of your network This can occur when a port is connected to a Switch that is in a loop state Loop state occurs as a result of human error It happens when two ports on a switch are connected with the same cable When a switch in loop state sends out broadcast messages the messages loop back to the switch and are re bro...

Страница 256: ...port If this is the case the Switch will shut down the port connected to the switch in loop state The following figure shows a loop guard enabled port N on switch A sending a probe packet P to switch B Since switch B is in loop state the probe packet P returns to port N on A The Switch then shuts down port N to ensure that the rest of the network is not affected by the switch in loop state Figure ...

Страница 257: ...rk you can re activate the disabled port via the web configurator see Section 8 7 on page 89 or via commands see the Ethernet Switch CLI Reference Guide 27 2 Loop Guard Setup Click Advanced Application Loop Guard in the navigation panel to display the screen as shown Note The loop guard feature can not be enabled on the ports that have Spanning Tree Protocol RSTP MRSTP or MSTP enabled Figure 137 A...

Страница 258: ...nges in this row are copied to all the ports as soon as you make them Active Select this check box to enable the loop guard feature on this port The Switch sends probe packets from this port to check if the Switch it is connected to is in loop state If the Switch that this port is connected is in loop state the Switch will shut down this port Clear this check box to disable the loop guard feature ...

Страница 259: ...link port When VLAN mapping is enabled the Switch discards the tagged packets that do not match an entry in the VLAN mapping table If the incoming packets are untagged the Switch adds a PVID based on the VLAN setting Note You can not enable VLAN mapping and VLAN stacking at the same time 28 1 1 VLAN Mapping Example In the following example figure packets that carry VLAN ID 12 and are received on p...

Страница 260: ... setting the same for all ports Use this row first and then make adjustments on a port by port basis Changes in this row are copied to all the ports as soon as you make them Active Select this check box to enable the VLAN mapping feature on this port Clear this check box to disable the VLAN mapping feature Apply Click Apply to save your changes to the Switch s run time memory The Switch loses thes...

Страница 261: ... VID you specified in the Translated VID field Translated VID Enter a VLAN ID from 1 to 4094 into which the customer VID carried in the packets will be translated Priority Select a priority level from 0 to 7 This is the priority level that replaces the customer priority level in the tagged packets or adds to the untagged packets Add Click Add to insert the entry in the summary table below and save...

Страница 262: ...is the VLAN ID that replaces the customer VLAN ID in the tagged packets Priority This is the priority level that replaces the customer priority level in the tagged packets Delete Check the rule s that you want to remove in the Delete column and then click the Delete button Cancel Click Cancel to clear the Delete check boxes Table 90 VLAN Mapping Configuration continued LABEL DESCRIPTION ...

Страница 263: ...e provider s network The edge switch encapsulates layer 2 protocol packets with a specific MAC address before sending them across the service provider s network to other edge switches Figure 141 Layer 2 Protocol Tunneling Network Scenario In the following example if you enable L2PT for STP you can have switches A B C and D in the same spanning tree even though switch A is not directly connected to...

Страница 264: ...t on the service provider s edge device 1 or 2 in Figure 142 on page 264 and connected to a customer switch A or B Incoming layer 2 protocol packets received on an access port are encapsulated and forwarded to the tunnel ports The Tunnel port is an egress port at the edge of the service provider s network and connected to another service provider s switch Incoming encapsulated layer 2 protocol pac...

Страница 265: ...lect this to enable layer 2 protocol tunneling on the Switch Destination MAC Address Specify an MAC address with which the Switch uses to encapsulate the layer 2 protocol packets by replacing the destination MAC address in the packets Note The MAC address can be either a unicast MAC address or multicast MAC address If you use a unicast MAC address make sure the MAC address does not exist in the ad...

Страница 266: ...nd detect a unidirectional link PAGP Select this option to have the Switch send PAgP packets to a peer to automatically negotiate and build a logical port aggregation LACP Select this option to have the Switch send LACP packets to a peer to dynamically creates and manages trunk groups UDLD Select this option to have the Switch send UDLD packets to a peer s port it connected to monitor the physical...

Страница 267: ...267 PART IV IP Application Static Route 269 RIP 271 OSPF 273 IGMP 287 DVMRP 291 Differentiated Services 295 DHCP 303 VRRP 313 ...

Страница 268: ...268 ...

Страница 269: ...ble describes the related labels you use to create a static route Table 92 IP Application Static Routing LABEL DESCRIPTION Active This field allows you to activate deactivate this static route Name Enter a descriptive name up to 10 printable ASCII characters for identification purposes Destination IP Address This parameter specifies the IP network address of the final destination Routing is always...

Страница 270: ...ges to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to set the above fields back to the factory defaults Index This field displays the index number of the route Click a number to edit the static route entry Active This field displays Yes when the static route is activated and NO when it is deactivated Name This ...

Страница 271: ...IP packets but will not accept any RIP packets received None the Switch will not send any RIP packets and will ignore any RIP packets received The Version field controls the format and the broadcasting method of the RIP packets that the Switch sends it recognizes both formats when receiving RIP 1 is universally supported but RIP 2 carries more information RIP 1 is probably adequate for most networ...

Страница 272: ...interface configured on the Switch Refer to the section on IP Setup for more information on configuring IP domains Directio n Select the RIP direction from the drop down list box Choices are Outgoing Incoming Both and None Version Select the RIP version from the drop down list box Choices are RIP 1 RIP 2B and RIP 2M Apply Click Apply to save your changes to the Switch s run time memory The Switch ...

Страница 273: ...ting protocols such as RIP The following table summarizes some of the major differences between OSPF and RIP 32 1 1 OSPF Autonomous Systems and Areas An OSPF autonomous system AS can be divided into logical areas Each area represents a group of adjacent networks All areas are connected to a backbone also known as area 0 The backbone is the transit area to route packets between two areas A stub are...

Страница 274: ...to network destinations Layer 3 devices build a synchronized link state database by exchanging Hello messages to confirm which neighbor layer 3 devices exist and then they exchange database descriptions DDs to create the link state database The link state database is constantly updated through LSAs Link State Advertisements 32 1 3 Interfaces and Virtual Links An OSPF interface is a link between a ...

Страница 275: ...but in some situations it must be controlled In the following figure only router A has direct connectivity with all the other routers on the network segment Routers B and C do not have a direct connection with each other Therefore they should not be allowed to become DR or BDR Only router A should become the DR Figure 147 OSPF Router Election Example You can assign a priority to an interface which...

Страница 276: ...nformation on OSPF Figure 148 IP Application OSPF Status The following table describes the labels in this screen Table 96 IP Application OSPF Status LABEL DESCRIPTION OSPF This field displays whether OSPF is activated Running or not Down Interface The text box displays the OSPF status of the interface s on the Switch Neighbor The text box displays the status of the neighboring router participating...

Страница 277: ...the designated router Backup Designated Router This field displays the router ID of a backup designated router Time Intervals Configured This field displays the time intervals in seconds configured Neighbor Count This field displays the number of neighbor routers Adjacent Neighbor Count This field displays the number of neighbor router s that is adjacent to the Switch Neighbor Neighbor ID This fie...

Страница 278: ...d displays the number of links in the LSA Table 97 OSPF Status Common Output Fields continued FIELD DESCRIPTION Table 98 IP Application OSPF Configuration Activating and General Settings LABEL DESCRIPTION Active OSPF is disabled by default Select this option to enable it Router ID Router ID uniquely identifies the Switch in an OSPF Enter a unique ID that uses the format of an IP address in dotted ...

Страница 279: ... password To configure an area set the related fields in the OSPF Configuration screen Figure 150 IP Application OSPF Configuration Area Setup The following table describes the related labels in this screen Table 99 IP Application OSPF Configuration Area Setup LABEL DESCRIPTION Name Enter a descriptive name up to 32 printable ASCII characters for identification purposes Area ID Enter a 32 bit ID t...

Страница 280: ...not send receive LSAs Default Route Cost Specify a cost between 0 and 16777214 used to add a default route into a stub area for routes which are external to an OSPF domain If you do not set a route cost no default route is added Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top naviga...

Страница 281: ...SPF Configuration Redistribute The following table describes the labels in this screen Stub Network This field displays whether an area is a stub network Yes or not No Delete Click Delete to remove the selected entry from the summary table Cancel Click Cancel to clear the Delete check boxes Table 100 IP Application OSPF Configuration Summary Table continued LABEL DESCRIPTION Table 101 IP Applicati...

Страница 282: ...f or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Summary address Enter a network IP address which can cover more than one network in order to reduce the routing table size For example you can use 192 168 8 0 22 instead of using 192 168 8 0 24 19...

Страница 283: ...an authentication method The choices are Same as Area None default Simple and MD5 To participate in an OSPF network you must make the authentication method and or password settings the same as the associated area Select Same as Area to use the same authentication method within the area and set the related fields when necessary Select None to disable authentication This is the default setting Selec...

Страница 284: ...nges if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to set the above fields back to the factory defaults Index This field displays the index number for an interface Network This field displays the IP interfa...

Страница 285: ...te Virtual interface s must use the same authentication method within the same area Select an authentication method The choices are Same as Area None default Simple and MD5 To exchange OSPF packets with a peer border router you must make the authentication method and or password settings the same as the peer border router Select Same as Area to use the same authentication method within the area an...

Страница 286: ...lear Click Clear to set the above fields back to the factory defaults Index This field displays an index number of an entry Name This field displays a descriptive name of a virtual link Peer Router ID This field displays the ID that uses the format of an IP address in dotted decimal notation of a peer border router Authenticatio n This field displays the authentication method used Same as Area Non...

Страница 287: ...tween a multicast server multicast routers and multicast hosts A multicast server transmits multicast packets and multicast routers forward multicast packets to multicast hosts Figure 155 IP Multicast A host can decide to join or leave a multicast group at any time A host can also be a member of more than one multicast group Multicast groups are identified by IP addresses in the Class D range 224 ...

Страница 288: ...n 1 to version 3 IGMP version 1 defines how a multicast router checks to see if any multicast hosts are part of a multicast group It checks for group membership by sending out an IGMP Query packet Hosts that are members of a multicast group reply with an IGMP Report packet This is also referred to as a join group request The multicast router then keeps a list of all networks that have members of t...

Страница 289: ... multicast server Z IP address 13 2 2 2 both send multicast traffic to the same multicast group identified by the multicast IP address 225 1 1 1 In IGMP version 3 multicast host A can join multicast group 225 1 1 1 and specify that it only wants to receive multicast packets from server X Figure 158 IGMP Version 3 Example 33 2 Port based IGMP The Switch sends IGMP Query packets to all ports The Swi...

Страница 290: ...ot recorded any group members Select Drop to discard the frame s Select Flooding to send the frame s to all ports Index This field displays an index number of an entry Network This field displays the IP domain configured on the Switch Refer to Section 8 6 on page 87 for more information on configuring IP domains Version Select an IGMP version from the drop down list box The choices are IGMP v1 IGM...

Страница 291: ...e IGMP enabled when you enable DVMRP otherwise you see the screen as in Figure 162 on page 293 34 2 How DVMRP Works DVMRP uses the Reverse Path Multicasting RPM algorithm to generate an IP Multicast delivery tree Multicast packets are forwarded along these multicast tree branches DVMRP dynamically learns host membership information using Internet Group Management Protocol IGMP The trees are update...

Страница 292: ...d to build source trees and also perform Reverse Path Forwarding RPF checks on incoming multicast packets RPF checks prevent duplicate packets being filtered when loops exist in the network topology DVMRP prunes trim the multicast delivery tree s DVMRP grafts attach a branch back onto the multicast delivery tree 34 3 Configuring DVMRP Configure DVMRP on the Switch when you wish it to act as a mult...

Страница 293: ...ticast traffic this Switch sends out Index Index is the DVMRP configuration for the IP routing domain defined under Network The maximum number of DVMRP configurations allowed is the maximum number of IP routing domains allowed on the Switch See Section 8 6 on page 87 for more information on IP routing domains Network This is the IP routing domain IP address and subnet mask you set up in IP Setup V...

Страница 294: ...Error Message 34 4 Default DVMRP Timer Values The following are some default DVMRP timer values Table 106 DVMRP Default Timer Values DVMRP FIELD DEFAULT VALUE Probe interval 10 sec Report interval 35 sec Route expiration time 140 sec Prune lifetime Variable less than two hours Prune retransmission time 3 sec with exponential back off Graft retransmission time 5 sec with exponential back off ...

Страница 295: ... differently depending on the code points without the need to negotiate paths or remember state information for every flow In addition applications do not have to request a particular service or give advanced notice of where the traffic is going 35 1 1 DSCP and Per Hop Behavior DiffServ defines a new DS Differentiated Services field to replace the Type of Service ToS field in the IP header The DS ...

Страница 296: ... to give higher drop precedence to one traffic flow over others In our example packets in the Bronze traffic flow are more likely to be dropped when congestion occurs than the packets in the Platinum traffic flow as they move across the DiffServ network Figure 166 DiffServ Network 35 2 Two Rate Three Color Marker Traffic Policing Traffic policing is the limiting of the input or output transmission...

Страница 297: ...ork Green low loss priority level packets are forwarded TRTCM operates in one of two modes color blind or color aware In color blind mode packets are marked based on evaluating against the PIR and CIR regardless of if they have previously been marked or not In the color aware mode packets are marked based on both existing color and evaluation against the PIR and CIR If the packets do not match any...

Страница 298: ...ed against the PIR Only the packets marked green are first evaluated against the PIR and then if they don t exceed the PIR level are they evaluated against the CIR Figure 168 TRTCM Color aware Mode 35 3 Activating DiffServ Activate DiffServ to apply marking rules or IEEE 802 1p priority mapping on the selected port s Click IP Application DiffServ in the navigation panel to display the screen as sh...

Страница 299: ...the Switch Settings in this row apply to all ports Use this row only if you want to make some settings the same for all ports Use this row first to set the common settings and then make adjustments on a port by port basis Note Changes in this row are copied to all the ports as soon as you make them Active Select Active to enable DiffServ on the port Apply Click Apply to save your changes to the Sw...

Страница 300: ...gh loss priority colored packets Mode Select color blind to have the Switch treat all incoming packets as uncolored All incoming packets are evaluated against the CIR and PIR Select color aware to treat the packets as marked by some preceding entity Incoming packets are evaluated based on their existing color Incoming packets that are not marked proceed through the Switch Port This field displays ...

Страница 301: ...are marked via TRTCM green Specify the DSCP value to use for packets with low packet loss priority yellow Specify the DSCP value to use for packets with medium packet loss priority red Specify the DSCP value to use for packets with high packet loss priority Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so us...

Страница 302: ...10 IP Application DiffServ DSCP Setting LABEL DESCRIPTION 0 63 This is the DSCP classification identification number To set the IEEE 802 1p priority mapping select the priority level from the drop down list box Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to ...

Страница 303: ... 36 1 1 DHCP Modes The Switch can be configured as a DHCP server or DHCP relay agent If you configure the Switch as a DHCP server it will maintain the pool of IP addresses along with subnet masks DNS server and default gateway information and distribute them to your LAN computers If there is already a DHCP server on your network then you can configure the Switch as a DHCP relay agent When the Swit...

Страница 304: ...uration to view the screen as shown Use Table 111 IP Application DHCP Status LABEL DESCRIPTION Server Status This section displays configuration settings related to the Switch s DHCP server mode Index This is the index number VID This field displays the VLAN ID for which the Switch is a DHCP server Server Status This field displays the starting DHCP client IP address IP Pool Size This field displa...

Страница 305: ...way value sent to clients from this DHCP server instance Primary DNS Server This field displays the primary DNS server value sent to clients from this DHCP server instance Secondary DNS Server This field displays the secondary DNS server value sent to clients from this DHCP server instance Address Leases This section displays information about the IP addresses this DHCP server issued to clients In...

Страница 306: ...sts that it relays to a DHCP server by adding Relay Agent Information This helps provide authentication about the source of the requests The DHCP server can then provide an IP address based on this information Please refer to RFC 3046 for more details The DHCP Relay Agent Information feature adds an Agent Information field to the Option 82 field The Option 82 field is in the DHCP headers of client...

Страница 307: ...n Relay Agent Information Select the Option 82 check box to have the Switch add information slot number port number and VLAN ID to client DHCP requests that it relays to a DHCP server Information This read only field displays the system name you configure in the General Setup screen Select the check box for the Switch to add the system name to the client DHCP requests that it relays to a DHCP serv...

Страница 308: ... DHCP clients in both domains Figure 175 Global DHCP Relay Network Example Configure the DHCP Relay screen as shown Make sure you select the Option 82 check box to set the Switch to send additional information such as the VLAN ID together with the DHCP requests to the DHCP server This allows the DHCP server to assign the appropriate IP address according to the VLAN ID Figure 176 DHCP Relay Configu...

Страница 309: ... VLAN that you want to configure DHCP settings for on the Switch See Section 8 6 on page 87 for information on how to do this Figure 177 IP Application DHCP VLAN The following table describes the labels in this screen Table 115 IP Application DHCP VLAN LABEL DESCRIPTION VID Enter the ID number of the VLAN to which these DHCP settings apply DHCP Status Select whether the Switch should function as a...

Страница 310: ...ent DHCP requests that it relays to a DHCP server Informati on This read only field displays the system name you configure in the General Setup screen Select the check box for the Switch to add the system name to the client DHCP requests that it relays to a DHCP server Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses pow...

Страница 311: ...vers are installed to serve each VLAN The system is set up to forward DHCP requests from the dormitory rooms VLAN 1 to the DHCP server with an IP address of 192 168 1 100 Requests from the academic buildings VLAN 2 are sent to the other DHCP server with an IP address of 172 23 10 100 Figure 178 DHCP Relay for Two VLANs VLAN 1 VLAN 2 DHCP 192 168 1 100 DHCP 172 23 10 100 ...

Страница 312: ...Chapter 36 DHCP XGS 4728F User s Guide 312 For the example network configure the VLAN Setting screen as shown Figure 179 DHCP Relay for Two VLANs Configuration Example EXAMPLE ...

Страница 313: ...vailable In VRRP a virtual router VR represents a number of physical layer 3 devices An IP address is associated with the virtual router A layer 3 device having the same IP address is the preferred master router while the other Layer 3 devices are the backup routers The master router forwards traffic for the virtual router When the master router becomes unavailable a backup router assumes the role...

Страница 314: ...Click IP Application VRRP in the navigation panel to display the VRRP Status screen as shown next Figure 181 IP Application VRRP Status The following table describes the labels in this screen 172 21 1 172 21 1 172 21 1 Table 116 IP Application VRRP Status LABEL DESCRIPTION Index This field displays the index number of a rule Network This field displays the IP address and the subnet mask bits of an...

Страница 315: ...nctions as the master router This field is Backup indicating that this Switch functions as a backup router This field displays Init when this Switch is initiating the VRRP protocol or when the Uplink Status field displays Dead Uplink Status This field displays the status of the link between this Switch and the uplink gateway This field is Alive indicating that the link between this Switch and the ...

Страница 316: ...an IP domain Authenticati on Select None to disable authentication This is the default setting Select Simple to use a simple password to authenticate VRRP packet exchanges on this interface Key When you select Simple in the Authentication field enter a password key up to eight printable ASCII character long in this field Apply Click Apply to save your changes to the Switch s run time memory The Sw...

Страница 317: ... routers participating in the virtual router must use the same advertisement interval 37 3 2 2 Priority Configure the priority level 1 to 254 to set which backup router to take over in case the master router goes down The backup router with the highest priority will take over The priority of the VRRP router that owns the IP address es associated with the virtual router is 255 37 3 2 3 Preempt Mode...

Страница 318: ...r number 1 to 7 for which this VRRP entry is created You can configure up to seven virtual routers for one network Advertisement Interval Specify the number of seconds between Hello message transmissions The default is 1 Preempt Mode Select this option to activate preempt mode Priority Enter a number between 1 and 254 to set the priority level The bigger the number the higher the priority This fie...

Страница 319: ...ick Clear to set the above fields back to the factory defaults Table 118 IP Application VRRP Configuration VRRP Parameters continued LABEL DESCRIPTION Table 119 VRRP Configuring VRRP Parameters LABEL DESCRIPTION Index This field displays the index number of an entry Active This field shows whether a VRRP entry is enabled Yes or disabled No Name This field displays a descriptive name of an entry Ne...

Страница 320: ...0 The host computer X is set to use VR1 as the default gateway Figure 185 VRRP Configuration Example One Virtual Router Network You want to set switch A as the master router Configure the VRRP parameters in the VRRP Configuration screens on the switches as shown in the figures below Figure 186 VRRP Example 1 VRRP Parameter Settings on Switch A Figure 187 VRRP Example 1 VRRP Parameter Settings on S...

Страница 321: ... in the two network groups use different default gateways Each switch is configured to backup a virtual router using VRRP You wish to configure switch A as the master router for virtual router VR1 and as a backup for virtual router VR2 On the other hand switch B is the master for VR2 and a backup for VR1 Figure 190 VRRP Configuration Example Two Virtual Router Network You need to configure the VRR...

Страница 322: ... VRRP Example 2 VRRP Parameter Settings for VR2 on Switch A Figure 192 VRRP Example 2 VRRP Parameter Settings for VR2 on Switch B After configuring and saving the VRRP configuration the VRRP Status screens for both switches are shown next Figure 193 VRRP Example 2 VRRP Status on Switch A Figure 194 VRRP Example 2 VRRP Status on Switch B EXAMPLE EXAMPLE EXAMPLE EXAMPLE ...

Страница 323: ...323 PART V Management Maintenance 325 Access Control 333 Diagnostic 353 Syslog 355 Cluster Management 359 MAC Table 367 IP Table 371 ARP Table 375 Routing Table 377 Configure Clone 379 ...

Страница 324: ...324 ...

Страница 325: ... Maintenance The following table describes the labels in this screen Table 120 Management Maintenance LABEL DESCRIPTION Current This field displays which configuration Configuration 1 or Configuration 2 is currently operating on the Switch Firmware Upgrade Click Click Here to go to the Firmware Upgrade screen Restore Configurati on Click Click Here to go to the Restore Configuration screen Backup ...

Страница 326: ... change the IP address of your computer to be in the same subnet as that of the default Switch IP address 192 168 1 1 38 3 Save Configuration Click Config 1 to save the current configuration settings permanently to Configuration 1 on the Switch Save Configurati on Click Config 1 to save the current configuration settings to Configuration 1 on the Switch Click Config 2 to save the current configura...

Страница 327: ...Config 1 or configuration two Config 2 when you reboot Follow the steps below to reboot the Switch 1 In the Maintenance screen click the Config 1 button next to Reboot System to reboot and load configuration one The following screen displays Figure 197 Reboot System Confirmation 2 Click OK again and then wait for the Switch to restart This takes up to two minutes This does not affect the Switch s ...

Страница 328: ...re After the firmware upgrade process is complete see the System Info screen to verify your current firmware version number 38 6 Restore a Configuration File Restore a previously saved configuration from your computer to the Switch using the Restore Configuration screen Figure 199 Management Maintenance Restore Configuration Type the path and file name of the configuration file you wish to restore...

Страница 329: ... the Save As screen 3 Choose a location to save the file on your computer from the Save in drop down list box and type a descriptive name for it in the File name list box Click Save to save the configuration file to your computer 38 8 FTP Command Line This section shows some examples of uploading to or downloading files from the Switch using FTP commands First understand the filename conventions 3...

Страница 330: ...copies of both files for later use Be sure to upload the correct model firmware as uploading the wrong model firmware may damage your device 38 8 2 FTP Command Line Procedure 1 Launch the FTP client on your computer 2 Enter open followed by a space and the IP address of your Switch 3 Press ENTER when prompted for a username 4 Enter your password as requested the default is 1234 5 Enter bin to set ...

Страница 331: ...tions FTP will not work when FTP service is disabled in the Service Access Control screen The IP address es in the Remote Management screen does not match the client IP address If it does not match the Switch will disconnect the FTP session immediately Table 122 General Commands for GUI based FTP Clients COMMAND DESCRIPTION Host Address Enter the address of the host server Login Type Anonymous Thi...

Страница 332: ...Chapter 38 Maintenance XGS 4728F User s Guide 332 ...

Страница 333: ...ns are allowed A console port access control session and Telnet access control session cannot coexist when multi login is disabled See the Ethernet Switch CLI Reference Guide for more information on disabling multi login 39 2 The Access Control Main Screen Click Management Access Control in the navigation panel to display the main screen as shown Figure 201 Management Access Control Table 123 Acce...

Страница 334: ...etwork consists of two main components agents and a manager An agent is a management software module that resides in a managed Switch the Switch An agent translates the local management information from the managed Switch into a form compatible with SNMP The manager is the console through which network administrators perform network management functions It executes applications that control and mo...

Страница 335: ...s let administrators collect statistics and monitor status and performance The Switch supports the following MIBs SNMP MIB II RFC 1213 RFC 1157 SNMP v1 RFC 1493 Bridge MIBs RFC 1643 Ethernet MIBs RFC 1155 SMI RFC 2674 SNMPv2 SNMPv2c RFC 1757 RMON SNMPv2 SNMPv2c or later version compliant with RFC 2011 SNMPv2 MIB for IP RFC 2012 SNMPv2 MIB for TCP RFC 2013 SNMPv2 MIB for UDP Table 124 SNMP Commands...

Страница 336: ...1 2 2 This trap is sent when the fan speed returns to the normal operating range temperatur e TemperatureEventOn 1 3 6 1 4 1 890 1 5 8 46 3 1 2 1 This trap is sent when the temperature goes above or below the normal operating range TemperatureEventClear 1 3 6 1 4 1 890 1 5 8 46 3 1 2 2 This trap is sent when the temperature returns to the normal operating range voltage VoltageEventOn 1 3 6 1 4 1 8...

Страница 337: ...This trap is sent when the Ethernet link is up LinkDownEventClear 1 3 6 1 4 1 890 1 5 8 46 31 2 2 This trap is sent when the Ethernet link is up linkdown linkDown 1 3 6 1 6 3 1 1 5 3 This trap is sent when the Ethernet link is down LinkDownEventOn 1 3 6 1 4 1 890 1 5 8 46 31 2 1 This trap is sent when the Ethernet link is down autonegotiati on AutonegotiationFailedEven tOn 1 3 6 1 4 1 890 1 5 8 46...

Страница 338: ...ABEL OBJECT ID DESCRIPTION Table 127 AAA Traps OPTION OBJECT LABEL OBJECT ID DESCRIPTION authenticatio n authenticationFailure 1 3 6 1 6 3 1 1 5 5 This trap is sent when authentication fails due to incorrect user name and or password AuthenticationFailureEven tOn 1 3 6 1 4 1 890 1 5 8 46 3 1 2 1 This trap is sent when authentication fails due to incorrect user name and or password RADIUSNotReachab...

Страница 339: ...when the MRSTP root switch changes MSTPNewRoot 1 3 6 1 4 1 890 1 5 8 46 1 07 70 1 This trap is sent when the MSTP root switch changes STPTopologyChange 1 3 6 1 2 1 17 0 2 This trap is sent when the STP topology changes MRSTPTopologyChange 1 3 6 1 4 1 890 1 5 8 46 4 3 2 2 This trap is sent when the MRSTP topology changes MSTPTopologyChange 1 3 6 1 4 1 890 1 5 8 46 1 07 70 2 This trap is sent when t...

Страница 340: ...Select the SNMP version for the Switch The SNMP version on the Switch must match the version on the SNMP manager Choose SNMP version 2c v2c SNMP version 3 v3 or both v3v2c Note SNMP version 2c is backwards compatible with SNMP version 1 Get Community Enter the Get Community string which is the password for the incoming Get and GetNext requests from the management station The Get Community string i...

Страница 341: ... to create accounts on the SNMP v3 manager Index This is a read only number identifying a login account on the Switch Username This field displays the username of a login account on the Switch Security Level Select whether you want to implement authentication and or encryption for SNMP communication from this user Choose noauth to use the username as the password string to send to the SNMP manager...

Страница 342: ...cret key AES applies a 128 bit key to 128 bit blocks of data Apply Click Apply to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Table 130 Manag...

Страница 343: ... Select the individual SNMP traps that the Switch is to send to the SNMP station See Section 39 3 3 on page 336 for individual trap descriptions The traps are grouped by category Selecting a category automatically selects all of the category s traps Clear the check boxes for individual traps that you do not want the Switch to send to the SNMP station Clearing a category s check box automatically c...

Страница 344: ...m password 1234 is the default password when shipped New Password Enter your new system password Retype to confirm Retype your new system password for confirmation Edit Logins You may configure passwords for up to four users These users have read only access You can give users higher privileges via the CLI For more information on assigning privileges see the Ethernet Switch CLI Reference Guide Use...

Страница 345: ...er The server identifies itself with a host key The client encrypts a randomly generated session key with the host key and server key and sends the result back to the server The client automatically saves any new server public keys In subsequent connections the server public key is checked against the saved version on the client computer 2 Encryption Method Once the identification is verified both...

Страница 346: ...ure Socket Layer or HTTP over SSL is a web protocol that encrypts and decrypts web pages Secure Socket Layer SSL is an application level protocol that enables secure transactions of data by ensuring confidentiality an unauthorized party cannot read the transferred data authentication one party can identify the other party and data integrity you know if data has been changed It relies upon certific...

Страница 347: ...l screen then the Switch blocks all HTTP connection attempts 39 8 HTTPS Example If you haven t changed the default HTTPS port on the Switch then in your browser enter https Switch IP Address as the web site address where Switch IP Address is the IP address or domain name of the Switch you wish to access 39 8 1 Internet Explorer Warning Messages When you attempt to access the Switch HTTPS server a ...

Страница 348: ...re 209 Security Alert Dialog Box Internet Explorer 39 8 2 Netscape Navigator Warning Messages When you attempt to access the Switch HTTPS server a Website Certified by an Unknown Authority screen pops up asking if you trust the server certificate Click Examine Certificate if you want to verify that the certificate is from the Switch If Accept this certificate temporarily for this session is select...

Страница 349: ...8F User s Guide 349 Select Accept this certificate permanently to import the Switch s certificate into the SSL client Figure 210 Security Certificate 1 Netscape Figure 211 Security Certificate 2 Netscape EXAMPLE EXAMPLE EXAMPLE EXAMPLE ...

Страница 350: ...tch main screen appears The lock displayed in the bottom right of the browser status bar denotes a secure connection Figure 212 Example Lock Denoting a Secure Connection 39 9 Service Port Access Control Service Access Control allows you to decide what services you may use to access the Switch You may also change the default service port and configure trusted ...

Страница 351: ... Switch Service Port For Telnet SSH FTP HTTP or HTTPS services you may change the default service port by typing the new port number in the Server Port field If you change the default port number then you will have to let people who wish to use the service know the new port number for that service Timeout Type how many minutes a management session via the web configurator can be left idle before t...

Страница 352: ...ent set Clear the check box if you wish to temporarily disable the set without deleting it Start Address End Address Configure the IP address range of trusted computers from which you can manage this Switch The Switch checks if the client IP address of a computer requesting a service or protocol matches the range set here The Switch immediately disconnects the session if it does not match Telnet F...

Страница 353: ...n this screen Use this screen to check system logs ping IP addresses or perform port tests Figure 215 Management Diagnostic The following table describes the labels in this screen Table 135 Management Diagnostic LABEL DESCRIPTION System Log Click Display to display a log of events in the multi line text box Click Clear to empty the text box and reset the syslog entry ...

Страница 354: ...ice that you want to ping in order to test a connection Click Ping to have the Switch ping the IP address in the field to the left Ethernet Port Test Enter a port number and click Port Test to perform an internal loopback test Table 135 Management Diagnostic continued LABEL DESCRIPTION ...

Страница 355: ...message has a facility and severity level The syslog facility identifies a file in the syslog server Refer to the documentation of your syslog program for details The following table describes the syslog severity levels Table 136 Syslog Severity Levels CODE SEVERITY 0 Emergency The system is unusable 1 Alert Action must be taken immediately 2 Critical The system condition is critical 3 Error There...

Страница 356: ...tting Logging Type This column displays the names of the categories of logs that the device can generate Active Select this option to set the device to generate logs for the corresponding category Facility The log facility allows you to send logs to different files in the syslog server Refer to the documentation of your syslog program for more details Apply Click Apply to save your changes to the ...

Страница 357: ...ore critical the logs are Add Click Add to save your changes to the Switch s run time memory The Switch loses these changes if it is turned off or loses power so use the Save link on the top navigation panel to save your changes to the non volatile memory when you are done configuring Cancel Click Cancel to begin configuring this screen afresh Clear Click Clear to return the fields to the factory ...

Страница 358: ...Chapter 41 Syslog XGS 4728F User s Guide 358 ...

Страница 359: ...ted and be in the same VLAN group so as to be able to communicate with one another Table 139 ZyXEL Clustering Management Specifications Maximum number of cluster members 24 Cluster Member Models Cluster member models must be compatible with ZyXEL cluster management implementation Cluster Manager The cluster manager is the Switch through which you manage the cluster member switches Cluster Members ...

Страница 360: ...er and the other switches on the upper floors of the building are cluster members Figure 218 Clustering Application Example 42 2 Cluster Management Status Click Management Cluster Management in the navigation panel to display the following screen Note A cluster can only have one manager Figure 219 Management Cluster Management ...

Страница 361: ...s the cluster manager switch s hardware MAC address The Number of Member This field displays the number of switches that make up this cluster The following fields describe the cluster member switches Index You can manage cluster member switches via the cluster manager switch Each number in the Index column is a hyperlink leading to the cluster member switch s web configurator see Figure 220 on pag...

Страница 362: ...Cluster Management XGS 4728F User s Guide 362 configurator home page and the home page that you d see if you accessed it directly are different Figure 220 Cluster Management Cluster Member Web Configurator Screen ...

Страница 363: ...a0 c5 01 23 46 rw rw rw 1 owner group 0 Jul 01 12 00 config 00 a0 c5 01 23 46 226 File sent OK ftp 297 bytes received in 0 00Seconds 297000 00Kbytes sec ftp bin 200 Type I OK ftp put 370lt0 bin fw 00 a0 c5 01 23 46 200 Port command okay 150 Opening data connection for STOR fw 00 a0 c5 01 23 46 226 File received OK ftp 262144 bytes sent in 0 63Seconds 415 44Kbytes sec ftp Table 141 FTP Upload to Cl...

Страница 364: ...hes that are set to be cluster managers will not be visible in the Clustering Candidates list If a switch that was previously a cluster member is later set to become a cluster manager then its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below Name Type a name to identify the Clustering Manager You may use up to 32 print...

Страница 365: ...aged from the Cluster Manager Its Status is displayed as Error in the Cluster Management Status screen and a warning icon appears in the member summary list below If multiple devices have the same password then hold SHIFT and click those switches to select them Then enter their common web configurator password Add Click Add to save your changes to the Switch s run time memory The Switch loses thes...

Страница 366: ...Chapter 42 Cluster Management XGS 4728F User s Guide 366 ...

Страница 367: ...ynamic learned by the Switch or static manually entered in the Static MAC Forwarding screen The Switch uses the MAC Table to determine how to forward frames See the following figure 1 The Switch examines a received frame and learns the port from which this source MAC address came 2 The Switch checks to see if the frame s destination MAC address matches a source MAC address already learned in the M...

Страница 368: ...filters the frame Figure 223 MAC Table Flowchart 43 2 Viewing the MAC Table Click Management MAC Table in the navigation panel to display the following screen Use this screen to search specific MAC addresses You can also directly add dynamic MAC address es into the static MAC forwarding table or MAC filtering table from the MAC table using this screen Figure 224 Management MAC Table ...

Страница 369: ...t the criteria here into the static MAC forwarding table see Section 10 2 on page 115 The type of the MAC address es will be changed to static Select Dynamic to MAC filtering and click Transfer to add the relative dynamic MAC address es you make the search here into the static MAC filtering table see Section 12 1 on page 123 The MAC address es will be removed from the MAC table and all traffic sen...

Страница 370: ...Chapter 43 MAC Table XGS 4728F User s Guide 370 ...

Страница 371: ...ned by the Switch or static belonging to the Switch The Switch uses the IP Table to determine how to forward packets See the following figure 1 The Switch examines a received packet and learns the port from which this source IP address came 2 The Switch checks to see if the packet s destination IP address matches a source IP address already learned in the IP Table If the Switch has already learned...

Страница 372: ...he labels in this screen Table 144 Management IP Table LABEL DESCRIPTION Sort by Click one of the following buttons to display and arrange the data according to that button type The information is then displayed in the summary table below IP Click this button to display and arrange the data according to IP address VID Click this button to display and arrange the data according to VLAN group Port C...

Страница 373: ... Port This is the port from which the above IP address was learned This field displays CPU to indicate the IP address belongs to the Switch Type This shows whether the IP address is dynamic learned by the Switch or static belonging to the Switch Table 144 Management IP Table continued LABEL DESCRIPTION ...

Страница 374: ...Chapter 44 IP Table XGS 4728F User s Guide 374 ...

Страница 375: ...h s ARP program looks in the ARP Table and if it finds the address it sends it to the device If no entry is found for the IP address ARP broadcasts the request to all the devices on the LAN The Switch fills in its own MAC and IP address in the sender address fields and puts the known IP address of the target in the target IP address field In addition the Switch puts all ones in the target MAC fiel...

Страница 376: ...ibes the labels in this screen Table 145 Management ARP Table LABEL DESCRIPTION Index This is the ARP Table entry number IP Address This is the learned IP address of a device connected to a Switch port with the corresponding MAC address below MAC Address This is the MAC address of the device with the corresponding IP address above Type This shows whether the MAC address is dynamic learned by the S...

Страница 377: ...navigation panel to display the screen as shown Figure 228 Management Routing Table The following table describes the labels in this screen Table 146 Management Routing Table LABEL DESCRIPTION Index This field displays the index number Destination This field displays the destination IP routing domain Gateway This field displays the IP address of the gateway device Interface This field displays the...

Страница 378: ...Chapter 46 Routing Table XGS 4728F User s Guide 378 ...

Страница 379: ...ou can copy the settings of one port onto other ports 47 1 Configure Clone Cloning allows you to copy the basic and advanced settings from a source port to a destination port or ports Click Management Configure Clone to open the following screen Figure 229 Management Configure Clone ...

Страница 380: ...le 2 4 6 indicates that ports 2 4 and 6 are the destination ports 2 6 indicates that ports 2 through 6 are the destination ports Basic Setting Select which port settings configured in the Basic Setting menus should be copied to the destination port s Advanced Application Select which port settings configured in the Advanced Application menus should be copied to the destination ports Apply Click Ap...

Страница 381: ...381 PART VI Troubleshooting Product Specifications Troubleshooting 383 Product Specifications 393 ...

Страница 382: ...382 ...

Страница 383: ...ms Starting Up the Switch Table 148 Troubleshooting the Start Up of Your Switch PROBLEM CORRECTIVE ACTION None of the LEDs turn on when you turn on the Switch Check the power connection and make sure the power source is turned on If the error persists you may have a hardware problem In this case you should contact your vendor ...

Страница 384: ...a secured client IP address your computer s IP address must match it Refer to the chapter on access control for details I cannot access the web configurator The administrator username is admin The default administrator password is 1234 The username and password are case sensitive Make sure that you enter the correct password and username using the proper casing If you have changed the password and...

Страница 385: ...ers 1 In Internet Explorer select Tools Pop up Blocker and then select Turn Off Pop up Blocker Figure 230 Pop up Blocker You can also check if pop up blocking is disabled in the Pop up Blocker section in the Privacy tab 1 In Internet Explorer select Tools Internet Options Privacy 2 Clear the Block pop ups check box in the Pop up Blocker section of the screen This disables any web pop up blockers y...

Страница 386: ...t to allow pop up windows from your device see the following steps 1 In Internet Explorer select Tools Internet Options and then the Privacy tab 2 Select Settings to open the Pop up Blocker Settings screen Figure 232 Internet Options 3 Type the IP address of your device the web page that you do not want to have blocked with the prefix http For example http 192 168 1 1 ...

Страница 387: ...dress to the list of Allowed sites Figure 233 Pop up Blocker Settings 5 Click Close to return to the Privacy screen 6 Click Apply to save this setting 48 2 1 2 JavaScripts If pages of the web configurator do not display properly in Internet Explorer check that JavaScripts are allowed ...

Страница 388: ...ools Internet Options and then the Security tab Figure 234 Internet Options 2 Click the Custom Level button 3 Scroll down to Scripting 4 Under Active scripting make sure that Enable is selected the default 5 Under Scripting of Java applets make sure that Enable is selected the default ...

Страница 389: ...dow Figure 235 Security Settings Java Scripting 48 2 1 3 Java Permissions 1 From Internet Explorer click Tools Internet Options and then the Security tab 2 Click the Custom Level button 3 Scroll down to Microsoft VM 4 Under Java permissions make sure that a safety level is selected ...

Страница 390: ...lick OK to close the window Figure 236 Security Settings Java 48 2 1 3 1 JAVA Sun 1 From Internet Explorer click Tools Internet Options and then the Advanced tab 2 Make sure that Use Java 2 for applet under Java Sun is selected 3 Click OK to close the window ...

Страница 391: ...that you enter the correct password using the proper casing The administrator username is admin The default administrator password is 1234 The username and password are case sensitive Make sure that you enter the correct password and username using the proper casing If you have changed the password and have now forgotten it you will need to upload the default configuration file This restores all o...

Страница 392: ...Chapter 48 Troubleshooting XGS 4728F User s Guide 392 ...

Страница 393: ...interfaces Each interface has a 1000Base T port compatible with Cat5 5e 6 copper cable a mini GBIC slot compatible with Small Form Factor Pluggable SFP Multi Source Agreement MSA transceivers to be used with 1000Base X fiber cables For each Dual Personality interface one port or slot is active at a time Two stacking ports One optional uplink module set One local management Ethernet 10 100Base T po...

Страница 394: ... VAC T4A For DC version switchboard Approvals Safety UL 60950 1 CSA 60950 1 EN 60950 1 IEC 60950 1 EMC FCC Part 15 Class A CE EMC Class A Table 152 Firmware Specifications FEATURE DESCRIPTION Default IP Address In band 192 168 1 1 Out of band Management port 192 168 0 1 Default Subnet Mask 255 255 255 0 24 bits Administrator User Name admin Default Password 1234 Number of Login Accounts Configurab...

Страница 395: ...the Switch marks packets so that they receive specific per hop treatment at DiffServ compliant network devices along the route based on the application types and traffic flow Classifier and Policy You can create a policy to define actions to be performed on a traffic flow grouped by a classifier according to specific criteria such as the IP address port number or protocol type etc Queuing Queuing ...

Страница 396: ...rovides backup links between switches bridges or routers It allows a Switch to interact with other R STP compliant switches in your network to ensure that only one path exists between any two stations on the network Loop Guard Use the loop guard feature to protect against network loops on the edge of your network IP Source Guard Use IP source guard to filter unauthorized DHCP and ARP packets in yo...

Страница 397: ...ion Backup Restoration Make a copy of the Switch s configuration and put it back on the Switch later if you decide you want to revert back to an earlier configuration Cluster Management Cluster management also known as iStacking allows you to manage switches through one switch called the cluster manager The switches must be directly connected and be in the same VLAN group so as to be able to commu...

Страница 398: ...TP Multiple Rapid Spanning Tree capability 4 configurable trees IEEE 802 1s Multiple Spanning Tree Protocol QoS IEEE 802 1p Eight priority queues per port Port based egress traffic shaping Rule based traffic mirroring Supports IGMP snooping VLAN Port based VLAN setting Tag based IEEE 802 1Q VLAN Number of VLAN 4K 1K static maximum Supports GVRP Double tagging for VLAN stacking Protocol Based VLAN ...

Страница 399: ...C filtering L3 IP filtering Layer 4 TCP UDP socket Multicast IGMP snooping IGMP v1 v2 v3 16 VLAN maximum user configurable IGMP filtering 5 MVR entries IGMP timer Multicast reserve group Static multicast IGMP snooping fast leave IGMP snooping statistics IGMP throttling AAA Support RADIUS and TACACS Security IEEE 802 1x port based authentication Static MAC address filtering Static MAC address forwa...

Страница 400: ...tual Router Redundancy Protocol VRRP RFC 2698 Two Rate Three Color Marker TRTCM RFC 2865 RADIUS Vendor Specific Attribute RFC 2674 P BRIDGE MIB Q BRIDGE MIB RFC 3046 DHCP Relay RFC 3164 Syslog RFC 3376 Internet Group Management Protocol Version 3 RFC 3414 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMP v3 RFC 3580 RADIUS Tunnel Protocol Attribute IEEE 802...

Страница 401: ...pter 49 Product Specifications XGS 4728F User s Guide 401 IEEE 802 3x Flow Control IEEE 802 3z 1000BASE X For optical fiber link 1000BASE SX LX Table 154 Standards Supported continued STANDARD DESCRIPTION ...

Страница 402: ...Chapter 49 Product Specifications XGS 4728F User s Guide 402 ...

Страница 403: ...403 PART VII Appendices and Index IP Addresses and Subnetting 409 Legal Information 405 Index 417 ...

Страница 404: ...404 ...

Страница 405: ...sing out of the application or use of any products or software described herein Neither does it convey any license under its patent rights nor the patent rights of others ZyXEL further reserves the right to make changes in any products described herein without notice This publication is subject to change without notice Trademarks ZyNOS ZyXEL Network Operating System is a registered trademark of Zy...

Страница 406: ...ce in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense CE Mark Warning This is a class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Taiwanese BSMI Bureau of Standards Metrology and Inspection A Warning Not...

Страница 407: ...ith damaged by an act of God or subjected to abnormal working conditions Note Repair or replacement as provided under this warranty is the exclusive remedy of the purchaser This warranty is in lieu of all other warranties express or implied including any implied warranty of merchantability or fitness for a particular use or purpose ZyXEL shall in no event be held liable for indirect or consequenti...

Страница 408: ...Appendix A Legal Information XGS 4728F User s Guide 408 ...

Страница 409: ...hare a common street name the hosts on a network share a common network number Similarly as each house has its own house number each host on the network has its own unique identifying number the host ID Routers use the network number to send packets to the correct network while the host ID determines to which host on the network the packets are delivered Structure An IP address is made up of four ...

Страница 410: ...s part of the host ID The following example shows a subnet mask identifying the network number in bold text and host ID of an IP address 192 168 1 2 in decimal By convention subnet masks always consist of a continuous sequence of ones beginning from the leftmost bit of the mask followed by a continuous sequence of zeros for a total number of 32 bits Subnet masks can be referred to by the size of t...

Страница 411: ... by a continuous number of zeros for the remainder of the 32 bit mask you can simply specify the number of ones instead of writing the value of each octet This is usually specified by writing a followed by the number of bits in the mask after the address For example 192 1 1 0 25 is equivalent to saying 192 1 1 0 with subnet mask 255 255 255 128 The following table shows some possible subnet masks ...

Страница 412: ...ows the company network before subnetting Figure 239 Subnetting Example Before Subnetting You can borrow one of the host ID bits to divide the network 192 168 1 0 into two separate sub networks The subnet mask is now 25 bits 255 255 255 128 or 25 The borrowed host ID bit can have a value of either 0 or 1 allowing two subnets 192 168 1 0 25 and 192 168 1 128 25 The following figure shows the compan...

Страница 413: ...8 1 254 Example Four Subnets The previous example illustrated using a 25 bit subnet mask to divide a 24 bit address into two subnets Similarly to divide a 24 bit address into four subnets you need to borrow two host ID bits to give four possible combinations 00 01 10 and 11 The subnet mask is 26 bits 11111111 11111111 11111111 11000000 or 255 255 255 192 Each subnet contains 6 host ID bits giving ...

Страница 414: ...bnet 3 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168 1 128 IP Address Binary 11000000 10101000 00000001 10000000 Subnet Mask Binary 11111111 11111111 11111111 11000000 Subnet Address 192 168 1 128 Lowest Host ID 192 168 1 129 Broadcast Address 192 168 1 191 Highest Host ID 192 168 1 190 Table 162 Subnet 4 IP SUBNET MASK NETWORK NUMBER LAST OCTET BIT VALUE IP Address 192 168...

Страница 415: ...T BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 255 128 25 2 126 2 255 255 255 192 26 4 62 3 255 255 255 224 27 8 30 4 255 255 255 240 28 16 14 5 255 255 255 248 29 32 6 6 255 255 255 252 30 64 2 7 255 255 255 254 31 128 1 Table 165 16 bit Network Number Subnet Planning NO BORROWED HOST BITS SUBNET MASK NO SUBNETS NO HOSTS PER SUBNET 1 255 255 128 0 17 2 32766 2 255 255 192 0 18 4 1638...

Страница 416: ...d You don t need to change the subnet mask computed by the Switch unless you are instructed to do otherwise Private IP Addresses Every machine on the Internet must have a unique address If your networks are isolated from the Internet running only between two branch offices for example you can assign any IP addresses to the hosts without problems However the Internet Assigned Numbers Authority IANA...

Страница 417: ...l 375 ARP inspection 231 234 and MAC filter 234 configuring 235 syslog messages 235 trusted ports 235 AS Boundary Router 274 authentication 280 and OSPF 279 and RADIUS 216 setup 221 authorization privilege levels 223 setup 221 automatic VLAN registration 96 Autonomous System and OSPF 273 Autonomous System AS 273 291 B back up configuration file 329 Backbone Router BR 274 backbone routing 273 Backu...

Страница 418: ...ving 53 console port settings 40 copying port settings See port cloning copyright 405 CPU management port 110 current date 83 current time 83 D Database Description DD 274 daylight saving time 83 default gateway 310 Designated Router DR and OSPF 275 DHCP 303 client IP pool 310 configuration options 303 modes 303 relay agent 303 relay example 311 server 303 setup 309 DHCP Dynamic Host Configuration...

Страница 419: ...and example 330 filename convention configuration configuration file names 329 filtering 123 rules 123 filtering database MAC table 367 firmware 80 upgrade 327 363 flow control 90 back pressure 90 IEEE802 3x 90 forwarding delay 141 frames tagged 103 untagged 103 front panel 35 FTP 28 329 file transfer procedure 330 restrictions over WAN 331 G GARP 96 GARP Generic Attribute Registration Protocol 96...

Страница 420: ...274 Internet setting up your browser 386 Internet Assigned Numbers Authority See IANA 416 introduction 25 IP capability 399 interface 87 315 routing domain 87 services 399 setup 87 IP multicast example 287 IP source guard 231 ARP inspection 231 234 DHCP snooping 231 232 static bindings 231 IP table 371 how it works 371 J Java permissions 389 L L2PT 263 access port 264 CDP 263 configuration 265 enc...

Страница 421: ...intenance 325 current configuration 325 main screen 325 Management Information Base MIB 334 management port 113 managing the device good habits 28 using FTP See FTP using SNMP See SNMP using Telnet See command interface using the command interface See command interface using the web configurator See web configurator man in the middle attacks 234 max age 141 hops 141 metric 282 MIB and SNMP 334 sup...

Страница 422: ...stem 273 backbone 273 configuration steps 275 general settings 278 how it works 274 interface 274 276 282 link state database 274 276 network example 274 priority 275 redistribute route 281 route cost 280 router elections 275 router ID 278 router types 274 status 276 stub area 273 280 virtual link 275 virtual links 284 vs RIP 273 OSPF Open Shortest Path First 273 OSPF redistribution 281 P PAGP 266...

Страница 423: ...te traffic 106 priority 105 108 PVID 96 103 PVID Priority Frame 96 Q QoS 398 and classifier 173 queue weight 188 queuing 187 SPQ 188 WFQ 188 WRR 188 queuing method 187 190 R RADIUS 216 advantages 216 and authentication 216 Network example 216 server 216 settings 217 setup 217 Rapid Spanning Tree Protocol See RSTP 125 reboot load configuration 327 reboot system 327 redistribute route 281 reducing r...

Страница 424: ...tandby ports 154 start up problems 383 static bindings 231 static MAC address 115 static MAC forwarding 104 107 115 static multicast address 119 static multicast forwarding 119 static routes 269 270 static trunking example 160 Static VLAN 100 static VLAN control 102 tagging 102 status 46 73 LED 40 link aggregation 155 OSPF 276 port 73 port details 75 power 81 STP 134 138 143 VLAN 99 VRRP 314 STP 1...

Страница 425: ...or 384 password problems 391 start up 383 TRTCM and bandwidth control 300 and DiffServ 300 color aware mode 297 color blind mode 297 setup 299 trunk group 153 trunking 153 398 example 160 trusted ports ARP inspection 235 DHCP snooping 232 Tunnel Protocol Attribute and RADIUS 225 tutorials 63 DHCP snooping 63 Two Rate Three Color Marker TRTCM 296 Two Rate Three Color Marker see TRTCM 296 Type of Se...

Страница 426: ... Q 196 VLAN Trunking Protocol see VTP VLAN protocol based See protocol based VLAN VLAN subnet based See subnet based VLANs 103 VRID Virtual Router ID 314 VRRP 313 advertisement interval 317 authentication 316 backup router 313 configuration example 319 Hello message 317 how it works 313 interface setup 315 master router 313 network example 313 320 parameters 317 preempt mode 317 318 priority 317 3...

Отзывы: